Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 7 vulnerabilities #135

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: pom.xml to reduce vulnerabilities

042a731
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Fix for 7 vulnerabilities #135

fix: pom.xml to reduce vulnerabilities
042a731
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Nov 26, 2024 in 13m 51s

Security Report

You have successfully remediated 175 vulnerabilities, but introduced 12 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2020-10683

Path to dependency file: /black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-service/pom.xml

Path to vulnerable library: /black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-service/pom.xml

Dependency Hierarchy:

-> weixin-java-mp-3.4.0.jar (Root Library)

   -> weixin-java-common-3.4.0.jar

     -> ❌ dom4j-2.1.1.jar (Vulnerable Library)

Critical 9.8 dom4j-2.1.1.jar Upgrade to version: org.dom4j:dom4j:2.1.3,org.dom4j:dom4j:2.0.3 None
CVE-2023-7272

Path to dependency file: /black-shop-basic/black-shop-basic-elasticsearch/pom.xml

Path to vulnerable library: /black-shop-basic/black-shop-basic-elasticsearch/pom.xml

Dependency Hierarchy:

-> spring-boot-starter-data-elasticsearch-3.2.11.jar (Root Library)

   -> spring-data-elasticsearch-5.2.11.jar

     -> elasticsearch-java-8.10.4.jar

       -> ❌ parsson-1.0.0.jar (Vulnerable Library)

High 8.6 parsson-1.0.0.jar Upgrade to version: org.eclipse.parsson:jakarta.json:1.0.4,1.1.3, org.eclipse.parsson:parsson:1.0.4,1.1.3 None
CVE-2024-47554

Path to dependency file: /black-shop-common/black-shop-common-util/pom.xml

Path to vulnerable library: /black-shop-common/black-shop-common-util/pom.xml,/black-shop-common/black-shop-common-web/pom.xml,/black-shop-gateway/pom.xml,/black-shop-service/black-shop-user/black-shop-user-api/pom.xml,/black-shop-common/black-shop-common-datasource/pom.xml,/black-shop-basic/black-shop-basic-redis/pom.xml,/black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-api/pom.xml,/black-shop-common/black-shop-common-core/pom.xml,/black-shop-portal/black-shop-portal-web/pom.xml,/black-shop-basic/black-shop-basic-apolloconfig/pom.xml,/black-shop-model/black-shop-model-order/pom.xml,/black-shop-model/black-shop-model-common/pom.xml,/black-shop-basic/black-shop-basic-scheduler/pom.xml,/black-shop-common/black-shop-common-feign/pom.xml,/black-shop-basic/black-shop-basic-zipkin/pom.xml,/black-shop-model/black-shop-model-product/pom.xml,/black-shop-common/black-shop-common-data/pom.xml,/black-shop-service/black-shop-user/black-shop-user-service/pom.xml,/black-shop-common/black-shop-common-security/pom.xml,/black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-service/pom.xml,/black-shop-portal/black-shop-portal-pay/pom.xml,/black-shop-model/black-shop-model-shoppingcart/pom.xml,/black-shop-auth/pom.xml,/black-shop-basic/black-shop-basic-elasticsearch/pom.xml

Dependency Hierarchy:

-> black-shop-basic-apolloconfig-1.0.0.jar (Root Library)

   -> black-shop-common-core-1.0.0.jar

     -> spring-cloud-starter-openfeign-2.0.4.RELEASE.jar

       -> spring-cloud-openfeign-core-2.0.4.RELEASE.jar

         -> feign-form-spring-3.3.0.jar

           -> commons-fileupload-1.3.3.jar

             -> ❌ commons-io-2.6.jar (Vulnerable Library)

High 7.5 commons-io-2.6.jar Upgrade to version: commons-io:commons-io:2.14.0 None
CVE-2023-4043

Path to dependency file: /black-shop-basic/black-shop-basic-elasticsearch/pom.xml

Path to vulnerable library: /black-shop-basic/black-shop-basic-elasticsearch/pom.xml

Dependency Hierarchy:

-> spring-boot-starter-data-elasticsearch-3.2.11.jar (Root Library)

   -> spring-data-elasticsearch-5.2.11.jar

     -> elasticsearch-java-8.10.4.jar

       -> ❌ parsson-1.0.0.jar (Vulnerable Library)

Medium 5.9 parsson-1.0.0.jar Upgrade to version: org.eclipse.parsson:parsson:1.0.5,1.1.4;org.eclipse.parsson/jakarta.json:1.0.5,1.1.4 None
CVE-2024-47535

Path to dependency file: /black-shop-gateway/pom.xml

Path to vulnerable library: /black-shop-gateway/pom.xml,/black-shop-service/black-shop-user/black-shop-user-service/pom.xml,/black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-service/pom.xml,/black-shop-basic/black-shop-basic-redis/pom.xml,/black-shop-auth/pom.xml

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> spring-boot-starter-webflux-3.2.11.jar

     -> spring-boot-starter-reactor-netty-3.2.11.jar

       -> reactor-netty-http-1.1.23.jar

         -> netty-codec-http-4.1.114.Final.jar

           -> ❌ netty-common-4.1.114.Final.jar (Vulnerable Library)

Medium 5.5 netty-common-4.1.114.Final.jar Upgrade to version: io.netty:netty-common:4.1.115.Final None
CVE-2022-22946

Path to dependency file: /black-shop-gateway/pom.xml

Path to vulnerable library: /black-shop-gateway/pom.xml

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> ❌ spring-cloud-gateway-core-2.0.4.RELEASE.jar (Vulnerable Library)

Medium 5.5 spring-cloud-gateway-core-2.0.4.RELEASE.jar Upgrade to version: org.springframework.cloud:spring-cloud-gateway-server:3.1.1 None
CVE-2020-13956

Path to dependency file: /black-shop-basic/black-shop-basic-scheduler/pom.xml

Path to vulnerable library: /black-shop-basic/black-shop-basic-scheduler/pom.xml,/black-shop-model/black-shop-model-shoppingcart/pom.xml,/black-shop-basic/black-shop-basic-elasticsearch/pom.xml,/black-shop-model/black-shop-model-order/pom.xml,/black-shop-portal/black-shop-portal-web/pom.xml,/black-shop-auth/pom.xml,/black-shop-model/black-shop-model-product/pom.xml,/black-shop-portal/black-shop-portal-pay/pom.xml,/black-shop-gateway/pom.xml,/black-shop-basic/black-shop-basic-apolloconfig/pom.xml,/black-shop-common/black-shop-common-web/pom.xml,/black-shop-common/black-shop-common-core/pom.xml,/black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-service/pom.xml,/black-shop-service/black-shop-user/black-shop-user-service/pom.xml,/black-shop-common/black-shop-common-datasource/pom.xml,/black-shop-common/black-shop-common-security/pom.xml,/black-shop-basic/black-shop-basic-redis/pom.xml,/black-shop-service/black-shop-user/black-shop-user-api/pom.xml,/black-shop-common/black-shop-common-data/pom.xml,/black-shop-common/black-shop-common-util/pom.xml,/black-shop-model/black-shop-model-common/pom.xml,/black-shop-basic/black-shop-basic-zipkin/pom.xml,/black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-api/pom.xml,/black-shop-common/black-shop-common-feign/pom.xml

Dependency Hierarchy:

-> black-shop-basic-apolloconfig-1.0.0.jar (Root Library)

   -> black-shop-common-core-1.0.0.jar

     -> spring-cloud-starter-alibaba-nacos-discovery-0.2.2.RELEASE.jar

       -> spring-cloud-alibaba-nacos-discovery-0.2.2.RELEASE.jar

         -> spring-cloud-starter-netflix-ribbon-2.0.4.RELEASE.jar

           -> ribbon-httpclient-2.2.5.jar

             -> ❌ httpclient-4.5.6.jar (Vulnerable Library)

Medium 5.3 httpclient-4.5.6.jar Upgrade to version: org.apache.httpcomponents:httpclient:4.5.13;org.apache.httpcomponents:httpclient-osgi:4.5.13;org.apache.httpcomponents.client5:httpclient5:5.0.3;org.apache.httpcomponents.client5:httpclient5-osgi:5.0.3 None
CVE-2024-38827

Path to dependency file: /black-shop-common/black-shop-common-security/pom.xml

Path to vulnerable library: /black-shop-common/black-shop-common-security/pom.xml,/black-shop-auth/pom.xml

Dependency Hierarchy:

-> spring-cloud-starter-security-2.0.2.RELEASE.jar (Root Library)

   -> spring-cloud-security-2.0.2.RELEASE.jar

     -> spring-boot-starter-security-3.2.11.jar

       -> ❌ spring-security-config-6.2.7.jar (Vulnerable Library)

Medium 4.8 spring-security-config-6.2.7.jar Upgrade to version: org.springframework.security:spring-security-cas:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-config:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-core:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-crypto:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-ldap:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-oauth2-client:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-taglibs:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-web:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5 None
CVE-2024-38827

Path to dependency file: /black-shop-basic/black-shop-basic-apolloconfig/pom.xml

Path to vulnerable library: /black-shop-basic/black-shop-basic-apolloconfig/pom.xml,/black-shop-gateway/pom.xml,/black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-api/pom.xml,/black-shop-common/black-shop-common-core/pom.xml,/black-shop-model/black-shop-model-common/pom.xml,/black-shop-common/black-shop-common-feign/pom.xml,/black-shop-common/black-shop-common-security/pom.xml,/black-shop-common/black-shop-common-util/pom.xml,/black-shop-basic/black-shop-basic-redis/pom.xml,/black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-service/pom.xml,/black-shop-basic/black-shop-basic-zipkin/pom.xml,/black-shop-model/black-shop-model-shoppingcart/pom.xml,/black-shop-basic/black-shop-basic-scheduler/pom.xml,/black-shop-basic/black-shop-basic-elasticsearch/pom.xml,/black-shop-model/black-shop-model-order/pom.xml,/black-shop-portal/black-shop-portal-web/pom.xml,/black-shop-common/black-shop-common-data/pom.xml,/black-shop-service/black-shop-user/black-shop-user-api/pom.xml,/black-shop-service/black-shop-user/black-shop-user-service/pom.xml,/black-shop-auth/pom.xml,/black-shop-portal/black-shop-portal-pay/pom.xml,/black-shop-common/black-shop-common-datasource/pom.xml,/black-shop-model/black-shop-model-product/pom.xml,/black-shop-common/black-shop-common-web/pom.xml

Dependency Hierarchy:

-> spring-cloud-starter-gateway-2.0.4.RELEASE.jar (Root Library)

   -> spring-cloud-starter-2.0.4.RELEASE.jar

     -> spring-cloud-context-2.0.4.RELEASE.jar

       -> ❌ spring-security-crypto-6.2.7.jar (Vulnerable Library)

Medium 4.8 spring-security-crypto-6.2.7.jar Upgrade to version: org.springframework.security:spring-security-cas:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-config:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-core:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-crypto:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-ldap:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-oauth2-client:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-taglibs:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-web:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5 None
CVE-2024-38827

Path to dependency file: /black-shop-auth/pom.xml

Path to vulnerable library: /black-shop-auth/pom.xml,/black-shop-common/black-shop-common-security/pom.xml

Dependency Hierarchy:

-> spring-cloud-starter-security-2.0.2.RELEASE.jar (Root Library)

   -> spring-cloud-security-2.0.2.RELEASE.jar

     -> spring-boot-starter-security-3.2.11.jar

       -> ❌ spring-security-web-6.2.7.jar (Vulnerable Library)

Medium 4.8 spring-security-web-6.2.7.jar Upgrade to version: org.springframework.security:spring-security-cas:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-config:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-core:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-crypto:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-ldap:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-oauth2-client:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-taglibs:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-web:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5 None
CVE-2024-38827

Path to dependency file: /black-shop-auth/pom.xml

Path to vulnerable library: /black-shop-auth/pom.xml,/black-shop-common/black-shop-common-security/pom.xml

Dependency Hierarchy:

-> spring-cloud-starter-security-2.0.2.RELEASE.jar (Root Library)

   -> spring-cloud-security-2.0.2.RELEASE.jar

     -> spring-boot-starter-security-3.2.11.jar

       -> spring-security-config-6.2.7.jar

         -> ❌ spring-security-core-6.2.7.jar (Vulnerable Library)

Medium 4.8 spring-security-core-6.2.7.jar Upgrade to version: org.springframework.security:spring-security-cas:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-config:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-core:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-crypto:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-ldap:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-oauth2-client:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-taglibs:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5, org.springframework.security:spring-security-web:5.7.14,5.8.16,6.0.14,6.1.12,6.2.8,6.3.5 None
CVE-2021-29425

Path to dependency file: /black-shop-common/black-shop-common-util/pom.xml

Path to vulnerable library: /black-shop-common/black-shop-common-util/pom.xml,/black-shop-common/black-shop-common-web/pom.xml,/black-shop-gateway/pom.xml,/black-shop-service/black-shop-user/black-shop-user-api/pom.xml,/black-shop-common/black-shop-common-datasource/pom.xml,/black-shop-basic/black-shop-basic-redis/pom.xml,/black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-api/pom.xml,/black-shop-common/black-shop-common-core/pom.xml,/black-shop-portal/black-shop-portal-web/pom.xml,/black-shop-basic/black-shop-basic-apolloconfig/pom.xml,/black-shop-model/black-shop-model-order/pom.xml,/black-shop-model/black-shop-model-common/pom.xml,/black-shop-basic/black-shop-basic-scheduler/pom.xml,/black-shop-common/black-shop-common-feign/pom.xml,/black-shop-basic/black-shop-basic-zipkin/pom.xml,/black-shop-model/black-shop-model-product/pom.xml,/black-shop-common/black-shop-common-data/pom.xml,/black-shop-service/black-shop-user/black-shop-user-service/pom.xml,/black-shop-common/black-shop-common-security/pom.xml,/black-shop-service/black-shop-thirdparty/black-shop-wechat/black-shop-wechat-service/pom.xml,/black-shop-portal/black-shop-portal-pay/pom.xml,/black-shop-model/black-shop-model-shoppingcart/pom.xml,/black-shop-auth/pom.xml,/black-shop-basic/black-shop-basic-elasticsearch/pom.xml

Dependency Hierarchy:

-> black-shop-basic-apolloconfig-1.0.0.jar (Root Library)

   -> black-shop-common-core-1.0.0.jar

     -> spring-cloud-starter-openfeign-2.0.4.RELEASE.jar

       -> spring-cloud-openfeign-core-2.0.4.RELEASE.jar

         -> feign-form-spring-3.3.0.jar

           -> commons-fileupload-1.3.3.jar

             -> ❌ commons-io-2.6.jar (Vulnerable Library)

Medium 4.8 commons-io-2.6.jar Upgrade to version: commons-io:commons-io:2.7 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2017-12629 lucene-queryparser-6.6.1.jar
CVE-2021-37136 netty-codec-4.1.34.Final.jar
CVE-2022-22978 spring-security-web-5.0.12.RELEASE.jar
CVE-2023-1973 undertow-core-1.4.27.Final.jar
CVE-2019-10212 undertow-core-1.4.27.Final.jar
CVE-2020-36183 jackson-databind-2.9.8.jar
CVE-2019-14893 jackson-databind-2.9.8.jar
CVE-2020-10687 undertow-core-1.4.27.Final.jar
CVE-2020-10650 jackson-databind-2.9.8.jar
CVE-2024-7885 undertow-core-1.4.27.Final.jar
CVE-2020-14062 jackson-databind-2.9.8.jar
CVE-2020-24750 jackson-databind-2.9.8.jar
CVE-2023-34055 spring-boot-actuator-2.0.9.RELEASE.jar
CVE-2022-2053 undertow-core-1.4.27.Final.jar
CVE-2019-16335 jackson-databind-2.9.8.jar
CVE-2023-6481 logback-core-1.2.3.jar
CVE-2024-47554 org-apache-commons-io-RELEASE113.jar
CVE-2022-38750 snakeyaml-1.19.jar
CVE-2022-22968 spring-context-5.0.13.RELEASE.jar
CVE-2020-24616 jackson-databind-2.9.8.jar
WS-2020-0293 spring-security-web-5.0.12.RELEASE.jar
CVE-2019-12814 jackson-databind-2.9.8.jar
CVE-2020-9548 jackson-databind-2.9.8.jar
CVE-2022-38749 snakeyaml-1.19.jar
CVE-2019-14439 jackson-databind-2.9.8.jar
CVE-2020-36179 jackson-databind-2.9.8.jar
CVE-2022-27772 spring-boot-2.0.9.RELEASE.jar
CVE-2020-5408 spring-security-crypto-5.0.12.RELEASE.jar
CVE-2024-38809 spring-web-5.0.13.RELEASE.jar
CVE-2019-14379 jackson-databind-2.9.8.jar
CVE-2023-20861 spring-expression-5.0.13.RELEASE.jar
CVE-2022-42003 jackson-databind-2.9.8.jar
CVE-2024-38821 spring-security-web-5.0.12.RELEASE.jar
CVE-2017-18640 snakeyaml-1.19.jar
CVE-2020-11620 jackson-databind-2.9.8.jar
CVE-2020-25649 jackson-databind-2.9.8.jar
CVE-2024-38827 spring-security-core-5.0.12.RELEASE.jar
CVE-2019-12086 jackson-databind-2.9.8.jar
CVE-2019-20444 netty-codec-http-4.1.34.Final.jar
CVE-2023-0833 okhttp-3.8.1.jar
CVE-2020-9547 jackson-databind-2.9.8.jar
CVE-2020-35491 jackson-databind-2.9.8.jar
CVE-2020-13956 httpclient-4.5.8.jar
CVE-2020-7020 elasticsearch-5.6.16.jar
CVE-2021-21295 netty-codec-http-4.1.34.Final.jar
CVE-2020-36182 jackson-databind-2.9.8.jar
CVE-2022-41854 snakeyaml-1.19.jar
CVE-2019-14540 jackson-databind-2.9.8.jar
CVE-2022-42004 jackson-databind-2.9.8.jar
CVE-2019-11269 spring-security-oauth2-2.2.3.RELEASE.jar
CVE-2020-14061 jackson-databind-2.9.8.jar
CVE-2019-20445 netty-codec-http-4.1.34.Final.jar
CVE-2024-38816 spring-webflux-5.0.13.RELEASE.jar
CVE-2024-3653 undertow-core-1.4.27.Final.jar
CVE-2024-29025 netty-codec-http-4.1.34.Final.jar
CVE-2024-38827 spring-security-crypto-5.0.12.RELEASE.jar
CVE-2019-14892 jackson-databind-2.9.8.jar
CVE-2024-38827 spring-security-web-5.0.12.RELEASE.jar
CVE-2020-5421 spring-web-5.0.13.RELEASE.jar
CVE-2019-16869 netty-codec-http-4.1.34.Final.jar
CVE-2020-11113 jackson-databind-2.9.8.jar
CVE-2024-1459 undertow-core-1.4.27.Final.jar
CVE-2020-11619 jackson-databind-2.9.8.jar
CVE-2024-38819 spring-webmvc-5.0.13.RELEASE.jar
CVE-2022-38751 snakeyaml-1.19.jar
WS-2019-0379 commons-codec-1.11.jar
CVE-2022-38752 snakeyaml-1.19.jar
CVE-2020-36180 jackson-databind-2.9.8.jar
CVE-2022-0084 xnio-api-3.3.8.Final.jar
CVE-2018-1067 undertow-core-1.4.27.Final.jar
CVE-2021-43797 netty-codec-http-4.1.34.Final.jar
CVE-2019-3778 spring-security-oauth2-2.2.3.RELEASE.jar
CVE-2020-36518 jackson-databind-2.9.8.jar
CVE-2021-22096 spring-web-5.0.13.RELEASE.jar
WS-2016-7107 spring-security-web-5.0.12.RELEASE.jar
CVE-2019-14888 undertow-core-1.4.27.Final.jar
CVE-2024-38819 spring-webflux-5.0.13.RELEASE.jar
WS-2017-3767 spring-security-web-5.0.12.RELEASE.jar
CVE-2019-3888 undertow-core-1.4.27.Final.jar
CVE-2020-10719 undertow-core-1.4.27.Final.jar
CVE-2020-14195 jackson-databind-2.9.8.jar
CVE-2023-5685 xnio-api-3.3.8.Final.jar
CVE-2021-22060 spring-core-5.0.13.RELEASE.jar
CVE-2024-5971 undertow-core-1.4.27.Final.jar
CVE-2021-22096 spring-core-5.0.13.RELEASE.jar
CVE-2020-10705 undertow-core-1.4.27.Final.jar
CVE-2023-1108 undertow-core-1.4.27.Final.jar
WS-2020-0408 netty-handler-4.1.34.Final.jar
CVE-2021-21290 netty-handler-4.1.34.Final.jar
CVE-2019-16943 jackson-databind-2.9.8.jar
CVE-2020-5408 spring-security-core-5.0.12.RELEASE.jar
CVE-2023-5379 undertow-core-1.4.27.Final.jar
CVE-2020-36181 jackson-databind-2.9.8.jar
CVE-2022-1259 undertow-core-1.4.27.Final.jar
CVE-2020-14060 jackson-databind-2.9.8.jar
CVE-2024-47535 netty-common-4.1.34.Final.jar
CVE-2021-21290 netty-codec-http-4.1.34.Final.jar
CVE-2023-3223 undertow-servlet-1.4.27.Final.jar
CVE-2023-20863 spring-expression-5.0.13.RELEASE.jar
CVE-2019-7614 elasticsearch-5.6.16.jar
CVE-2018-1048 undertow-core-1.4.27.Final.jar
CVE-2020-27782 undertow-core-1.4.27.Final.jar
CVE-2023-6378 logback-classic-1.2.3.jar
CVE-2020-5404 reactor-netty-0.7.15.RELEASE.jar
CVE-2021-42550 logback-classic-1.2.3.jar
CVE-2022-22950 spring-expression-5.0.13.RELEASE.jar
CVE-2020-35490 jackson-databind-2.9.8.jar
CVE-2021-20190 jackson-databind-2.9.8.jar
CVE-2021-42550 logback-core-1.2.3.jar
CVE-2020-9546 jackson-databind-2.9.8.jar
WS-2021-0419 com-google-gson-RELEASE113.jar
CVE-2020-36185 jackson-databind-2.9.8.jar
CVE-2022-25857 snakeyaml-1.19.jar
CVE-2019-17531 jackson-databind-2.9.8.jar
CVE-2020-36188 jackson-databind-2.9.8.jar
CVE-2020-11612 netty-codec-4.1.34.Final.jar
CVE-2020-1757 undertow-core-1.4.27.Final.jar
CVE-2019-16942 jackson-databind-2.9.8.jar
CVE-2018-14642 undertow-core-1.4.27.Final.jar
CVE-2022-1471 snakeyaml-1.19.jar
CVE-2021-3597 undertow-core-1.4.27.Final.jar
CVE-2021-20220 undertow-core-1.4.27.Final.jar
CVE-2023-4639 undertow-core-1.4.27.Final.jar
CVE-2021-22112 spring-security-web-5.0.12.RELEASE.jar
CVE-2020-5398 spring-web-5.0.13.RELEASE.jar
CVE-2023-3635 okio-1.13.0.jar
CVE-2020-36184 jackson-databind-2.9.8.jar
CVE-2019-17267 jackson-databind-2.9.8.jar
CVE-2020-36189 jackson-databind-2.9.8.jar
CVE-2016-1000027 spring-web-5.0.13.RELEASE.jar
CVE-2024-38808 spring-expression-5.0.13.RELEASE.jar
CVE-2024-22259 spring-web-5.0.13.RELEASE.jar
CVE-2021-37137 netty-codec-4.1.34.Final.jar
CVE-2024-22262 spring-web-5.0.13.RELEASE.jar
CVE-2021-22096 spring-webmvc-5.0.13.RELEASE.jar
CVE-2024-22243 spring-web-5.0.13.RELEASE.jar
CVE-2024-38816 spring-webmvc-5.0.13.RELEASE.jar
CVE-2020-7021 elasticsearch-5.6.16.jar
CVE-2020-11112 jackson-databind-2.9.8.jar
CVE-2020-7238 netty-codec-http-4.1.34.Final.jar
CVE-2021-3629 undertow-core-1.4.27.Final.jar
CVE-2020-11111 jackson-databind-2.9.8.jar
CVE-2022-25647 com-google-gson-RELEASE113.jar
CVE-2024-22257 spring-security-core-5.0.12.RELEASE.jar
CVE-2016-6311 undertow-core-1.4.27.Final.jar
CVE-2019-10202 jackson-databind-2.9.8.jar
CVE-2024-1635 undertow-core-1.4.27.Final.jar
CVE-2020-10672 jackson-databind-2.9.8.jar
CVE-2024-3653 undertow-servlet-1.4.27.Final.jar
CVE-2022-1319 undertow-core-1.4.27.Final.jar
CVE-2020-1745 undertow-core-1.4.27.Final.jar
CVE-2023-34462 netty-handler-4.1.34.Final.jar
WS-2021-0172 spring-web-5.0.13.RELEASE.jar
CVE-2022-24823 netty-common-4.1.34.Final.jar
CVE-2021-22096 spring-webflux-5.0.13.RELEASE.jar
CVE-2019-10184 undertow-servlet-1.4.27.Final.jar
CVE-2021-29425 org-apache-commons-io-RELEASE113.jar
CVE-2022-4492 undertow-core-1.4.27.Final.jar
CVE-2020-28491 jackson-dataformat-cbor-2.9.8.jar
CVE-2020-36186 jackson-databind-2.9.8.jar
CVE-2024-38827 spring-security-config-5.0.12.RELEASE.jar
CVE-2020-8840 jackson-databind-2.9.8.jar
CVE-2020-36187 jackson-databind-2.9.8.jar
CVE-2020-10673 jackson-databind-2.9.8.jar
CVE-2019-20330 jackson-databind-2.9.8.jar
CVE-2020-10969 jackson-databind-2.9.8.jar
CVE-2022-22970 spring-core-5.0.13.RELEASE.jar
CVE-2024-6162 undertow-core-1.4.27.Final.jar
CVE-2020-10968 jackson-databind-2.9.8.jar
CVE-2019-12384 jackson-databind-2.9.8.jar
CVE-2022-22970 spring-beans-5.0.13.RELEASE.jar
CVE-2021-3859 undertow-core-1.4.27.Final.jar
CVE-2020-35728 jackson-databind-2.9.8.jar
CVE-2024-38820 spring-context-5.0.13.RELEASE.jar
CVE-2022-22965 spring-beans-5.0.13.RELEASE.jar

Base branch total remaining vulnerabilities: 246
Base branch commit: null


Total libraries scanned: 269

Scan token: 87822976ff4046f4abc115626c069ecf

View more details on Mend Bolt for GitHub