Security Report
The Security Check found 56 vulnerabilities.
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
Critical | 9.8 | postgresql-42.2.23.jar | Upgrade to version: org.postgresql:postgresql:42.3.3 | #319 | |
CVE-2023-34034Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-security-2.7.5.jar -> ❌ spring-security-config-5.7.4.jar (Vulnerable Library) |
Critical | 9.8 | spring-security-config-5.7.4.jar | Upgrade to version: org.springframework.security:spring-security-config:5.6.12,5.7.10,5.8.5,6.0.5,6.1.2 | #422 |
CVE-2023-20873Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> ❌ spring-boot-actuator-autoconfigure-2.7.5.jar (Vulnerable Library) |
Critical | 9.8 | spring-boot-actuator-autoconfigure-2.7.5.jar | Upgrade to version: org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.11,3.0.6 | #391 |
CVE-2022-46166Path to dependency file: /modules/all/pom.xml Path to vulnerable library: /modules/all/pom.xml Dependency Hierarchy: -> webdocs-admin-0.1.0-SNAPSHOT.jar (Root Library) -> spring-boot-admin-starter-server-2.7.7.jar -> ❌ spring-boot-admin-server-2.7.7.jar (Vulnerable Library) |
Critical | 9.8 | spring-boot-admin-server-2.7.7.jar | Upgrade to version: de.codecentric:spring-boot-admin-server:2.6.10,2.7.8 | #421 |
CVE-2022-31692Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-security-2.7.5.jar -> ❌ spring-security-web-5.7.4.jar (Vulnerable Library) |
Critical | 9.8 | spring-security-web-5.7.4.jar | Upgrade to version: org.springframework.security:spring-security-web:5.6.9,5.7.5 | #426 |
Critical | 9.8 | postgresql-42.2.23.jar | Upgrade to version: org.postgresql:postgresql:42.3.3 | #318 | |
Critical | 9.8 | postgresql-42.2.23.jar | Upgrade to version: org.postgresql:postgresql:42.2.25,42.3.2 | #317 | |
CVE-2022-1471Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> ❌ snakeyaml-1.30.jar (Vulnerable Library) |
Critical | 9.8 | snakeyaml-1.30.jar | Upgrade to version: org.yaml:snakeyaml:2.0 | #405 |
CVE-2016-1000027Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-security-2.7.5.jar -> spring-security-web-5.7.4.jar -> ❌ spring-web-5.3.23.jar (Vulnerable Library) |
Critical | 9.8 | spring-web-5.3.23.jar | Upgrade to version: org.springframework:spring-web:6.0.0 | #394 |
CVE-2020-11988Path to dependency file: /modules/all/pom.xml Path to vulnerable library: /modules/all/pom.xml Dependency Hierarchy: -> webdocs-document-generator-0.1.0-SNAPSHOT.jar (Root Library) -> docx4j-6.1.2.jar -> ❌ xmlgraphics-commons-2.3.jar (Vulnerable Library) |
High | 8.2 | xmlgraphics-commons-2.3.jar | Upgrade to version: org.apache.xmlgraphics:xmlgraphics-commons:commons-2_6 | #417 |
High | 8.0 | postgresql-42.2.23.jar | Upgrade to version: org.postgresql:postgresql:42.2.26,42.4.1 | #320 | |
CVE-2023-6481Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> spring-boot-starter-logging-2.7.5.jar -> logback-classic-1.4.1.jar -> ❌ logback-core-1.4.1.jar (Vulnerable Library) |
High | 7.5 | logback-core-1.4.1.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 | #416 |
CVE-2023-6378Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> spring-boot-starter-logging-2.7.5.jar -> ❌ logback-classic-1.4.1.jar (Vulnerable Library) |
High | 7.5 | logback-classic-1.4.1.jar | Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 | #412 |
CVE-2023-46589Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> spring-boot-starter-tomcat-2.7.5.jar -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library) |
High | 7.5 | tomcat-embed-core-9.0.68.jar | Upgrade to version: org.apache.tomcat:tomcat-coyote:8.5.96,9.0.83,10.1.16,11.0.0-M11, org.apache.tomcat.embed:tomcat-embed-core:8.5.96,9.0.83,10.1.16,11.0.0-M11, org.apache.tomcat:tomcat-catalina:8.5.96,9.0.83,10.1.16,11.0.0-M11 | #395 |
CVE-2023-44487Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> spring-boot-starter-tomcat-2.7.5.jar -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library) |
High | 7.5 | tomcat-embed-core-9.0.68.jar | Upgrade to version: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3, v1.57.1, v1.58.3 | #392 |
CVE-2023-44487Dependency Hierarchy: -> spring-boot-starter-webflux-2.7.5.jar (Root Library) -> spring-boot-starter-reactor-netty-2.7.5.jar -> reactor-netty-http-1.0.24.jar -> ❌ netty-codec-http2-4.1.84.Final.jar (Vulnerable Library) |
High | 7.5 | netty-codec-http2-4.1.84.Final.jar | Upgrade to version: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3, v1.57.1, v1.58.3 | #392 |
CVE-2023-38286Path to dependency file: /modules/all/pom.xml Path to vulnerable library: /modules/all/pom.xml Dependency Hierarchy: -> webdocs-admin-0.1.0-SNAPSHOT.jar (Root Library) -> spring-boot-admin-starter-server-2.7.7.jar -> spring-boot-admin-server-2.7.7.jar -> spring-boot-starter-thymeleaf-2.7.5.jar -> thymeleaf-spring5-3.0.15.RELEASE.jar -> ❌ thymeleaf-3.0.15.RELEASE.jar (Vulnerable Library) |
High | 7.5 | thymeleaf-3.0.15.RELEASE.jar | Upgrade to version: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE | #390 |
CVE-2023-38286Path to dependency file: /modules/all/pom.xml Path to vulnerable library: /modules/all/pom.xml Dependency Hierarchy: -> webdocs-admin-0.1.0-SNAPSHOT.jar (Root Library) -> spring-boot-admin-starter-server-2.7.7.jar -> ❌ spring-boot-admin-server-2.7.7.jar (Vulnerable Library) |
High | 7.5 | spring-boot-admin-server-2.7.7.jar | Upgrade to version: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE | #390 |
CVE-2023-3635Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-cloud-starter-kubernetes-1.1.10.RELEASE.jar -> spring-cloud-kubernetes-core-1.1.10.RELEASE.jar -> kubernetes-client-4.13.2.jar -> okhttp-4.9.3.jar -> ❌ okio-2.8.0.jar (Vulnerable Library) |
High | 7.5 | okio-2.8.0.jar | Upgrade to version: com.squareup.okio:okio-jvm:3.4.0 | #401 |
CVE-2023-34062Path to dependency file: /modules/discovery/pom.xml Path to vulnerable library: /modules/discovery/pom.xml,/modules/all/pom.xml,/modules/eureka/pom.xml Dependency Hierarchy: -> spring-boot-starter-webflux-2.7.5.jar (Root Library) -> spring-boot-starter-reactor-netty-2.7.5.jar -> ❌ reactor-netty-http-1.0.24.jar (Vulnerable Library) |
High | 7.5 | reactor-netty-http-1.0.24.jar | Upgrade to version: io.projectreactor.netty:reactor-netty-http:1.0.39,1.1.13 | #413 |
CVE-2023-34054Path to dependency file: /modules/discovery/pom.xml Path to vulnerable library: /modules/discovery/pom.xml,/modules/all/pom.xml,/modules/eureka/pom.xml Dependency Hierarchy: -> spring-boot-starter-webflux-2.7.5.jar (Root Library) -> spring-boot-starter-reactor-netty-2.7.5.jar -> ❌ reactor-netty-http-1.0.24.jar (Vulnerable Library) |
High | 7.5 | reactor-netty-http-1.0.24.jar | Upgrade to version: io.projectreactor.netty:reactor-netty:1.0.39,1.1.13, io.projectreactor.netty:reactor-netty-http:1.0.39,1.1.13 | #403 |
CVE-2023-24998Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> spring-boot-starter-tomcat-2.7.5.jar -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library) |
High | 7.5 | tomcat-embed-core-9.0.68.jar | Upgrade to version: commons-fileupload:commons-fileupload:1.5;org.apache.tomcat:tomcat-coyote:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat.embed:tomcat-embed-core:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-util:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-catalina:8.5.85,9.0.71,10.1.5,11.0.0-M3 | #399 |
CVE-2023-20883Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> ❌ spring-boot-autoconfigure-2.7.5.jar (Vulnerable Library) |
High | 7.5 | spring-boot-autoconfigure-2.7.5.jar | Upgrade to version: org.springframework.boot:spring-boot-autoconfigure:2.5.12,2.6.12,2.7.12,3.0.7 | #407 |
CVE-2023-20860Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> ❌ spring-webmvc-5.3.23.jar (Vulnerable Library) |
High | 7.5 | spring-webmvc-5.3.23.jar | Upgrade to version: org.springframework:spring-webmvc:5.3.26,6.0.7 | #430 |
CVE-2023-1436Dependency Hierarchy: -> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library) -> eureka-client-1.10.17.jar -> ❌ jettison-1.4.0.jar (Vulnerable Library) |
High | 7.5 | jettison-1.4.0.jar | Upgrade to version: org.codehaus.jettison:jettison:1.5.4 | #419 |
CVE-2022-45693Dependency Hierarchy: -> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library) -> eureka-client-1.10.17.jar -> ❌ jettison-1.4.0.jar (Vulnerable Library) |
High | 7.5 | jettison-1.4.0.jar | Upgrade to version: org.codehaus.jettison:jettison:1.5.2 | #402 |
CVE-2022-45685Dependency Hierarchy: -> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library) -> eureka-client-1.10.17.jar -> ❌ jettison-1.4.0.jar (Vulnerable Library) |
High | 7.5 | jettison-1.4.0.jar | Upgrade to version: org.codehaus.jettison:jettison:1.5.2 | #436 |
CVE-2022-45143Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> spring-boot-starter-tomcat-2.7.5.jar -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library) |
High | 7.5 | tomcat-embed-core-9.0.68.jar | Upgrade to version: org.apache.tomcat:tomcat-catalina:8.5.84,9.0.69,10.1.2, org.apache.tomcat.embed:tomcat-embed-core:8.5.84,9.0.69,10.1.2, org.apache.tomcat.experimental:tomcat-embed-programmatic:9.0.69,10.1.2 | #411 |
CVE-2022-41966Path to dependency file: /modules/eureka/pom.xml Path to vulnerable library: /modules/eureka/pom.xml,/modules/all/pom.xml,/modules/discovery/pom.xml Dependency Hierarchy: -> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library) -> eureka-client-1.10.17.jar -> ❌ xstream-1.4.18.jar (Vulnerable Library) |
High | 7.5 | xstream-1.4.18.jar | Upgrade to version: com.thoughtworks.xstream:xstream:1.4.20 | #393 |
CVE-2022-40152Path to dependency file: /modules/all/pom.xml Path to vulnerable library: /modules/all/pom.xml,/modules/eureka/pom.xml,/modules/discovery/pom.xml Dependency Hierarchy: -> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library) -> eureka-core-1.10.17.jar -> ❌ woodstox-core-6.2.1.jar (Vulnerable Library) |
High | 7.5 | woodstox-core-6.2.1.jar | Upgrade to version: com.fasterxml.woodstox:woodstox-core:5.4.0,6.4.0 | #437 |
CVE-2022-40151Path to dependency file: /modules/eureka/pom.xml Path to vulnerable library: /modules/eureka/pom.xml,/modules/all/pom.xml,/modules/discovery/pom.xml Dependency Hierarchy: -> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library) -> eureka-client-1.10.17.jar -> ❌ xstream-1.4.18.jar (Vulnerable Library) |
High | 7.5 | xstream-1.4.18.jar | Upgrade to version: com.thoughtworks.xstream:xstream:1.4.20 | #434 |
CVE-2022-40150Dependency Hierarchy: -> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library) -> eureka-client-1.10.17.jar -> ❌ jettison-1.4.0.jar (Vulnerable Library) |
High | 7.5 | jettison-1.4.0.jar | Upgrade to version: org.codehaus.jettison:jettison:1.5.1 | #435 |
CVE-2022-40149Dependency Hierarchy: -> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library) -> eureka-client-1.10.17.jar -> ❌ jettison-1.4.0.jar (Vulnerable Library) |
High | 7.5 | jettison-1.4.0.jar | Upgrade to version: org.codehaus.jettison:jettison:1.5.1 | #423 |
CVE-2022-34169Path to dependency file: /modules/all/pom.xml Path to vulnerable library: /modules/all/pom.xml Dependency Hierarchy: -> webdocs-document-generator-0.1.0-SNAPSHOT.jar (Root Library) -> docx4j-6.1.2.jar -> ❌ xalan-2.7.2.jar (Vulnerable Library) |
High | 7.5 | xalan-2.7.2.jar | #429 | |
CVE-2022-25857Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> ❌ snakeyaml-1.30.jar (Vulnerable Library) |
High | 7.5 | snakeyaml-1.30.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | #414 |
CVE-2021-43859Path to dependency file: /modules/eureka/pom.xml Path to vulnerable library: /modules/eureka/pom.xml,/modules/all/pom.xml,/modules/discovery/pom.xml Dependency Hierarchy: -> spring-cloud-netflix-eureka-server-2.2.7.RELEASE.jar (Root Library) -> eureka-client-1.10.17.jar -> ❌ xstream-1.4.18.jar (Vulnerable Library) |
High | 7.5 | xstream-1.4.18.jar | Upgrade to version: com.thoughtworks.xstream:xstream:1.4.19 | #410 |
CVE-2023-2976Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-cloud-starter-kubernetes-ribbon-1.1.10.RELEASE.jar -> spring-cloud-starter-netflix-ribbon-2.2.9.RELEASE.jar -> spring-cloud-starter-netflix-archaius-2.2.9.RELEASE.jar -> archaius-core-0.7.7.jar -> ❌ guava-30.1.1-jre.jar (Vulnerable Library) |
High | 7.1 | guava-30.1.1-jre.jar | Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre | #409 |
CVE-2023-34462Dependency Hierarchy: -> spring-boot-starter-webflux-2.7.5.jar (Root Library) -> spring-boot-starter-reactor-netty-2.7.5.jar -> reactor-netty-http-1.0.24.jar -> netty-codec-http-4.1.84.Final.jar -> ❌ netty-handler-4.1.84.Final.jar (Vulnerable Library) |
Medium | 6.5 | netty-handler-4.1.84.Final.jar | Upgrade to version: io.netty:netty-handler:4.1.94.Final;io.netty:netty-all:4.1.94.Final | #415 |
CVE-2023-34055Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> ❌ spring-boot-2.7.5.jar (Vulnerable Library) |
Medium | 6.5 | spring-boot-2.7.5.jar | Upgrade to version: org.springframework.boot:spring-boot:2.7.18,3.0.13,3.1.6 | #406 |
CVE-2023-20863Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> spring-boot-2.7.5.jar -> spring-context-5.3.23.jar -> ❌ spring-expression-5.3.23.jar (Vulnerable Library) |
Medium | 6.5 | spring-expression-5.3.23.jar | Upgrade to version: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8 | #432 |
CVE-2023-20861Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> spring-boot-2.7.5.jar -> spring-context-5.3.23.jar -> ❌ spring-expression-5.3.23.jar (Vulnerable Library) |
Medium | 6.5 | spring-expression-5.3.23.jar | Upgrade to version: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7 | #425 |
CVE-2022-41915Dependency Hierarchy: -> spring-boot-starter-webflux-2.7.5.jar (Root Library) -> spring-boot-starter-reactor-netty-2.7.5.jar -> reactor-netty-http-1.0.24.jar -> ❌ netty-codec-http-4.1.84.Final.jar (Vulnerable Library) |
Medium | 6.5 | netty-codec-http-4.1.84.Final.jar | Upgrade to version: io.netty:netty-codec-http:4.1.86.Final | #431 |
CVE-2022-41854Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> ❌ snakeyaml-1.30.jar (Vulnerable Library) |
Medium | 6.5 | snakeyaml-1.30.jar | Upgrade to version: org.yaml:snakeyaml:1.32 | #404 |
CVE-2022-38752Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> ❌ snakeyaml-1.30.jar (Vulnerable Library) |
Medium | 6.5 | snakeyaml-1.30.jar | Upgrade to version: org.yaml:snakeyaml:1.32 | #396 |
CVE-2022-38751Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> ❌ snakeyaml-1.30.jar (Vulnerable Library) |
Medium | 6.5 | snakeyaml-1.30.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | #397 |
CVE-2022-38749Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> ❌ snakeyaml-1.30.jar (Vulnerable Library) |
Medium | 6.5 | snakeyaml-1.30.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | #400 |
CVE-2023-20862Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-security-2.7.5.jar -> ❌ spring-security-web-5.7.4.jar (Vulnerable Library) |
Medium | 6.3 | spring-security-web-5.7.4.jar | Upgrade to version: org.springframework.security:spring-security-web:5.7.8,5.8.3,6.0.3 | #424 |
CVE-2023-41080Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> spring-boot-starter-tomcat-2.7.5.jar -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library) |
Medium | 6.1 | tomcat-embed-core-9.0.68.jar | Upgrade to version: org.apache.tomcat:tomcat-catalina:8.5.93,9.0.80,10.1.13,11.0.0-M11, org.apache.tomcat.embed:tomcat-embed-core:8.5.93,9.0.80,10.1.13,11.0.0-M11 | #418 |
Medium | 5.5 | postgresql-42.2.23.jar | Upgrade to version: org.postgresql:postgresql:42.2.27,42.3.8,42.4.3,42.5.1 | #332 | |
CVE-2022-41946Path to dependency file: /modules/all/pom.xml Path to vulnerable library: /modules/all/pom.xml Dependency Hierarchy: -> webdocs-admin-0.1.0-SNAPSHOT.jar (Root Library) -> ❌ postgresql-42.3.7.jar (Vulnerable Library) |
Medium | 5.5 | postgresql-42.3.7.jar | Upgrade to version: org.postgresql:postgresql:42.2.27,42.3.8,42.4.3,42.5.1 | #332 |
CVE-2022-38750Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-actuator-2.7.5.jar -> spring-boot-starter-2.7.5.jar -> ❌ snakeyaml-1.30.jar (Vulnerable Library) |
Medium | 5.5 | snakeyaml-1.30.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | #398 |
CVE-2023-45648Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> spring-boot-starter-tomcat-2.7.5.jar -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library) |
Medium | 5.3 | tomcat-embed-core-9.0.68.jar | Upgrade to version: org.apache.tomcat.embed:tomcat-embed-core - 11.0.0-M12,8.5.94,9.0.81;org.apache.tomcat:tomcat-coyote - 8.5.94,10.0.0-M1,10.1.14,11.0.0-M12 | #408 |
CVE-2023-42795Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> spring-boot-starter-tomcat-2.7.5.jar -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library) |
Medium | 5.3 | tomcat-embed-core-9.0.68.jar | Upgrade to version: org.apache.tomcat:tomcat-util - 8.5.94,10.1.14,11.0.0-M12,10.0.0-M1;org.apache.tomcat.embed:tomcat-embed-core - 11.0.0-M12,8.5.94,9.0.81;org.apache.tomcat:tomcat-coyote - 8.5.94,10.0.0-M1,11.0.0-M12,10.1.14;org.apache.tomcat:tomcat-catalina - 8.5.94,10.0.0-M1,10.1.14,11.0.0-M12 | #428 |
CVE-2023-33201Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-cloud-starter-kubernetes-config-1.1.10.RELEASE.jar -> spring-cloud-kubernetes-config-1.1.10.RELEASE.jar -> spring-security-rsa-1.0.11.RELEASE.jar -> bcpkix-jdk15on-1.69.jar -> ❌ bcprov-jdk15on-1.69.jar (Vulnerable Library) |
Medium | 5.3 | bcprov-jdk15on-1.69.jar | Upgrade to version: org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, org.bouncycastle:bcprov-jdk14:1.74 | #420 |
CVE-2021-29425Path to dependency file: /modules/all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar Dependency Hierarchy: -> webdocs-document-generator-0.1.0-SNAPSHOT.jar (Root Library) -> docx4j-6.1.2.jar -> ❌ commons-io-2.5.jar (Vulnerable Library) |
Medium | 4.8 | commons-io-2.5.jar | Upgrade to version: commons-io:commons-io:2.7 | #433 |
CVE-2023-28708Dependency Hierarchy: -> webdocs-actuator-0.1.0-SNAPSHOT.jar (Root Library) -> webdocs-commons-0.1.0-SNAPSHOT.jar -> spring-boot-starter-web-2.7.5.jar -> spring-boot-starter-tomcat-2.7.5.jar -> ❌ tomcat-embed-core-9.0.68.jar (Vulnerable Library) |
Medium | 4.3 | tomcat-embed-core-9.0.68.jar | Upgrade to version: org.apache.tomcat:tomcat-catalina:8.5.86,9.0.72,10.1.6;org.apache.tomcat.embed/tomcat-embed-core:8.5.86,9.0.72,10.1.6 | #427 |
Total libraries scanned: 342
Scan token: 7f1087e3e3704ef9b25e5972f49f71c2