Vulnerabilities > Squareup
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-0833 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. | 5.5 |
| 2023-07-19 | CVE-2023-3782 | Unspecified vulnerability in Squareup Okhttp-Brotli DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response | 5.9 |
| 2023-07-12 | CVE-2023-3635 | Incorrect Conversion between Numeric Types vulnerability in Squareup Okio GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. | 7.5 |
| 2021-02-03 | CVE-2021-23331 | Unspecified vulnerability in Squareup Connect Java Software Development KIT This affects all versions of package com.squareup:connect. | 2.1 |
| 2019-04-18 | CVE-2018-20200 | Improper Certificate Validation vulnerability in Squareup Okhttp CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. | 5.9 |
| 2018-12-20 | CVE-2018-1000850 | Path Traversal vulnerability in Squareup Retrofit Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. | 7.5 |
| 2018-12-20 | CVE-2018-1000844 | XXE vulnerability in Squareup Retrofit 2.4.0 Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. | 6.4 |
| 2017-01-30 | CVE-2016-2402 | Improper Certificate Validation vulnerability in Squareup Okhttp and Okhttp3 OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. | 5.9 |
| 2016-11-03 | CVE-2015-8969 | Command Injection vulnerability in Squareup Git-Fastclone 1.0.0/1.0.1 git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. | 10.0 |
| 2016-11-03 | CVE-2015-8968 | Command Injection vulnerability in Squareup Git-Fastclone 1.0.0 git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. | 9.3 |