Maven package
com.squareup.okhttp3/okhttp
pkg:maven/com.squareup.okhttp3/okhttp
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-0341 | — | < 4.9.2 | 4.9.2 | Feb 10, 2021 | In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for ex | ||
| CVE-2016-2402 | Med | 5.9 | < 2.7.4 | 2.7.4 | Jan 30, 2017 | OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. |
- CVE-2021-0341Feb 10, 2021affected < 4.9.2fixed 4.9.2
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for ex
- affected < 2.7.4fixed 2.7.4
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.