Path to dependency file: /Screen-Sharing-Kotlin/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom
Path to dependency file: /Screen-Sharing-Kotlin/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
Square’s meticulous HTTP client for Java and Kotlin.
Library home page: https://square.github.io/okhttp/
Path to dependency file: /Screen-Sharing-Kotlin/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom
Found in HEAD commit: 635471db6a1a8ba1142ad56d96a9a26f4ce94af5
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-0833
### Vulnerable Library - okhttp-4.9.0.jarSquare’s meticulous HTTP client for Java and Kotlin.
Library home page: https://square.github.io/okhttp/
Path to dependency file: /Screen-Sharing-Kotlin/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.9.0/8806abdf57ce7ec2d72b5a89eb79ec8907af7eb0/okhttp-4.9.0.pom
Dependency Hierarchy: - :x: **okhttp-4.9.0.jar** (Vulnerable Library)
Found in HEAD commit: 635471db6a1a8ba1142ad56d96a9a26f4ce94af5
Found in base branch: main
### Vulnerability DetailsA flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
Publish Date: 2023-09-27
URL: CVE-2023-0833
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.0%
### CVSS 3 Score Details (4.7)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2023-09-27
Fix Resolution: 4.9.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.