← back
CVE-2020-11050

Improper Validation of Certificate with Host Mismatch in Java-WebSocket

CVSS 9 CRITICALEPSS 0.8%CWE-297
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
TooTallNate · Java-WebSocket

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339