Vulnerabilities (CVE)

Filtered by vendor Starscream Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7192 1 Starscream Project 1 Starscream 2024-11-21 5.0 MEDIUM 7.5 HIGH
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
CVE-2017-5887 1 Starscream Project 1 Starscream 2024-11-21 5.0 MEDIUM 7.5 HIGH
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).