Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-11124

Remove Guava Dependency for CVE CVE-2018-10237 and CVE-2020-8908

    XMLWordPrintableJSON

Details

    Description

      Sling testing clients are using com.google.guava guava 14.0.1 which is vulnerable to CVE-2018-10237(MEDIUM) [1] and CVE-2020-8908(LOW) [2].

      Mitigation: remove the guava dependency.

      [1] https://www.cvedetails.com/cve/CVE-2018-10237/
      [2] https://www.cvedetails.com/cve/CVE-2020-8908/

      Attachments

        Activity

          People

            andrei.dulvac Andrei Dulvac
            andrei.tuicu Andrei Tuicu
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1.5h
                1.5h