Vulnerability Details CVE-2017-7192
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://seclists.org/bugtraq/2017/Apr/66
- https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6
- https://github.com/daltoniam/Starscream/releases/tag/2.0.4
- http://seclists.org/bugtraq/2017/Apr/66
- https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6
- https://github.com/daltoniam/Starscream/releases/tag/2.0.4
Products affected by CVE-2017-7192
-
cpe:2.3:a:starscream_project:starscream:0.9.1
-
cpe:2.3:a:starscream_project:starscream:0.9.2
-
cpe:2.3:a:starscream_project:starscream:0.9.3
-
cpe:2.3:a:starscream_project:starscream:0.9.4
-
cpe:2.3:a:starscream_project:starscream:0.9.5
-
cpe:2.3:a:starscream_project:starscream:0.9.6
-
cpe:2.3:a:starscream_project:starscream:0.9.7
-
cpe:2.3:a:starscream_project:starscream:1.0.0
-
cpe:2.3:a:starscream_project:starscream:1.0.1
-
cpe:2.3:a:starscream_project:starscream:1.0.2
-
cpe:2.3:a:starscream_project:starscream:1.1.0
-
cpe:2.3:a:starscream_project:starscream:1.1.1
-
cpe:2.3:a:starscream_project:starscream:1.1.2
-
cpe:2.3:a:starscream_project:starscream:1.1.3
-
cpe:2.3:a:starscream_project:starscream:1.1.4
-
cpe:2.3:a:starscream_project:starscream:2.0.0
-
cpe:2.3:a:starscream_project:starscream:2.0.1
-
cpe:2.3:a:starscream_project:starscream:2.0.2
-
cpe:2.3:a:starscream_project:starscream:2.0.3