VYPR

Go modules package

mellium.im/xmpp

pkg:golang/mellium.im/xmpp

Vulnerabilities (2)

  • CVE-2024-46957CriSep 25, 2024
    affected < 0.22.0fixed 0.22.0

    Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.

  • CVE-2022-24968Feb 11, 2022
    affected >= 0.18.0, < 0.21.1fixed 0.21.1

    In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during