3 matches found
Improper Handling of Unicode Encoding
Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the checkServerIdentity function in lib/tls.js, which does not normalize an internationalized hostname to ASCII before matching it against certificate names. An attacker presenting a certificate...
CVE-2026-40992
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...
PT-2020-15476 · Jenkins · Jenkins Mailer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mailer Plugin versions 1.32 and earlier Description: The issue is related to the lack of hostname validation when connecting to the configured SMTP server. This could be exploited using a man-in-the-middle attack to intercept...