CVE-2022-45197 – slixmpp

Package

Manager: pip
Name: slixmpp
Vulnerable Version: >=0 <1.8.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00078 pctl0.23978

Details

Slixmpp lacks SSL Certificate hostname validation in XMLStream Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

Metadata

Created: 2022-12-25T06:30:20Z
Modified: 2024-10-23T18:34:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-q6cq-m9gm-6q2f/GHSA-q6cq-m9gm-6q2f.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-q6cq-m9gm-6q2f
Finding: F163
Auto approve: 1