[
https://issues.apache.org/jira/browse/SLING-11124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrei Tuicu updated SLING-11124:
---------------------------------
Description:
Sling testing clients are using com.google.guava guava 14.0.1 which is
vulnerable to CVE-2018-10237(MEDIUM) [1] and CVE-2020-8908(LOW) [2].
Mitigation: remove the guava dependency.
[1] https://www.cvedetails.com/cve/CVE-2018-10237/
[2] https://www.cvedetails.com/cve/CVE-2020-8908/
was:
Sling testing clients are using com.google.guava guava 14.0.1 which is
vulnerable to CVE-2018-10237(MEDIUM) [1] and CVE-2020-8908(LOW) [2].
Mitigation: update to latest guava 31.0.1-android
[1] https://www.cvedetails.com/cve/CVE-2018-10237/
[2] https://www.cvedetails.com/cve/CVE-2020-8908/
> Remove Guava Dependency for CVE CVE-2018-10237 and CVE-2020-8908
> ----------------------------------------------------------------
>
> Key: SLING-11124
> URL: https://issues.apache.org/jira/browse/SLING-11124
> Project: Sling
> Issue Type: Task
> Components: Apache Sling Testing Clients
> Affects Versions: Apache Sling Testing Clients 3.0.10
> Reporter: Andrei Tuicu
> Assignee: Andrei Dulvac
> Priority: Major
> Fix For: Apache Sling Testing Clients 3.0.10
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Sling testing clients are using com.google.guava guava 14.0.1 which is
> vulnerable to CVE-2018-10237(MEDIUM) [1] and CVE-2020-8908(LOW) [2].
> Mitigation: remove the guava dependency.
> [1] https://www.cvedetails.com/cve/CVE-2018-10237/
> [2] https://www.cvedetails.com/cve/CVE-2020-8908/
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
