This allows an active attacker, for instance one operating a malicious WiFi, to intercept these encrypted connections using the attacker's spoofed certificate and keys. Doing so compromises the data communicated over this channel, as well as allowing an attacker to impersonate both the server and the client during the live session, sending spoofed data to either side.
Update to version 1.6.9 or greater.
If a direct dependency update is not possible, use
snyk wizard to patch this vulnerability.
Snyk patch available for versions: