[Snyk] Security upgrade nginx from alpine to 1.25.4-alpine3.18 #33

An automation triggered a pipeline warning

Found 96 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.

Output from Automations

4 rules were checked:

If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email

✔️ The rule did not trigger. Manage rule

If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email

✔️ The rule did not trigger. Manage rule

If there is a dependency where the license risk is at least high
then send a pipeline warning

✔️ The rule did not trigger. Manage rule

If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning

⚠️ The rule triggered for the following vulnerabilities, causing a pipeline warning. Manage rule

Vulnerability	CVSS2	CVSS3	Dependency	Dependency Licenses
CVE-2024-1597	N/A	10	org.postgresql:postgresql (Maven)	BSD-2-Clause
CVE-2022-22965	9.3	10	org.springframework:spring-webmvc (Maven)	Apache-2.0
CVE-2022-22965	9.3	10	org.springframework:spring-core (Maven)	Apache-2.0
CVE-2022-22965	9.3	10	org.springframework:spring-beans (Maven)	Apache-2.0
CVE-2022-22965	9.3	10	org.springframework.boot:spring-boot-starter-web (Maven)	Apache-2.0
CVE-2020-1938	7.5	9.8	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2019-16943	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-24616	6.8	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2022-26520	7.5	9.8	org.postgresql:postgresql (Maven)	BSD-2-Clause
CVE-2020-9547	6.8	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-9546	6.8	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2019-14892	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-8840	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2019-17531	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2019-14893	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2019-16335	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2022-21724	7.5	9.8	org.postgresql:postgresql (Maven)	BSD-2-Clause
CVE-2019-17267	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2022-1471	N/A	9.8	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2016-1000027	7.5	9.8	org.springframework:spring-web (Maven)	Apache-2.0
CVE-2019-14379	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2021-27568	6.4	9.1	net.minidev:json-smart (Maven)	Apache-2.0
CVE-2020-11113	6.8	8.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-10673	6.8	8.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-10672	6.8	8.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-10969	6.8	8.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-11112	6.8	8.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-11111	6.8	8.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-10650	N/A	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2019-0232	9.3	8.1	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2020-36180	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-14195	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-14062	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-14061	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-11620	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-11619	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-35491	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-35728	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36179	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2024-22243	N/A	8.1	org.springframework:spring-web (Maven)	Apache-2.0
CVE-2020-36181	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36182	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36183	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36184	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36185	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36186	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36187	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36188	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36189	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-24750	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2022-31197	N/A	8	org.postgresql:postgresql (Maven)	BSD-2-Clause
CVE-2022-27772	4.6	7.8	org.springframework.boot:spring-boot (Maven)	Apache-2.0
CVE-2020-13692	6.8	7.7	org.postgresql:postgresql (Maven)	BSD-2-Clause
CVE-2021-25122	5	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2022-22968	5	7.5	org.springframework:spring-context (Maven)	Apache-2.0
CVE-2022-22970	5	7.5	org.springframework:spring-beans (Maven)	Apache-2.0
CVE-2023-6378	N/A	7.5	ch.qos.logback:logback-classic (Maven)	EPL-1.0
CVE-2023-6378	N/A	7.5	ch.qos.logback:logback-core (Maven)	EPL-1.0
CVE-2023-46589	N/A	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2023-20883	N/A	7.5	org.springframework.boot:spring-boot-autoconfigure (Maven)	Apache-2.0
CVE-2023-1370	N/A	7.5	net.minidev:json-smart (Maven)	Apache-2.0
CVE-2019-0199	5	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2019-10072	5	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2019-17563	5.1	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2017-18640	5	7.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2021-37714	5	7.5	org.jsoup:jsoup (Maven)	MIT
CVE-2020-5398	7.6	7.5	org.springframework:spring-webmvc (Maven)	Apache-2.0
CVE-2020-25649	5	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2020-36518	5	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2022-42004	N/A	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2022-25857	N/A	7.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2022-42003	N/A	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2019-14439	5	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2019-12418	4.4	7	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2021-25329	4.4	7	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2021-42550	8.5	6.6	ch.qos.logback:logback-core (Maven)	EPL-1.0
CVE-2022-41854	N/A	6.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2023-34055	N/A	6.5	org.springframework.boot:spring-boot (Maven)	Apache-2.0
CVE-2022-38751	N/A	6.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2022-38752	N/A	6.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2022-38749	N/A	6.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2023-20861	N/A	6.5	org.springframework:spring-expression (Maven)	Apache-2.0
CVE-2023-20863	N/A	6.5	org.springframework:spring-expression (Maven)	Apache-2.0
CVE-2022-22950	4	6.5	org.springframework:spring-expression (Maven)	Apache-2.0
CVE-2023-41080	N/A	6.1	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2019-10219	4.3	6.1	org.hibernate.validator:hibernate-validator (Maven)	Apache-2.0
CVE-2022-36033	N/A	6.1	org.jsoup:jsoup (Maven)	MIT
CVE-2019-0221	4.3	6.1	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2021-24122	4.3	5.9	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2019-12384	4.3	5.9	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
CVE-2022-41946	N/A	5.5	org.postgresql:postgresql (Maven)	BSD-2-Clause
CVE-2020-15250	1.9	5.5	junit:junit (Maven)	EPL-1.0
CVE-2022-38750	N/A	5.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2023-42795	N/A	5.3	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2023-45648	N/A	5.3	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2020-10693	5	5.3	org.hibernate.validator:hibernate-validator (Maven)	Apache-2.0
CVE-2020-1935	5.8	4.8	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2023-35116	N/A	4.7	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0
debricked-230251	N/A	N/A	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
debricked-182877	N/A	N/A	org.postgresql:postgresql (Maven)	BSD-2-Clause

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade nginx from alpine to 1.25.4-alpine3.18 #33

[Snyk] Security upgrade nginx from alpine to 1.25.4-alpine3.18 #33

An automation triggered a pipeline warning

Output from Automations

4 rules were checked:

Re-running checks...

[Snyk] Security upgrade nginx from alpine to 1.25.4-alpine3.18 #33

Are you sure you want to change the base?

fix: client/Dockerfile to reduce vulnerabilities

[Snyk] Security upgrade nginx from alpine to 1.25.4-alpine3.18 #33

An automation triggered a pipeline warning

Output from Automations

4 rules were checked:

Re-running checks...