com.squareup.okhttp3:okhttp-brotli@4.6.0 vulnerabilities

latest version

4.12.0

first published

5 years ago

latest version published

1 years ago

licenses detected

Apache-2.0
[4.1.0,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.squareup.okhttp3:okhttp-brotli package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) when using a `BrotliInterceptor` and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response. The code does not guard against decompression bombs, which can crash the process due to memory exhaustion. With Brotli, a file of several KBs can be decompressed into 10GB. How to fix Denial of Service (DoS)? There is no fixed version for `com.squareup.okhttp3:okhttp-brotli`.	[0,)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response. The code does not guard against decompression bombs, which can crash the process due to memory exhaustion. With Brotli, a file of several KBs can be decompressed into 10GB.

How to fix Denial of Service (DoS)?

There is no fixed version for com.squareup.okhttp3:okhttp-brotli.

[0,)

Go back to all versions of this package