Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade org.springframework.boot:spring-boot-starter-web from 2.0.9.RELEASE to 2.7.18 #117

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: pom.xml to reduce vulnerabilities

f054e25
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade org.springframework.boot:spring-boot-starter-web from 2.0.9.RELEASE to 2.7.18 #117

fix: pom.xml to reduce vulnerabilities
f054e25
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Nov 24, 2023 in 17m 49s

Security Report

You have successfully remediated 135 vulnerabilities, but introduced 13 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-1471

Path to dependency file: /black-shop-service/black-shop-user/black-shop-user-api/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> spring-cloud-starter-2.0.4.RELEASE.jar

     -> spring-boot-starter-2.7.18.jar

       -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Critical 9.8 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:2.0 None
CVE-2020-10683

Path to dependency file: /black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-service/pom.xml

Path to vulnerable library: /black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-service/pom.xml

Dependency Hierarchy:

-> weixin-java-mp-3.4.0.jar (Root Library)

   -> weixin-java-common-3.4.0.jar

     -> ❌ dom4j-2.1.1.jar (Vulnerable Library)

Critical 9.8 dom4j-2.1.1.jar Upgrade to version: org.dom4j:dom4j:2.1.3,org.dom4j:dom4j:2.0.3 None
CVE-2023-4043

Path to dependency file: /black-shop-basic/black-shop-basic-elasticsearch/pom.xml

Path to vulnerable library: /black-shop-basic/black-shop-basic-elasticsearch/pom.xml

Dependency Hierarchy:

-> spring-boot-starter-data-elasticsearch-2.7.18.jar (Root Library)

   -> spring-data-elasticsearch-4.4.18.jar

     -> elasticsearch-java-7.17.15.jar

       -> ❌ parsson-1.0.0.jar (Vulnerable Library)

High 7.5 parsson-1.0.0.jar Upgrade to version: org.eclipse.parsson:parsson:1.0.5,1.1.4;org.eclipse.parsson/jakarta.json:1.0.5,1.1.4 None
CVE-2023-3635

Path to dependency file: /black-shop-basic/black-shop-basic-redis/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar

Dependency Hierarchy:

-> feign-okhttp-9.7.0.jar (Root Library)

   -> okhttp-4.9.3.jar

     -> ❌ okio-2.8.0.jar (Vulnerable Library)

High 7.5 okio-2.8.0.jar Upgrade to version: com.squareup.okio:okio-jvm:3.4.0 None
CVE-2022-25857

Path to dependency file: /black-shop-service/black-shop-user/black-shop-user-api/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> spring-cloud-starter-2.0.4.RELEASE.jar

     -> spring-boot-starter-2.7.18.jar

       -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

High 7.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.31 None
CVE-2022-0084

Path to dependency file: /black-shop-service/black-shop-user/black-shop-user-service/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.7.18.jar (Root Library)

   -> undertow-core-2.2.28.Final.jar

     -> ❌ xnio-api-3.8.7.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.8.7.Final.jar Upgrade to version: org.jboss.xnio:xnio-api:3.8.8.Final None
CVE-2022-41854

Path to dependency file: /black-shop-service/black-shop-user/black-shop-user-api/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> spring-cloud-starter-2.0.4.RELEASE.jar

     -> spring-boot-starter-2.7.18.jar

       -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.32 None
CVE-2022-38752

Path to dependency file: /black-shop-service/black-shop-user/black-shop-user-api/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> spring-cloud-starter-2.0.4.RELEASE.jar

     -> spring-boot-starter-2.7.18.jar

       -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.32 None
CVE-2022-38751

Path to dependency file: /black-shop-service/black-shop-user/black-shop-user-api/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> spring-cloud-starter-2.0.4.RELEASE.jar

     -> spring-boot-starter-2.7.18.jar

       -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.31 None
CVE-2022-38749

Path to dependency file: /black-shop-service/black-shop-user/black-shop-user-api/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> spring-cloud-starter-2.0.4.RELEASE.jar

     -> spring-boot-starter-2.7.18.jar

       -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.31 None
CVE-2022-38750

Path to dependency file: /black-shop-service/black-shop-user/black-shop-user-api/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> spring-cloud-starter-2.0.4.RELEASE.jar

     -> spring-boot-starter-2.7.18.jar

       -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 5.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.31 None
CVE-2022-22946

Path to dependency file: /black-shop-gateway/pom.xml

Path to vulnerable library: /black-shop-gateway/pom.xml

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> ❌ spring-cloud-gateway-core-2.0.4.RELEASE.jar (Vulnerable Library)

Medium 5.5 spring-cloud-gateway-core-2.0.4.RELEASE.jar Upgrade to version: org.springframework.cloud:spring-cloud-gateway-server:3.1.1 None
CVE-2021-29425

Path to dependency file: /black-shop-basic/black-shop-basic-zipkin/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar

Dependency Hierarchy:

-> black-shop-basic-apolloconfig-1.0.0.jar (Root Library)

   -> black-shop-common-core-1.0.0.jar

     -> spring-cloud-starter-openfeign-2.0.4.RELEASE.jar

       -> spring-cloud-openfeign-core-2.0.4.RELEASE.jar

         -> feign-form-spring-3.3.0.jar

           -> commons-fileupload-1.3.3.jar

             -> ❌ commons-io-2.6.jar (Vulnerable Library)

Medium 4.8 commons-io-2.6.jar Upgrade to version: commons-io:commons-io:2.7 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2017-12629 lucene-queryparser-6.6.1.jar
CVE-2021-37136 netty-codec-4.1.34.Final.jar
CVE-2022-22978 spring-security-web-5.0.12.RELEASE.jar
CVE-2019-10212 undertow-core-1.4.27.Final.jar
CVE-2020-36183 jackson-databind-2.9.8.jar
CVE-2019-14893 jackson-databind-2.9.8.jar
CVE-2020-10687 undertow-core-1.4.27.Final.jar
CVE-2020-10650 jackson-databind-2.9.8.jar
CVE-2020-14062 jackson-databind-2.9.8.jar
CVE-2020-24750 jackson-databind-2.9.8.jar
CVE-2022-2053 undertow-core-1.4.27.Final.jar
CVE-2019-16335 jackson-databind-2.9.8.jar
CVE-2022-38750 snakeyaml-1.19.jar
CVE-2020-24616 jackson-databind-2.9.8.jar
WS-2020-0293 spring-security-web-5.0.12.RELEASE.jar
CVE-2019-12814 jackson-databind-2.9.8.jar
CVE-2020-9548 jackson-databind-2.9.8.jar
CVE-2022-38749 snakeyaml-1.19.jar
CVE-2019-14439 jackson-databind-2.9.8.jar
CVE-2020-36179 jackson-databind-2.9.8.jar
CVE-2022-27772 spring-boot-2.0.9.RELEASE.jar
CVE-2020-5408 spring-security-crypto-5.0.12.RELEASE.jar
CVE-2019-14379 jackson-databind-2.9.8.jar
CVE-2023-20861 spring-expression-5.0.13.RELEASE.jar
CVE-2022-42003 jackson-databind-2.9.8.jar
CVE-2017-18640 snakeyaml-1.19.jar
CVE-2020-11620 jackson-databind-2.9.8.jar
CVE-2020-25649 jackson-databind-2.9.8.jar
CVE-2019-12086 jackson-databind-2.9.8.jar
CVE-2019-20444 netty-codec-http-4.1.34.Final.jar
CVE-2020-9547 jackson-databind-2.9.8.jar
CVE-2020-35491 jackson-databind-2.9.8.jar
CVE-2020-13956 httpclient-4.5.8.jar
CVE-2020-7020 elasticsearch-5.6.16.jar
CVE-2021-21295 netty-codec-http-4.1.34.Final.jar
CVE-2020-36182 jackson-databind-2.9.8.jar
CVE-2022-41854 snakeyaml-1.19.jar
CVE-2019-14540 jackson-databind-2.9.8.jar
CVE-2022-42004 jackson-databind-2.9.8.jar
CVE-2019-11269 spring-security-oauth2-2.2.3.RELEASE.jar
CVE-2020-14061 jackson-databind-2.9.8.jar
CVE-2019-20445 netty-codec-http-4.1.34.Final.jar
CVE-2019-14892 jackson-databind-2.9.8.jar
CVE-2020-5421 spring-web-5.0.13.RELEASE.jar
CVE-2019-16869 netty-codec-http-4.1.34.Final.jar
CVE-2020-11113 jackson-databind-2.9.8.jar
CVE-2020-11619 jackson-databind-2.9.8.jar
CVE-2022-38751 snakeyaml-1.19.jar
CVE-2022-38752 snakeyaml-1.19.jar
CVE-2020-36180 jackson-databind-2.9.8.jar
CVE-2018-1067 undertow-core-1.4.27.Final.jar
CVE-2021-43797 netty-codec-http-4.1.34.Final.jar
CVE-2019-3778 spring-security-oauth2-2.2.3.RELEASE.jar
CVE-2020-36518 jackson-databind-2.9.8.jar
CVE-2021-22096 spring-web-5.0.13.RELEASE.jar
WS-2016-7107 spring-security-web-5.0.12.RELEASE.jar
CVE-2019-14888 undertow-core-1.4.27.Final.jar
WS-2017-3767 spring-security-web-5.0.12.RELEASE.jar
CVE-2019-3888 undertow-core-1.4.27.Final.jar
CVE-2020-10719 undertow-core-1.4.27.Final.jar
CVE-2020-14195 jackson-databind-2.9.8.jar
CVE-2021-22060 spring-core-5.0.13.RELEASE.jar
CVE-2021-22096 spring-core-5.0.13.RELEASE.jar
CVE-2020-10705 undertow-core-1.4.27.Final.jar
CVE-2023-1108 undertow-core-1.4.27.Final.jar
WS-2020-0408 netty-handler-4.1.34.Final.jar
CVE-2021-21290 netty-handler-4.1.34.Final.jar
CVE-2019-16943 jackson-databind-2.9.8.jar
CVE-2020-5408 spring-security-core-5.0.12.RELEASE.jar
CVE-2020-36181 jackson-databind-2.9.8.jar
CVE-2022-1259 undertow-core-1.4.27.Final.jar
CVE-2020-14060 jackson-databind-2.9.8.jar
CVE-2021-21290 netty-codec-http-4.1.34.Final.jar
CVE-2023-20863 spring-expression-5.0.13.RELEASE.jar
CVE-2019-7614 elasticsearch-5.6.16.jar
CVE-2018-1048 undertow-core-1.4.27.Final.jar
CVE-2020-27782 undertow-core-1.4.27.Final.jar
CVE-2020-5404 reactor-netty-0.7.15.RELEASE.jar
CVE-2021-42550 logback-classic-1.2.3.jar
CVE-2022-22950 spring-expression-5.0.13.RELEASE.jar
CVE-2020-35490 jackson-databind-2.9.8.jar
CVE-2021-20190 jackson-databind-2.9.8.jar
CVE-2021-42550 logback-core-1.2.3.jar
CVE-2020-9546 jackson-databind-2.9.8.jar
WS-2021-0419 com-google-gson-RELEASE113.jar
CVE-2020-36185 jackson-databind-2.9.8.jar
CVE-2022-25857 snakeyaml-1.19.jar
CVE-2019-17531 jackson-databind-2.9.8.jar
CVE-2020-36188 jackson-databind-2.9.8.jar
CVE-2020-11612 netty-codec-4.1.34.Final.jar
CVE-2020-1757 undertow-core-1.4.27.Final.jar
CVE-2019-16942 jackson-databind-2.9.8.jar
CVE-2018-14642 undertow-core-1.4.27.Final.jar
CVE-2022-1471 snakeyaml-1.19.jar
CVE-2021-3597 undertow-core-1.4.27.Final.jar
CVE-2021-20220 undertow-core-1.4.27.Final.jar
CVE-2021-22112 spring-security-web-5.0.12.RELEASE.jar
CVE-2020-5398 spring-web-5.0.13.RELEASE.jar
CVE-2020-36184 jackson-databind-2.9.8.jar
CVE-2019-17267 jackson-databind-2.9.8.jar
CVE-2020-36189 jackson-databind-2.9.8.jar
CVE-2016-1000027 spring-web-5.0.13.RELEASE.jar
CVE-2021-37137 netty-codec-4.1.34.Final.jar
CVE-2021-22096 spring-webmvc-5.0.13.RELEASE.jar
CVE-2020-7021 elasticsearch-5.6.16.jar
CVE-2020-11112 jackson-databind-2.9.8.jar
CVE-2020-7238 netty-codec-http-4.1.34.Final.jar
CVE-2021-3629 undertow-core-1.4.27.Final.jar
CVE-2020-11111 jackson-databind-2.9.8.jar
CVE-2022-25647 com-google-gson-RELEASE113.jar
CVE-2016-6311 undertow-core-1.4.27.Final.jar
CVE-2019-10202 jackson-databind-2.9.8.jar
CVE-2020-10672 jackson-databind-2.9.8.jar
CVE-2022-1319 undertow-core-1.4.27.Final.jar
CVE-2020-1745 undertow-core-1.4.27.Final.jar
CVE-2023-34462 netty-handler-4.1.34.Final.jar
WS-2021-0172 spring-web-5.0.13.RELEASE.jar
CVE-2022-24823 netty-common-4.1.34.Final.jar
CVE-2021-22096 spring-webflux-5.0.13.RELEASE.jar
CVE-2019-10184 undertow-servlet-1.4.27.Final.jar
CVE-2022-4492 undertow-core-1.4.27.Final.jar
CVE-2020-28491 jackson-dataformat-cbor-2.9.8.jar
CVE-2020-36186 jackson-databind-2.9.8.jar
CVE-2020-8840 jackson-databind-2.9.8.jar
CVE-2020-36187 jackson-databind-2.9.8.jar
CVE-2020-10673 jackson-databind-2.9.8.jar
CVE-2019-20330 jackson-databind-2.9.8.jar
CVE-2020-10969 jackson-databind-2.9.8.jar
CVE-2022-22970 spring-core-5.0.13.RELEASE.jar
CVE-2020-10968 jackson-databind-2.9.8.jar
CVE-2019-12384 jackson-databind-2.9.8.jar
CVE-2022-22970 spring-beans-5.0.13.RELEASE.jar
CVE-2021-3859 undertow-core-1.4.27.Final.jar
CVE-2020-35728 jackson-databind-2.9.8.jar
CVE-2022-22965 spring-beans-5.0.13.RELEASE.jar

Base branch total remaining vulnerabilities: 200
Base branch commit: null


Total libraries scanned: 295

Scan token: e384d96704bb4f428a1a995c8f8f5458

View more details on Mend Bolt for GitHub