GCVE - cpe:2.3:a:squareup:okhttp3:3.1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:squareup:okhttp3:3.1.0:*:*:*:*:*:*:*

part: a version: 3.1.0 update: *

Vendor	Squareup (`e6d75cdb-57e9-57ad-b44b-f1909365e057`)
Product	Okhttp3 (`4f5e8ac8-cedb-553c-841c-4db0925ab661`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/libokhttp-java`	purl2cpe	2026-06-01 10:17:50.987733
`pkg:deb/ubuntu/libokhttp-java`	purl2cpe	2026-06-01 10:17:50.987734
`pkg:github/square/okhttp`	purl2cpe	2026-06-01 10:17:50.987736

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-2402`	vulnerable	2026-06-03 14:35:42.722674	Details available OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. Published: 2017-01-30T22:00:00.000Z Updated: 2024-08-05T23:24:49.347Z Open on db.gcve.eu Reference links https://koz.io/pinning-cve-2016-2402/ https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ http://www.openwall.com/lists/oss-security/2016/02/10/8 http://www.openwall.com/lists/oss-security/2016/02/18/7 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.