Description

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

Remediation

References

https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339

Related Vulnerabilities

CVE-2019-10464 Vulnerability in maven package org.jenkins-ci.plugins:weblogic-deployer-plugin

CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2020-23622 Vulnerability in maven package org.fourthline.cling:cling-core

CVE-2022-36893 Vulnerability in maven package org.jenkins-ci.plugins:rpmsign-plugin

CVE-2018-25050 Vulnerability in maven package org.webjars.npm:chosen-js

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory