Author najibk
Recipients najibk
Date 2019-01-03.09:33:52
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Jython fails vulnerability check because of a vulnerability in the guava dependency.

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

CVE-2018-10237 (

Using jython-standalone 2.7.1 in a maven project

is there a way to update the version of guava in the jython jar ?

Date User Action Args
2019-01-03 09:33:54najibksetrecipients: + najibk
2019-01-03 09:33:52najibksetmessageid: <>
2019-01-03 09:33:52najibklinkissue2728 messages
2019-01-03 09:33:52najibkcreate