com.squareup.okhttp3:okhttp
Maven2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting com.squareup.okhttp3:okhttppage 1 of 1
- CVE-2016-2402MEDIUMCVSS 5.9EG 5.9✓ Fixed in 3.1.22017-01-30
vulnerable: 3.0.0, 3.0.1, 3.1.0, 3.1.1
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
- CVE-2021-0341HIGHCVSS 7.5EG 7.5✓ Fixed in 4.9.22021-02-10
vulnerable: 3.0.0 ... 4.9.1 (74 versions)
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges need…
Check whether com.squareup.okhttp3:okhttp is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.squareup.okhttp3:okhttp CVEs against the assets you own.
Start Free Scan →