Vulnerability Details CVE-2020-11050
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.5%
CVSS Severity
CVSS v3 Score 9.0
CVSS v2 Score 6.8
References
Products affected by CVE-2020-11050
-
cpe:2.3:a:java-websocket_project:java-websocket:0.1
-
cpe:2.3:a:java-websocket_project:java-websocket:0.2
-
cpe:2.3:a:java-websocket_project:java-websocket:0.3
-
cpe:2.3:a:java-websocket_project:java-websocket:0.4
-
cpe:2.3:a:java-websocket_project:java-websocket:0.5
-
cpe:2.3:a:java-websocket_project:java-websocket:0.6
-
cpe:2.3:a:java-websocket_project:java-websocket:0.7
-
cpe:2.3:a:java-websocket_project:java-websocket:1.0.0
-
cpe:2.3:a:java-websocket_project:java-websocket:1.1.0
-
cpe:2.3:a:java-websocket_project:java-websocket:1.2.0
-
cpe:2.3:a:java-websocket_project:java-websocket:1.3.1
-
cpe:2.3:a:java-websocket_project:java-websocket:1.3.3
-
cpe:2.3:a:java-websocket_project:java-websocket:1.3.6
-
cpe:2.3:a:java-websocket_project:java-websocket:1.3.7
-
cpe:2.3:a:java-websocket_project:java-websocket:1.3.8
-
cpe:2.3:a:java-websocket_project:java-websocket:1.3.9
-
cpe:2.3:a:java-websocket_project:java-websocket:1.4.0
-
cpe:2.3:a:java-websocket_project:java-websocket:1.4.1