Fixing CVE-2018-10237
com.microsoft.azure.eventgrid.v2020_04_01_preview
which has a 'guava' vulnerability.
Fix: Resolve vulnerabilities in This PR addresses vulnerabilities identified in the deprecated library. Below is the list of vulnerabilities that have been resolved:
Resolved Vulnerabilities:
-
com.google.guava:guava
-
Vulnerability: CVE-2018-10237
- Severity: Medium
-
Issue: Unbounded memory allocation in
AtomicDoubleArray
andCompoundOrdering
classes, which could allow remote attackers to exploit memory issues. -
Resolution: Upgraded from
21.0
to24.1.1-android
.
-
Vulnerability: CVE-2023-2976
- Severity: Medium
- Issue: Insecure temporary directory creation, leading to potential directory hijacking.
-
Resolution: Upgraded from
21.0
to32.0.0-android
.
-
Vulnerability: CVE-2020-8908
- Severity: Low
- Issue: Local information disclosure due to temporary directory creation with unsafe permissions.
- Resolution: Addressed in the updated version.
-
By upgrading to a secure version of guava
, this PR enhances the security of the application and mitigates the risks associated with these vulnerabilities. Please review and approve.