chore(deps): update dependency commons-io:commons-io to v2.14.0 - autoclosed #38

Security Report

You have successfully remediated 2 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue	Reachability
CVE-2023-5379 Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.2.18.Final/undertow-core-2.2.18.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.7.1.jar (Root Library) -> ❌ undertow-core-2.2.18.Final.jar (Vulnerable Library)	High	7.5	undertow-core-2.2.18.Final.jar	Upgrade to version: io.undertow:undertow-core:2.2.31.Final,2.3.12.Final	#16	Reachable
CVE-2017-7957 Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar Dependency Hierarchy: -> ❌ xstream-1.4.5.jar (Vulnerable Library)	High	7.5	xstream-1.4.5.jar	Upgrade to version: 1.4.10	#10	Reachable
CVE-2016-3674 Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar Dependency Hierarchy: -> ❌ xstream-1.4.5.jar (Vulnerable Library)	High	7.5	xstream-1.4.5.jar	Upgrade to version: 1.4.9	#10	Unreachable
CVE-2024-6484 Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar Dependency Hierarchy: -> ❌ bootstrap-3.3.7.jar (Vulnerable Library)	Medium	6.4	bootstrap-3.3.7.jar	Upgrade to version: org.webjars.npm:bootstrap - 4.0.0-alpha.2;bootstrap.sass - 4.0.0-alpha;twbs/bootstrap - dev-dependabot/npm_and_yarn/rtlcss-3.1.1,dev-dependabot/npm_and_yarn/nodemon-3.1.3,dev-XhmikosR-patch-3,dev-dependabot/npm_and_yarn/rtlcss-3.4.0,dev-dependabot/npm_and_yarn/find-unused-sass-variables-3.1.0,dev-dependabot/npm_and_yarn/linkinator-2.4.0,dev-dependabot/npm_and_yarn/rollup-3.5.0,dev-dependabot/npm_and_yarn/nodemon-3.0.1,dev-dependabot/npm_and_yarn/rollup-3.2.5,dev-dependabot/npm_and_yarn/nodemon-3.0.2,dev-dependabot/npm_and_yarn/nodemon-3.0.3;bootstrap - 4.0.0;bootstrap - 3.3.6-jQuery3,4.0.0-alpha;org.webjars:bootstrap - 4.0.0-alpha	#21	Unreachable
CVE-2020-11023 Path to vulnerable library: /src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js Dependency Hierarchy: -> ❌ jquery-1.10.2.min.js (Vulnerable Library)	Medium	6.9	jquery-1.10.2.min.js	Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0	#22
CVE-2020-11023 Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js Dependency Hierarchy: -> ❌ jquery-2.1.4.min.js (Vulnerable Library)	Medium	6.9	jquery-2.1.4.min.js	Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0	#12

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2024-47554	commons-io-2.11.0.jar
CVE-2024-31033	jjwt-0.9.1.jar

Base branch total remaining vulnerabilities: 107
Base branch commit: cd254e2c7f680e97973905273e4e31c47e82b8ff

Total libraries scanned: 154

Scan token: e6bd3f5717a14d6a90a443ef3d0e4d29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency commons-io:commons-io to v2.14.0 - autoclosed #38

chore(deps): update dependency commons-io:commons-io to v2.14.0 - autoclosed #38

Security Report

Re-running checks...