OWASP security issue shown in report

[mouradxmt]

In a part of the codebase, a method intended to verify SSL certificate always returns true. the security report shows

com.ReactNativeBlobUtil.ReactNativeBlobUtilUtils$1 does not check TLS certificate validity correctly

A HostnameVerifier needs to check that a valid TLS certificate was issued specifically for use with the exact URL that is currently being accessed. Your class com.ReactNativeBlobUtil.ReactNativeBlobUtilUtils$1, which acts as HostnameVerifier, always returns true for this check making it easy for attackers to impersonate any server as part of a man-in-the-middle (MitM) attack. For example, with the check skipped, a valid certificate for an attacker’s domain “malicious.com” can be used in place of the “your-domain.com” certificate and your app would trust it.

where it did find it

com.ReactNativeBlobUtil.ReactNativeBlobUtilUtils$1
com/ReactNativeBlobUtil/ReactNativeBlobUtilUtils.java
Found in Library: com.ReactNativeBlobUtil

public boolean verify(String string, SSLSession sSLSession) {
    return true;
}