Review Request 74676: ATLAS-4801: Atlas - Upgrade Okio to 3.4.0 due to CVE-2023-3635

Disha Talreja via Review Board Mon, 16 Oct 2023 19:49:57 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74676/
-----------------------------------------------------------


Review request for atlas, Jayendra Parab, Radhika Kundam, and Sidharth Mishra.


Bugs: ATLAS-4801
    https://issues.apache.org/jira/browse/ATLAS-4801


Repository: atlas


Description
-------

GzipSource does not handle an exception that might be raised when parsing a 
malformed gzip buffer. This may lead to denial of service of the Okio client 
when handling a crafted GZIP archive, by using the GzipSource class.

CVSSv3 Score:- 7.5(High)

https://nvd.nist.gov/vuln/detail/CVE-2023-3635


Diffs
-----

  pom.xml f76d0ea04 


Diff: https://reviews.apache.org/r/74676/diff/1/


Testing
-------

Verified Manually


Thanks,

Disha Talreja

Review Request 74676: ATLAS-4801: Atlas - Upgrade Okio to 3.4.0 due to CVE-2023-3635

Reply via email to