Improper Certificate Validation
Affecting io.netty:netty-handler artifact, versions [4.1.0.Final,]Report new vulnerabilities
io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server.
Affected versions of this package are vulnerable to Improper Certificate Validation. Certificate hostname validation is disabled by default in
Netty 4.1.x which makes it potentially susceptible to Man-in-the-Middle attacks.
There is no fixed version for
- Snyk ID
- 19 Nov, 2020
- 20 Nov, 2020