CVE-2025-70058

Published
View on NVD ↗
CVSS v3
7.4
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests

YMFE/yapi
YMFE/yapi
YApi 是一个可本地部署的、打通前后端及QA的、可视化的接口管理平台
GitHubGitHub
27.7K