daltoniam

2 exploits Active since Apr 2017
CVE-2017-5887 WRITEUP HIGH WRITEUP
Starscream < 2.0.3 - SSL Pinning Bypass via Late Certificate Validation
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).
CVSS 7.5
CVE-2017-7192 WRITEUP HIGH WRITEUP
Starscream < 2.0.3 - SSL Pinning Bypass via certValidated Variable Mismanagement
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
CVSS 7.5