| module: github.com/hybridgroup/gobot |
| package: github.com/hybridgroup/gobot/platforms/mqtt |
| versions: |
| - fixed: v1.12.1-0.20190521122906-c1aa4f867846 |
| description: | |
| TLS certificate verification is skipped when connecting to a MQTT server. |
| This allows an attacker who can MITM the connection to read, or forge, |
| messages passed between the client and server. |
| published: 2021-04-14T12:00:00Z |
| cve: CVE-2019-12496 |
| symbols: |
| - Adaptor.newTLSConfig |
| links: |
| commit: https://github.com/hybridgroup/gobot/commit/c1aa4f867846da4669ecf3bc3318bd96b7ee6f3f |
| context: |
| - https://github.com/hybridgroup/gobot/releases/tag/v1.13.0 |