Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump guava version to 30.0+ to fix CVE-2020-8908 #45

Open
parislarkins opened this issue Nov 25, 2021 · 0 comments
Open

Bump guava version to 30.0+ to fix CVE-2020-8908 #45

parislarkins opened this issue Nov 25, 2021 · 0 comments

Comments

@parislarkins
Copy link

parislarkins commented Nov 25, 2021

Hi there,

Our project is using jmxutils and our dependency vulnerability scanning is reporting a Guava vulnerability CVE-2020-8908 that's being brought in by jmxutils. I'm not sure if the project is still active, but is there any possibility the version of Guava could be bumped to resolve this? Because Guava is shaded we can't upgrade the version on our end.

Thanks!

@parislarkins parislarkins changed the title Bump guava version to 30.0+ to fix https://nvd.nist.gov/vuln/detail/CVE-2020-8908 Bump guava version to 30.0+ to fix CVE-2020-8908 Nov 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant