[AMQ-7208] Security Issue related to Guava 18.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.15.9
Fix Version/s: 5.15.10, 5.16.0
Component/s: None
Labels:
- secutiry

Description

Based on our project security scans we have found the following:

[INFO] --- ossindex-maven-plugin:3.0.4:audit (default-cli) @ leidas-adapter ---
[INFO] Checking for vulnerabilities; 57 artifacts
[INFO] Exclude coordinates: []
[INFO] Exclude vulnerability identifiers: []
[INFO] CVSS-score threshold: 0.0
[WARNING] Detected 1 vulnerable components:
  com.google.guava:guava:jar:18.0:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@18.0
    * [CVE-2018-10237]  Deserialization of Untrusted Data (5.9); https://ossindex.sonatype.org/vuln/24585a7f-eb6b-4d8d-a2a9-a6f16cc7c1d0

This is currently based on the dependency of activemq-broker to Guava version 18.

Attachments

Activity

People

Assignee:: Christopher L. Shannon

Reporter:: Karl Heinz Marbaise

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 16/May/19 06:56

Updated:: 18/Jul/19 12:52

Resolved:: 18/Jul/19 12:52