Description

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

Remediation

References

https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339

Related Vulnerabilities

CVE-2018-1262 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa

CVE-2022-24376 Vulnerability in npm package git-promise

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-rs

CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-commons

CVE-2020-27216 Vulnerability in maven package jetty:jetty

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory