CVE-2019-12496 – github.com/hybridgroup/gobot

Package

Manager: go
Name: github.com/hybridgroup/gobot
Vulnerable Version: >=0 <1.12.1-0.20190521122906-c1aa4f867846

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00212 pctl0.43795

Details

Hybrid Group Gobot Improper Certificate Validation vulnerability An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default. ### Specific Go Packages Affected github.com/hybridgroup/gobot/platforms/mqtt

Metadata

Created: 2022-05-24T16:46:55Z
Modified: 2023-09-29T16:02:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vfxc-r2gx-v2vq/GHSA-vfxc-r2gx-v2vq.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-vfxc-r2gx-v2vq
Finding: F163
Auto approve: 1