CNNVD-202601-1237 Information

CNNVD ID

CNNVD-202601-1237

Related CVE

CVE-2025-68637

• CNNVD Published: 2026-01-07

Description (Chinese)

Apache Uniffle是Apache基金会的一个远程混洗服务。 Apache Uniffle 0.10.0之前版本存在安全漏洞，该漏洞源于HTTP客户端配置不安全，信任所有SSL证书并禁用主机名验证，可能导致中间人攻击。

Description (English)

Apache Uniffle is a distance-mapping service of the Apache Foundation. The security loophole in the previous version of Apache Uniffle 0.10.0, which stemmed from the unsafe configuration of the HTTP client, the trusting of all SSL certificates and the banning of hostname authentication, could lead to an attack by an intermediary.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-01-07

Last Modified

2026-02-24

References

https://lists.apache.org/thread/trvdd11hmpbjno3t8rc9okr4t036ox2v http://www.openwall.com/lists/oss-security/2025/12/27/2

Patch

https://uniffle.apache.org/