漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mellium 安全漏洞
Vulnerability Description
Mellium是提供来自可扩展消息传递和存在协议的功能。 Mellium 存在信任管理问题漏洞,该漏洞源于在Mellium的0.21.0版本中,在验证过程中选择了错误的主机名。能够欺骗DNS TXT记录的攻击者可利用该漏洞将WebSocket连接请求重定向到他们控制下的服务器,而不会导致TLS证书验证失败。
CVSS Information
N/A
Vulnerability Type
N/A