[ https://issues.apache.org/jira/browse/ATLAS-4801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17782279#comment-17782279 ]
ASF subversion and git services commented on ATLAS-4801: -------------------------------------------------------- Commit 60b861512b27126932ad4298d675d1006a290eee in atlas's branch refs/heads/branch-2.0 from Disha Talreja [ https://gitbox.apache.org/repos/asf?p=atlas.git;h=60b861512 ] ATLAS-4801: Atlas - Upgrade Okio to 3.4.0 due to CVE-2023-3635 Signed-off-by: radhikakundam <radhikakun...@apache.org> (cherry picked from commit 830521b846619217bdad563f8b69ba5dd58a35d1) > Atlas - Upgrade Okio to 3.4.0 due to CVE-2023-3635 > -------------------------------------------------- > > Key: ATLAS-4801 > URL: https://issues.apache.org/jira/browse/ATLAS-4801 > Project: Atlas > Issue Type: Task > Components: atlas-core > Reporter: Disha Talreja > Assignee: Disha Talreja > Priority: Major > Attachments: ATLAS-4801.patch > > > GzipSource does not handle an exception that might be raised when parsing a > malformed gzip buffer. This may lead to denial of service of the Okio client > when handling a crafted GZIP archive, by using the GzipSource class. > CVSSv3 Score:- 7.5(High) > [https://nvd.nist.gov/vuln/detail/CVE-2023-3635] -- This message was sent by Atlassian Jira (v8.20.10#820010)