Description
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
Remediation
References
https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339
Related Vulnerabilities
CVE-2019-10464 Vulnerability in maven package org.jenkins-ci.plugins:weblogic-deployer-plugin
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2020-23622 Vulnerability in maven package org.fourthline.cling:cling-core
CVE-2022-36893 Vulnerability in maven package org.jenkins-ci.plugins:rpmsign-plugin
CVE-2018-25050 Vulnerability in maven package org.webjars.npm:chosen-js