CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46957
https://notcve.org/view.php?id=CVE-2024-46957
24 Sep 2024 — Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing because the stanza type is not checked. This is fixed in 0.22.0. Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0. • https://codeberg.org/mellium/xmpp/releases • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24968
https://notcve.org/view.php?id=CVE-2022-24968
11 Feb 2022 — In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification. En Mellium mellium.im/xmpp versiones hasta 0.21.0, un atacante capaz de falsificar los registros TXT de DNS puede redirigir una petición de conexión WebSocket a un servidor bajo su control sin causar que falle la ... • https://mellium.im/cve/cve-2022-24968 • CWE-295: Improper Certificate Validation •