[DepShield] (CVSS 5.9) Vulnerability due to usage of com.squareup.okhttp3:okhttp:3.11.0 #5

sonatype-depshield · 2019-06-06T01:49:17Z

Vulnerabilities

DepShield reports that this application's usage of com.squareup.okhttp3:okhttp:3.11.0 results in the following vulnerability(s):

(CVSS 5.9) [CVE-2018-20200] ** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in...

Occurrences

com.squareup.okhttp3:okhttp:3.11.0 is a transitive dependency introduced by the following direct dependency(s):

• org.seleniumhq.selenium:selenium-java:3.141.59
└─ com.squareup.okhttp3:okhttp:3.11.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

benweese added enhancement New feature or request CI Issues and removed enhancement New feature or request CI Issues labels Jun 6, 2019

benweese added bug Something isn't working dependencies Pull requests that update a dependency file labels Jun 12, 2019

benweese self-assigned this Jun 12, 2019

benweese added the wontfix This will not be worked on label Jun 12, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[DepShield] (CVSS 5.9) Vulnerability due to usage of com.squareup.okhttp3:okhttp:3.11.0 #5

[DepShield] (CVSS 5.9) Vulnerability due to usage of com.squareup.okhttp3:okhttp:3.11.0 #5

sonatype-depshield bot commented Jun 6, 2019

[DepShield] (CVSS 5.9) Vulnerability due to usage of com.squareup.okhttp3:okhttp:3.11.0 #5

[DepShield] (CVSS 5.9) Vulnerability due to usage of com.squareup.okhttp3:okhttp:3.11.0 #5

Comments

sonatype-depshield bot commented Jun 6, 2019