CVE-2023-2976 - MockServer & Proxy Netty » 5.15.0

mock-server / mockserver

MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied traffic including encrypted SSL traffic and supports Port Forwarding, Web Proxying (i.e. HTTP proxy), HTTPS Tunneling Proxying (using HTTP CONNECT) and SOCKS Proxying (i.e. dynamic port forwarding).

http://mock-server.com

Apache License 2.0

4.53k stars 1.06k forks source link

CVE-2023-2976 - MockServer & Proxy Netty » 5.15.0 #1781

Open vshettigar-panw opened 12 months ago

vshettigar-panw commented 12 months ago

CVE-2023-2976 Vulnerability reported from com.google.guava » guava dependency in maven repository(https://mvnrepository.com/artifact/org.mock-server/mockserver-netty/5.15.0) Quick remediation would be to update from 31.1-jre version to 32.1.1-jre version

bknitter-panw commented 10 months ago

Is there any update on this?

mehtasankets commented 1 month ago

@jamesdbloom I've raised a MR to upgrade guava version. Requesting the review for the same. Also, adding few observations:

Seems like MR pipelines are failing, Same is the case with the MR I've raised. It seems like it's due to test failures in MockServer & Proxy Netty module.
Library code is compatible with JDK < 17. May be we should update CONTRIBUTING.md documentation to highlight the same until JDK 17+ is supported?