Squareup Okhttp
By the Year
In 2024 there have been 0 vulnerabilities in Squareup Okhttp . Last year Okhttp had 2 security vulnerabilities published. Right now, Okhttp is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 2 | 5.70 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 1 | 5.90 |
2018 | 0 | 0.00 |
It may take a day or so for new Okhttp vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Squareup Okhttp Security Vulnerabilities
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw
CVE-2023-0833
5.5 - Medium
- September 27, 2023
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
Generation of Error Message Containing Sensitive Information
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker
CVE-2023-3782
5.9 - Medium
- July 19, 2023
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response
CertificatePinner.java in OkHttp 3.x through 3.12.0
CVE-2018-20200
5.9 - Medium
- April 18, 2019
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967
Improper Certificate Validation
OkHttp before 2.7.4 and 3.x before 3.1.2
CVE-2016-2402
5.9 - Medium
- January 30, 2017
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
Improper Certificate Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Squareup Okhttp or by Squareup? Click the Watch button to subscribe.