Security Features The advisory has been revoked - it doesn't affect any version of package afnetworking Open this link in a new tab
Threat Intelligence
EPSS
0.1% (41st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-COCOAPODS-AFNETWORKING-471270
- published 20 Nov 2019
- disclosed 27 Mar 2015
- credit Unknown
Introduced: 27 Mar 2015
CVE-2015-3996 Open this link in a new tabAmendment
This was deemed not a vulnerability.
Overview
AFNetworking is a delightful iOS and OS X networking framework.
Affected versions of this package are vulnerable to Security Features. It allows attackers to spoof SSL servers due to the default value for AFSecurityPolicy.validatesDomainName
is not set to Yes
, so it does not perform verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate.