Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AntiVir alert EXP/CVE-2012-0507 #21

Closed
nzie opened this issue Mar 2, 2015 · 1 comment
Closed

AntiVir alert EXP/CVE-2012-0507 #21

nzie opened this issue Mar 2, 2015 · 1 comment

Comments

@nzie
Copy link

nzie commented Mar 2, 2015

Hi,
my Anti-Virus AVIRA alerted me with an exploitEXP/CVE-2012-0507 while i was downloading your newest 6.0 gs-collections version from maven. I downgraded to 5.1 where this message doesn't appear. Could you please check the file, that is provided on mvn repo?

Best regards
@goldmansachs
Copy link
Collaborator

Thank you for bringing this to our attention.

CVE-2012-0507 is an issue in old versions of the JRE, not in any Java library. The best place for a fix would be in Avira. It should look for old versions of Java (1.5.0_33, 1.6.0_33, 1.7.0_02, or older) and warn about the vulnerability if they are found. It should not scan for usages of AtomicReferenceArray in libraries.

We'll report the false positive to Avira.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nzie