CVE-2020-11050 Vulnerability in maven package org.java-websocket:java-websocket

Description

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

Remediation

References

https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339

Related Vulnerabilities

CVE-2016-10750 Vulnerability in maven package com.hazelcast:hazelcast-spring

CVE-2017-12160 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2022-36901 Vulnerability in maven package org.jenkins-ci.plugins:http_request

CVE-2014-3623 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security

CVE-2018-3711 Vulnerability in npm package fastify

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H