chore(deps): update dependency com.fasterxml.jackson.core:jackson-databind to v2.12.7.1 #278
Mend for GitHub.com / WhiteSource Security Check
failed
Jun 16, 2024 in 6m 44s
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2021-3918Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/json-schema/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> jest-environment-jsdom-fourteen-1.0.1.tgz -> jsdom-14.1.0.tgz -> request-2.88.2.tgz -> http-signature-1.2.0.tgz -> jsprim-1.4.1.tgz -> ❌ json-schema-0.2.3.tgz (Vulnerable Library) |
 Critical |
9.8 | json-schema-0.2.3.tgz | Upgrade to version: json-schema - 0.4.0 | #163 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2022-38751 | snakeyaml-1.13.jar |
| CVE-2023-3635 | okio-1.15.0.jar |
| CVE-2022-38749 | snakeyaml-1.23.jar |
| CVE-2022-45047 | sshd-core-1.6.0.jar |
| CVE-2023-34478 | shiro-core-1.5.1.jar |
| CVE-2022-41854 | snakeyaml-1.24.jar |
| WS-2021-0616 | jackson-databind-2.10.2.jar |
| CVE-2023-6481 | logback-core-1.2.3.jar |
| CVE-2020-26238 | cron-utils-9.0.2.jar |
| CVE-2023-33202 | bcprov-jdk15on-1.64.jar |
| CVE-2022-32532 | shiro-core-1.5.1.jar |
| CVE-2020-36518 | jackson-databind-2.10.2.jar |
| CVE-2023-1932 | hibernate-validator-6.1.5.Final.jar |
| CVE-2022-38750 | snakeyaml-1.23.jar |
| CVE-2020-27218 | jetty-server-9.4.26.v20200117.jar |
| CVE-2021-44878 | pac4j-oidc-4.0.0-RC3.jar |
| CVE-2023-2976 | guava-25.1-jre.jar |
| CVE-2022-41854 | snakeyaml-1.13.jar |
| CVE-2023-1370 | json-smart-2.3.jar |
| CVE-2021-41269 | cron-utils-9.0.2.jar |
| CVE-2022-25647 | gson-2.8.6.jar |
| CVE-2023-26049 | jetty-server-9.4.26.v20200117.jar |
| CVE-2017-18640 | snakeyaml-1.23.jar |
| CVE-2023-4759 | org.eclipse.jgit-5.2.0.201812061821-r.jar |
| CVE-2017-7561 | resteasy-jaxrs-3.1.4.Final.jar |
| CVE-2021-27568 | json-smart-2.3.jar |
| WS-2023-0236 | jetty-xml-9.4.26.v20200117.jar |
| CVE-2023-52428 | nimbus-jose-jwt-8.8.jar |
| CVE-2021-28165 | jetty-io-9.4.26.v20200117.jar |
| CVE-2023-48795 | sshd-core-1.6.0.jar |
| CVE-2023-36479 | jetty-servlets-9.4.26.v20200117.jar |
| CVE-2022-25857 | snakeyaml-1.13.jar |
| CVE-2020-11989 | shiro-web-1.5.1.jar |
| CVE-2020-1695 | resteasy-jaxrs-3.1.4.Final.jar |
| CVE-2017-18640 | snakeyaml-1.13.jar |
| CVE-2023-25194 | kafka-clients-2.4.0.jar |
| WS-2021-0419 | gson-2.8.6.jar |
| CVE-2022-38751 | snakeyaml-1.24.jar |
| CVE-2022-38749 | snakeyaml-1.24.jar |
| CVE-2022-2047 | jetty-http-9.4.26.v20200117.jar |
| CVE-2020-15522 | bcprov-jdk15on-1.64.jar |
| CVE-2022-38750 | snakeyaml-1.24.jar |
| CVE-2022-31197 | postgresql-42.2.9.jar |
| CVE-2023-36478 | jetty-http-9.4.26.v20200117.jar |
| WS-2019-0379 | commons-codec-1.11.jar |
| CVE-2020-27223 | jetty-http-9.4.26.v20200117.jar |
| CVE-2020-17510 | shiro-web-1.5.1.jar |
| CVE-2020-13933 | shiro-core-1.5.1.jar |
| CVE-2023-34455 | snappy-java-1.1.7.3.jar |
| CVE-2022-41946 | postgresql-42.2.9.jar |
| CVE-2022-2047 | jetty-client-9.4.26.v20200117.jar |
| CVE-2017-18640 | snakeyaml-1.24.jar |
| CVE-2021-29425 | commons-io-2.6.jar |
| CVE-2020-15250 | junit-4.13.jar |
| CVE-2024-29857 | bcprov-jdk15on-1.64.jar |
| CVE-2020-25633 | resteasy-client-3.1.4.Final.jar |
| CVE-2021-36090 | commons-compress-1.20.jar |
| CVE-2020-15522 | bcprov-ext-jdk15on-1.64.jar |
| CVE-2023-46750 | shiro-web-1.5.1.jar |
| CVE-2022-38749 | snakeyaml-1.13.jar |
| CVE-2022-40664 | shiro-web-1.5.1.jar |
| CVE-2022-42004 | jackson-databind-2.10.2.jar |
| CVE-2023-33201 | bcprov-jdk15on-1.64.jar |
| CVE-2023-46749 | shiro-web-1.5.1.jar |
| CVE-2024-30172 | bcprov-jdk15on-1.64.jar |
| CVE-2023-6378 | logback-classic-1.2.3.jar |
| CVE-2021-41303 | shiro-core-1.5.1.jar |
| CVE-2021-42550 | logback-classic-1.2.3.jar |
| CVE-2023-34453 | snappy-java-1.1.7.3.jar |
| CVE-2021-42550 | logback-core-1.2.3.jar |
| CVE-2022-21724 | postgresql-42.2.9.jar |
| CVE-2022-38752 | snakeyaml-1.24.jar |
| CVE-2022-25857 | snakeyaml-1.24.jar |
| CVE-2022-0839 | liquibase-core-3.5.1.jar |
| CVE-2022-1471 | snakeyaml-1.23.jar |
| CVE-2022-38751 | snakeyaml-1.23.jar |
| CVE-2022-38752 | snakeyaml-1.13.jar |
| CVE-2022-38750 | snakeyaml-1.13.jar |
| CVE-2022-41854 | snakeyaml-1.23.jar |
| CVE-2020-13956 | httpclient-4.5.11.jar |
| CVE-2020-1957 | shiro-web-1.5.1.jar |
| CVE-2022-26520 | postgresql-42.2.9.jar |
| CVE-2024-25710 | commons-compress-1.20.jar |
| CVE-2021-28169 | jetty-http-9.4.26.v20200117.jar |
| CVE-2021-28170 | javax.el-3.0.1-b11.jar |
| CVE-2022-2047 | jetty-server-9.4.26.v20200117.jar |
| CVE-2023-43642 | snappy-java-1.1.7.3.jar |
| CVE-2021-34428 | jetty-server-9.4.26.v20200117.jar |
| WS-2022-0080 | postgresql-42.2.9.jar |
| CVE-2022-42889 | commons-text-1.8.jar |
| CVE-2022-1471 | snakeyaml-1.24.jar |
| CVE-2023-35887 | sshd-core-1.6.0.jar |
| CVE-2021-28169 | jetty-server-9.4.26.v20200117.jar |
| CVE-2022-25857 | snakeyaml-1.23.jar |
| CVE-2022-38752 | snakeyaml-1.23.jar |
| CVE-2020-13692 | postgresql-42.2.9.jar |
| CVE-2020-25649 | jackson-databind-2.10.2.jar |
| CVE-2023-26049 | jetty-http-9.4.26.v20200117.jar |
| CVE-2023-40167 | jetty-http-9.4.26.v20200117.jar |
| CVE-2023-26048 | jetty-server-9.4.26.v20200117.jar |
| CVE-2021-35516 | commons-compress-1.20.jar |
| CVE-2020-8908 | guava-25.1-jre.jar |
| CVE-2021-28169 | jetty-servlets-9.4.26.v20200117.jar |
| CVE-2021-46877 | jackson-databind-2.10.2.jar |
| CVE-2021-38153 | kafka-clients-2.4.0.jar |
| CVE-2022-42003 | jackson-databind-2.10.2.jar |
| CVE-2021-35515 | commons-compress-1.20.jar |
| CVE-2021-35517 | commons-compress-1.20.jar |
| CVE-2022-1471 | snakeyaml-1.13.jar |
| CVE-2023-34454 | snappy-java-1.1.7.3.jar |
Base branch total remaining vulnerabilities: 234
Base branch commit: 5478aeeda738bb625d7a100be550b55df120b611
Total libraries scanned: 1550
Scan token: 3219a4c0dff342838db8d5a80a1daf03
Loading