The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13616
Reference (s):
- https://github.com/pichi-router/pichi/commit/4698664233bc324f26658d2b041bfe6ea022c573
- https://github.com/pichi-router/pichi/releases/tag/1.3.0