CVE-2022-45197
7.5HIGHSlixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
Publicado: 12/25/2022Actualizado: 4/14/2025
Descripción
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
Análisis IAImpulsado por IA
Productos Afectados
slixmpp_projectslixmpp
Referencias
- https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.pyPatchThird Party Advisory
- https://github.com/poezio/slixmpp/tagsThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7faPatchThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commits/masterPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-07
- https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.pyPatchThird Party Advisory
- https://github.com/poezio/slixmpp/tagsThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7faPatchThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commits/masterPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-07