Product
The ex_webrtc library is vulnerable to a man-in-the-middle attack due to missing DTLS peer certificate fingerprint validation in the DTLS client role, potentially allowing interception of media and data channels when chained with insecure signaling or a peer with similar validation gaps; upgrade to versions 0.15.1 or 0.16.1 to mitigate this vulnerability.