You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 1, 2022. It is now read-only.
This library as specified here: gradle/any/dependencies.gradle:libraries["guava"] = "com.google.guava:guava:19.0" is subject to the known vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237. "Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks"
I have no idea if your project uses this library in a way that makes it susceptible to this known vulnerability, but it would be good to upgrade your project to use the latest version of this library to ensure you are not.
You might also want to start using some known vulnerable library tools like OWASP Dependency Check or https://ossindex.net/ (both are free) to help you identify/avoid issues like this in the future.
The text was updated successfully, but these errors were encountered:
I've updated our dependency for guava, and will be making a PR soon (running our full test suite). We use OWASP and run it nightly on our jenkins server, but for some reason guava was not being reported. Thanks again for the report!
This library as specified here: gradle/any/dependencies.gradle:libraries["guava"] = "com.google.guava:guava:19.0" is subject to the known vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237. "Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks"
I have no idea if your project uses this library in a way that makes it susceptible to this known vulnerability, but it would be good to upgrade your project to use the latest version of this library to ensure you are not.
You might also want to start using some known vulnerable library tools like OWASP Dependency Check or https://ossindex.net/ (both are free) to help you identify/avoid issues like this in the future.
The text was updated successfully, but these errors were encountered: