Launchpad CVE tracker

CVE 2018-20200

** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967.

See the

CVE page on Mitre.org for more details.

References

MISC: https://cxsecurity.com...
MISC: https://github.com/squ...
MISC: https://github.com/squ...
MISC: https://github.com/squ...
MISC: https://square.github....
MLIST: [drill-dev] 20191017 D...
MLIST: [drill-dev] 20191021 [...
MLIST: [drill-issues] 2019102...
MLIST: [flink-user] 20201022 ...
MLIST: [flink-issues] 2020102...
MLIST: [flink-issues] 2020102...
MLIST: [flink-issues] 2020102...
MLIST: [flink-issues] 2020102...
MLIST: [flink-issues] 2020102...
MLIST: [pulsar-commits] 20201...

Launchpad.net

CVE 2018-20200

Related bugs

References