Skip to content

build(okhttp-dependency): address cve-2023-3635 in okhttp library #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sufyankhanrao merged 1 commit into from
Jun 14, 2024
Merged

build(okhttp-dependency): address cve-2023-3635 in okhttp library #58

sufyankhanrao merged 1 commit into from
Jun 14, 2024

Conversation

@sufyankhanrao
Copy link
Collaborator

@sufyankhanrao sufyankhanrao commented Jun 14, 2024

What

This PR fixes a vulnerability (CVE-2023-3635) in Okio that could lead to data loss during type conversion. The issue arises when converting from a long to an integer, where data might be truncated or translated incorrectly.

Why

Closes #57

Type of change

Select multiple if applicable.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause a breaking change)
  • Tests (adds or updates tests)
  • Documentation (adds or updates documentation)
  • Refactor (style improvements, performance improvements, code refactoring)
  • Revert (reverts a commit)
  • CI/Build (adds or updates a script, change in external dependencies)

Dependency Change

If a new dependency is being added, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Policy-of-adding-new-dependencies-in-the-core-libraries

Breaking change

If the PR is introducing a breaking change, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Guidelines-for-maintaining-core-libraries

Testing

List the steps that were taken to test the changes

Checklist

  • My code follows the coding conventions
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added new unit tests

@sufyankhanrao
build(okhttp-dependency): address cve-2023-3635 in okhttp library
7d428a3 
This commit fixes a vulnerability (CVE-2023-3635) in Okio that could lead to data loss during type conversion. The issue arises when converting from a long to an integer, where data might be truncated or translated incorrectly.

Closes #57
@sufyankhanrao sufyankhanrao added the vulnerability This label is for those tickets that contains the vulnerability problems. label Jun 14, 2024
@sufyankhanrao sufyankhanrao self-assigned this Jun 14, 2024
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jun 14, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@sufyankhanrao sufyankhanrao merged commit 5f20439 into main Jun 14, 2024
@sufyankhanrao sufyankhanrao deleted the 57-address-cve-2023-3635 branch June 14, 2024 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@usamabintariq usamabintariq usamabintariq approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@sufyankhanrao sufyankhanrao

Labels

vulnerability This label is for those tickets that contains the vulnerability problems.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Address the vulnerability found in okhttp library

3 participants

@sufyankhanrao @usamabintariq