swift-nscoding
swift-nscoding
The application was found to use nscoding, which is not considered secure. When decoding serialized objects, it is not possible to determine what they are, until post-decoding.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures
NSSecureCoding should be used in place of nscoding, and secure serialization and deserialization should be used in all cases where such functionality is required.Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures