search

google / bundletool

Bundletool is a command-line tool to manipulate Android App Bundles
https://g.co/androidappbundle
Apache License 2.0
3.52k stars 385 forks source link

There is a vulnerability in Bouncy Castle 1.56,upgrade recommended #288

Closed QiAnXinCodeSafe closed 1 year ago

QiAnXinCodeSafe commented 2 years ago

https://github.com/google/bundletool/blob/f7f5fd2bc6d17e68e349b6611add5566ae2dc720/build.gradle#L59-L60

CVE-2018-1000613 CVE-2018-1000180 CVE-2020-26939 CVE-2017-13098

Recommended upgrade version:1.69

ymakhno commented 1 year ago

This is compileOnly dependency.