← back
CVE-2017-5887

CVE-2017-5887

EPSS 1.4%
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/bugtraq/2017/Apr/67https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6https://github.com/daltoniam/Starscream/releases/tag/2.0.4