Description
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.
Remediation
References
http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019
Related Vulnerabilities
CVE-2021-21304 Vulnerability in npm package dynamoose
CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-default
CVE-2020-4076 Vulnerability in npm package electron
CVE-2019-0192 Vulnerability in maven package org.apache.solr:solr-core
CVE-2019-2692 Vulnerability in maven package mysql:mysql-connector-java