goldmansachs
commented
9 years ago Thank you for bringing this to our attention.
CVE-2012-0507 is an issue in old versions of the JRE, not in any Java library. The best place for a fix would be in Avira. It should look for old versions of Java (1.5.0_33, 1.6.0_33, 1.7.0_02, or older) and warn about the vulnerability if they are found. It should not scan for usages of AtomicReferenceArray in libraries.
We'll report the false positive to Avira.
Hi, my Anti-Virus AVIRA alerted me with an exploitEXP/CVE-2012-0507 while i was downloading your newest 6.0 gs-collections version from maven. I downgraded to 5.1 where this message doesn't appear. Could you please check the file, that is provided on mvn repo?
Best regards