Description

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

Remediation

References

https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339

Related Vulnerabilities

CVE-2019-10788 Vulnerability in npm package im-metadata

CVE-2020-7741 Vulnerability in npm package hellojs

CVE-2019-12041 Vulnerability in maven package org.webjars.npm:remarkable

CVE-2019-10314 Vulnerability in maven package org.jenkins-ci.plugins:koji

CVE-2021-37305 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory