Posted by Security Advisories on Apr 21Product: Starscream websocket library
CVE Reference: CVE-2017-7192
Type: SSL Pinning bypass / Information disclosure
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because of incorrect management of the certValidated variable
(it can be set to true but cannot be set to false).
The open-source Starscream library provides a SWIFT implementation of