Dependency maven:com.squareup.okio:okio-jvm:3.0.0 is vulnerable

[michl-b]

Dependency maven:com.squareup.okio:okio-jvm:3.0.0 is vulnerable

Upgrade to 3.4.0

GHSA-w33c-445m-f8w7, Score: 5.9

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

Read More: https://osv.dev/vulnerability/GHSA-w33c-445m-f8w7

Results powered by Checkmarx ©

[michl-b]

Updating the dependency com.squareup.okhttp3:okhttp:4.10.0 to com.squareup.okhttp3:okhttp:4.12.0 should solve this.