CVE-2020-11050

Improper Validation of Certificate with Host Mismatch in Java-WebSocket

CVSS 9 CRITICALEPSS 0.8%CWE-297

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Productos afectados

TooTallNate · Java-WebSocket

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339