Change package of CVE-2023-3782 from okhttp to okhttp-brotli (!25052) · Merge requests · GitLab.org / security-products / advisory-database

Paweł Barbarski requested to merge PawelBarbarski/gemnasium-db:2023-3782-package-fix into master Aug 03, 2023

On 2023-08-02 CVE-2023-3782 details were updated in NVD, package was changed from okhttp to okhttp-brotli. okhttp package is not affected by this vulnerability. See: https://nvd.nist.gov/vuln/detail/CVE-2023-3782

Also https://research.jfrog.com/vulnerabilities/okhttp-client-brotli-dos/ recognize only okhttp-brotli as affected.

For further discussion see: https://github.com/square/okhttp/issues/7738

Change package of CVE-2023-3782 from okhttp to okhttp-brotli

Merge request reports