Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade org.webjars:bootstrap from 3.3.7 to 5.3.3 #34

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

fix: pom.xml to reduce vulnerabilities

6d76299
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade org.webjars:bootstrap from 3.3.7 to 5.3.3 #34

fix: pom.xml to reduce vulnerabilities
6d76299
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Jul 13, 2024 in 2m 30s

Security Report

You have successfully remediated 7 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2017-7957

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

-> ❌ xstream-1.4.5.jar (Vulnerable Library)

High 7.5 xstream-1.4.5.jar Upgrade to version: 1.4.10 #10

Reachable
CVE-2016-3674

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

-> ❌ xstream-1.4.5.jar (Vulnerable Library)

High 7.5 xstream-1.4.5.jar Upgrade to version: 1.4.9 #10

Unreachable
CVE-2020-11023

Path to vulnerable library: /src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js

Dependency Hierarchy:

-> ❌ jquery-1.10.2.min.js (Vulnerable Library)

Medium 6.1 jquery-1.10.2.min.js Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 #22
CVE-2020-11023

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js

Dependency Hierarchy:

-> ❌ jquery-2.1.4.min.js (Vulnerable Library)

Medium 6.1 jquery-2.1.4.min.js Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 #12
CVE-2018-20676

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.1.1.min.js (Vulnerable Library)

Medium 6.1 bootstrap-3.1.1.min.js Upgrade to version: bootstrap - 3.4.0 #15
CVE-2016-10735

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.1.1.min.js (Vulnerable Library)

Medium 6.1 bootstrap-3.1.1.min.js Upgrade to version: bootstrap - 3.4.0, 4.0.0-beta.2 #15

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2018-14040 bootstrap-3.3.7.jar
CVE-2018-14042 bootstrap-3.3.7.jar
CVE-2018-20677 bootstrap-3.3.7.jar
CVE-2018-20676 bootstrap-3.3.7.jar
CVE-2024-31033 jjwt-0.9.1.jar
CVE-2019-8331 bootstrap-3.3.7.jar
CVE-2016-10735 bootstrap-3.3.7.jar

Base branch total remaining vulnerabilities: 100
Base branch commit: cd254e2c7f680e97973905273e4e31c47e82b8ff


Total libraries scanned: 154

Scan token: 367b1d5b8da04abd815ffa1e6be2fbf8

View more details on Mend for GitHub.com