THREAT OPS › Threat News › [GHSA] GHSA-8f6j-263m-g72x (medium) — Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate revocation checks
[GHSA] GHSA-8f6j-263m-g72x (medium) — Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate revocation checks
GHSA-8f6j-263m-g72x Severity: medium CVE: None
Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate revocation checks
### Summary `SignedDataVerifier` attempts to perform online revocation checking when `enable_online_checks=True`, but its OCSP validation logic accepts stale `GOOD` responses as valid indefinitely. In `appstoreserv
Original source: https://github.com/advisories/GHSA-8f6j-263m-g72x