ch.acra:acra@4.3.0 vulnerabilities
-
latest version
4.11.1
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
4 years ago
-
licenses detected
- [4.2.3,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the ch.acra:acra package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
ch.acra:acra is a library that handles Application Crash Reports for Android. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. How to fix Man-in-the-Middle (MitM)? Upgrade |
[,4.4.0)
|