CVE-2017-7192
HIGHStarscream < 2.0.3 - SSL Pinning Bypass via certValidated Variable Mismanagement
Title source: llmDescription
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/daltoniam/Starscream/releases/tag/2.0.4
Patch, Third Party Advisory x_refsource_confirm
https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6
Mailing List x_refsource_misc
http://seclists.org/bugtraq/2017/Apr/66
Scores
CVSS v3
7.5
EPSS
0.0191
EPSS Percentile
77.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (1)
starscream_project/starscream
< 2.0.3
Published
Apr 06, 2017
Tracked Since
Feb 18, 2026