Revert new connection APIs #2506
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-6481Path to dependency file: /legend-engine-pure/legend-engine-pure-ide/legend-engine-pure-ide-light/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> legend-pure-ide-light-5.1.2.jar (Root Library) -> dropwizard-core-1.3.29.jar -> dropwizard-logging-1.3.29.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
 High |
7.5 | logback-core-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 | None |
CVE-2023-6378Path to dependency file: /legend-engine-core/legend-engine-core-test/legend-engine-test-server-shared/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar Dependency Hierarchy: -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
High |
7.5 | logback-classic-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 | None |
CVE-2021-42550Path to dependency file: /legend-engine-core/legend-engine-core-test/legend-engine-test-server-shared/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar Dependency Hierarchy: -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
 Medium |
6.6 | logback-classic-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 | None |
CVE-2021-42550Path to dependency file: /legend-engine-pure/legend-engine-pure-ide/legend-engine-pure-ide-light/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> legend-pure-ide-light-5.1.2.jar (Root Library) -> dropwizard-core-1.3.29.jar -> dropwizard-logging-1.3.29.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
Medium |
6.6 | logback-core-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2022-38751 | snakeyaml-1.26-android.jar |
| CVE-2022-25857 | snakeyaml-1.26-android.jar |
| CVE-2022-38752 | snakeyaml-1.26-android.jar |
| CVE-2022-41854 | snakeyaml-1.26-android.jar |
| CVE-2022-38750 | snakeyaml-1.26-android.jar |
| CVE-2022-38749 | snakeyaml-1.26-android.jar |
Base branch total remaining vulnerabilities: 70
Base branch commit: ea40870cbf6acf0d67faf9ce610ed8585a97cdd7
Total libraries scanned: 731
Scan token: d74e019896ea408db6ebce6319ada234