High Severity Risk - Insecure Storage: HTTP Response Cache Leak #1989
arunkumar-g3690
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Summary
On line 60 of LottieAnimationViewInitializers.swift, the method init^:url:compatibleRenderingEngineOption:() performs a URL request without configuring the URL loading system to prevent the caching of HTTP(S) responses.The identified method performs a URL request without configuring the URL loading system to prevent the caching of HTTP(S) responses.
Which Version of Lottie are you using?
Lottie 4.1.3
Explanation
The HTTP(S) responses may contain sensitive data such as session cookies and API tokens. The URL loading system will cache all the HTTP(S) responses for performance reasons, storing them unencrypted in the {app ID}/Library/Caches/com.mycompany.myapp/Cache.db* files.
Expected Fix
In order to prevent the caching of HTTP(S) responses containing sensitive data, implement the
URLSessionDataDelegate urlSession(_:dataTask:willCacheResponse:completionHandler:) delegate method and call completionHandler(nil) when the response should not be cached.
Beta Was this translation helpful? Give feedback.
All reactions