Security Features The advisory has been revoked - it doesn't affect any version of package afnetworking Open this link in a new tab

Threat Intelligence

EPSS 0.1% (41^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-COCOAPODS-AFNETWORKING-471270
published 20 Nov 2019
disclosed 27 Mar 2015
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 27 Mar 2015

CVE-2015-3996 Open this link in a new tab CWE-254 Open this link in a new tab

Amendment

This was deemed not a vulnerability.

Overview

AFNetworking is a delightful iOS and OS X networking framework.

Affected versions of this package are vulnerable to Security Features. It allows attackers to spoof SSL servers due to the default value for AFSecurityPolicy.validatesDomainName is not set to Yes, so it does not perform verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate.

Security Features The advisory has been revoked - it doesn't affect any version of package afnetworking Open this link in a new tab

Threat Intelligence

Introduced: 27 Mar 2015

Amendment

Overview

References