You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2019/06/17 12:41:00 UTC
[jira] [Assigned] (AMQ-7208) Security Issue related to Guava 18.0
[ https://issues.apache.org/jira/browse/AMQ-7208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré reassigned AMQ-7208:
-----------------------------------------
Assignee: Jean-Baptiste Onofré
> Security Issue related to Guava 18.0
> ------------------------------------
>
> Key: AMQ-7208
> URL: https://issues.apache.org/jira/browse/AMQ-7208
> Project: ActiveMQ
> Issue Type: Improvement
> Affects Versions: 5.15.9
> Reporter: Karl Heinz Marbaise
> Assignee: Jean-Baptiste Onofré
> Priority: Minor
> Labels: secutiry
> Fix For: 5.15.10
>
>
> Based on our project security scans we have found the following:
> {code}
> [INFO] --- ossindex-maven-plugin:3.0.4:audit (default-cli) @ leidas-adapter ---
> [INFO] Checking for vulnerabilities; 57 artifacts
> [INFO] Exclude coordinates: []
> [INFO] Exclude vulnerability identifiers: []
> [INFO] CVSS-score threshold: 0.0
> [WARNING] Detected 1 vulnerable components:
> com.google.guava:guava:jar:18.0:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@18.0
> * [CVE-2018-10237] Deserialization of Untrusted Data (5.9); https://ossindex.sonatype.org/vuln/24585a7f-eb6b-4d8d-a2a9-a6f16cc7c1d0
> {code}
> This is currently based on the dependency of activemq-broker to Guava version 18.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)