Product:

Okhttp

(Squareup)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 3
Date Id Summary Products Score Patch Annotated
2019-04-18 CVE-2018-20200 CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967 Okhttp 5.9
2017-01-30 CVE-2016-2402 OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. Okhttp, Okhttp3 5.9
2023-09-27 CVE-2023-0833 A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. A\-Mq_streams, Okhttp 5.5