MITM (Man-in-the-Middle) com.squareup.okhttp3:okhttp Dependency in Jira Software Data Center and Server

This High severity MITM Man-in-the-Middle vulnerability was introduced in version 9.12.1 and 10.3.0 of Jira Software Data Center and Server. This vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:Ncode allows an unauthenticated...

Security Bulletin: vulerability in IBM Spectrum Symphony with okhttp component

Summary vulerability in IBM Spectrum Symphony with okhttp component Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing...

EUVD-2022-2383

Malicious code in bioql PyPI...

EUVD-2023-12835

Malicious code in bioql PyPI...

EUVD-2025-26519

Malicious code in bioql PyPI...

EUVD-2023-44415

Malicious code in bioql PyPI...

CVE-2025-56608

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in OkHttpClientWrapper.java. The handleDigest function employs MessageDigest.getInstance"MD5" to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions...

CVE-2025-56608

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in OkHttpClientWrapper.java. The handleDigest function employs MessageDigest.getInstance"MD5" to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions...

CVE-2025-56608

The CVE-2025-56608 entry concerns the SourceCodester Android app “Corona Virus Tracker App India” v1.0. The issue is in OkHttpClientWrapper.java, where handleDigest() hashes credentials with MD5 via MessageDigest.getInstance("MD5"). MD5 is used for digest authentication, introducing weaknesses su...

CVE-2025-56608

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in OkHttpClientWrapper.java. The handleDigest function employs MessageDigest.getInstance"MD5" to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions...

Linux Distros Unpatched Vulnerability : CVE-2018-20200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean valu...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.3. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP5 where applicable. Multiple Cross-Site Request Forgery vulnerabilities have been addressed CVE-2020-4301, CVE-2021-20468...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Security Bulletin: IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. (CVE-2023-0833).

Summary IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. CVE-2023-0833. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: Red Hat AMQ-Streams could allow ...

Security Bulletin: Vulnerability of okhttp-3.9.0.jar is affecting APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent and APM Data Collector for J2SE

Summary APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent and APM Data Collector for J2SE are vulnerable to okhttp-3.9.0.jar CVE-2023-0833. The workaround includes okhttp-3.9.0.jar upgraded to okhttp-4.12.0.jar. Vulnerability Details CVEID:CVE-2023-0833...

Security Bulletin: IBM Datapower Operations Dashboard could allow a local authenticated attacker to obtain sensitive information CVE-2023-0833

Summary Red Hat AMQ-Streams is used by the IBM Datapower Operations Dashboard implementation of Kubernetes operators Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: Red Hat AMQ-Streams could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in OKHttp...

Presto JDBC Server-Side Request Forgery by redirect

Summary Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting a remote Presto server. An attacker can construct a redirect response that Presto JDBC client will follow and view sensitive information from highly sensitive internal servers or perform a local port scan. Detai...

PT-2023-33073 · Okhttp +1 · Okhttp +1

Name of the Vulnerable Software and Affected Versions: Presto JDBC affected versions not specified Description: Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting to a remote Presto server. An attacker can construct a redirect response that the Presto JDBC client will...

CVE-2023-0833

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

CVE-2023-0833

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...