Description

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

Remediation

References

https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339

Related Vulnerabilities

CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-client

CVE-2022-36084 Vulnerability in npm package cruddl

CVE-2019-1003097 Vulnerability in maven package com.ds.tools.hudson:crowd

CVE-2021-24033 Vulnerability in maven package org.webjars.npm:react-dev-utils

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-beans

Severity

Critical

Classification

CWE-297 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory