CVE-2021-0341
Square OkHttp can accept the wrong certificate
7.5
HIGH
CVSS 3.1
EPSS 1.4%
Description
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android ID: A-171980069
How to fix CVE-2021-0341
To remediate CVE-2021-0341, upgrade the affected package to a fixed version below.
- —upgrade to 4.9.2 or later
Is CVE-2021-0341 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.9.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |