Fix code scanning alert - libexpat: integer overflow

[SanjayVas]

Vulnerability CVE-2024-45492

• [ ] https://github.com/world-federation-of-advertisers/common-jvm/pull/279
• [ ] #1829

Tracking issue for:

• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1409
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1445
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1415
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1433
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1427
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1442
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1430
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1424
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1436
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1412
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1439
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1418
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1421
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1388
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1373
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1400
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1391
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1385
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1355
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1403
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1376
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1364
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1397
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1406
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1379
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1367
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1358
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1394
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1361
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1370
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1382
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1448
• [ ] https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning/1352

[SanjayVas]

Not yet fixed in upstream Debian Bookworm. See https://security-tracker.debian.org/tracker/CVE-2024-45491

[SanjayVas]

Looks like bookworm (security) has the fixed version now, which means it should be picked up by upstream distroless soon.

[SanjayVas]

Appears to be fixed in latest gcr.io/distroless/java17-debian12:nonroot (sha256:2db4acff2603088acaf67dac414462c9fcc3e2cc3ff9a642d5af9c7cff2b5fe9)