Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.23.0
Affects Version/s: 3.18.1
Component/s: Dependency
Labels:

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
UIS:
6

Issue Summary

Portfolio uses Okhttp 2.2.0 which has an identified vulnerability:

https://nvd.nist.gov/vuln/detail/CVE-2016-2402
https://www.securityfocus.com/bid/83296/info
https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/

Steps to Reproduce

https://koz.io/pinning-cve-2016-2402/

Expected Results

-

Actual Results

-

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

relates to: JPOS-4945 Loading...

Assignee:: Chris Francuz
Reporter:: Rene C. [Atlassian Support] (Inactive)

Created:: 27/Feb/2020 9:43 AM
Updated:: 26/Mar/2020 5:30 AM
Resolved:: 26/Mar/2020 5:30 AM
Archived:: 12/Oct/2023 2:33 AM