swift-keyedarchiver
swift-keyedarchiver
The application was found to use
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures
NSKeyedArchiver
without utilizing requiringSecureCoding
, which is not considered secure. This can allow for deserialization vulnerabilities, and the application should always ensure requiringSecureCoding
is set to true.Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures