| Vulnerable Component Details | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type | Namespace | Name | Version | Package URL | |||||||||
| maven | com.squareup.okhttp3 | okhttp | 4.4.1 | pkg:maven/com.squareup.okhttp3/okhttp@4.4.1?type=jar | |||||||||
| Vulnerability Details | |||||||||||||
| ID | CVE-2021-0341 | ||||||||||||
| Description | In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 | ||||||||||||
| Ratings |
|
||||||||||||
| Found By | Sonotype OSS-Index | ||||||||||||
| References / Advisories | |||||||||||||
| Weakness Enumeration | |||||||||||||