search

microsoft / migrate-spring-apps-to-azure-training

Learn how to migrate existing Spring apps to Azure
MIT License
4 stars 5 forks source link

There is a vulnerability in Guava: Google Core Libraries for Java 19.0,upgrade recommended #5

Open QiAnXinCodeSafe opened 3 years ago

QiAnXinCodeSafe commented 3 years ago

https://github.com/microsoft/migrate-spring-apps-to-azure-training/blob/8809482b4b94b50ac93fc738bfbbfc600756cd05/01-migrate-spring-cloud-application/piggymetrics/statistics-service/pom.xml#L66

CVE-2018-10237 CVE-2020-8908

Recommended upgrade version:24.1.1.jre

jdubois commented 3 years ago

We're not doing any serialization here, why do you think this affects the project?