CRITICAL🇵🇱 Wersja polska

CVE-2020-11050

CVSS 9.0v3.1pub. 2020-05-07upd. 2024-11-21

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Java Websocket Project Java Websocket

    APP
    Java-Websocket Project
    ≤ 1.4.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References