Update .mend
Security Report
Partial results (51 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
| Vulnerability | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|---|
CVE-2022-22965Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.3.5.RELEASE/spring-boot-starter-web-2.3.5.RELEASE.jar Dependency Hierarchy: -> ❌ spring-boot-starter-web-2.3.5.RELEASE.jar (Vulnerable Library) |
 Critical |
9.8 | High | 94.4% | Direct spring-boot-starter-web-2.3.5.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 | #8 |
|
CVE-2022-22965Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.10.RELEASE/spring-beans-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> spring-context-5.2.10.RELEASE.jar -> spring-aop-5.2.10.RELEASE.jar -> ❌ spring-beans-5.2.10.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | High | 94.4% | Transitive spring-beans-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 |
#8 |
|
CVE-2022-22965Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.10.RELEASE/spring-webmvc-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> ❌ spring-webmvc-5.2.10.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | High | 94.4% | Transitive spring-webmvc-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 |
#8 |
|
CVE-2022-1471Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.26/snakeyaml-1.26.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
 High |
8.3 | Functional | 93.8% | Transitive snakeyaml-1.26.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.yaml:snakeyaml:2.0 |
#8 |
|
CVE-2024-22262Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.10.RELEASE/spring-web-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ spring-web-5.2.10.RELEASE.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 11.900001% | Transitive spring-web-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-web:5.3.34;6.0.19,6.1.6 |
#8 |
|
CVE-2024-22259Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.10.RELEASE/spring-web-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ spring-web-5.2.10.RELEASE.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 50.300003% | Transitive spring-web-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-web:5.3.33,6.0.18,6.1.5 |
#8 |
|
CVE-2024-22243Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.10.RELEASE/spring-web-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ spring-web-5.2.10.RELEASE.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 55.800003% | Transitive spring-web-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-web:5.3.32,6.0.17,6.1.4 |
#8 |
|
WS-2022-0468Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> jackson-databind-2.11.3.jar -> ❌ jackson-core-2.11.3.jar (Vulnerable Library) |
High |
7.5 | Not Defined | Transitive jackson-core-2.11.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive com.fasterxml.jackson.core:jackson-core:2.15.0 |
#8 |
|
|
CVE-2025-52999Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> jackson-databind-2.11.3.jar -> ❌ jackson-core-2.11.3.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.0% | Transitive jackson-core-2.11.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive https://github.com/FasterXML/jackson-core.git - jackson-core-2.15.0,com.fasterxml.jackson.core:jackson-core:2.15.0 |
#8 |
|
CVE-2025-41249Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.2.10.RELEASE/spring-core-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> ❌ spring-core-5.2.10.RELEASE.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.1% | Transitive spring-core-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive https://github.com/spring-projects/spring-framework.git - v6.2.11,org.springframework:spring-core:6.2.11 |
#8 |
|
CVE-2022-42004Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ jackson-databind-2.11.3.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.3% | Transitive jackson-databind-2.11.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive com.fasterxml.jackson.core:jackson-databind:2.13.4 |
#8 |
|
CVE-2022-42003Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ jackson-databind-2.11.3.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.3% | Transitive jackson-databind-2.11.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.2 |
#8 |
|
CVE-2022-25857Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.26/snakeyaml-1.26.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.4% | Transitive snakeyaml-1.26.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.yaml:snakeyaml:1.31 |
#8 |
|
CVE-2021-46877Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ jackson-databind-2.11.3.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.3% | Transitive jackson-databind-2.11.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1 |
#8 |
|
CVE-2020-36518Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ jackson-databind-2.11.3.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.5% | Transitive jackson-databind-2.11.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive com.fasterxml.jackson.core:jackson-databind:2.13.2.1,com.fasterxml.jackson.core:jackson-databind:2.12.6.1 |
#8 |
|
CVE-2025-22235Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.5.RELEASE/spring-boot-2.3.5.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> ❌ spring-boot-2.3.5.RELEASE.jar (Vulnerable Library) |
High |
7.3 | Functional | 0.1% | Transitive spring-boot-2.3.5.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive https://github.com/spring-projects/spring-boot.git - v3.4.5,https://github.com/spring-projects/spring-boot.git - v3.3.11,org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.5,org.springframework.boot:spring-boot-actuator-autoconfigure:3.3.11 |
#8 |
|
CVE-2024-12798Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-starter-logging-2.3.5.RELEASE.jar -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
High |
7.3 | Not Defined | 0.1% | Transitive logback-classic-1.2.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive ch.qos.logback:logback-core:1.3.15,1.5.13;ch.qos.logback:logback-classic:1.3.15,1.5.13 |
#8 |
|
CVE-2024-12798Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-starter-logging-2.3.5.RELEASE.jar -> logback-classic-1.2.3.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
High |
7.3 | Not Defined | 0.1% | Transitive logback-core-1.2.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive ch.qos.logback:logback-core:1.3.15,1.5.13;ch.qos.logback:logback-classic:1.3.15,1.5.13 |
#8 |
|
CVE-2023-6481Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-starter-logging-2.3.5.RELEASE.jar -> logback-classic-1.2.3.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
High |
7.1 | Not Defined | 0.2% | Transitive logback-core-1.2.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 |
#8 |
|
CVE-2023-6378Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-starter-logging-2.3.5.RELEASE.jar -> logback-classic-1.2.3.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
High |
7.1 | Not Defined | 0.6% | Transitive logback-core-1.2.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive ch.qos.logback:logback-classic:1.3.12,1.4.12 |
#8 |
|
CVE-2023-6378Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-starter-logging-2.3.5.RELEASE.jar -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
High |
7.1 | Not Defined | 0.6% | Transitive logback-classic-1.2.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive ch.qos.logback:logback-classic:1.3.12,1.4.12 |
#8 |
|
CVE-2021-42550Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-starter-logging-2.3.5.RELEASE.jar -> logback-classic-1.2.3.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
 Medium |
6.6 | Not Defined | 2.6000001% | Transitive logback-core-1.2.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 |
#8 |
|
CVE-2021-42550Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-starter-logging-2.3.5.RELEASE.jar -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
Medium |
6.6 | Not Defined | 2.6000001% | Transitive logback-classic-1.2.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 |
#8 |
|
CVE-2023-20863Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.10.RELEASE/spring-expression-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> spring-context-5.2.10.RELEASE.jar -> ❌ spring-expression-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.8% | Transitive spring-expression-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8 |
#8 |
|
CVE-2023-20861Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.10.RELEASE/spring-expression-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> spring-context-5.2.10.RELEASE.jar -> ❌ spring-expression-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.4% | Transitive spring-expression-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7 |
#8 |
|
CVE-2022-38752Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.26/snakeyaml-1.26.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.2% | Transitive snakeyaml-1.26.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.yaml:snakeyaml:1.32 |
#8 |
|
CVE-2022-38751Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.26/snakeyaml-1.26.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.2% | Transitive snakeyaml-1.26.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.yaml:snakeyaml:1.31 |
#8 |
|
CVE-2022-38750Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.26/snakeyaml-1.26.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.1% | Transitive snakeyaml-1.26.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.yaml:snakeyaml:1.31 |
#8 |
|
CVE-2022-38749Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.26/snakeyaml-1.26.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.5% | Transitive snakeyaml-1.26.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.yaml:snakeyaml:1.31 |
#8 |
|
CVE-2022-22950Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.10.RELEASE/spring-expression-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> spring-context-5.2.10.RELEASE.jar -> ❌ spring-expression-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
6.5 | Not Defined | 4.1% | Transitive spring-expression-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-expression:5.2.20,5.3.17 |
#8 |
|
WS-2021-0616Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ jackson-databind-2.11.3.jar (Vulnerable Library) |
Medium |
5.9 | Not Defined | Transitive jackson-databind-2.11.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 |
#8 |
|
|
WS-2021-0616Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> jackson-databind-2.11.3.jar -> ❌ jackson-core-2.11.3.jar (Vulnerable Library) |
Medium |
5.9 | Not Defined | Transitive jackson-core-2.11.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 |
#8 |
|
|
CVE-2025-41242Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.10.RELEASE/spring-beans-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> spring-context-5.2.10.RELEASE.jar -> spring-aop-5.2.10.RELEASE.jar -> ❌ spring-beans-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
5.9 | Not Defined | 0.1% | Transitive spring-beans-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive https://github.com/spring-projects/spring-framework.git - v6.2.10,org.springframework:spring-beans:6.2.10 |
#8 |
|
CVE-2022-41854Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.26/snakeyaml-1.26.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> ❌ snakeyaml-1.26.jar (Vulnerable Library) |
Medium |
5.8 | Not Defined | 0.1% | Transitive snakeyaml-1.26.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.yaml:snakeyaml:1.32 |
#8 |
|
CVE-2024-38828Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.10.RELEASE/spring-webmvc-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> ❌ spring-webmvc-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | Transitive spring-webmvc-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | #8 |
|
|
CVE-2024-38809Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.10.RELEASE/spring-web-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ spring-web-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | Transitive spring-web-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-web:5.3.38,6.0.23,6.1.12 |
#8 |
|
CVE-2022-22970Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.2.10.RELEASE/spring-core-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> ❌ spring-core-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.2% | Transitive spring-core-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20 |
#8 |
|
CVE-2022-22970Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.10.RELEASE/spring-beans-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> spring-context-5.2.10.RELEASE.jar -> spring-aop-5.2.10.RELEASE.jar -> ❌ spring-beans-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.2% | Transitive spring-beans-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20 |
#8 |
|
CVE-2022-22968Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/5.2.10.RELEASE/spring-context-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> ❌ spring-context-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 20.5% | Transitive spring-context-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-context:5.2.21,5.3.19 |
#8 |
|
CVE-2026-1225Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-starter-logging-2.3.5.RELEASE.jar -> logback-classic-1.2.3.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
Medium |
5.0 | Not Defined | 0.0% | Transitive logback-core-1.2.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive https://github.com/qos-ch/logback.git - v_1.5.25 |
#8 |
|
CVE-2024-12801Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-starter-logging-2.3.5.RELEASE.jar -> logback-classic-1.2.3.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
Medium |
4.6 | Not Defined | 0.0% | Transitive logback-core-1.2.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive ch.qos.logback:logback-core:1.3.15,1.5.13 |
#8 |
|
CVE-2024-38808Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.10.RELEASE/spring-expression-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> spring-context-5.2.10.RELEASE.jar -> ❌ spring-expression-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | Not Defined | 0.8% | Transitive spring-expression-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-expression:5.3.39 |
#8 |
|
CVE-2021-22096Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.10.RELEASE/spring-webmvc-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> ❌ spring-webmvc-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | Not Defined | 0.2% | Transitive spring-webmvc-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-core:5.2.18.RELEASE,5.3.12;org.springframework:spring-web:5.2.18.RELEASE,5.3.12;org.springframework:spring-webmvc:5.2.18.RELEASE,5.3.12;org.springframework:spring-webflux:5.2.18.RELEASE,5.3.12 |
#8 |
|
CVE-2021-22096Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.10.RELEASE/spring-web-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ spring-web-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | Not Defined | 0.2% | Transitive spring-web-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-core:5.2.18.RELEASE,5.3.12;org.springframework:spring-web:5.2.18.RELEASE,5.3.12;org.springframework:spring-webmvc:5.2.18.RELEASE,5.3.12;org.springframework:spring-webflux:5.2.18.RELEASE,5.3.12 |
#8 |
|
CVE-2021-22060Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.10.RELEASE/spring-web-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ spring-web-5.2.10.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | Not Defined | 0.2% | Transitive spring-web-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-core:5.2.19, 5.3.14;org.springframework:spring-web:5.2.19, 5.3.14 |
#8 |
|
CVE-2025-49128Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> jackson-databind-2.11.3.jar -> ❌ jackson-core-2.11.3.jar (Vulnerable Library) |
Medium |
4.0 | Not Defined | 0.0% | Transitive jackson-core-2.11.3.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive https://github.com/FasterXML/jackson-core.git - jackson-core-2.13.0-rc1 |
#8 |
|
CVE-2025-22233Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/5.2.10.RELEASE/spring-context-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> ❌ spring-context-5.2.10.RELEASE.jar (Vulnerable Library) |
 Low |
3.1 | Not Defined | 0.0% | Transitive spring-context-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive https://github.com/spring-projects/spring-framework.git - v6.1.20 ,org.springframework:spring-context:6.1.20,org.springframework:spring-context:6.2.7,https://github.com/spring-projects/spring-framework.git - v6.2.7 |
#8 |
|
CVE-2024-38820Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.10.RELEASE/spring-web-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ spring-web-5.2.10.RELEASE.jar (Vulnerable Library) |
Low |
3.1 | Not Defined | 1.5% | Transitive spring-web-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-context:6.1.14 |
#8 |
|
CVE-2024-38820Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/5.2.10.RELEASE/spring-context-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.5.RELEASE.jar -> spring-boot-2.3.5.RELEASE.jar -> ❌ spring-context-5.2.10.RELEASE.jar (Vulnerable Library) |
Low |
3.1 | Not Defined | 1.5% | Transitive spring-context-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-context:6.1.14 |
#8 |
|
CVE-2021-43466Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf-spring5/3.0.11.RELEASE/thymeleaf-spring5-3.0.11.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-thymeleaf-2.3.5.RELEASE.jar (Root Library) -> ❌ thymeleaf-spring5-3.0.11.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 4.6% | Transitive thymeleaf-spring5-3.0.11.RELEASE.jar |
spring-boot-starter-thymeleaf-2.3.5.RELEASE.jar | Transitive org.thymeleaf:thymeleaf-spring5:3.0.13.RELEASE |
#7 |
|
CVE-2016-1000027Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.10.RELEASE/spring-web-5.2.10.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.5.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.5.RELEASE.jar -> ❌ spring-web-5.2.10.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 50.700005% | Transitive spring-web-5.2.10.RELEASE.jar |
spring-boot-starter-web-2.3.5.RELEASE.jar | Transitive org.springframework:spring-web:6.0.0 |
#8 |
|
Total libraries scanned: 34
Scan token: d57dd0956c354e179a225a6003406bc8