Andrei Tuicu created SLING-11124:
------------------------------------
Summary: Update Guava Dependency for CVE CVE-2018-10237 and
CVE-2020-8908
Key: SLING-11124
URL: https://issues.apache.org/jira/browse/SLING-11124
Project: Sling
Issue Type: Task
Components: Apache Sling Testing Clients
Affects Versions: Apache Sling Testing Clients 3.0.6
Reporter: Andrei Tuicu
Sling testing clients are using com.google.guava guava 14.0.1 which is
vulnerable to CVE-2018-10237(MEDIUM) [1] and CVE-2020-8908(LOW) [2].
Mitigation: update to latest guava 31.0.1-android
[1] https://www.cvedetails.com/cve/CVE-2018-10237/
[2] https://www.cvedetails.com/cve/CVE-2020-8908/
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
