blob: 64e848e15f682825136925a7382c19f338cdccc4 [file] [log] [blame]
module: github.com/hybridgroup/gobot
package: github.com/hybridgroup/gobot/platforms/mqtt
versions:
- fixed: v1.12.1-0.20190521122906-c1aa4f867846
description: |
TLS certificate verification is skipped when connecting to a MQTT server.
This allows an attacker who can MITM the connection to read, or forge,
messages passed between the client and server.
cves:
- CVE-2019-12496
symbols:
- Adaptor.newTLSConfig
links:
commit: https://github.com/hybridgroup/gobot/commit/c1aa4f867846da4669ecf3bc3318bd96b7ee6f3f
context:
- https://github.com/hybridgroup/gobot/releases/tag/v1.13.0