Affecting org.apache.mina:mina-core artifact, versions [,2.0.21) || [2.1.0,2.1.1)
org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily.
Affected versions of this package are vulnerable to Information Exposure.
Handling of the
close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear-text messages which were supposed to be encrypted.
org.apache.mina:mina-core to version 2.0.21, 2.1.1 or higher.