Update logback.version to v1.5.12 #265
Security Report
18 new vulnerabilities were introduced in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2024-25710Path to dependency file: /modules/roadmap-commons/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar Dependency Hierarchy: -> ❌ commons-compress-1.23.0.jar (Vulnerable Library) |
High | 8.1 | commons-compress-1.23.0.jar | Upgrade to version: org.apache.commons:commons-compress:1.26.0 | #275 |
CVE-2024-6162Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar Dependency Hierarchy: -> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.3.0.Alpha1.jar | Upgrade to version: io.undertow:undertow-core:2.3.14.Final | None |
CVE-2024-5971Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar Dependency Hierarchy: -> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.3.0.Alpha1.jar | None | |
CVE-2024-1635Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar Dependency Hierarchy: -> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.3.0.Alpha1.jar | Upgrade to version: io.undertow:undertow-core:2.3.12.Final | None |
CVE-2023-5685Path to dependency file: /modules/roadmap-commons/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar Dependency Hierarchy: -> undertow-core-2.3.0.Alpha1.jar (Root Library) -> ❌ xnio-api-3.8.7.Final.jar (Vulnerable Library) |
High | 7.5 | xnio-api-3.8.7.Final.jar | #274 | |
CVE-2023-1108Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar Dependency Hierarchy: -> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.3.0.Alpha1.jar | Upgrade to version: org.teiid:vdb-base-builder - 1.6.0;io.syndesis.server:server-runtime - 1.3.5,1.13.1;io.syndesis.meta:meta - 1.13.1,1.3.5,1.13.1 | #227 |
CVE-2022-4492Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar Dependency Hierarchy: -> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.3.0.Alpha1.jar | Upgrade to version: io.undertow:undertow-core:2.2.24.Final,2.3.5.Final, io.undertow:undertow-examples:2.2.24.Final,2.3.5.Final, io.undertow:undertow-benchmarks:2.2.24.Final,2.3.5.Final | #226 |
CVE-2022-42004Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
High | 7.5 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 | #219 |
CVE-2022-42003Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
High | 7.5 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1 | #220 |
CVE-2022-1319Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar Dependency Hierarchy: -> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.3.0.Alpha1.jar | Upgrade to version: io.undertow:undertow-core:2.2.18.Final,2.3.0.Final | #231 |
CVE-2022-0084Path to dependency file: /modules/roadmap-commons/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar Dependency Hierarchy: -> undertow-core-2.3.0.Alpha1.jar (Root Library) -> ❌ xnio-api-3.8.7.Final.jar (Vulnerable Library) |
High | 7.5 | xnio-api-3.8.7.Final.jar | Upgrade to version: org.jboss.xnio:xnio-api:3.8.8.Final | #212 |
CVE-2021-46877Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
High | 7.5 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1 | None |
CVE-2020-36518Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
High | 7.5 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 | #200 |
WS-2021-0616Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
Medium | 5.9 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 | None |
WS-2021-0616Path to dependency file: /modules/roadmap-commons/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> jackson-databind-2.12.0.jar -> ❌ jackson-core-2.12.0.jar (Vulnerable Library) |
Medium | 5.9 | jackson-core-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 | None |
CVE-2024-26308Path to dependency file: /modules/roadmap-commons/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar Dependency Hierarchy: -> ❌ commons-compress-1.23.0.jar (Vulnerable Library) |
Medium | 5.5 | commons-compress-1.23.0.jar | Upgrade to version: org.apache.commons:commons-compress:1.26.0 | #272 |
CVE-2023-42503Path to dependency file: /modules/roadmap-commons/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar Dependency Hierarchy: -> ❌ commons-compress-1.23.0.jar (Vulnerable Library) |
Medium | 5.5 | commons-compress-1.23.0.jar | Upgrade to version: org.apache.commons:commons-compress:1.24.0 | #271 |
CVE-2023-2976Path to dependency file: /modules/roadmap-router-service/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar Dependency Hierarchy: -> ❌ guava-30.1.1-jre.jar (Vulnerable Library) |
Medium | 5.5 | guava-30.1.1-jre.jar | Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre | #273 |
Base branch total remaining vulnerabilities: 0
Base branch commit: 4aeb0ef98df9663437b823e7139ba8458da43cdb
Total libraries scanned: 52
Scan token: 8d4e3df6ef504a7fb6bc601ba036c26e