CVE-2022-45197
7.5HIGHSlixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
Publicado: 12/25/2022Atualizado: 4/14/2025
Descrição
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
Análise IADesenvolvido por IA
Produtos Afetados
slixmpp_projectslixmpp
Referências
- https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.pyPatchThird Party Advisory
- https://github.com/poezio/slixmpp/tagsThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7faPatchThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commits/masterPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-07
- https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.pyPatchThird Party Advisory
- https://github.com/poezio/slixmpp/tagsThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7faPatchThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commits/masterPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-07