FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-slixmpp -- incomplete SSL certificate validation

Affected packages
py310-slixmpp < 1.8.3
py311-slixmpp < 1.8.3
py37-slixmpp < 1.8.3
py38-slixmpp < 1.8.3
py39-slixmpp < 1.8.3

Details

VuXML ID 93db4f92-9997-4f4f-8614-3963d9e2b0ec
Discovery 2022-12-25
Entry 2023-04-09

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

References

CVE Name CVE-2022-45197
URL https://osv.dev/vulnerability/GHSA-q6cq-m9gm-6q2f