square/okhttp

square/okhttp

square.github.io

Releases141

Frequency1 month 3 days

Last Release 18 days ago

Stars47K

Square’s meticulous HTTP client for the JVM, Android, and GraalVM.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-0833 ↗	Sep 27, 2023Wednesday, 27 September 2023, 15:16	4.7 MEDIUM	—
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CVE-2023-3782 ↗	Jul 19, 2023Wednesday, 19 July 2023, 21:15	5.9 MEDIUM	—
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response
CVE-2018-20200 ↗	Apr 18, 2019Thursday, 18 April 2019, 19:29	—	4.3 MEDIUM
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967