com.squareup.retrofit2:retrofit

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.squareup.retrofit2:retrofitpage 1 of 1

CVE-2018-1000844CRITICALCVSS 9.1EG 9.1✓ Fixed in 2.5.0
2018-12-20
vulnerable: 2.0.0 ... 2.4.0 (7 versions)
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file syst…
CVE-2018-1000850HIGHCVSS 7.5✓ Fixed in 2.5.0
2018-12-20
vulnerable: 2.0.0 ... 2.4.0 (7 versions)
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or d…

Check whether com.squareup.retrofit2:retrofit is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.squareup.retrofit2:retrofit CVEs against the assets you own.

Start Free Scan →