Vulnerabilities > CVE-2023-3782 - Unspecified vulnerability in Squareup Okhttp-Brotli

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

squareup

NVD

Published: 2023-07-19

Updated: 2023-08-02

Summary

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

Vulnerable Configurations

Part	Description	Count
Application	Squareup Squareup Okhttp Brotli *	1

References

https://research.jfrog.com/vulnerabilities/okhttp-client-brotli-dos/
https://github.com/square/okhttp/issues/7738