VYPR
Unrated severityOSV Advisory· Published Apr 18, 2019· Updated Aug 5, 2024

CVE-2018-20200

CVE-2018-20200

Description

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Square/OkhttpOSV2 versions
    list, parent-3.0.0, parent-3.0.1, …+ 1 more
    • (no CPE)range: list, parent-3.0.0, parent-3.0.1, …
    • (no CPE)range: <=3.12.0

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.