AndroidDocumentScanner
AndroidDocumentScanner copied to clipboard
The known vulnerabilities in the shared library which AndroidDocumentScanner depends on.Can you help upgrade to patch versions?
Hi, @mayuce , @shahawi , I'd like to report a vulnerability issue in io.github.mayuce:AndroidDocumentScanner:1.6.1.
Issue Description
io.github.mayuce:AndroidDocumentScanner:1.6.1 directly or transitively depends on 7 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C libraries is vulnerable, containing the following CVEs:
libopencv_java3.so
from C project opencv(version:3.4.1) exposed 4 vulnerabilities:
CVE-2019-15939, CVE-2019-14491, CVE-2019-14493, CVE-2019-14492
Suggested Vulnerability Patch Versions
opencv* has fixed the vulnerabilities in versions >=4.2.0
Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~ Best regards, Helen Parr
Hi @HelenParr, I am currently over-busy to do any improvements for this project but if you could contribute for it that'd be nice. Otherwise it'll take sometime for me to work on this suggestion.