Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NSquareup Retrofit
APPSquareup2.0.0 – 2.5.0 (bez)
Powiązane podatności
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML Ex...
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute...
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can inst...
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information d...
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an atta...