[
https://issues.apache.org/jira/browse/ARTEMIS-2359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Domenico Bruscino updated ARTEMIS-2359:
---------------------------------------
Description:
Google Guava versions 11.0 through 24.1 are vulnerable to unbounded memory
allocation in the AtomicDoubleArray class (when serialized with Java
serialization) and Compound Ordering class (when serialized with GWT
serialization). An attacker could exploit applications that use Guava and
deserialize untrusted data to cause a denial of service. Could you upgrade
guava to version 24.1
or above?
[https://github.com/google/guava/wiki/CVE-2018-10237]
was:
Google Guava versions 11.0 through 24.1 are vulnerable to unbounded memory
allocation in the AtomicDoubleArray class (when serialized with Java
serialization) and Compound Ordering class (when serialized with GWT
serialization). An attacker could exploit applications that use Guava and
deserialize untrusted data to cause a denial of service. Could you upgrade
guava to version 24.1.1 or above?
[https://github.com/google/guava/wiki/CVE-2018-10237]
> Upgrade to Guava 24.1
> ---------------------
>
> Key: ARTEMIS-2359
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2359
> Project: ActiveMQ Artemis
> Issue Type: Task
> Components: Broker
> Affects Versions: 2.8.1
> Reporter: Domenico Bruscino
> Priority: Major
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Google Guava versions 11.0 through 24.1 are vulnerable to unbounded memory
> allocation in the AtomicDoubleArray class (when serialized with Java
> serialization) and Compound Ordering class (when serialized with GWT
> serialization). An attacker could exploit applications that use Guava and
> deserialize untrusted data to cause a denial of service. Could you upgrade
> guava to version 24.1
> or above?
> [https://github.com/google/guava/wiki/CVE-2018-10237]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
