Update dependency org.moditect:moditect-maven-plugin to v1.2.2.Final #178
Security Report
1 new vulnerabilities were introduced in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2024-23672Path to dependency file: /modules/actuator/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.68/tomcat-embed-websocket-9.0.68.jar Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> spring-boot-starter-tomcat-2.7.5.jar -> ❌ tomcat-embed-websocket-9.0.68.jar (Vulnerable Library) |
High | 7.5 | tomcat-embed-websocket-9.0.68.jar | Upgrade to version: org.apache.tomcat:tomcat-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17 ,org.apache.tomcat.embed:tomcat-embed-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17 | None |
Base branch total remaining vulnerabilities: 68
Base branch commit: c7ec20e7636517fb8d076d86cdac3414ca4c5842
Total libraries scanned: 342
Scan token: 7287597dd7234e4fa35f14f602259650