Fluid Attacks Database

Description

Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.eclipse.paho:org.eclipse.paho.client.mqttv3	>=0 <1.2.1	1.2.1
maven	org.eclipse.paho:java-parent	=1.2.0	1.2.1

Aliases

1. CVE-2019-117772. NVD-2019-117773. OSV-2019-117774. GCVE-2019-11777

References

1. https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.