Squareup Okhttp3 vulnerabilities

1 known vulnerability affecting squareup/okhttp3.

Total CVEs

1

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2016-2402MEDIUMCVSS 5.9v3.0.0v3.0.1+2 more2017-01-30

CVE-2016-2402 [MEDIUM] CWE-295 CVE-2016-2402: OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pi OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.