Description
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
Remediation
References
https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339
Related Vulnerabilities
CVE-2018-1262 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2022-24376 Vulnerability in npm package git-promise
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-rs
CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-commons