New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-42920 Critical org.apache.bcel propagated in 3.3.0 google/allocation-instrumenter #47
Comments
c3ivodujmovic
added a commit
to c3ivodujmovic/allocation-instrumenter
that referenced
this issue
Nov 21, 2022
@cgdecker any chance you can fix the current cve's? |
cpovirk
added a commit
to cpovirk/allocation-instrumenter
that referenced
this issue
Feb 23, 2023
Primarily, this means cl/511470745, but it probably includes bits from cl/511754220, cl/509629252, cl/509559717, cl/506904697, cl/482820733, and perhaps others. cl/511470745 said: Update dependency versions and add rules/scripts to allow releasing to Maven Central without building using Maven. Fixes google#47 Fixes google#43 Fixes google#39 PiperOrigin-RevId: 511754220
cpovirk
added a commit
that referenced
this issue
Mar 2, 2023
Primarily, this means cl/511470745, but it probably includes bits from cl/511754220, cl/509629252, cl/509559717, cl/506904697, cl/482820733, and perhaps others. cl/511470745 said: Update dependency versions and add rules/scripts to allow releasing to Maven Central without building using Maven. Fixes #47 Fixes #43 Fixes #39 (#49) PiperOrigin-RevId: 511754220
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
google/allocation-instrumenter contains
org.apache.bcel:bcel v6.0 which has CVE-2022-42920 | CRITICAL |
This is fixed in bcel 6.6.0
Apache Commons BCEL vulnerable to out-of-bounds write --> avd.aquasec.com/nvd/cve-2022-42920
The text was updated successfully, but these errors were encountered: