Skip to content

vulnerabilities in protobuf-java library #4371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sankar-gp opened this issue Nov 27, 2022 · 3 comments
Closed

vulnerabilities in protobuf-java library #4371

sankar-gp opened this issue Nov 27, 2022 · 3 comments
Labels
api: core

Comments

@sankar-gp
Copy link

sankar-gp commented Nov 27, 2022
edited
Loading

Our internal tool reporting that there are some vulnerabilities in protobuf-java library.

BDSA: BDSA-2022-3221
NVD: CVE-2021-22569 (BDSA-2022-0051)

I came to know that firebase-android-sdk internally using the protobuf-java 3.11.0.
Kindly let me know is there any update for the above vulnerabilities
@google-oss-bot
Copy link
Contributor

I found a few problems with this issue:

  • I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
  • This issue does not seem to follow the issue template. Make sure you provide all the required information.

@sankar-gp sankar-gp changed the title What version of protobuf-java used in com.google.firebase:firebase-encoders-proto:16.0.0 vulnerabilities in protobuf-java library Nov 27, 2022
@argzdev
Copy link
Contributor

argzdev commented Nov 28, 2022

Hi @sankar-gp, thanks for reporting. I'll see if we can update our protobuf-java library version.

@argzdev argzdev mentioned this issue Nov 28, 2022
Merged
@argzdev
Copy link
Contributor

argzdev commented Nov 28, 2022

Since this has been merged, I'll close this issue now. Thanks

@argzdev argzdev closed this as completed Nov 28, 2022
@firebase firebase locked and limited conversation to collaborators Dec 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
api: core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@google-oss-bot @sankar-gp @argzdev