[Bug]: Upgrade Dependencies to resolve "CVE-2024-25710" and "CVE-2024-26308" #10190

fsmherrm · 2025-04-22T12:43:32Z

Module

Core

Testcontainers version

1.20.6

Using the latest Testcontainers version?

Yes

Host OS

Unix

Host Arch

x64

Docker version

n/a

What happened?

Hello Team,

I would like to bring to your attention that the latest version 1.20.6 has been identified to have two vulnerabilities, specifically "CVE-2024-25710" and "CVE-2024-26308." These vulnerabilities prevent us from utilizing testcontainers internally.

To ensure our systems remain secure and operational, I kindly request that we prioritize remediating these findings by upgrading to newer dependency versions as soon as possible.

Thank you for your attention to this important matter.

Best regards,
Marc

Relevant log output

Additional Information

No response

fsmherrm · 2025-04-22T12:59:27Z

My assumption is that it should be resolved by just updating

testcontainers-java/core/build.gradle

Line 76 in 73e0637

api 'org.apache.commons:commons-compress:1.24.0'

with a version >= 1.26.0

fsmherrm added the type/bug label Apr 22, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: Upgrade Dependencies to resolve "CVE-2024-25710" and "CVE-2024-26308" #10190

[Bug]: Upgrade Dependencies to resolve "CVE-2024-25710" and "CVE-2024-26308" #10190

fsmherrm commented Apr 22, 2025

fsmherrm commented Apr 22, 2025

[Bug]: Upgrade Dependencies to resolve "CVE-2024-25710" and "CVE-2024-26308" #10190

[Bug]: Upgrade Dependencies to resolve "CVE-2024-25710" and "CVE-2024-26308" #10190

Comments

fsmherrm commented Apr 22, 2025

Module

Testcontainers version

Using the latest Testcontainers version?

Host OS

Host Arch

Docker version

What happened?

Relevant log output

Additional Information

fsmherrm commented Apr 22, 2025