Improper Certificate Validation

🗓️ 13 Dec 2025 04:20:39Reported by Veracode Vulnerability DatabaseType

OkHttp improper certificate validation enables disclosure via hostname verification in verifyHostName.

Reporter	Title	Published	Views	Family All 57
IBM Security Bulletins	Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.	7 May 202419:59	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to domain certificate spoofing due to the OkHostnameVerifier.java package ( CVE-2021-0341)	18 Jun 202513:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java	8 Jul 202420:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	2 Mar 202614:44	–	ibm
Android Security Bulletins	Android Security Bulletin—February 2021Stay organized with collectionsSave and categorize content based on your preferences.	1 Feb 202100:00	–	androidsecurity
Chainguard	CVE-2021-0341 vulnerabilities	11 Mar 202613:17	–	cgr
Circl	CVE-2021-0341	10 Feb 202120:41	–	circl
CNNVD	Google Android 信任管理问题漏洞	2 Feb 202100:00	–	cnnvd
CNVD	Google Android Android runtime information disclosure vulnerability (CNVD-2021-22975)	2 Feb 202100:00	–	cnvd
CVE	CVE-2021-0341	10 Feb 202116:50	–	cve

Vulners

Node

squareup okhttpRange3.0.0-RC1–4.9.1java

Source	Link
github	www.github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10c
github	www.github.com/advisories/GHSA-3cqm-mf7h-prrj
github	www.github.com/square/okhttp/issues/6724
github	www.github.com/square/okhttp/pull/6741
source	www.source.android.com/security/bulletin/2021-02-01
github	www.github.com/square/okhttp

12 Jan 2026 06:59Current

6.6Medium risk

Vulners AI Score6.6

CVSS 25

CVSS 3.17.5

EPSS0.01387