CVE-2023-2976 - MockServer & Proxy Netty » 5.15.0 #1781

vshettigar-panw · 2023-07-26T01:50:39Z

CVE-2023-2976 Vulnerability reported from com.google.guava » guava dependency in maven repository(https://mvnrepository.com/artifact/org.mock-server/mockserver-netty/5.15.0) Quick remediation would be to update from 31.1-jre version to 32.1.1-jre version

bknitter-panw · 2023-09-21T23:14:28Z

Is there any update on this?

Google guava version upgrade to address mock-server#1781 CVE-2023-2976

mehtasankets · 2024-06-08T17:33:48Z

@jamesdbloom I've raised a MR to upgrade guava version. Requesting the review for the same.
Also, adding few observations:

Seems like MR pipelines are failing, Same is the case with the MR I've raised. It seems like it's due to test failures in MockServer & Proxy Netty module.
Library code is compatible with JDK < 17. May be we should update CONTRIBUTING.md documentation to highlight the same until JDK 17+ is supported?

mehtasankets added a commit to mehtasankets/mockserver that referenced this issue Jun 8, 2024

Bump up guava version

9fdcc80

Google guava version upgrade to address mock-server#1781 CVE-2023-2976

mehtasankets mentioned this issue Jun 8, 2024

Bump up guava version #1880

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2023-2976 - MockServer & Proxy Netty » 5.15.0 #1781

CVE-2023-2976 - MockServer & Proxy Netty » 5.15.0 #1781

vshettigar-panw commented Jul 26, 2023 •

edited

Loading

bknitter-panw commented Sep 21, 2023

mehtasankets commented Jun 8, 2024

CVE-2023-2976 - MockServer & Proxy Netty » 5.15.0 #1781

CVE-2023-2976 - MockServer & Proxy Netty » 5.15.0 #1781

Comments

vshettigar-panw commented Jul 26, 2023 • edited Loading

bknitter-panw commented Sep 21, 2023

mehtasankets commented Jun 8, 2024

vshettigar-panw commented Jul 26, 2023 •

edited

Loading