VulnerableCode Package Details - pkg:maven/com.squareup.okhttp3/okhttp@3.9.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4e5q-x177-uyat Aliases: CVE-2021-0341 GHSA-3cqm-mf7h-prrj	Square OkHttp can accept the wrong certificate In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android ID: A-171980069	4.9.2 Affected by 0 other vulnerabilities.
VCID-7yzs-xpqs-skbc Aliases: CVE-2018-20200	Improper Certificate Validation CertificatePinner.java allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.	3.12.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-4e5q-x177-uyat
Aliases:
CVE-2021-0341
GHSA-3cqm-mf7h-prrj

Square OkHttp can accept the wrong certificate In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android ID: A-171980069

4.9.2
Affected by 0 other vulnerabilities.

VCID-7yzs-xpqs-skbc
Aliases:
CVE-2018-20200

Improper Certificate Validation CertificatePinner.java allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.

3.12.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:55:53.794646+00:00	GitLab Importer	Affected by	VCID-4e5q-x177-uyat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.squareup.okhttp3/okhttp/CVE-2021-0341.yml	38.4.0
2026-04-16T20:53:50.059787+00:00	GitLab Importer	Affected by	VCID-7yzs-xpqs-skbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.squareup.okhttp3/okhttp/CVE-2018-20200.yml	38.4.0
2026-04-11T23:11:17.536355+00:00	GitLab Importer	Affected by	VCID-4e5q-x177-uyat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.squareup.okhttp3/okhttp/CVE-2021-0341.yml	38.3.0
2026-04-11T22:04:43.092667+00:00	GitLab Importer	Affected by	VCID-7yzs-xpqs-skbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.squareup.okhttp3/okhttp/CVE-2018-20200.yml	38.3.0
2026-04-02T23:19:45.967957+00:00	GitLab Importer	Affected by	VCID-4e5q-x177-uyat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.squareup.okhttp3/okhttp/CVE-2021-0341.yml	38.1.0
2026-04-02T22:17:39.322070+00:00	GitLab Importer	Affected by	VCID-7yzs-xpqs-skbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.squareup.okhttp3/okhttp/CVE-2018-20200.yml	38.1.0
2026-04-01T17:40:17.554127+00:00	GitLab Importer	Affected by	VCID-4e5q-x177-uyat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.squareup.okhttp3/okhttp/CVE-2021-0341.yml	38.0.0
2026-04-01T16:35:17.627749+00:00	GitLab Importer	Affected by	VCID-7yzs-xpqs-skbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.squareup.okhttp3/okhttp/CVE-2018-20200.yml	38.0.0