Headline

CVE-2022-22885: DefaultSSLInfo (hutool-码云(gitee.com))

Hutool v5.7.18’s HttpRequest was discovered to ignore all TLS/SSL certificate validation.

3 years ago

java.lang.Object
- cn.hutool.http.ssl.DefaultSSLInfo
public class DefaultSSLInfo extends Object

默认的全局SSL配置，当用户未设置相关信息时，使用默认设置，默认设置为单例模式。

Since:

5.1.2

Author:

looly

- Field Summary
  
  Fields
  
  Modifier and Type
  
  Field and Description
  
  static SSLSocketFactory
  
  DEFAULT_SSF
  
  默认的SSLSocketFactory，区分安卓
  
  static TrustAnyHostnameVerifier
  
  TRUST_ANY_HOSTNAME_VERIFIER
  
  默认信任全部的域名校验器

*   **Constructor Summary**
    
    Constructors 
    
    Constructor and Description
    
    `DefaultSSLInfo()` 
    

*   **Method Summary**
    *   **Methods inherited from class java.lang.Object**`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

- Field Detail
  - TRUST_ANY_HOSTNAME_VERIFIER
    
    public static final TrustAnyHostnameVerifier TRUST_ANY_HOSTNAME_VERIFIER
    
    默认信任全部的域名校验器

    *   **DEFAULT\_SSF**
        
        public static final SSLSocketFactory DEFAULT\_SSF
        
        默认的SSLSocketFactory，区分安卓
        

*   **Constructor Detail**
    *   **DefaultSSLInfo**
        
        public DefaultSSLInfo()

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago