Skip to content

Commit

Permalink
CVE-2023-4586 - Hot Rod client does not enable hostname validation wh…
Browse files Browse the repository at this point in the history 
…en using TLS that lead to a MITM attack

A vulnerability was found in the Hot Rod client. This security issue
occurs as the Hot Rod client does not enable hostname validation when
using TLS, possibly resulting in a man-in-the-middle (MITM) attack.

Closes keycloak#24328

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
  • Loading branch information
@abstractj @ahus1
abstractj authored and ahus1 committed Oct 30, 2023
1 parent 6484a3e commit 8df561c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@
<h2.version>2.2.224</h2.version>
<hibernate-orm.plugin.version>6.2.7.Final</hibernate-orm.plugin.version>
<hibernate.c3p0.version>6.2.7.Final</hibernate.c3p0.version>
<infinispan.version>14.0.17.Final</infinispan.version>
<infinispan.version>14.0.19.Final</infinispan.version>
<infinispan.protostream.processor.version>4.6.5.Final</infinispan.protostream.processor.version>

<!--JAKARTA-->
Expand Down

0 comments on commit 8df561c

Please sign in to comment.