What is CVE-2020-11050?

CVE-2020-11050 is a critical-severity vulnerability in Tootallnate Java-websocket, classified under Improper Validation of Certificate with Host Mismatch. CVSS score: 9.0/10. Published 2020-05-07.

How severe is CVE-2020-11050?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Is CVE-2020-11050 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Tootallnate Java-websocket

CVE-2020-11050

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

EPSS: 0.002 (41.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Tootallnate Java-websocket — versions <= 1.4.1

Weakness classification (CWE)

CWE-297 — Improper Validation of Certificate with Host Mismatch

Public proof-of-concept exploits

PalindromeLabs/awesome-websocket-security

References

github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-11050?: CVE-2020-11050 is a critical-severity vulnerability in Tootallnate Java-websocket, classified under Improper Validation of Certificate with Host Mismatch. CVSS score: 9.0/10. Published 2020-05-07.
How severe is CVE-2020-11050?: Critical severity. CVSS v3 base score is 9.0 out of 10.
Is CVE-2020-11050 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.