Skip to content

Update dependency org.awaitility:awaitility to v4.2.0

Mend Bolt for GitHub / WhiteSource Security Check failed Dec 28, 2023 in 3m 39s

Security Report

The Security Check found 56 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
WS-2022-0080

Dependency Hierarchy:

-> ❌ postgresql-42.2.23.jar (Vulnerable Library)

Critical 9.8 postgresql-42.2.23.jar Upgrade to version: org.postgresql:postgresql:42.3.3 #319
CVE-2023-34034

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-security-2.7.5.jar

       -> ❌ spring-security-config-5.7.4.jar (Vulnerable Library)

Critical 9.8 spring-security-config-5.7.4.jar Upgrade to version: org.springframework.security:spring-security-config:5.6.12,5.7.10,5.8.5,6.0.5,6.1.2 #422
CVE-2023-20873

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> ❌ spring-boot-actuator-autoconfigure-2.7.5.jar (Vulnerable Library)

Critical 9.8 spring-boot-actuator-autoconfigure-2.7.5.jar Upgrade to version: org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.11,3.0.6 #391
CVE-2022-46166

Path to dependency file: /modules/all/pom.xml

Path to vulnerable library: /modules/all/pom.xml

Dependency Hierarchy:

-> webdocs-admin-0.1.0-SNAPSHOT.jar (Root Library)

   -> spring-boot-admin-starter-server-2.7.7.jar

     -> ❌ spring-boot-admin-server-2.7.7.jar (Vulnerable Library)

Critical 9.8 spring-boot-admin-server-2.7.7.jar Upgrade to version: de.codecentric:spring-boot-admin-server:2.6.10,2.7.8 #421
CVE-2022-31692

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-security-2.7.5.jar

       -> ❌ spring-security-web-5.7.4.jar (Vulnerable Library)

Critical 9.8 spring-security-web-5.7.4.jar Upgrade to version: org.springframework.security:spring-security-web:5.6.9,5.7.5 #426
CVE-2022-26520

Dependency Hierarchy:

-> ❌ postgresql-42.2.23.jar (Vulnerable Library)

Critical 9.8 postgresql-42.2.23.jar Upgrade to version: org.postgresql:postgresql:42.3.3 #318
CVE-2022-21724

Dependency Hierarchy:

-> ❌ postgresql-42.2.23.jar (Vulnerable Library)

Critical 9.8 postgresql-42.2.23.jar Upgrade to version: org.postgresql:postgresql:42.2.25,42.3.2 #317
CVE-2022-1471

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Critical 9.8 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:2.0 #405
CVE-2016-1000027

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-security-2.7.5.jar

       -> spring-security-web-5.7.4.jar

         -> ❌ spring-web-5.3.23.jar (Vulnerable Library)

Critical 9.8 spring-web-5.3.23.jar Upgrade to version: org.springframework:spring-web:6.0.0 #394
CVE-2020-11988

Path to dependency file: /modules/all/pom.xml

Path to vulnerable library: /modules/all/pom.xml

Dependency Hierarchy:

-> webdocs-document-generator-0.1.0-SNAPSHOT.jar (Root Library)

   -> docx4j-6.1.2.jar

     -> ❌ xmlgraphics-commons-2.3.jar (Vulnerable Library)

High 8.2 xmlgraphics-commons-2.3.jar Upgrade to version: org.apache.xmlgraphics:xmlgraphics-commons:commons-2_6 #417
CVE-2022-31197

Dependency Hierarchy:

-> ❌ postgresql-42.2.23.jar (Vulnerable Library)

High 8.0 postgresql-42.2.23.jar Upgrade to version: org.postgresql:postgresql:42.2.26,42.4.1 #320
CVE-2023-6481

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> spring-boot-starter-logging-2.7.5.jar

           -> logback-classic-1.4.1.jar

             -> ❌ logback-core-1.4.1.jar (Vulnerable Library)

High 7.5 logback-core-1.4.1.jar Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 #416
CVE-2023-6378

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> spring-boot-starter-logging-2.7.5.jar

           -> ❌ logback-classic-1.4.1.jar (Vulnerable Library)

High 7.5 logback-classic-1.4.1.jar Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 #412
CVE-2023-46589

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-web-2.7.5.jar

       -> spring-boot-starter-tomcat-2.7.5.jar

         -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library)

High 7.5 tomcat-embed-core-9.0.68.jar Upgrade to version: org.apache.tomcat:tomcat-coyote:8.5.96,9.0.83,10.1.16,11.0.0-M11, org.apache.tomcat.embed:tomcat-embed-core:8.5.96,9.0.83,10.1.16,11.0.0-M11, org.apache.tomcat:tomcat-catalina:8.5.96,9.0.83,10.1.16,11.0.0-M11 #395
CVE-2023-44487

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-web-2.7.5.jar

       -> spring-boot-starter-tomcat-2.7.5.jar

         -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library)

High 7.5 tomcat-embed-core-9.0.68.jar Upgrade to version: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3, v1.57.1, v1.58.3 #392
CVE-2023-44487

Dependency Hierarchy:

-> spring-boot-starter-webflux-2.7.5.jar (Root Library)

   -> spring-boot-starter-reactor-netty-2.7.5.jar

     -> reactor-netty-http-1.0.24.jar

       -> ❌ netty-codec-http2-4.1.84.Final.jar (Vulnerable Library)

High 7.5 netty-codec-http2-4.1.84.Final.jar Upgrade to version: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3, v1.57.1, v1.58.3 #392
CVE-2023-38286

Path to dependency file: /modules/all/pom.xml

Path to vulnerable library: /modules/all/pom.xml

Dependency Hierarchy:

-> webdocs-admin-0.1.0-SNAPSHOT.jar (Root Library)

   -> spring-boot-admin-starter-server-2.7.7.jar

     -> spring-boot-admin-server-2.7.7.jar

       -> spring-boot-starter-thymeleaf-2.7.5.jar

         -> thymeleaf-spring5-3.0.15.RELEASE.jar

           -> ❌ thymeleaf-3.0.15.RELEASE.jar (Vulnerable Library)

High 7.5 thymeleaf-3.0.15.RELEASE.jar Upgrade to version: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE #390
CVE-2023-38286

Path to dependency file: /modules/all/pom.xml

Path to vulnerable library: /modules/all/pom.xml

Dependency Hierarchy:

-> webdocs-admin-0.1.0-SNAPSHOT.jar (Root Library)

   -> spring-boot-admin-starter-server-2.7.7.jar

     -> ❌ spring-boot-admin-server-2.7.7.jar (Vulnerable Library)

High 7.5 spring-boot-admin-server-2.7.7.jar Upgrade to version: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE #390
CVE-2023-3635

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-cloud-starter-kubernetes-1.1.10.RELEASE.jar

       -> spring-cloud-kubernetes-core-1.1.10.RELEASE.jar

         -> kubernetes-client-4.13.2.jar

           -> okhttp-4.9.3.jar

             -> ❌ okio-2.8.0.jar (Vulnerable Library)

High 7.5 okio-2.8.0.jar Upgrade to version: com.squareup.okio:okio-jvm:3.4.0 #401
CVE-2023-34062

Path to dependency file: /modules/discovery/pom.xml

Path to vulnerable library: /modules/discovery/pom.xml,/modules/all/pom.xml,/modules/eureka/pom.xml

Dependency Hierarchy:

-> spring-boot-starter-webflux-2.7.5.jar (Root Library)

   -> spring-boot-starter-reactor-netty-2.7.5.jar

     -> ❌ reactor-netty-http-1.0.24.jar (Vulnerable Library)

High 7.5 reactor-netty-http-1.0.24.jar Upgrade to version: io.projectreactor.netty:reactor-netty-http:1.0.39,1.1.13 #413
CVE-2023-34054

Path to dependency file: /modules/discovery/pom.xml

Path to vulnerable library: /modules/discovery/pom.xml,/modules/all/pom.xml,/modules/eureka/pom.xml

Dependency Hierarchy:

-> spring-boot-starter-webflux-2.7.5.jar (Root Library)

   -> spring-boot-starter-reactor-netty-2.7.5.jar

     -> ❌ reactor-netty-http-1.0.24.jar (Vulnerable Library)

High 7.5 reactor-netty-http-1.0.24.jar Upgrade to version: io.projectreactor.netty:reactor-netty:1.0.39,1.1.13, io.projectreactor.netty:reactor-netty-http:1.0.39,1.1.13 #403
CVE-2023-24998

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-web-2.7.5.jar

       -> spring-boot-starter-tomcat-2.7.5.jar

         -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library)

High 7.5 tomcat-embed-core-9.0.68.jar Upgrade to version: commons-fileupload:commons-fileupload:1.5;org.apache.tomcat:tomcat-coyote:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat.embed:tomcat-embed-core:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-util:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-catalina:8.5.85,9.0.71,10.1.5,11.0.0-M3 #399
CVE-2023-20883

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> ❌ spring-boot-autoconfigure-2.7.5.jar (Vulnerable Library)

High 7.5 spring-boot-autoconfigure-2.7.5.jar Upgrade to version: org.springframework.boot:spring-boot-autoconfigure:2.5.12,2.6.12,2.7.12,3.0.7 #407
CVE-2023-20860

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-web-2.7.5.jar

       -> ❌ spring-webmvc-5.3.23.jar (Vulnerable Library)

High 7.5 spring-webmvc-5.3.23.jar Upgrade to version: org.springframework:spring-webmvc:5.3.26,6.0.7 #430
CVE-2023-1436

Dependency Hierarchy:

-> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library)

   -> eureka-client-1.10.17.jar

     -> ❌ jettison-1.4.0.jar (Vulnerable Library)

High 7.5 jettison-1.4.0.jar Upgrade to version: org.codehaus.jettison:jettison:1.5.4 #419
CVE-2022-45693

Dependency Hierarchy:

-> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library)

   -> eureka-client-1.10.17.jar

     -> ❌ jettison-1.4.0.jar (Vulnerable Library)

High 7.5 jettison-1.4.0.jar Upgrade to version: org.codehaus.jettison:jettison:1.5.2 #402
CVE-2022-45685

Dependency Hierarchy:

-> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library)

   -> eureka-client-1.10.17.jar

     -> ❌ jettison-1.4.0.jar (Vulnerable Library)

High 7.5 jettison-1.4.0.jar Upgrade to version: org.codehaus.jettison:jettison:1.5.2 #436
CVE-2022-45143

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-web-2.7.5.jar

       -> spring-boot-starter-tomcat-2.7.5.jar

         -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library)

High 7.5 tomcat-embed-core-9.0.68.jar Upgrade to version: org.apache.tomcat:tomcat-catalina:8.5.84,9.0.69,10.1.2, org.apache.tomcat.embed:tomcat-embed-core:8.5.84,9.0.69,10.1.2, org.apache.tomcat.experimental:tomcat-embed-programmatic:9.0.69,10.1.2 #411
CVE-2022-41966

Path to dependency file: /modules/eureka/pom.xml

Path to vulnerable library: /modules/eureka/pom.xml,/modules/all/pom.xml,/modules/discovery/pom.xml

Dependency Hierarchy:

-> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library)

   -> eureka-client-1.10.17.jar

     -> ❌ xstream-1.4.18.jar (Vulnerable Library)

High 7.5 xstream-1.4.18.jar Upgrade to version: com.thoughtworks.xstream:xstream:1.4.20 #393
CVE-2022-40152

Path to dependency file: /modules/all/pom.xml

Path to vulnerable library: /modules/all/pom.xml,/modules/eureka/pom.xml,/modules/discovery/pom.xml

Dependency Hierarchy:

-> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library)

   -> eureka-core-1.10.17.jar

     -> ❌ woodstox-core-6.2.1.jar (Vulnerable Library)

High 7.5 woodstox-core-6.2.1.jar Upgrade to version: com.fasterxml.woodstox:woodstox-core:5.4.0,6.4.0 #437
CVE-2022-40151

Path to dependency file: /modules/eureka/pom.xml

Path to vulnerable library: /modules/eureka/pom.xml,/modules/all/pom.xml,/modules/discovery/pom.xml

Dependency Hierarchy:

-> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library)

   -> eureka-client-1.10.17.jar

     -> ❌ xstream-1.4.18.jar (Vulnerable Library)

High 7.5 xstream-1.4.18.jar Upgrade to version: com.thoughtworks.xstream:xstream:1.4.20 #434
CVE-2022-40150

Dependency Hierarchy:

-> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library)

   -> eureka-client-1.10.17.jar

     -> ❌ jettison-1.4.0.jar (Vulnerable Library)

High 7.5 jettison-1.4.0.jar Upgrade to version: org.codehaus.jettison:jettison:1.5.1 #435
CVE-2022-40149

Dependency Hierarchy:

-> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library)

   -> eureka-client-1.10.17.jar

     -> ❌ jettison-1.4.0.jar (Vulnerable Library)

High 7.5 jettison-1.4.0.jar Upgrade to version: org.codehaus.jettison:jettison:1.5.1 #423
CVE-2022-34169

Path to dependency file: /modules/all/pom.xml

Path to vulnerable library: /modules/all/pom.xml

Dependency Hierarchy:

-> webdocs-document-generator-0.1.0-SNAPSHOT.jar (Root Library)

   -> docx4j-6.1.2.jar

     -> ❌ xalan-2.7.2.jar (Vulnerable Library)

High 7.5 xalan-2.7.2.jar #429
CVE-2022-25857

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

High 7.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.31 #414
CVE-2021-43859

Path to dependency file: /modules/eureka/pom.xml

Path to vulnerable library: /modules/eureka/pom.xml,/modules/all/pom.xml,/modules/discovery/pom.xml

Dependency Hierarchy:

-> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library)

   -> eureka-client-1.10.17.jar

     -> ❌ xstream-1.4.18.jar (Vulnerable Library)

High 7.5 xstream-1.4.18.jar Upgrade to version: com.thoughtworks.xstream:xstream:1.4.19 #410
CVE-2023-2976

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-cloud-starter-kubernetes-ribbon-1.1.10.RELEASE.jar

       -> spring-cloud-starter-netflix-ribbon-2.2.9.RELEASE.jar

         -> spring-cloud-starter-netflix-archaius-2.2.9.RELEASE.jar

           -> archaius-core-0.7.7.jar

             -> ❌ guava-30.1.1-jre.jar (Vulnerable Library)

High 7.1 guava-30.1.1-jre.jar Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre #409
CVE-2023-34462

Dependency Hierarchy:

-> spring-boot-starter-webflux-2.7.5.jar (Root Library)

   -> spring-boot-starter-reactor-netty-2.7.5.jar

     -> reactor-netty-http-1.0.24.jar

       -> netty-codec-http-4.1.84.Final.jar

         -> ❌ netty-handler-4.1.84.Final.jar (Vulnerable Library)

Medium 6.5 netty-handler-4.1.84.Final.jar Upgrade to version: io.netty:netty-handler:4.1.94.Final;io.netty:netty-all:4.1.94.Final #415
CVE-2023-34055

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> ❌ spring-boot-2.7.5.jar (Vulnerable Library)

Medium 6.5 spring-boot-2.7.5.jar Upgrade to version: org.springframework.boot:spring-boot:2.7.18,3.0.13,3.1.6 #406
CVE-2023-20863

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> spring-boot-2.7.5.jar

           -> spring-context-5.3.23.jar

             -> ❌ spring-expression-5.3.23.jar (Vulnerable Library)

Medium 6.5 spring-expression-5.3.23.jar Upgrade to version: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8 #432
CVE-2023-20861

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> spring-boot-2.7.5.jar

           -> spring-context-5.3.23.jar

             -> ❌ spring-expression-5.3.23.jar (Vulnerable Library)

Medium 6.5 spring-expression-5.3.23.jar Upgrade to version: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7 #425
CVE-2022-41915

Dependency Hierarchy:

-> spring-boot-starter-webflux-2.7.5.jar (Root Library)

   -> spring-boot-starter-reactor-netty-2.7.5.jar

     -> reactor-netty-http-1.0.24.jar

       -> ❌ netty-codec-http-4.1.84.Final.jar (Vulnerable Library)

Medium 6.5 netty-codec-http-4.1.84.Final.jar Upgrade to version: io.netty:netty-codec-http:4.1.86.Final #431
CVE-2022-41854

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.32 #404
CVE-2022-38752

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.32 #396
CVE-2022-38751

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.31 #397
CVE-2022-38749

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.31 #400
CVE-2023-20862

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-security-2.7.5.jar

       -> ❌ spring-security-web-5.7.4.jar (Vulnerable Library)

Medium 6.3 spring-security-web-5.7.4.jar Upgrade to version: org.springframework.security:spring-security-web:5.7.8,5.8.3,6.0.3 #424
CVE-2023-41080

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-web-2.7.5.jar

       -> spring-boot-starter-tomcat-2.7.5.jar

         -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library)

Medium 6.1 tomcat-embed-core-9.0.68.jar Upgrade to version: org.apache.tomcat:tomcat-catalina:8.5.93,9.0.80,10.1.13,11.0.0-M11, org.apache.tomcat.embed:tomcat-embed-core:8.5.93,9.0.80,10.1.13,11.0.0-M11 #418
CVE-2022-41946

Dependency Hierarchy:

-> ❌ postgresql-42.2.23.jar (Vulnerable Library)

Medium 5.5 postgresql-42.2.23.jar Upgrade to version: org.postgresql:postgresql:42.2.27,42.3.8,42.4.3,42.5.1 #332
CVE-2022-41946

Path to dependency file: /modules/all/pom.xml

Path to vulnerable library: /modules/all/pom.xml

Dependency Hierarchy:

-> webdocs-admin-0.1.0-SNAPSHOT.jar (Root Library)

   -> ❌ postgresql-42.3.7.jar (Vulnerable Library)

Medium 5.5 postgresql-42.3.7.jar Upgrade to version: org.postgresql:postgresql:42.2.27,42.3.8,42.4.3,42.5.1 #332
CVE-2022-38750

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-actuator-2.7.5.jar

       -> spring-boot-starter-2.7.5.jar

         -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 5.5 snakeyaml-1.30.jar Upgrade to version: org.yaml:snakeyaml:1.31 #398
CVE-2023-45648

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-web-2.7.5.jar

       -> spring-boot-starter-tomcat-2.7.5.jar

         -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library)

Medium 5.3 tomcat-embed-core-9.0.68.jar Upgrade to version: org.apache.tomcat.embed:tomcat-embed-core - 11.0.0-M12,8.5.94,9.0.81;org.apache.tomcat:tomcat-coyote - 8.5.94,10.0.0-M1,10.1.14,11.0.0-M12 #408
CVE-2023-42795

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-web-2.7.5.jar

       -> spring-boot-starter-tomcat-2.7.5.jar

         -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library)

Medium 5.3 tomcat-embed-core-9.0.68.jar Upgrade to version: org.apache.tomcat:tomcat-util - 8.5.94,10.1.14,11.0.0-M12,10.0.0-M1;org.apache.tomcat.embed:tomcat-embed-core - 11.0.0-M12,8.5.94,9.0.81;org.apache.tomcat:tomcat-coyote - 8.5.94,10.0.0-M1,11.0.0-M12,10.1.14;org.apache.tomcat:tomcat-catalina - 8.5.94,10.0.0-M1,10.1.14,11.0.0-M12 #428
CVE-2023-33201

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-cloud-starter-kubernetes-config-1.1.10.RELEASE.jar

       -> spring-cloud-kubernetes-config-1.1.10.RELEASE.jar

         -> spring-security-rsa-1.0.11.RELEASE.jar

           -> bcpkix-jdk15on-1.69.jar

             -> ❌ bcprov-jdk15on-1.69.jar (Vulnerable Library)

Medium 5.3 bcprov-jdk15on-1.69.jar Upgrade to version: org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, org.bouncycastle:bcprov-jdk14:1.74 #420
CVE-2021-29425

Path to dependency file: /modules/all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar

Dependency Hierarchy:

-> webdocs-document-generator-0.1.0-SNAPSHOT.jar (Root Library)

   -> docx4j-6.1.2.jar

     -> ❌ commons-io-2.5.jar (Vulnerable Library)

Medium 4.8 commons-io-2.5.jar Upgrade to version: commons-io:commons-io:2.7 #433
CVE-2023-28708

Dependency Hierarchy:

-> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library)

   -> webdocs-commons-0.1.0-SNAPSHOT.jar

     -> spring-boot-starter-web-2.7.5.jar

       -> spring-boot-starter-tomcat-2.7.5.jar

         -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library)

Medium 4.3 tomcat-embed-core-9.0.68.jar Upgrade to version: org.apache.tomcat:tomcat-catalina:8.5.86,9.0.72,10.1.6;org.apache.tomcat.embed/tomcat-embed-core:8.5.86,9.0.72,10.1.6 #427

Total libraries scanned: 342
Scan token: 7f1087e3e3704ef9b25e5972f49f71c2
View more details on Mend Bolt for GitHub