CVE-2013-7201
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
Date published : 2018-04-27
https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/