VYPR

Maven package

com.squareup.retrofit2/retrofit

pkg:maven/com.squareup.retrofit2/retrofit

Vulnerabilities (2)

  • CVE-2018-1000850Dec 20, 2018
    affected >= 2.0.0, < 2.5.0fixed 2.5.0

    Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to

  • CVE-2018-1000844Dec 20, 2018
    affected >= 2.0.0, < 2.5.0fixed 2.5.0

    Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerabilit