okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 9

New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 7

New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

Streams: component version with information disclosure flaw

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

CVE-2023-0833

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 XP 4.0.0.GA Security release

JBoss EAP XP 4.0.0.GA Security release on the EAP 7.4.9 base. See references for release notes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2021-40690, CVE-2022-25647, XFID: 233967)

Summary IBM Planning Analytics Workspace is affected by multiple vulnerabilities. Apache Santuario Security for Java provides a mechanism for XML-Signature & XML Encryption syntax and processing CVE-2021-40690. Google Gson is an open-source Java library to serialize and deserialize Java objects t...

ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +30094 more potentially affected by CVE-2021-0341 via com.squareup.okhttp3:okhttp (>=3.0.0-RC1 <=4.9.1)

com.squareup.okhttp3:okhttp MAVEN version =3.0.0-RC1, =0.1.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.1, =0.1.2 - ai.ancf.lmos-router:benchmarks =0.28.0 -...

GHSA-3CQM-MF7H-PRRJ Square OkHttp can accept the wrong certificate

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +17892 more potentially affected by CVE-2021-0341 via com.squareup.okhttp3:okhttp (>=4.0.0-RC1 <=4.9.1)

com.squareup.okhttp3:okhttp MAVEN version =4.0.0-RC1, =0.1.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.1, =0.1.2 - ai.ancf.lmos-router:benchmarks =0.28.0 -...

Improper Certificate Validation

Overview com.squareup.okhttp3:okhttp is a HTTP & HTTP/2 client for Android and Java applications Affected versions of this package are vulnerable to Improper Certificate Validation via the verifyHostName function in OkHostnameVerifier.java. An attacker can gain unauthorized access to sensitive...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.berktest:BerkClient (>=1.0.0 <=1.0.3) +13209 more potentially affected by CVE-2016-2402 via com.squareup.okhttp3:okhttp (>=3.0.0 <=3.1.1)

com.squareup.okhttp3:okhttp MAVEN version =3.0.0, =0.5.0, =1.0.0, =0.80.7, =0.80.7, =0.80.7, =0.80.7, =3.24.0.1, =3.32.0.1-2-2.1, =3.32.0.1-2-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.36.0.2-1-2.4 and more Source cves: CVE-2016-2402 Source...

Improper Certificate Validation in OkHttp

OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate...

GHSA-4HC2-JH7R-WRC3 Improper Certificate Validation in OkHttp

OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate...

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

Design/Logic Flaw

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

CVE-2021-21430

OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - OkHttp 3.x (CVE-2018-20200)

Summary CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. Vulnerability Details CVEID: CVE-2018-20200 DESCRIPTION: DISPUTED CertificatePinner.java in...

CVE-2020-12624

The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions...