[Bug report] Guava 31.1-jre has two security issues, one is high #1755
Comments
jerryshao
pushed a commit
that referenced
this issue
Jan 31, 2024
### What changes were proposed in this pull request? update guava from 31.1-jre to 32.1.3-jre ### Why are the changes needed? Fix: #1755 ### Does this PR introduce _any_ user-facing change? no ### How was this patch tested? existing tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version
main branch
Describe what's wrong
CVE-2023-2976 (NVD) is high severity and is fixed in 32.0.1. See https://nvd.nist.gov/vuln/detail/CVE-2023-2976 for more info. CVE-2020-8908 is of low severity. A sreach of our code shows we are unlikely to be impaced by this.
Error message and/or stacktrace
N/A
How to reproduce
See CVE details and
libs.version.tomlwhereguava = "31.1-jre"is used.Additional context
No response
The text was updated successfully, but these errors were encountered: