{"id":"CVE-2019-1010206","details":"OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing.","aliases":["GHSA-8mx3-gp3p-vgg7"],"modified":"2026-03-14T09:31:36.000480Z","published":"2019-07-23T14:15:13.513Z","references":[{"type":"ADVISORY","url":"https://github.com/kevinsawicki/http-request/blob/master/lib/src/main/java/com/github/kevinsawicki/http/HttpRequest.java"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kevinsawicki/http-request","events":[{"introduced":"0"},{"last_affected":"405c3fe77795bb426f97bf9f63aa7573ce6f64fb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.0"}]}}],"versions":["http-request-0.1","http-request-0.2","http-request-0.3","http-request-0.4","http-request-0.5","http-request-0.6","http-request-0.7","http-request-0.8","http-request-0.9","http-request-0.9.1","http-request-1.0","http-request-1.1","http-request-2.0","http-request-2.1","http-request-2.2","http-request-3.0","http-request-3.1","http-request-4.0","http-request-4.1","http-request-4.2","http-request-5.0","http-request-5.1","http-request-5.2","http-request-5.3","http-request-5.4","http-request-5.4.1","http-request-5.5","http-request-5.6","http-request-6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010206.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}