VYPR
Moderate severityNVD Advisory· Published Feb 11, 2022· Updated Aug 3, 2024

CVE-2022-24968

CVE-2022-24968

Description

In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mellium.im/xmppGo
>= 0.18.0, < 0.21.10.21.1

Affected products

2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.