In Mellium mellium.im/xmpp, an attacker capable of spoofing DNS TXT records
can redirect a WebSocket connection request to a server under their control
without causing TLS certificate verification to fail. This occurs because
the wrong host name is selected during verification.Read More