Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(okhttp-dependency): address cve-2023-3635 in okhttp library #59

Merged
merged 2 commits into from
Jun 14, 2024
Merged

build(okhttp-dependency): address cve-2023-3635 in okhttp library #59

merged 2 commits into from
Jun 14, 2024

Conversation

sufyankhanrao
Copy link
Collaborator

@sufyankhanrao sufyankhanrao commented Jun 14, 2024
edited
Loading

What

This PR fixes a vulnerability (CVE-2023-3635) in Okio that could lead to data loss during type conversion. The issue arises when converting from a long to an integer, where data might be truncated or translated incorrectly.

Why

Closes #58

Type of change

Select multiple if applicable.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause a breaking change)
  • Tests (adds or updates tests)
  • Documentation (adds or updates documentation)
  • Refactor (style improvements, performance improvements, code refactoring)
  • Revert (reverts a commit)
  • CI/Build (adds or updates a script, change in external dependencies)

Dependency Change

If a new dependency is being added, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Policy-of-adding-new-dependencies-in-the-core-libraries

Breaking change

If the PR is introducing a breaking change, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Guidelines-for-maintaining-core-libraries

Testing

List the steps that were taken to test the changes

Checklist

  • My code follows the coding conventions
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added new unit tests

@sufyankhanrao
build(okhttp-dependency): address cve-2023-3635 in okhttp library
3d45b2e 
This commit fixes a vulnerability (CVE-2023-3635) in Okio that could lead to data loss during type conversion. The issue arises when converting from a long to an integer, where data might be truncated or translated incorrectly.

Closes #57
@sufyankhanrao sufyankhanrao added the vulnerability fix This is used whenever any vulnerability is addressed in the library. label Jun 14, 2024
@sufyankhanrao sufyankhanrao self-assigned this Jun 14, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jun 14, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@sufyankhanrao sufyankhanrao merged commit e132a9f into main Jun 14, 2024
8 checks passed
@sufyankhanrao sufyankhanrao deleted the 58-address-cve-2023-3635 branch June 14, 2024 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@usamabintariq usamabintariq usamabintariq approved these changes

Assignees

@sufyankhanrao sufyankhanrao

Labels
vulnerability fix This is used whenever any vulnerability is addressed in the library.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Address the vulnerability found in okhttp library
2 participants
@sufyankhanrao @usamabintariq