BTW, we are using 32.0.1-jre, you mentioned is maven:com.google.guava:guava:31.1-android Are they different? Could you recheck your CVE scanner?
Sheng Wu 吴晟 Twitter, wusheng1108 Sheng Wu <[email protected]> 于2024年4月22日周一 11:03写道: > > Warning level depends on your cve policy. Basically, SkyWalking only runs > groovy on trusted scripts(written by community and previewed). > But, still, it depends. > > Sheng Wu 吴晟 > > Apache SkyWalking > Twitter, wusheng1108 > > > Forrest Wang <[email protected]>于2024年4月22日 周一10:23写道: >> >> Hi Community: >> When I build Skywalking-java locally, Code Analysis of git show the >> following warning: >> Warning:(53, 9) Provides transitive vulnerable dependency >> maven:com.google.guava:guava:31.1-android CVE-2023-2976 7.1 Files or >> Directories Accessible to External Parties vulnerability with High severity >> found Results powered by Checkmarx(c) >> Can you help to check if this is really a problem or not? >> >> Picture: >> >> >> B.R.
