Vulnerabilities > Squareup > Retrofit > 2.4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-20 | CVE-2018-1000850 | Path Traversal vulnerability in Squareup Retrofit Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. | 7.5 |
2018-12-20 | CVE-2018-1000844 | XXE vulnerability in Squareup Retrofit 2.4.0 Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. | 9.1 |