Search for packages
| purl | pkg:maven/com.googlecode.guava-osgi/guava-osgi@3.0.0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kwyu-yq4w-kqe4
Aliases: CVE-2018-10237 GHSA-mvr2-9pj6-7w5j |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T21:04:33.309441+00:00 | GitLab Importer | Affected by | VCID-kwyu-yq4w-kqe4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.googlecode.guava-osgi/guava-osgi/CVE-2018-10237.yml | 38.4.0 |
| 2026-04-11T22:15:59.002884+00:00 | GitLab Importer | Affected by | VCID-kwyu-yq4w-kqe4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.googlecode.guava-osgi/guava-osgi/CVE-2018-10237.yml | 38.3.0 |
| 2026-04-02T22:28:10.926955+00:00 | GitLab Importer | Affected by | VCID-kwyu-yq4w-kqe4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.googlecode.guava-osgi/guava-osgi/CVE-2018-10237.yml | 38.1.0 |
| 2026-04-01T16:46:07.791743+00:00 | GitLab Importer | Affected by | VCID-kwyu-yq4w-kqe4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.googlecode.guava-osgi/guava-osgi/CVE-2018-10237.yml | 38.0.0 |