This study by Aspect Security and Sonatype is making the rounds, and implies that GWT is the most-downloaded component in Maven central with security vulnerabilities:http://www.sonatype.com/Products/Sonatype-Insight/Why- Insight/Mitigate-Security- Risks/Security-Brief I've asked, but I'm curious which GWT vulnerabilities they might be including here.
The one that comes up the most in searches for me is this (relatively ancient) GWT 1.5/1.6-era RSS/XSS vulnerability:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4322
http://code.google.com/p/google-web-toolkit/issues/detail?id=3637
If they're using this one, I'm curious if their download stats only include affected versions.
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/eHOwW9yCMOQJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment