[jira] [Commented] (CURATOR-502) Update dependency com.google.guava:guava of org.apache.curator:curator-client

DW (JIRA) Mon, 28 Jan 2019 09:38:40 -0800


    [ 
https://issues.apache.org/jira/browse/CURATOR-502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16754173#comment-16754173
 ]


DW commented on CURATOR-502:
----------------------------

It is the following CVE:
https://nvd.nist.gov/vuln/detail/CVE-2018-10237
Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

> Update dependency com.google.guava:guava of org.apache.curator:curator-client
> -----------------------------------------------------------------------------
>
>                 Key: CURATOR-502
>                 URL: https://issues.apache.org/jira/browse/CURATOR-502
>             Project: Apache Curator
>          Issue Type: Bug
>          Components: Client
>    Affects Versions: 4.1.0
>            Reporter: DW
>            Priority: Major
>
> Please update the dependency com.google.guava:guava of 
> org.apache.curator:curator-client due to open security vulnerability of the 
> used com.google.guava:guava 20.0 [(including) 11.0 up to (excluding) 24.1.1]. 
> Please upgrade to 24.1.1+. If you need the CVE number, let me know.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CURATOR-502) Update dependency com.google.guava:guava of org.apache.curator:curator-client

Reply via email to