2 matches found
CVE-2018-1000850
CVE-2018-1000850 pertains to Square Retrofit: versions from 2.0 up to 2.4.x (inclusive) contain a Directory Traversal vulnerability in RequestBuilder.addPathParameter. By manipulating an encoded path parameter on POST/PUT/DELETE requests, an attacker could potentially access or alter resources ou...
CVE-2018-1000844
CVE-2018-1000844 concerns Square Open Source Retrofit. The vulnerability stems from an XML External Entity (XXE) flaw in JAXB in Retrofit versions prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437, which could allow an attacker to read files from the filesystem or perform SSRF. The issue i...