Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response
Vulnerability Description
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Square OkHttp 安全漏洞
Vulnerability Description
Square OkHttp是美国Square公司的一套用于Android系统和Java应用程序的HTTP和HTTP /2客户端软件。该软件支持同步阻塞调用和回调的异步调用、响应缓存避免网络重复请求等。 OkHttp 存在安全漏洞,该漏洞源于当使用 BrotliInterceptor 并浏览恶意 Web 服务器时,或者执行 MitM 将 Brotli zip-bomb 注入 HTTP 响应时,导致OkHttp 客户端 DoS。
CVSS Information
N/A
Vulnerability Type
N/A