CVE-2023-3782

Опубликовано: 19 июл. 2023

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

Ссылки

https://github.com/square/okhttp/issues/7738
Issue Tracking
Vendor Advisory
https://research.jfrog.com/vulnerabilities/okhttp-client-brotli-dos/
Exploit
Third Party Advisory
https://github.com/square/okhttp/issues/7738
Issue Tracking
Vendor Advisory
https://research.jfrog.com/vulnerabilities/okhttp-client-brotli-dos/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:squareup:okhttp-brotli:*:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00203

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-400

NVD-CWE-noinfo

Связанные уязвимости

GHSA-w28c-cgxf-w8gv