{"schema_version": "1.6.1", "id": "CVE-2022-32531", "summary": "Java Client Uses Connection to Host that Failed Hostname Verification", "details": "The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves\nthe bookkeeper client vulnerable to a man in the middle attack.\n\nThe problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"last_affected": "0"}]}, {"type": "SEMVER", "events": [{"introduced": "4.15.0"}, {"last_affected": "4.15.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9"}]}