dependency vulnerability with com.google.http-client detected

14 views
Skip to first unread message

alexis gayte

unread,
Apr 28, 2025, 8:46:19 AMApr 28
to tink-users

Current version 1.12.2 has a dependency vulnerability with com.google.http-client

from :
com.google.http-client:google-http-client:1.46.3

https://mvnrepository.com/artifact/com.google.http-client/google-http-client/1.46.3

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908

alexis gayte

unread,
Sep 4, 2025, 3:41:00 AMSep 4
to tink-users
Hi Here,

google-http-java-client has been upgraded to version 2.0.0 to fix these vulnerabilities, (https://github.com/googleapis/google-http-java-client). Is it possible to upgrade  
com.google.crypto.tink
  apps-paymentmethodtoken dependency on it?

Regards,
Alexis GAYTE

Reply all
Reply to author
Forward
0 new messages