{"id":"CVE-2019-0231","details":"Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.","aliases":["GHSA-5h29-qq92-wj7f"],"modified":"2026-04-11T18:11:53.499788Z","published":"2019-10-01T20:15:11.010Z","references":[{"type":"ADVISORY","url":"http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/mina","events":[{"introduced":"0"},{"last_affected":"ed33252f2dcc7cfa961aa654e96ab4370e908dce"},{"last_affected":"b71555ca2ef33d75f0aea7830079beeb0b92c53a"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2.0.20"},{"last_affected":"2.1.1"}],"cpe":["cpe:2.3:a:apache:mina:2.0.20:*:*:*:*:*:*:*","cpe:2.3:a:apache:mina:2.1.1:*:*:*:*:*:*:*"]}}],"versions":["2.0.10","2.0.11","2.0.12","2.0.13","2.0.14","2.0.15","2.0.16","2.0.17","2.0.18","2.0.19","2.0.20","2.0.8","2.0.9","2.1.0","2.1.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0231.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}