Description
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
Remediation
References
https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339
Related Vulnerabilities
CVE-2021-37695 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2019-1003088 Vulnerability in maven package egor-n:fabric-beta-publisher
CVE-2022-34298 Vulnerability in maven package org.openidentityplatform.openam:openam-auth-nt
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.13
CVE-2019-10742 Vulnerability in maven package org.webjars.npm:axios