On Wednesday, March 28, 2012 11:10:44 AM UTC-4, Geoffrey Wiseman wrote: > > This study by Aspect Security and Sonatype is making the rounds, and > implies that GWT is the most-downloaded component in Maven central with > security vulnerabilities: > > http://www.sonatype.com/Products/Sonatype-Insight/Why-Insight/Mitigate-Security-Risks/Security-Brief > > I've asked, but I'm curious which GWT vulnerabilities they might be > including here. >
The one that comes up the most in searches for me is this (relatively ancient) GWT 1.5/1.6-era RSS/XSS vulnerability: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4322 http://code.google.com/p/google-web-toolkit/issues/detail?id=3637 If they're using this one, I'm curious if their download stats only include affected versions. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/eHOwW9yCMOQJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
