Merge pull request #6411 from github/jmini-GHSA-3cqm-mf7h-prrj

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-3cqm-mf7h-prrj/GHSA-3cqm-mf7h-prrj.json

@@ -1,19 +1,44 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3cqm-mf7h-prrj",
-  "modified": "2022-05-24T17:41:45Z",
+  "modified": "2023-01-29T05:05:19Z",
   "published": "2022-05-24T17:41:45Z",
   "aliases": [
     "CVE-2021-0341"
   ],
+  "summary": "verifyHostName of OkHostnameVerifier.java accept wrong certificate",
   "details": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069",
   "severity": [],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "com.squareup.okhttp3:okhttp"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "4.9.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/square/okhttp/issues/6724"
+    },
     {
       "type": "WEB",
       "url": "https://source.android.com/security/bulletin/2021-02-01"