Known Vulnerabilities for products from Squareup
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Squareup".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-3782 json | DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perfor... | 5.9 - MEDIUM | 2023-07-19 | 2023-08-02 |
| CVE-2023-3635 json | GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of... | 7.5 - HIGH | 2023-07-12 | 2023-10-25 |
| CVE-2023-0833 json | A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw ... | 5.5 - MEDIUM | 2023-09-27 | 2023-11-07 |
| CVE-2021-23331 json | This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file wit... | 3.3 - LOW | 2021-02-03 | 2022-04-08 |
| CVE-2018-1000850 json | Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in R... | 7.5 - HIGH | 2018-12-20 | 2023-11-07 |
| CVE-2018-1000844 json | Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (... | 9.1 - CRITICAL | 2018-12-20 | 2019-07-01 |
| CVE-2018-20200 json | ** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate p... | 5.9 - MEDIUM | 2019-04-18 | 2023-11-07 |
| CVE-2016-2402 json | OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certif... | Not Provided | 2017-01-30 | 2025-04-20 |
| CVE-2015-8969 json | git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious comm... | Not Provided | 2016-11-03 | 2026-05-06 |
| CVE-2015-8968 json | git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to ... | Not Provided | 2016-11-03 | 2026-05-06 |
Known software with vulnerabilities from Squareup
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Squareup | Git-fastclone | - |
| Application | Squareup | Okhttp | 1.0.0 |
| Application | Squareup | Okhttp3 | 3.0.0 |
| Application | Squareup | Retrofit | 0.1 |