[GMU-41] json-path 2.9.0, guava 33.0.0-jre fixing vulns Created: 22/Jan/24 Updated: 07/Feb/24 |
|
| Status: | In Code Review |
| Project: | generate-marc-utils |
| Components: | None |
| Affects versions: | 1.7.0 |
| Fix versions: | 1.7.1 |
| Type: | Bug | Priority: | TBD |
| Reporter: | Julian Ladisch | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | firebird-refinement, security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | |
| Story Points: | 1 |
| Development Team: | Firebird |
| RCA Group: | Related dependency upgrade |
| Description |
|
Upgrade json-path from 2.8.0 to 2.9.0 fixing Buffer Overflow: https://nvd.nist.gov/vuln/detail/CVE-2023-51074 Upgrade guava from 30.1-jre to 33.0.0-jre fixing Information Disclosure: https://nvd.nist.gov/vuln/detail/CVE-2020-8908 , https://nvd.nist.gov/vuln/detail/CVE-2023-2976 |