VYPR

Maven package

org.igniterealtime.smack/smack-core

pkg:maven/org.igniterealtime.smack/smack-core

Vulnerabilities (1)

  • CVE-2016-10027MedJan 12, 2017
    affected < 4.1.9fixed 4.1.9

    Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server