Feature/bigquery jdbc wrapper #2492
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2022-1471Path to dependency file: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml Path to vulnerable library: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-language-pure-modelManager/pom.xml,/legend-engine-xts-flatdata/legend-engine-xt-flatdata-driver-bloomberg/pom.xml,/legend-engine-xts-mastery/legend-engine-xt-mastery-grammar/pom.xml,/legend-engine-xts-diagram/legend-engine-xt-diagram-grammar/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-external-shared-format-model/pom.xml Dependency Hierarchy: -> legend-engine-language-pure-modelManager-4.36.1-SNAPSHOT.jar (Root Library) -> legend-engine-shared-core-4.36.1-SNAPSHOT.jar -> legend-shared-pac4j-kerberos-0.24.1.jar -> legend-shared-pac4j-0.24.1.jar -> jackson-dataformat-yaml-2.10.5.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
 Critical |
9.8 | snakeyaml-1.26.jar | Upgrade to version: org.yaml:snakeyaml:2.0 | None |
CVE-2022-25857Path to dependency file: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml Path to vulnerable library: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-language-pure-modelManager/pom.xml,/legend-engine-xts-flatdata/legend-engine-xt-flatdata-driver-bloomberg/pom.xml,/legend-engine-xts-mastery/legend-engine-xt-mastery-grammar/pom.xml,/legend-engine-xts-diagram/legend-engine-xt-diagram-grammar/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-external-shared-format-model/pom.xml Dependency Hierarchy: -> legend-engine-language-pure-modelManager-4.36.1-SNAPSHOT.jar (Root Library) -> legend-engine-shared-core-4.36.1-SNAPSHOT.jar -> legend-shared-pac4j-kerberos-0.24.1.jar -> legend-shared-pac4j-0.24.1.jar -> jackson-dataformat-yaml-2.10.5.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
 High |
7.5 | snakeyaml-1.26.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | None |
CVE-2022-41854Path to dependency file: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml Path to vulnerable library: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-language-pure-modelManager/pom.xml,/legend-engine-xts-flatdata/legend-engine-xt-flatdata-driver-bloomberg/pom.xml,/legend-engine-xts-mastery/legend-engine-xt-mastery-grammar/pom.xml,/legend-engine-xts-diagram/legend-engine-xt-diagram-grammar/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-external-shared-format-model/pom.xml Dependency Hierarchy: -> legend-engine-language-pure-modelManager-4.36.1-SNAPSHOT.jar (Root Library) -> legend-engine-shared-core-4.36.1-SNAPSHOT.jar -> legend-shared-pac4j-kerberos-0.24.1.jar -> legend-shared-pac4j-0.24.1.jar -> jackson-dataformat-yaml-2.10.5.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
 Medium |
6.5 | snakeyaml-1.26.jar | Upgrade to version: org.yaml:snakeyaml:1.32 | None |
CVE-2022-38752Path to dependency file: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml Path to vulnerable library: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-language-pure-modelManager/pom.xml,/legend-engine-xts-flatdata/legend-engine-xt-flatdata-driver-bloomberg/pom.xml,/legend-engine-xts-mastery/legend-engine-xt-mastery-grammar/pom.xml,/legend-engine-xts-diagram/legend-engine-xt-diagram-grammar/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-external-shared-format-model/pom.xml Dependency Hierarchy: -> legend-engine-language-pure-modelManager-4.36.1-SNAPSHOT.jar (Root Library) -> legend-engine-shared-core-4.36.1-SNAPSHOT.jar -> legend-shared-pac4j-kerberos-0.24.1.jar -> legend-shared-pac4j-0.24.1.jar -> jackson-dataformat-yaml-2.10.5.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
Medium |
6.5 | snakeyaml-1.26.jar | Upgrade to version: org.yaml:snakeyaml:1.32 | None |
CVE-2022-38751Path to dependency file: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml Path to vulnerable library: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-language-pure-modelManager/pom.xml,/legend-engine-xts-flatdata/legend-engine-xt-flatdata-driver-bloomberg/pom.xml,/legend-engine-xts-mastery/legend-engine-xt-mastery-grammar/pom.xml,/legend-engine-xts-diagram/legend-engine-xt-diagram-grammar/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-external-shared-format-model/pom.xml Dependency Hierarchy: -> legend-engine-language-pure-modelManager-4.36.1-SNAPSHOT.jar (Root Library) -> legend-engine-shared-core-4.36.1-SNAPSHOT.jar -> legend-shared-pac4j-kerberos-0.24.1.jar -> legend-shared-pac4j-0.24.1.jar -> jackson-dataformat-yaml-2.10.5.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
Medium |
6.5 | snakeyaml-1.26.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | None |
CVE-2022-38749Path to dependency file: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml Path to vulnerable library: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-language-pure-modelManager/pom.xml,/legend-engine-xts-flatdata/legend-engine-xt-flatdata-driver-bloomberg/pom.xml,/legend-engine-xts-mastery/legend-engine-xt-mastery-grammar/pom.xml,/legend-engine-xts-diagram/legend-engine-xt-diagram-grammar/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-external-shared-format-model/pom.xml Dependency Hierarchy: -> legend-engine-language-pure-modelManager-4.36.1-SNAPSHOT.jar (Root Library) -> legend-engine-shared-core-4.36.1-SNAPSHOT.jar -> legend-shared-pac4j-kerberos-0.24.1.jar -> legend-shared-pac4j-0.24.1.jar -> jackson-dataformat-yaml-2.10.5.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
Medium |
6.5 | snakeyaml-1.26.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | None |
CVE-2022-38750Path to dependency file: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml Path to vulnerable library: /legend-engine-xts-flatdata/legend-engine-xt-flatdata-runtime/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-language-pure-modelManager/pom.xml,/legend-engine-xts-flatdata/legend-engine-xt-flatdata-driver-bloomberg/pom.xml,/legend-engine-xts-mastery/legend-engine-xt-mastery-grammar/pom.xml,/legend-engine-xts-diagram/legend-engine-xt-diagram-grammar/pom.xml,/legend-engine-core/legend-engine-core-language-pure/legend-engine-external-shared-format-model/pom.xml Dependency Hierarchy: -> legend-engine-language-pure-modelManager-4.36.1-SNAPSHOT.jar (Root Library) -> legend-engine-shared-core-4.36.1-SNAPSHOT.jar -> legend-shared-pac4j-kerberos-0.24.1.jar -> legend-shared-pac4j-0.24.1.jar -> jackson-dataformat-yaml-2.10.5.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
Medium |
5.5 | snakeyaml-1.26.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | None |
Base branch total remaining vulnerabilities: 61
Base branch commit: b110eaf2a3445753075aa61658363ca46c0bc691
Total libraries scanned: 773
Scan token: fc50ceea0d6b42518e83fb199944d20b