CVE-2019-11777
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
7.5
HIGH
CVSS 3.1
EPSS 1.3%
Description
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
How to fix CVE-2019-11777
To remediate CVE-2019-11777, upgrade the affected package to a fixed version below.
- —upgrade to 1.2.1 or later
Is CVE-2019-11777 being exploited?
Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |