GCVE - cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Squareup (`e6d75cdb-57e9-57ad-b44b-f1909365e057`)
Product	Okhttp (`569288c6-314f-5774-8665-9a0b94f1a56a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/libokhttp-java`	purl2cpe	2026-06-01 10:17:50.961558
`pkg:deb/ubuntu/libokhttp-java`	purl2cpe	2026-06-01 10:17:50.961561
`pkg:github/square/okhttp`	purl2cpe	2026-06-01 10:17:50.961565

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-0833`	vulnerable	2026-06-03 14:48:52.946536	Red hat a-mq streams: component version with information disclosure flaw MEDIUM (4.7) A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. Published: 2023-09-27T13:41:12.626Z Updated: 2024-08-02T05:24:34.652Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2023:1241 https://access.redhat.com/errata/RHSA-2023:3223 https://access.redhat.com/security/cve/CVE-2023-0833 https://bugzilla.redhat.com/show_bug.cgi?id=2169845 https://github.com/square/okhttp/issues/6738	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-20200`	vulnerable	2026-06-03 14:38:38.758540	Details available CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967 Published: 2019-04-18T18:31:52.000Z Updated: 2024-08-05T11:58:19.134Z Open on db.gcve.eu Reference links https://square.github.io/okhttp/3.x/okhttp/ https://github.com/square/okhttp/releases https://github.com/square/okhttp/commits/master https://cxsecurity.com/issue/WLB-2018120252 https://github.com/square/okhttp/issues/4967	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2402`	vulnerable	2026-06-03 14:35:42.720308	Details available OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. Published: 2017-01-30T22:00:00.000Z Updated: 2024-08-05T23:24:49.347Z Open on db.gcve.eu Reference links https://koz.io/pinning-cve-2016-2402/ https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ http://www.openwall.com/lists/oss-security/2016/02/10/8 http://www.openwall.com/lists/oss-security/2016/02/18/7 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.