Is guice impacted by Spring4shell security vulnerabilities? #1621
Comments
|
@embedsri No. |
|
Thank you for the clarification.
We use guice as part of our Android 9 build and it has
this external/guice/extensions/spring/pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.google.inject.extensions</groupId>
<artifactId>extensions-parent</artifactId>
<version>4.0</version>
</parent>
<artifactId>guice-spring</artifactId>
<name>Google Guice - Extensions - Spring</name>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>3.0.5.RELEASE</version>
<scope>provided</scope>
</dependency>
</dependencies>
</project>
"external/guice/extensions/spring/pom.xml"
Can you confirm that this won't be affected by the
Spring4shell vulnerability?
…On Thu, Apr 7, 2022 at 3:25 PM wendigo ***@***.***> wrote:
@embedsri <https://github.com/embedsri> No.
—
Reply to this email directly, view it on GitHub
<#1621 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABRHDMBOM6Z2OCNERO3NM53VD4ZBRANCNFSM5S2IOVVA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
According to the ticket, if you are importing spring from this pom, and using JDK 9, then yes, it is affected - |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://tanzu.vmware.com/security/cve-2022-22963
https://tanzu.vmware.com/security/cve-2022-22965
The text was updated successfully, but these errors were encountered: