Description
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934
Related Vulnerabilities
CVE-2021-23518 Vulnerability in npm package cached-path-relative
CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.sentsin:layui
CVE-2011-0509 Vulnerability in maven package com.vaadin:vaadin
CVE-2022-23945 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2020-14968 Vulnerability in maven package org.webjars.npm:jsrsasign