VDB
CVE-2018-1000850
CVE-2018-1000850
PUBLISHED
Reported by mitre · Published December 20, 2018
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| Maven | com.squareup.retrofit2:retrofit | 2.0.0, 2.0.0 |
| n/a | n/a | n/a, n/a |
Timeline
- Dec 20, 2018 CVE Published
- Oct 17, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_MISC
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities mailing-listx_refsource_MLIST
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities mailing-listx_refsource_MLIST
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities mailing-listx_refsource_MLIST
- RHSA-2019:3892 vendor-advisoryx_refsource_REDHAT
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000850 advisory