The known vulnerability in the shared library which RxGalleryFinal depends on.

Hi, @pengjianbo , @7449 , I'd like to report a vulnerability issue in **cn.finalteam.rxgalleryfinal:library:0.0.3**.
### Issue Description
**cn.finalteam.rxgalleryfinal:library:0.0.3** directly or transitively depends on ***5*** C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C libraries is vulnerable, containing the following CVEs:

`libucrop.so` from C project **libpng(version:1.6.22)** exposed ***2*** vulnerabilities:
[CVE-2017-12652](https://nvd.nist.gov/vuln/detail/CVE-2017-12652), [CVE-2016-10087](https://nvd.nist.gov/vuln/detail/CVE-2016-10087)
### Suggested Vulnerability Patch Versions
***libpng*** has fixed the vulnerabilities in versions ***>=1.6.37***

Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects.
Could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~
Best regards,
Helen Parr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The known vulnerability in the shared library which RxGalleryFinal depends on. #315

Issue Description

Suggested Vulnerability Patch Versions

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

The known vulnerability in the shared library which RxGalleryFinal depends on. #315

Description

Issue Description

Suggested Vulnerability Patch Versions

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions