[java] Add CVE-2018-18240

[msrb]

No description provided.

[msrb]

@sivaavkd This one should be super-easy :)

[msrb]

@sivaavkd the package name is wrong here :)

There is a link to GitHub issue which discusses this vulnerability. We can find a link to PR which addresses the vulnerability.

In the PR, you can see a list of files which needed to be touched to mitigate this vulnerability:

CHANGELOG.md
pippo-core/src/main/java/ro/pippo/core/util/WhitelistObjectInputStream.java
pippo/pippo-session-parent/pippo-session/src/main/java/ro/pippo/session/SerializationSessionDataTranscoder.java

We can ignore CHANGELOG.md. So there are two Maven artifacts/packages which were modified by the PR. One residing in pippo-core/ and the second in pippo/pippo-session-parent/pippo-session/ (path leading to src/ directory which then contains actual source code).

We can find pom.xml files in both subdirectories. And from there we can read the package names:

ro.pippo:pippo-core
ro.pippo:pippo-session

[msrb]

@sivaavkd I've updated the YAML, please check 😉