org.bouncycastle:bctls-jdk18on@1.75 vulnerabilities

  • latest version

    1.79

  • latest non vulnerable version

  • first published

    2 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.bouncycastle:bctls-jdk18on package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Use of Incorrectly-Resolved Name or Reference

    Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference when resolving domain names over an SSL socket that was created without an explicit hostname, as in the HttpsURLConnection() function. If endpoint identification is enabled an attacker can trigger hostname verification against a DNS-resolved address.

    How to fix Use of Incorrectly-Resolved Name or Reference?

    Upgrade org.bouncycastle:bctls-jdk18on to version 1.78 or higher.

    [,1.78)