OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NSquareup Okhttp
APPSquareup≤ 2.7.3Squareup Okhttp3
APPSquareup3.0.03.0.13.1.03.1.1
Powiązane podatności
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information d...
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate p...
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML Ex...
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute...
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vul...