CVE-2019-12496: Improper Certificate Validation

May 24, 2022 (updated February 24, 2023)

An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default.

References

github.com/advisories/GHSA-vfxc-r2gx-v2vq
github.com/hybridgroup/gobot/commit/c1aa4f867846da4669ecf3bc3318bd96b7ee6f3f
github.com/hybridgroup/gobot/compare/ed53198...7f973df
github.com/hybridgroup/gobot/releases/tag/v1.13.0
nvd.nist.gov/vuln/detail/CVE-2019-12496
pkg.go.dev/vuln/GO-2021-0083

Code Behaviors & Features

Detect and mitigate CVE-2019-12496 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →