CVE-2017-5887

Published: Apr 6, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://seclists.org/bugtraq/2017/Apr/67

x_refsource_MISC

https://github.com/daltoniam/Starscream/releases/tag/2.0.4

x_refsource_CONFIRM

https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-5887

Description

Affected Products

References