CVE-2017-7192

Published: Apr 6, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/daltoniam/Starscream/releases/tag/2.0.4

x_refsource_CONFIRM

https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6

x_refsource_CONFIRM

http://seclists.org/bugtraq/2017/Apr/66

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-7192

Description

Affected Products

References