VYPR

Maven package

com.squareup.okhttp3/okhttp

pkg:maven/com.squareup.okhttp3/okhttp

Vulnerabilities (2)

  • CVE-2021-0341Feb 10, 2021
    affected < 4.9.2fixed 4.9.2

    In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for ex

  • CVE-2016-2402MedJan 30, 2017
    affected < 2.7.4fixed 2.7.4

    OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.