Use of Outdated Vulnerable Component: openssl@1.1.1w

Question

Use of Outdated Vulnerable Component: openssl@1.1.1w

Closed this issue 2 months ago · 2 comments

Describe the bug
While analyzing the apk generated of using FreeRasp 6.5.1 ( latest current version )
( Or specifically this android native implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Flutter:9.1.0' in android build.gradle )
Analyzing the apk has detected the usage of Openssl@1.1.1w

To Reproduce
Use freerasp, analyze the .apk by any security scanning tool ( like MobSF)

Expected behavior
Inside lib/abi_folder/libclib.so files there are strings outlining that openssl version 1.1.1w is used
If Freerasp is confirmed to use this, please update it if possible

Please complete the following information:

Version of freeRASP: 6.5.1

Answer 1 · 2024-06-03T14:13:43.000Z

Hello.

Thank you for bringing this issue to our attention. We'll take a closer look at it.

Answer 2 · 2024-08-08T07:13:12.000Z

Hello @Maf-Dy ,

the issue has been fixed and will be part of next release.

Kind regards,
Talsec team