{"schema_version": "1.6.1", "id": "CVE-2025-68637", "summary": "Insecure SSL Configuration in Uniffle HTTP Client", "details": "The Uniffle HTTP client is configured to trust all SSL certificates and\n\ndisables hostname verification by default. This insecure configuration\nexposes all REST API communication between the Uniffle CLI/client and the\nUniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks.\n\n\nThis issue affects all versions from before 0.10.0.\n\nUsers are recommended to upgrade to version 0.10.0, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "0.10.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/trvdd11hmpbjno3t8rc9okr4t036ox2v"}]}