Description
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934
Related Vulnerabilities
CVE-2020-6429 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-34104 Vulnerability in npm package fast-xml-parser
CVE-2017-16114 Vulnerability in maven package org.webjars:marked
CVE-2021-3859 Vulnerability in maven package io.undertow:undertow-core
CVE-2022-25179 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-multibranch