com.neovisionaries:nv-websocket-client@1.23 vulnerabilities
-
latest version
2.14
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
3 years ago
-
licenses detected
- [1.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.neovisionaries:nv-websocket-client package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.neovisionaries:nv-websocket-client is a WebSocket client implementation in Java. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. How to fix Man-in-the-Middle (MitM)? Upgrade |
[,2.1)
|