Security vulnerabilities in Guava

finos / messageml-utils

MessageML is a markup language used by the Symphony Agent API for representing messages, including formatting (bold, italic, numbered and unnumbered lists etc.) and entity data representing structured objects.

https://docs.developers.symphony.com

Apache License 2.0

12 stars 28 forks source link

Security vulnerabilities in Guava #104

Closed ldrozdz closed 5 years ago

ldrozdz commented 5 years ago

Security vulnerabilities have been found in com.atlassian.commonmark:commonmark (CVE-2019-10010) and com.google.guava:guava (CVE-2018-10237).

Guava is a transitive dependency brought in by com.github.java-json-tools:json-schema-validator.

cristiadu commented 5 years ago

CommonMark was incorrectly marked as vulnerable as only the PHP version of it is mentioned on the vulnerability ticket. We don't use that library.

ldrozdz commented 5 years ago

Fixed in https://github.com/symphonyoss/messageml-utils/pull/120