[jira] [Created] (TIKA-2801) Tika includes 2 vulnerable components

Maxim Solodovnik (JIRA) Tue, 25 Dec 2018 20:34:33 -0800

Maxim Solodovnik created TIKA-2801:
--------------------------------------

             Summary: Tika includes 2 vulnerable components
                 Key: TIKA-2801
                 URL: https://issues.apache.org/jira/browse/TIKA-2801
             Project: Tika
          Issue Type: Task
          Components: parser
    Affects Versions: 1.20
            Reporter: Maxim Solodovnik



Maven audit plugin reports 2 vulnerable components:

com.google.guava:guava:jar:17.0:compile
 * [CVE-2018-10237] Deserialization of Untrusted Data (5.9); 
https://ossindex.sonatype.org/vuln/24585a7f-eb6b-4d8d-a2a9-a6f16cc7c1d0

com.google.protobuf:protobuf-java:jar:2.5.0:compile
 * [CVE-2015-5237] Improper Restriction of Operations within the Bounds of a 
Memory Buffer (8.8); 
https://ossindex.sonatype.org/vuln/d47d20ab-eb2a-4cfd-8064-bbf6283649cb

Maybe it worth to add {{audit}} plugin to the build/release?

{{mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (TIKA-2801) Tika includes 2 vulnerable components

Reply via email to