MEDIUM
Squareup
CVE published 2017-01-30
CVE-2016-2402
CVE-2016-2402 is a medium-severity certificate-pinning flaw in OkHttp. According to NVD and the supplied description, a man-in-the-middle attacker could bypass pinning by sending a certificate chain that included a certificate from a trusted CA that was not pinned, along with the pinned certificate. The affected ranges in the corpus include OkHttp before 2.7.4 and OkHttp 3.x before 3.1.2, with NVD listing [truncated]