AIKIDO-2025-10547
niquests is vulnerable to Improper Certificate Validation
20
Low Risk
This Affects:
niquestsTL;DR
Affected versions of this package are vulnerable to Improper Certificate Signature Validation Leading to MITM Attacks due to the absence of signature verification against the issuer's public key in TLS/SSL certificate processing. This flaw allows attackers to bypass trust validation by presenting forged certificates during handshakes, as the system fails to cryptographically confirm their authenticity against the issuer's key. Without OCSP revocation checks, an attacker could exploit this by positioning themselves between clients and servers (e.g., via compromised networks), intercepting traffic, and impersonating legitimate services using invalid or revoked certificates to decrypt or manipulate data.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
niquests is vulnerable to Improper Certificate Validation in versions 3.0.0 - 3.14.1.
How to fix this
Upgrade the niquests library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant