In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.eclipse.paho:org.eclipse.paho.client.mqttv3(Maven) | 0 | 1.2.1 | N/A |
CVSS Metrics
