{"id":"GO-2021-0083","summary":"Improper certificate validation in github.com/hybridgroup/gobot","details":"TLS certificate verification is skipped when connecting to a MQTT server. This allows an attacker who can MITM the connection to read, or forge, messages passed between the client and server.","aliases":["CVE-2019-12496","GHSA-vfxc-r2gx-v2vq"],"modified":"2024-05-20T16:03:47Z","published":"2021-04-14T20:04:52Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2021-0083"},"references":[{"type":"FIX","url":"https://github.com/hybridgroup/gobot/commit/c1aa4f867846da4669ecf3bc3318bd96b7ee6f3f"},{"type":"WEB","url":"https://github.com/hybridgroup/gobot/releases/tag/v1.13.0"}],"affected":[{"package":{"name":"github.com/hybridgroup/gobot","ecosystem":"Go","purl":"pkg:golang/github.com/hybridgroup/gobot"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.12.1-0.20190521122906-c1aa4f867846"}]}],"ecosystem_specific":{"imports":[{"symbols":["Adaptor.Connect","Adaptor.newTLSConfig"],"path":"github.com/hybridgroup/gobot/platforms/mqtt"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0083.json"}}],"schema_version":"1.7.3"}