RSS   Vulnerabilities for 'Starscream'   RSS

2017-04-06
 
CVE-2017-7192

 

 
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).

 
 
CVE-2017-5887

 

 
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).

 


Copyright 2024, cxsecurity.com

 

Back to Top