Description

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

Remediation

References

https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339

Related Vulnerabilities

CVE-2021-37695 Vulnerability in maven package org.webjars.npm:ckeditor4

CVE-2019-1003088 Vulnerability in maven package egor-n:fabric-beta-publisher

CVE-2022-34298 Vulnerability in maven package org.openidentityplatform.openam:openam-auth-nt

CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.13

CVE-2019-10742 Vulnerability in maven package org.webjars.npm:axios

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory