dependency vulnerability with com.google.http-client and protobuf-java detected

26 views
Skip to first unread message

alexis gayte

unread,
Apr 1, 2025, 9:11:42 AMApr 1
to tink-users

Current version has a dependency vulnerability with com.google.http-client and protobuf-java.

from :
com.google.crypto.tink:tink:1.13.0
com.google.protobuf:protobuf-java:3.25.1

https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java/3.25.1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254

and from
com.google.http-client:google-http-client:1.43.3
com.google.guava:guava:30.1.1-android

https://mvnrepository.com/artifact/com.google.guava/guava/30.1.1-android
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908

Reply all
Reply to author
Forward
0 new messages