VYPR

Maven package

org.eclipse.paho/org.eclipse.paho.client.mqttv3

pkg:maven/org.eclipse.paho/org.eclipse.paho.client.mqttv3

Vulnerabilities (1)

  • CVE-2019-11777Sep 11, 2019
    affected < 1.2.1fixed 1.2.1

    In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorre