[jira] [Created] (HADOOP-18837) Upgrade Okio to 3.4.0 due to CVE-2023-3635

Rohit Kumar (Jira) Wed, 02 Aug 2023 04:58:28 -0700

Rohit Kumar created HADOOP-18837:
------------------------------------

             Summary: Upgrade Okio to 3.4.0 due to CVE-2023-3635
                 Key: HADOOP-18837
                 URL: https://issues.apache.org/jira/browse/HADOOP-18837
             Project: Hadoop Common
          Issue Type: Task
            Reporter: Rohit Kumar



Upgrade Okio to 3.4.0 due to CVE-2023-3635

GzipSource does not handle an exception that might be raised when parsing a 
malformed gzip buffer. This may lead to denial of service of the Okio client 
when handling a crafted GZIP archive, by using the GzipSource class.

CVSSv3 Score:- 7.5(High)

[https://nvd.nist.gov/vuln/detail/CVE-2023-3635] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

[jira] [Created] (HADOOP-18837) Upgrade Okio to 3.4.0 due to CVE-2023-3635

Reply via email to