MEDIUM🇬🇧 English

CVE-2018-20200

CVSS 5.9v3.0pub. 2019-04-18upd. 2024-11-21

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Squareup Okhttp

    APP
    Squareup
    3.0.0 – 3.12.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-0833MEDIUM4.7ten sam produkt

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information d...

CVE-2016-2402MEDIUM5.9ten sam produkt

OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by s...

CVE-2018-1000844CRITICAL9.1ten sam vendor

Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML Ex...

CVE-2015-8969CRITICAL9.8ten sam vendor

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute...

CVE-2018-1000850HIGH7.5ten sam vendor

Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vul...