[GMU-41] json-path 2.9.0, guava 33.0.0-jre fixing vulns Created: 22/Jan/24  Updated: 07/Feb/24

Status: In Code Review
Project: generate-marc-utils
Components: None
Affects versions: 1.7.0
Fix versions: 1.7.1

Type: Bug Priority: TBD
Reporter: Julian Ladisch Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: firebird-refinement, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Story Points: 1
Development Team: Firebird
RCA Group: Related dependency upgrade

 Description   

Upgrade json-path from 2.8.0 to 2.9.0 fixing Buffer Overflow: https://nvd.nist.gov/vuln/detail/CVE-2023-51074
generate-marc-utils' code doesn't use the affected method.

Upgrade guava from 30.1-jre to 33.0.0-jre fixing Information Disclosure: https://nvd.nist.gov/vuln/detail/CVE-2020-8908 , https://nvd.nist.gov/vuln/detail/CVE-2023-2976
generate-marc-utils' code doesn't use the affected method.


Generated at Thu Feb 08 22:16:29 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.