socket.io-client-java icon indicating copy to clipboard operation
socket.io-client-java copied to clipboard
verified publisher icon socketio

OkHttp vulnerability issues in Socket.io client dependency

Open shivamsharma2710 opened this issue 3 years ago • 3 comments

Socket.IO Library has two vulnerabilities which are coming out from the internal OkHttp dependency. I've used the latest socket.io v2.1.0 which is using very old version 3.12.12 of OkHttp.

Following are the vulnerabilities:

  1. Improper Certificate Validation

  2. Information Exposure

Please give an estimate on when you're planning to fix these vulnerabilities?

PFA the complete vulnerability report,

Screenshot 2022-10-12 at 4 21 38 AM

shivamsharma2710 avatar Oct 11 '22 23:10 shivamsharma2710

@darrachequesne Please give an ETA when will be new release coming out with this fix?

shivamsharma2710 avatar Mar 13 '23 07:03 shivamsharma2710