Java Agent and commons-compress and Guava and the vulnerable classes with CVEs
Article ID: 144112
Updated On:
Products
CA Application Performance Management Agent (APM / Wily / Introscope)
CA Application Performance Management (APM / Wily / Introscope)
INTROSCOPE
DX Application Performance Management
Issue/Introduction
Java Agent and commons-compress and Guava and the vulnerable classes with CVEs.
Cause
The Guava library that the agent uses, is loaded by our own custom class loader. Thus, it is not accessible by the application.
Environment
Release : 10.7.0
Component : APM Agents
Resolution
The Guava library that the APM Java Agent uses, are loaded by our custom class loader and hence won’t be accessible by the application.
If the application uses some utilities from the Guava library, they have to use its own copy/version where the CVE's have been addressed.
Feedback
Yes
No
Powered by
