Rohit Kumar created HADOOP-18837: ------------------------------------ Summary: Upgrade Okio to 3.4.0 due to CVE-2023-3635 Key: HADOOP-18837 URL: https://issues.apache.org/jira/browse/HADOOP-18837 Project: Hadoop Common Issue Type: Task Reporter: Rohit Kumar
Upgrade Okio to 3.4.0 due to CVE-2023-3635 GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class. CVSSv3 Score:- 7.5(High) [https://nvd.nist.gov/vuln/detail/CVE-2023-3635] -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org