Hi team.
GWT Version:2.8.2
Component: com.google.protobuf/protobuf-java
Component Path: gwt-servlet.jar include.
We security scan that resulted in security vulnerability on Smartclient(gwt-servlet.jar), mention in the links below.
CVE Number
https://www.cvedetails.com/cve/CVE-2022-3510
https://www.cvedetails.com/cve/CVE-2022-3509
https://www.cvedetails.com/cve/CVE-2022-3171
https://www.cvedetails.com/cve/CVE-2021-22570
https://www.cvedetails.com/cve/CVE-2021-22569
All the links above point that vulnerability is present with Protobuf 2.5.0.
Is this vulnerability resolved in any later version of smartclient?
Or is the Protobuf 2.5.0 vulnerability about GWT 2.8.2 not affected by the vulnerability and is it a fake?
GWT Version:2.8.2
Component: com.google.protobuf/protobuf-java
Component Path: gwt-servlet.jar include.
We security scan that resulted in security vulnerability on Smartclient(gwt-servlet.jar), mention in the links below.
CVE Number
https://www.cvedetails.com/cve/CVE-2022-3510
https://www.cvedetails.com/cve/CVE-2022-3509
https://www.cvedetails.com/cve/CVE-2022-3171
https://www.cvedetails.com/cve/CVE-2021-22570
https://www.cvedetails.com/cve/CVE-2021-22569
All the links above point that vulnerability is present with Protobuf 2.5.0.
Is this vulnerability resolved in any later version of smartclient?
Or is the Protobuf 2.5.0 vulnerability about GWT 2.8.2 not affected by the vulnerability and is it a fake?
Comment