Back to search
CVE-2018-20200
Published: Apr 18, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://square.github.io/okhttp/3.x/okhttp/
x_refsource_MISC
https://github.com/square/okhttp/releases
x_refsource_MISC
https://github.com/square/okhttp/commits/master
x_refsource_MISC
https://cxsecurity.com/issue/WLB-2018120252
x_refsource_MISC
https://github.com/square/okhttp/issues/4967
x_refsource_MISC
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
mailing-list
x_refsource_MLIST
[flink-user] 20201022 Dependency vulnerabilities with flink 1.11.1 version
mailing-list
x_refsource_MLIST
[flink-issues] 20201023 [jira] [Assigned] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200
mailing-list
x_refsource_MLIST
[flink-issues] 20201023 [jira] [Commented] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200
mailing-list
x_refsource_MLIST
[flink-issues] 20201023 [jira] [Updated] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200
mailing-list
x_refsource_MLIST
[flink-issues] 20201026 [jira] [Closed] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200
mailing-list
x_refsource_MLIST
[flink-issues] 20201026 [jira] [Commented] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200
mailing-list
x_refsource_MLIST
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now