漏洞可以修复吗 #360

bipanfei · 2023-11-14T02:56:32Z

漏洞描述应用使用了 HostnameVerifier 接口，并修改了 verify 的实现，但没有对传入的域名进行合理检查，存在中间人攻击风险
漏洞线索1: Lcom/allenliu/versionchecklib/core/http/a$c;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z2: Lb/c/a/f/a$b;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z | 1: Lcom/allenliu/versionchecklib/core/http/a$c;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z | 2: Lb/c/a/f/a$b;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z
1: Lcom/allenliu/versionchecklib/core/http/a$c;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z
2: Lb/c/a/f/a$b;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

漏洞可以修复吗 #360

漏洞可以修复吗 #360

bipanfei commented Nov 14, 2023

漏洞可以修复吗 #360

漏洞可以修复吗 #360

Comments

bipanfei commented Nov 14, 2023