Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.4.0
-
Reviewed
Description
Upgrade Okio to 3.4.0 due to CVE-2023-3635
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CVSSv3 Score:- 7.5(High)
Attachments
Issue Links
- depends upon
-
HADOOP-18496 upgrade kotlin-stdlib due to CVEs
- Open
- links to