CVE-2017-7192

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-7192

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7192.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-7192

Published

2017-04-06T14:59:00.363Z

Modified

2026-05-17T11:54:31.034435267Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).

References

http://seclists.org/bugtraq/2017/Apr/66
https://github.com/daltoniam/Starscream/releases/tag/2.0.4
https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6

CVE-2017-7192

Affected packages