jsoup:0.0.1.rc19: CVE-2015-6748 #339
Comments
|
Hi @kewilson, Thanks for the report. However, I couldn’t find any evidence that jsoup depends on guava either now or in the past. At version 1.9.1 it had no non-test dependencies and still doesn’t. Do you have any more details? Additionally, since this is a one file module, with very few users, I was thinking of deleting it and instead post it as a code sample on the wiki. What do you think? |
|
Hi @danfickle .. apologies for the delayed response. If you believe providing that functionality in some other way is best that's your call. I'll try to track down the entry point of guava into the report, I found that odd myself. |
Upgrade Jsoup dependency for last release of this sub-module. Users should use W3CDom class from Jsoup instead.
|
OK, I've marked the module deprecated (for removal) and changed the integration guide to use JSoup's |
From owasp.dependencycheck gradle plugin:
https://www.owasp.org/index.php/OWASP_Dependency_Check
openhtmltopdf-jsoup-dom-converter-0.0.1-RC19.jar:
ids:(com.openhtmltopdf:openhtmltopdf-jsoup-dom-converter:0.0.1-RC19, cpe:/a:jsoup:
guava-20.0.jar:
ids:(com.google.guava:guava:20.0, cpe:/a:google:guava:20.0) : CVE-2018-10237
The text was updated successfully, but these errors were encountered: