grpc-protobuf-1.45.2.jar: 1 vulnerabilities (highest severity is: 7.1) - autoclosed #33
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
security fix
Security fix generated by Mend
Vulnerable Library - grpc-protobuf-1.45.2.jar
Path to dependency file: /src/adservice/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/31.0.1-android/b400db548e748a1a60ba18543ad4fbb44a675a69/guava-31.0.1-android.jar
Found in HEAD commit: b7cdb84f3ee3fe6fcf4fa8f6dda7f7c01696e8db
Vulnerabilities
Details
CVE-2023-2976
Vulnerable Library - guava-31.0.1-android.jar
Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more.
Library home page: https://github.com/
Path to dependency file: /src/adservice/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/31.0.1-android/b400db548e748a1a60ba18543ad4fbb44a675a69/guava-31.0.1-android.jar
Dependency Hierarchy:
Found in HEAD commit: b7cdb84f3ee3fe6fcf4fa8f6dda7f7c01696e8db
Found in base branch: main
Vulnerability Details
Use of Java's default temporary directory for file creation in
FileBackedOutputStream
in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
Publish Date: 2023-06-14
URL: CVE-2023-2976
CVSS 3 Score Details (7.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-2976
Release Date: 2023-06-14
Fix Resolution (com.google.guava:guava): 32.0.1-android
Direct dependency fix Resolution (io.grpc:grpc-protobuf): 1.57.0
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
The text was updated successfully, but these errors were encountered: