Skip to content

Fixing CVE-2018-10237

Daniel Scholl (MS] requested to merge vulnerabilities into master

Fix: Resolve vulnerabilities in com.microsoft.azure.eventgrid.v2020_04_01_preview which has a 'guava' vulnerability.

This PR addresses vulnerabilities identified in the deprecated library. Below is the list of vulnerabilities that have been resolved:

Resolved Vulnerabilities:

  1. com.google.guava:guava
    • Vulnerability: CVE-2018-10237

      • Severity: Medium
      • Issue: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes, which could allow remote attackers to exploit memory issues.
      • Resolution: Upgraded from 21.0 to 24.1.1-android.
    • Vulnerability: CVE-2023-2976

      • Severity: Medium
      • Issue: Insecure temporary directory creation, leading to potential directory hijacking.
      • Resolution: Upgraded from 21.0 to 32.0.0-android.
    • Vulnerability: CVE-2020-8908

      • Severity: Low
      • Issue: Local information disclosure due to temporary directory creation with unsafe permissions.
      • Resolution: Addressed in the updated version.

By upgrading to a secure version of guava, this PR enhances the security of the application and mitigates the risks associated with these vulnerabilities. Please review and approve.

Merge request reports

Loading