Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
31 Jul 2022
29 Jul 2022
How to fix?
co.fs2:fs2-io_sjs1_2.12 to version 3.2.11 or higher.
co.fs2:fs2-io_sjs1_2.12 is a compositional, streaming I/O library
Affected versions of this package are vulnerable to Improper Certificate Validation in
TLSContextPlatform.scala when establishing a server-mode
TLSSocket. The parameter
requestCert = true is ignored, and the connection proceeds without certificate validation.
This vulnerability is only exploitable when the following conditions are met:
fs2-iois running on Node.js.
TLSSocketbeing established is in server-mode.
The default mTLS setting
requestCert = falsein
TLSParametersis changed to