Description
Based on our project security scans we have found the following:
[INFO] --- ossindex-maven-plugin:3.0.4:audit (default-cli) @ leidas-adapter --- [INFO] Checking for vulnerabilities; 57 artifacts [INFO] Exclude coordinates: [] [INFO] Exclude vulnerability identifiers: [] [INFO] CVSS-score threshold: 0.0 [WARNING] Detected 1 vulnerable components: com.google.guava:guava:jar:18.0:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@18.0 * [CVE-2018-10237] Deserialization of Untrusted Data (5.9); https://ossindex.sonatype.org/vuln/24585a7f-eb6b-4d8d-a2a9-a6f16cc7c1d0
This is currently based on the dependency of activemq-broker to Guava version 18.