Description

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

Remediation

References

https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339

Related Vulnerabilities

CVE-2022-36077 Vulnerability in maven package org.webjars.npm:electron

CVE-2021-3690 Vulnerability in maven package io.undertow:undertow-core

CVE-2011-4838 Vulnerability in maven package jruby:jruby

CVE-2022-45143 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory