What We Learned from Studying 36,000 OSS Projects | Press Release

blog-logo Sonatype Blog

Nexus Intelligence Insights - CVE-2018-10237- Guava Vulnerability

November 12, 2018 By Elisa Velarde

Welcome back to Nexus Intelligence Insights.

This month, we’re covering a vulnerability type that until recently, has flown a bit under the radar: deserialization of untrusted data.

Our featured vulnerability is CVE-2018-10237. This is a Guava vulnerability that can be exploited to create an unbounded memory, denial of service attack that can cripple or take down a server.

With so many other types of vulnerabilities getting the bulk of the average development team’s focus, it’s easy to forget about a component like Guava, that until recently, wasn’t quite as popular. Times change, and bad actors are getting more adept at using less obvious vectors to create chaos.

At Sonatype, our goal is to help organizations stay well informed and ahead of the open source software threat. Whether you’re a developer or involved in AppSec in general, Nexus Intelligence Insights, was created to put practical and actionable intelligence at your fingertips. We hope you find this month’s Insight useful.

Our team of 65 data analysts meticulously track open source vulnerabilities and the component and sub-component versions they impact. We marry precision data with automation to eliminate alert fatigue and allow developers to focus on the issues that really matter.

Do you have a topic in mind that you’d like to see us cover? Get in touch.

Read more

 

 

 

Tags: vulnerabilities, Nexus Intelligence Insights

Written by Elisa Velarde

Elisa is a Senior Product Marketing Manager at Sonatype. She brings over 10 years of experience in sourcing, mentoring, and leading Marketing or full Agile product teams while maintaining a collaborative, cross-departmental approach to support company goals.