High severity7.5NVD Advisory· Published Apr 6, 2017· Updated May 13, 2026

CVE-2017-7192

Description

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).

Affected products

Starscream Project/Starscream
cpe:2.3:a:starscream_project:starscream:*:*:*:*:*:*:*:*
Range: <=2.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6nvdPatchThird Party Advisory
github.com/daltoniam/Starscream/releases/tag/2.0.4nvdRelease NotesThird Party Advisory
seclists.org/bugtraq/2017/Apr/66nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000