EUVD-2022-2383

Malicious code in bioql PyPI...

Square OkHttp 安全漏洞

Square OkHttp is the United States Square's set of HTTP and HTTP /2 client software for Android and Java applications . The software supports synchronous blocking calls and asynchronous calls with callbacks, response caching to avoid duplicate requests over the network, and more. OkHttp suffers...

ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +17892 more potentially affected by CVE-2021-0341 via com.squareup.okhttp3:okhttp (>=4.0.0-RC1 <=4.9.1)

com.squareup.okhttp3:okhttp MAVEN version =4.0.0-RC1, =0.1.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.1, =0.1.2 - ai.ancf.lmos-router:benchmarks =0.28.0 -...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.berktest:BerkClient (>=1.0.0 <=1.0.3) +13209 more potentially affected by CVE-2016-2402 via com.squareup.okhttp3:okhttp (>=3.0.0 <=3.1.1)

com.squareup.okhttp3:okhttp MAVEN version =3.0.0, =0.5.0, =1.0.0, =0.80.7, =0.80.7, =0.80.7, =0.80.7, =3.24.0.1, =3.32.0.1-2-2.1, =3.32.0.1-2-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.36.0.2-1-2.4 and more Source cves: CVE-2016-2402 Source...

CVE-2018-20200

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...

DEBIAN-CVE-2018-20200

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...