CVE-2019-11777: Improper Handling of Exceptional Conditions

September 17, 2019 (updated April 27, 2021)

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

References

github.com/advisories/GHSA-63qc-p2x4-9fgf
nvd.nist.gov/vuln/detail/CVE-2019-11777

Detect and mitigate CVE-2019-11777 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →