The latest version of the `BundleTool` library (1.18.0) is still vulnerable to the `CVE-2024-7254` security vulnerability

The latest version of the `BundleTool` library (1.18.0) is still vulnerable to the CVE-2024-7254 security vulnerability. This vulnerability comes from the `protobuf-java` dependency and has affected the `BundleTool` library for several years.

Many organizations enforce strict policies against using binaries with known security vulnerabilities. Please consider updating the `protobuf-java` dependency used by the `BundleTool` library from version `3.22.3` to at least `3.25.5` to address this issue.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The latest version of the `BundleTool` library (1.18.0) is still vulnerable to the `CVE-2024-7254` security vulnerability #382

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

The latest version of the BundleTool library (1.18.0) is still vulnerable to the CVE-2024-7254 security vulnerability #382

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

The latest version of the `BundleTool` library (1.18.0) is still vulnerable to the `CVE-2024-7254` security vulnerability #382