CVE-2023-4586 - Hot Rod client does not enable hostname validation when using TLS that lead to a MITM attack

A vulnerability was found in the Hot Rod client. This security issue
occurs as the Hot Rod client does not enable hostname validation when
using TLS, possibly resulting in a man-in-the-middle (MITM) attack.

Closes #24328

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
This commit is contained in:
Bruno Oliveira da Silva 2023-10-26 13:43:02 -03:00 committed by Alexander Schwartz
parent 6484a3e705
commit 8df561c675

View file

@ -87,7 +87,7 @@
<h2.version>2.2.224</h2.version>
<hibernate-orm.plugin.version>6.2.7.Final</hibernate-orm.plugin.version>
<hibernate.c3p0.version>6.2.7.Final</hibernate.c3p0.version>
<infinispan.version>14.0.17.Final</infinispan.version>
<infinispan.version>14.0.19.Final</infinispan.version>
<infinispan.protostream.processor.version>4.6.5.Final</infinispan.protostream.processor.version>
<!--JAKARTA-->