Moderate severityNVD Advisory· Published Feb 11, 2022· Updated Aug 3, 2024
CVE-2022-24968
CVE-2022-24968
Description
In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mellium.im/xmppGo | >= 0.18.0, < 0.21.1 | 0.21.1 |
Affected products
2- Mellium/mellium.im/xmppdescription
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-h289-x5wc-xcv8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24968ghsaADVISORY
- github.com/mellium/xmpp/commit/0d92aa486da69b71f2f4a30e62aa722c711b98acghsaWEB
- github.com/mellium/xmpp/pull/260ghsaWEB
- github.com/mellium/xmpp/security/advisories/GHSA-h289-x5wc-xcv8ghsaWEB
- mellium.im/cve/cve-2022-24968ghsaWEB
- mellium.im/cve/cve-2022-24968/mitrex_refsource_MISC
- mellium.im/issue/259ghsaWEB
- mellium.im/xmpp/mitrex_refsource_MISC
- pkg.go.dev/vuln/GO-2022-0370ghsaWEB
News mentions
0No linked articles in our index yet.