1. Home
  2. Vulnerabilities
  3. CVE-2020-11050

CVE-2020-11050

CVSS v3.1 8.1 (High)
81% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.15 % (52th)
0.15% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

Weaknesses
CWE-295
Improper Certificate Validation
CWE-297
Improper Validation of Certificate with Host Mismatch
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2020-05-07 21:15:11
(4 years ago)
Updated Date
2021-10-07 17:19:21
(2 years ago)

Affected Products

Java-websocket Project

Configuration #1

    CPE23 From Up To
  Java-websocket Project Java-websocket 1.4.1 and prior versions cpe:2.3:a:java-websocket_project:java-websocket <= 1.4.1