org.igniterealtime.smack:smack@3.2.1 vulnerabilities
-
latest version
3.2.1
-
first published
16 years ago
-
latest version published
13 years ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.igniterealtime.smack:smack package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.igniterealtime.smack:smack is an Open Source XMPP (Jabber) client library for instant messaging and presence. This library provides the client side functionality as specified in the core XMPP specifications as related to the client side of said specifications. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity. The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute. How to fix Insufficient Verification of Data Authenticity? There is no fixed version for |
[0,)
|