CVE-2020-11050

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11050

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11050.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11050

Aliases

GHSA-gw55-jm4h-x339

Published

2020-05-07T21:15:11Z

Modified

2024-05-14T07:31:46.818045Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

References

https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339

Affected packages

Git / github.com/tootallnate/java-websocket

Affected ranges

Type: GIT
Repo: https://github.com/tootallnate/java-websocket
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1c7096294e4f5f99c117bba84a52b8fe9af65e6c

Affected versions

Java-WebSocket-1.*

Java-WebSocket-1.3.0

Java-WebSocket-1.3.1

Java-WebSocket-1.3.3

Java-WebSocket-1.3.4

Java-WebSocket-1.3.5

v0.*

v0.1

v0.2

v0.3

v0.4

v0.5

v0.6

v0.7

v1.*

v1.0.0

v1.0.0-alpha1

v1.1.0

v1.2.0

v1.3.1

v1.3.3

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4.0

v1.4.1