A Java SSL component library
Known vulnerabilities in the ca.juliusdavies:not-yet-commons-ssl package. This does not include vulnerabilities belonging to this package’s dependencies.Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
ca.juliusdavies:not-yet-commons-ssl is a Java SSL component library.
Affected versions of this package are vulnerable to Security Bypass. The package does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
How to fix Security Bypass?
A fix was pushed into the