search

talsec / Free-RASP-Flutter

Flutter library for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
194 stars 20 forks source link

Use of Outdated Vulnerable Component: openssl@1.1.1w #114

Closed Maf-Dy closed 1 month ago

Maf-Dy commented 5 months ago

Describe the bug While analyzing the apk generated of using FreeRasp 6.5.1 ( latest current version ) ( Or specifically this android native implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Flutter:9.1.0' in android build.gradle ) Analyzing the apk has detected the usage of Openssl@1.1.1w

To Reproduce Use freerasp, analyze the .apk by any security scanning tool ( like MobSF)

Expected behavior Inside lib/abi_folder/libclib.so files there are strings outlining that openssl version 1.1.1w is used If Freerasp is confirmed to use this, please update it if possible

Please complete the following information:

yardexx commented 5 months ago

Hello.

Thank you for bringing this issue to our attention. We'll take a closer look at it.

msikyna commented 3 months ago

Hello @Maf-Dy ,

the issue has been fixed and will be part of next release.

Kind regards, Talsec team