CVE-2017-7192

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7192
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7192.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7192
Published
2017-04-06T14:59:00Z
Modified
2025-01-08T10:13:34.110867Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).

References

Affected packages

Git / github.com/daltoniam/starscream

Affected ranges

Type
GIT
Repo
https://github.com/daltoniam/starscream
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7

1.*

1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4

2.*

2.0.0
2.0.1
2.0.2
2.0.3