{"id":"PYSEC-2022-43013","details":"Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.","aliases":["CVE-2022-45197","GHSA-q6cq-m9gm-6q2f"],"modified":"2023-11-01T05:00:21.255881Z","published":"2022-12-25T05:15:00Z","references":[{"type":"WEB","url":"https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py"},{"type":"WEB","url":"https://github.com/poezio/slixmpp/tags"},{"type":"WEB","url":"https://lab.louiz.org/poezio/slixmpp/-/commits/master"},{"type":"WEB","url":"https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa"}],"affected":[{"package":{"name":"slixmpp","ecosystem":"PyPI","purl":"pkg:pypi/slixmpp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.3"}]}],"versions":["1.0","1.0.post1","1.0.post2","1.0.post3","1.0.post4","1.0.post5","1.1","1.2","1.2.1","1.2.2","1.2.3","1.2.4","1.2.4.post1","1.3.0","1.4.0","1.4.1","1.4.2","1.5.0","1.5.1","1.5.2","1.6.0","1.7.0","1.7.1","1.8.0","1.8.0.1","1.8.1","1.8.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/slixmpp/PYSEC-2022-43013.yaml"}}],"schema_version":"1.7.3"}