From 156f4d7db73fab896fe91ee7d3617a80877b2413 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Bresson?= Date: Wed, 12 Nov 2025 11:21:31 +0100 Subject: [PATCH] Improve GHSA-3cqm-mf7h-prrj --- .../GHSA-3cqm-mf7h-prrj.json | 29 +++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/advisories/unreviewed/2022/05/GHSA-3cqm-mf7h-prrj/GHSA-3cqm-mf7h-prrj.json b/advisories/unreviewed/2022/05/GHSA-3cqm-mf7h-prrj/GHSA-3cqm-mf7h-prrj.json index 0c621366ce2c8..7b2f31f0bee8a 100644 --- a/advisories/unreviewed/2022/05/GHSA-3cqm-mf7h-prrj/GHSA-3cqm-mf7h-prrj.json +++ b/advisories/unreviewed/2022/05/GHSA-3cqm-mf7h-prrj/GHSA-3cqm-mf7h-prrj.json @@ -1,19 +1,44 @@ { "schema_version": "1.4.0", "id": "GHSA-3cqm-mf7h-prrj", - "modified": "2022-05-24T17:41:45Z", + "modified": "2023-01-29T05:05:19Z", "published": "2022-05-24T17:41:45Z", "aliases": [ "CVE-2021-0341" ], + "summary": "verifyHostName of OkHostnameVerifier.java accept wrong certificate", "details": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069", "severity": [], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "com.squareup.okhttp3:okhttp" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.9.2" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341" }, + { + "type": "WEB", + "url": "https://github.com/square/okhttp/issues/6724" + }, { "type": "WEB", "url": "https://source.android.com/security/bulletin/2021-02-01"