[
https://issues.apache.org/jira/browse/ATLAS-4801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17782273#comment-17782273
]
ASF subversion and git services commented on ATLAS-4801:
--------------------------------------------------------
Commit 830521b846619217bdad563f8b69ba5dd58a35d1 in atlas's branch
refs/heads/master from Disha Talreja
[ https://gitbox.apache.org/repos/asf?p=atlas.git;h=830521b84 ]
ATLAS-4801: Atlas - Upgrade Okio to 3.4.0 due to CVE-2023-3635
Signed-off-by: radhikakundam <[email protected]>
> Atlas - Upgrade Okio to 3.4.0 due to CVE-2023-3635
> --------------------------------------------------
>
> Key: ATLAS-4801
> URL: https://issues.apache.org/jira/browse/ATLAS-4801
> Project: Atlas
> Issue Type: Task
> Components: atlas-core
> Reporter: Disha Talreja
> Assignee: Disha Talreja
> Priority: Major
> Attachments: ATLAS-4801.patch
>
>
> GzipSource does not handle an exception that might be raised when parsing a
> malformed gzip buffer. This may lead to denial of service of the Okio client
> when handling a crafted GZIP archive, by using the GzipSource class.
> CVSSv3 Score:- 7.5(High)
> [https://nvd.nist.gov/vuln/detail/CVE-2023-3635]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
