Incorrect vulnerability details: CVE-2021-0341 - com.squareup.okhttp3:okhttp

[bykes]

Vulnerability URL Provide the URL to the vulnerability. For example:

https://ossindex.sonatype.org/vulnerability/CVE-2021-0341

Component URL Provide the URL to the component. For example:

https://ossindex.sonatype.org/component/pkg:maven/com.squareup.okhttp3/okhttp

Description CVE-2021-0341 is reported as vulnerability in version 4.10.0 This was already fixed in that version - https://github.com/square/okhttp/issues/6724 See https://github.com/square/okhttp/blob/parent-4.10.0/okhttp/src/main/kotlin/okhttp3/internal/tls/OkHostnameVerifier.kt The history contain Cherry pick fix for CVE-2021-0341 onto 4.9.x #6741 See https://github.com/square/okhttp/pull/6741/files for detail fix.

[bykes]

when we can expect a fix for this?

[ken-duck]

Sorry for the delay. We have been working on getting appropriate internal processes defined for dealing with data issues in the new data set. We are now working on catching up on the backlog.

This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.

[ken-duck]

Fixed: https://ossindex.sonatype.org/component/pkg:maven/com.squareup.okhttp3/okhttp@4.10.0