You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2019/06/17 12:41:00 UTC

[jira] [Assigned] (AMQ-7208) Security Issue related to Guava 18.0

     [ https://issues.apache.org/jira/browse/AMQ-7208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Baptiste Onofré reassigned AMQ-7208:
-----------------------------------------

    Assignee: Jean-Baptiste Onofré

> Security Issue related to Guava 18.0
> ------------------------------------
>
>                 Key: AMQ-7208
>                 URL: https://issues.apache.org/jira/browse/AMQ-7208
>             Project: ActiveMQ
>          Issue Type: Improvement
>    Affects Versions: 5.15.9
>            Reporter: Karl Heinz Marbaise
>            Assignee: Jean-Baptiste Onofré
>            Priority: Minor
>              Labels: secutiry
>             Fix For: 5.15.10
>
>
> Based on our project security scans we have found the following:
> {code}
> [INFO] --- ossindex-maven-plugin:3.0.4:audit (default-cli) @ leidas-adapter ---
> [INFO] Checking for vulnerabilities; 57 artifacts
> [INFO] Exclude coordinates: []
> [INFO] Exclude vulnerability identifiers: []
> [INFO] CVSS-score threshold: 0.0
> [WARNING] Detected 1 vulnerable components:
>   com.google.guava:guava:jar:18.0:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@18.0
>     * [CVE-2018-10237]  Deserialization of Untrusted Data (5.9); https://ossindex.sonatype.org/vuln/24585a7f-eb6b-4d8d-a2a9-a6f16cc7c1d0
> {code}
> This is currently based on the dependency of activemq-broker to Guava version 18.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)