Go modules package
mellium.im/xmpp
pkg:golang/mellium.im/xmpp
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46957 | Cri | 9.8 | < 0.22.0 | 0.22.0 | Sep 25, 2024 | Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0. | |
| CVE-2022-24968 | — | >= 0.18.0, < 0.21.1 | 0.21.1 | Feb 11, 2022 | In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during |
- affected < 0.22.0fixed 0.22.0
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.
- CVE-2022-24968Feb 11, 2022affected >= 0.18.0, < 0.21.1fixed 0.21.1
In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during