embedded-redis icon indicating copy to clipboard operation
embedded-redis copied to clipboard
verified publisher icon ozimov

Security risk: deserialization of untrusted data

Open erwinc1 opened this issue 7 years ago • 3 comments

source: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236

erwinc1 avatar Dec 14 '18 10:12 erwinc1

Codecov Report

Merging #9 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master       #9   +/-   ##
=========================================
  Coverage     72.13%   72.13%           
  Complexity      113      113           
=========================================
  Files            20       20           
  Lines           506      506           
  Branches         38       38           
=========================================
  Hits            365      365           
  Misses          118      118           
  Partials         23       23

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 7201b29...3f69e4a. Read the comment docs.

codecov-io avatar Dec 14 '18 10:12 codecov-io

I don't have time to test this now. If someone else could peer review the PR I'd be glad to proceed.

robertotru avatar Jun 11 '20 04:06 robertotru

There has been some time between the original commit and now, but the current linked documentation says Guava minimum version should be 24.1.1-jre or higher but the forum post linking from that issue says 25.0-jre or later is needed to fix the issue itself.

So the move to 23.0 in the PR does not rectify the linked issued for Guava.

OzWolf avatar Jul 09 '20 06:07 OzWolf