Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update logback.version to v1.5.12 #265

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update logback.version to v1.5.12

74e6c90
Select commit
Loading
Failed to load commit list.
Open

Update logback.version to v1.5.12 #265

Update logback.version to v1.5.12
74e6c90
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Oct 25, 2024 in 2m 30s

Security Report

18 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-25710

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar

Dependency Hierarchy:

-> ❌ commons-compress-1.23.0.jar (Vulnerable Library)

High 8.1 commons-compress-1.23.0.jar Upgrade to version: org.apache.commons:commons-compress:1.26.0 #275
CVE-2024-6162

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.3.14.Final None
CVE-2024-5971

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar None
CVE-2024-1635

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.3.12.Final None
CVE-2023-5685

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar

Dependency Hierarchy:

-> undertow-core-2.3.0.Alpha1.jar (Root Library)

   -> ❌ xnio-api-3.8.7.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.8.7.Final.jar #274
CVE-2023-1108

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: org.teiid:vdb-base-builder - 1.6.0;io.syndesis.server:server-runtime - 1.3.5,1.13.1;io.syndesis.meta:meta - 1.13.1,1.3.5,1.13.1 #227
CVE-2022-4492

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.2.24.Final,2.3.5.Final, io.undertow:undertow-examples:2.2.24.Final,2.3.5.Final, io.undertow:undertow-benchmarks:2.2.24.Final,2.3.5.Final #226
CVE-2022-42004

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 #219
CVE-2022-42003

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1 #220
CVE-2022-1319

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.2.18.Final,2.3.0.Final #231
CVE-2022-0084

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar

Dependency Hierarchy:

-> undertow-core-2.3.0.Alpha1.jar (Root Library)

   -> ❌ xnio-api-3.8.7.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.8.7.Final.jar Upgrade to version: org.jboss.xnio:xnio-api:3.8.8.Final #212
CVE-2021-46877

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1 None
CVE-2020-36518

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 #200
WS-2021-0616

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

Medium 5.9 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 None
WS-2021-0616

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> jackson-databind-2.12.0.jar

     -> ❌ jackson-core-2.12.0.jar (Vulnerable Library)

Medium 5.9 jackson-core-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 None
CVE-2024-26308

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar

Dependency Hierarchy:

-> ❌ commons-compress-1.23.0.jar (Vulnerable Library)

Medium 5.5 commons-compress-1.23.0.jar Upgrade to version: org.apache.commons:commons-compress:1.26.0 #272
CVE-2023-42503

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar

Dependency Hierarchy:

-> ❌ commons-compress-1.23.0.jar (Vulnerable Library)

Medium 5.5 commons-compress-1.23.0.jar Upgrade to version: org.apache.commons:commons-compress:1.24.0 #271
CVE-2023-2976

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar

Dependency Hierarchy:

-> ❌ guava-30.1.1-jre.jar (Vulnerable Library)

Medium 5.5 guava-30.1.1-jre.jar Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre #273

Base branch total remaining vulnerabilities: 0
Base branch commit: 4aeb0ef98df9663437b823e7139ba8458da43cdb


Total libraries scanned: 52

Scan token: 8d4e3df6ef504a7fb6bc601ba036c26e