Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-185DBFE4C2C0FE6313EC9EEB01E43A48

HistoryFeb 16, 2022 - 12:00 a.m.

Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket

2022-02-1600:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

certificate validation

host mismatch

tls configuration

software

If no TLS configuration is provided by the user, the websocket package constructs its own TLS configuration using recommended defaults.

References

github.com/advisories/GHSA-h289-x5wc-xcv8

github.com/mellium/xmpp/security/advisories/GHSA-h289-x5wc-xcv8