GoogleOSV:GHSA-VFXC-R2GX-V2VQ

HistoryMay 24, 2022 - 4:46 p.m.

Hybrid Group Gobot Improper Certificate Validation vulnerability

2022-05-2416:46:55

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default.

CPENameOperatorVersion
github.com/hybridgroup/gobotlt1.12.1-0.20190521122906-c1aa4f867846

CPE	Name	Operator	Version
	github.com/hybridgroup/gobot	lt	1.12.1-0.20190521122906-c1aa4f867846

References

github.com/hybridgroup/gobot

github.com/hybridgroup/gobot/commit/c1aa4f867846da4669ecf3bc3318bd96b7ee6f3f

github.com/hybridgroup/gobot/compare/ed53198...7f973df

github.com/hybridgroup/gobot/releases/tag/v1.13.0

nvd.nist.gov/vuln/detail/CVE-2019-12496

pkg.go.dev/vuln/GO-2021-0083