Okhttp

okhttp

Vendor: Squareup • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-0833 2Redhat Squareup 2A Mq Streams Okhttp Nov 21, 2024 Sep 27, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an a...Show more A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.Show less
CVE-2018-20200 1Squareup 1Okhttp Nov 21, 2024 Apr 18, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed...Show more CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967Show less
CVE-2016-2402 1Squareup 2Okhttp Okhttp3 May 13, 2026 Jan 30, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.