Security Report
The Security Check found 234 vulnerabilities.
Partial results (69 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE | Severity | Vulnerable Library | Suggested Fix | Issue | |
---|---|---|---|---|---|
WS-2022-0080Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.9.jar (Vulnerable Library) |
9.8 | postgresql-42.2.9.jar | Upgrade to version: org.postgresql:postgresql:42.3.3 | #117 | |
CVE-2023-42282Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/ip/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> ❌ ip-1.1.5.tgz (Vulnerable Library) |
9.8 | ip-1.1.5.tgz | Upgrade to version: ip - 1.1.9,2.0.1 | #254 | |
CVE-2023-34478Path to dependency file: /server/impl/pom.xml Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml Dependency Hierarchy: -> ❌ shiro-core-1.5.1.jar (Vulnerable Library) |
9.8 | shiro-core-1.5.1.jar | Upgrade to version: org.apache.shiro:shiro-core:1.12.0 | #232 | |
CVE-2023-26136Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/tough-cookie/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> jest-24.9.0.tgz -> jest-cli-24.9.0.tgz -> jest-config-24.9.0.tgz -> jest-environment-jsdom-24.9.0.tgz -> jsdom-11.12.0.tgz -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library) |
9.8 | tough-cookie-2.5.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | #230 | |
CVE-2022-45047Path to dependency file: /it/common/pom.xml Path to vulnerable library: /it/common/pom.xml Dependency Hierarchy: -> ❌ sshd-core-1.6.0.jar (Vulnerable Library) |
9.8 | sshd-core-1.6.0.jar | Upgrade to version: org.apache.sshd:sshd-core:2.9.2;org.apache.sshd:sshd-common:2.9.2;org.apache.sshd:sshd-osgi:2.9.2 | #155 | |
CVE-2022-42889Path to dependency file: /cli/pom.xml Path to vulnerable library: /cli/pom.xml,/runtime/v2/runner/pom.xml Dependency Hierarchy: -> ❌ commons-text-1.8.jar (Vulnerable Library) |
9.8 | commons-text-1.8.jar | Upgrade to version: org.apache.commons:commons-text:1.10.0 | #153 | |
CVE-2022-40664Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/impl/pom.xml Dependency Hierarchy: -> ❌ shiro-web-1.5.1.jar (Vulnerable Library) |
9.8 | shiro-web-1.5.1.jar | Upgrade to version: org.apache.shiro:shiro-web:1.10.0;org.apache.shiro:shiro-all:1.10.0 | #151 | |
CVE-2022-37601Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/adjust-sourcemap-loader/node_modules/loader-utils/package.json,/console2/node_modules/resolve-url-loader/node_modules/loader-utils/package.json,/console2/node_modules/react-dev-utils/node_modules/loader-utils/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> ❌ loader-utils-1.2.3.tgz (Vulnerable Library) |
9.8 | loader-utils-1.2.3.tgz | Upgrade to version: loader-utils - 1.4.1,2.0.3 | #152 | |
CVE-2022-37601Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/loader-utils/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> sass-loader-8.0.2.tgz -> ❌ loader-utils-1.4.0.tgz (Vulnerable Library) |
9.8 | loader-utils-1.4.0.tgz | Upgrade to version: loader-utils - 1.4.1,2.0.3 | #152 | |
CVE-2022-32532Path to dependency file: /server/impl/pom.xml Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml Dependency Hierarchy: -> ❌ shiro-core-1.5.1.jar (Vulnerable Library) |
9.8 | shiro-core-1.5.1.jar | Upgrade to version: org.apache.shiro:shiro-core:1.9.1 | #135 | |
CVE-2022-26520Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.9.jar (Vulnerable Library) |
9.8 | postgresql-42.2.9.jar | Upgrade to version: org.postgresql:postgresql:42.3.3 | #121 | |
CVE-2022-21724Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.9.jar (Vulnerable Library) |
9.8 | postgresql-42.2.9.jar | Upgrade to version: org.postgresql:postgresql:42.2.25,42.3.2 | #114 | |
CVE-2022-1471Path to dependency file: /runtime/v1/project-model/pom.xml Path to vulnerable library: /runtime/v1/project-model/pom.xml Dependency Hierarchy: -> jackson-dataformat-yaml-2.10.2.jar (Root Library) -> ❌ snakeyaml-1.23.jar (Vulnerable Library) |
9.8 | snakeyaml-1.23.jar | Upgrade to version: org.yaml:snakeyaml:2.0 | #162 | |
CVE-2022-1471Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/k8s/agent-operator/pom.xml,/cli/pom.xml,/runtime/v2/model/pom.xml,/server/impl/pom.xml,/docker-images/agent/pom.xml,/policy-engine/pom.xml,/server/plugins/noderoster/impl/pom.xml,/runtime/v2/sdk/pom.xml,/runtime/v2/runner/pom.xml,/runtime/v1/impl/pom.xml,/runtime/loader/pom.xml Dependency Hierarchy: -> kubernetes-client-4.8.0.jar (Root Library) -> jackson-dataformat-yaml-2.10.2.jar -> ❌ snakeyaml-1.24.jar (Vulnerable Library) |
9.8 | snakeyaml-1.24.jar | Upgrade to version: org.yaml:snakeyaml:2.0 | #162 | |
CVE-2022-1471Path to dependency file: /server/plugins/noderoster/db/pom.xml Path to vulnerable library: /server/plugins/noderoster/db/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/liquibase-ext/pom.xml Dependency Hierarchy: -> concord-ansible-plugin-db-1.75.1-SNAPSHOT.jar (Root Library) -> concord-server-db-1.75.1-SNAPSHOT.jar -> liquibase-ext-1.75.1-SNAPSHOT.jar -> liquibase-core-3.5.1.jar -> ❌ snakeyaml-1.13.jar (Vulnerable Library) |
9.8 | snakeyaml-1.13.jar | Upgrade to version: org.yaml:snakeyaml:2.0 | #162 | |
CVE-2022-0839Path to dependency file: /server/db/pom.xml Path to vulnerable library: /server/db/pom.xml,/server/dist/pom.xml,/server/liquibase-ext/pom.xml,/server/impl/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml Dependency Hierarchy: -> ❌ liquibase-core-3.5.1.jar (Vulnerable Library) |
9.8 | liquibase-core-3.5.1.jar | Upgrade to version: org.liquibase:liquibase-core:4.8.0 | #120 | |
CVE-2022-0691Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/url-parse/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> sockjs-client-1.4.0.tgz -> ❌ url-parse-1.4.7.tgz (Vulnerable Library) |
9.8 | url-parse-1.4.7.tgz | Upgrade to version: url-parse - 1.5.9 | #134 | |
CVE-2021-44906Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/json5/node_modules/minimist/package.json,/console2/node_modules/portfinder/node_modules/minimist/package.json,/console2/node_modules/babel-loader/node_modules/minimist/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> core-7.9.0.tgz -> json5-2.1.3.tgz -> ❌ minimist-1.2.5.tgz (Vulnerable Library) |
9.8 | minimist-1.2.5.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #123 | |
CVE-2021-44906Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/minimist/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> babel-jest-24.9.0.tgz -> transform-24.9.0.tgz -> jest-haste-map-24.9.0.tgz -> sane-4.1.0.tgz -> ❌ minimist-1.2.0.tgz (Vulnerable Library) |
9.8 | minimist-1.2.0.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #123 | |
CVE-2021-44906Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/mkdirp/node_modules/minimist/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.42.0.tgz -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library) |
9.8 | minimist-0.0.8.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #123 | |
CVE-2021-42740Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/shell-quote/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> ❌ shell-quote-1.7.2.tgz (Vulnerable Library) |
9.8 | shell-quote-1.7.2.tgz | Upgrade to version: shell-quote - 1.7.3 | #131 | |
CVE-2021-41303Path to dependency file: /server/impl/pom.xml Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml Dependency Hierarchy: -> ❌ shiro-core-1.5.1.jar (Vulnerable Library) |
9.8 | shiro-core-1.5.1.jar | Upgrade to version: org.apache.shiro:shiro-core:1.8.0 | #74 | |
CVE-2021-41269Path to dependency file: /server/impl/pom.xml Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml Dependency Hierarchy: -> ❌ cron-utils-9.0.2.jar (Vulnerable Library) |
9.8 | cron-utils-9.0.2.jar | Upgrade to version: com.cronutils:cron-utils:9.1.6 | #73 | |
CVE-2021-3757Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/immer/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> ❌ immer-1.10.0.tgz (Vulnerable Library) |
9.8 | immer-1.10.0.tgz | Upgrade to version: immer - 9.0.6 | #75 | |
CVE-2021-26707Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/merge-deep/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.3.3.tgz -> plugin-svgo-4.3.1.tgz -> ❌ merge-deep-3.0.2.tgz (Vulnerable Library) |
9.8 | merge-deep-3.0.2.tgz | Upgrade to version: 3.0.3 | #58 | |
CVE-2021-23440Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/set-value/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.42.0.tgz -> micromatch-3.1.10.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> ❌ set-value-2.0.0.tgz (Vulnerable Library) |
9.8 | set-value-2.0.0.tgz | Upgrade to version: set-value - 2.0.1,4.0.1 | #133 | |
CVE-2021-23440Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/union-value/node_modules/set-value/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.42.0.tgz -> micromatch-3.1.10.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> union-value-1.0.0.tgz -> ❌ set-value-0.4.3.tgz (Vulnerable Library) |
9.8 | set-value-0.4.3.tgz | Upgrade to version: set-value - 2.0.1,4.0.1 | #133 | |
CVE-2021-23436Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/immer/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> ❌ immer-1.10.0.tgz (Vulnerable Library) |
9.8 | immer-1.10.0.tgz | Upgrade to version: immer - 9.0.6 | #77 | |
CVE-2021-23383Path to dependency file: /examples/forms_wizard/forms/userData/index.html Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html Dependency Hierarchy: -> ❌ handlebars-4.1.2.min.js (Vulnerable Library) |
9.8 | handlebars-4.1.2.min.js | Upgrade to version: handlebars - 4.7.7 | #132 | |
CVE-2021-23369Path to dependency file: /examples/forms_wizard/forms/userData/index.html Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html Dependency Hierarchy: -> ❌ handlebars-4.1.2.min.js (Vulnerable Library) |
9.8 | handlebars-4.1.2.min.js | Upgrade to version: com.github.jknack:handlebars:4.2.0, handlebars - 4.7.7 | #191 | |
CVE-2020-7788Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/ini/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> global-modules-2.0.0.tgz -> global-prefix-3.0.0.tgz -> ❌ ini-1.3.5.tgz (Vulnerable Library) |
9.8 | ini-1.3.5.tgz | Upgrade to version: v1.3.6 | #35 | |
CVE-2020-7774Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/y18n/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> yargs-13.3.2.tgz -> ❌ y18n-4.0.0.tgz (Vulnerable Library) |
9.8 | y18n-4.0.0.tgz | Upgrade to version: 3.2.2, 4.0.1, 5.0.5 | #20 | |
CVE-2020-1957Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/impl/pom.xml Dependency Hierarchy: -> ❌ shiro-web-1.5.1.jar (Vulnerable Library) |
9.8 | shiro-web-1.5.1.jar | Upgrade to version: org.apache.shiro:shiro-web:1.5.2 | #27 | |
CVE-2020-17510Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/impl/pom.xml Dependency Hierarchy: -> ❌ shiro-web-1.5.1.jar (Vulnerable Library) |
9.8 | shiro-web-1.5.1.jar | Upgrade to version: org.apache.shiro:shiro-web:1.7.0 | #42 | |
CVE-2020-15256Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/object-path/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> resolve-url-loader-3.1.1.tgz -> adjust-sourcemap-loader-2.0.0.tgz -> ❌ object-path-0.11.4.tgz (Vulnerable Library) |
9.8 | object-path-0.11.4.tgz | Upgrade to version: 0.11.5 | #14 | |
CVE-2020-11989Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/impl/pom.xml Dependency Hierarchy: -> ❌ shiro-web-1.5.1.jar (Vulnerable Library) |
9.8 | shiro-web-1.5.1.jar | Upgrade to version: org.apache.shiro:shiro-web:1.5.3,org.apache.shiro:shiro-all:1.5.3 | #11 | |
CVE-2019-19919Path to dependency file: /examples/forms_wizard/forms/userData/index.html Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html Dependency Hierarchy: -> ❌ handlebars-4.1.2.min.js (Vulnerable Library) |
9.8 | handlebars-4.1.2.min.js | Upgrade to version: handlebars - 3.0.8,4.3.0 | #6 | |
CVE-2019-10747Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/union-value/node_modules/set-value/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.42.0.tgz -> micromatch-3.1.10.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> union-value-1.0.0.tgz -> ❌ set-value-0.4.3.tgz (Vulnerable Library) |
9.8 | set-value-0.4.3.tgz | Upgrade to version: 2.0.1,3.0.1 | #8 | |
CVE-2019-10747Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/set-value/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.42.0.tgz -> micromatch-3.1.10.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> ❌ set-value-2.0.0.tgz (Vulnerable Library) |
9.8 | set-value-2.0.0.tgz | Upgrade to version: 2.0.1,3.0.1 | #8 | |
CVE-2019-10746Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/mixin-deep/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.42.0.tgz -> micromatch-3.1.10.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> ❌ mixin-deep-1.3.1.tgz (Vulnerable Library) |
9.8 | mixin-deep-1.3.1.tgz | Upgrade to version: 1.3.2,2.0.1 | #9 | |
CVE-2022-1650Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/eventsource/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> sockjs-client-1.4.0.tgz -> ❌ eventsource-1.0.7.tgz (Vulnerable Library) |
9.3 | eventsource-1.0.7.tgz | Upgrade to version: eventsource - 1.1.1,2.0.2 | #130 | |
CVE-2024-29415Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/ip/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> ❌ ip-1.1.5.tgz (Vulnerable Library) |
9.1 | ip-1.1.5.tgz | #270 | ||
CVE-2022-0686Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/url-parse/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> sockjs-client-1.4.0.tgz -> ❌ url-parse-1.4.7.tgz (Vulnerable Library) |
9.1 | url-parse-1.4.7.tgz | Upgrade to version: url-parse - 1.5.8 | #119 | |
CVE-2023-4759Path to dependency file: /runtime/v1/project-model/pom.xml Path to vulnerable library: /runtime/v1/project-model/pom.xml,/docker-images/agent/pom.xml,/runtime/v1/impl/pom.xml,/runtime/loader/pom.xml,/it/common/pom.xml,/repository/pom.xml,/runtime/v2/runner/pom.xml,/policy-engine/pom.xml,/server/queue-client/pom.xml,/server/impl/pom.xml,/runtime/v2/model/pom.xml,/server/dist/pom.xml,/runtime/v2/sdk/pom.xml,/imports/pom.xml,/cli/pom.xml Dependency Hierarchy: -> ❌ org.eclipse.jgit-5.2.0.201812061821-r.jar (Vulnerable Library) |
8.8 | org.eclipse.jgit-5.2.0.201812061821-r.jar | Upgrade to version: org.eclipse.jgit:org.eclipse.jgit:6.6.1.202309021850-r | #228 | |
CVE-2023-45133Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/@babel/helper-wrap-function/node_modules/@babel/traverse/package.json,/console2/node_modules/@babel/helpers/node_modules/@babel/traverse/package.json,/console2/node_modules/@babel/helper-replace-supers/node_modules/@babel/traverse/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.3.3.tgz -> preset-env-7.11.5.tgz -> plugin-transform-async-to-generator-7.10.4.tgz -> helper-remap-async-to-generator-7.11.4.tgz -> helper-wrap-function-7.10.4.tgz -> ❌ traverse-7.11.5.tgz (Vulnerable Library) |
8.8 | traverse-7.11.5.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #240 | |
CVE-2023-45133Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/@babel/traverse/package.json Dependency Hierarchy: -> reakit-0.16.0.tgz (Root Library) -> styled-components-4.4.1.tgz -> ❌ traverse-7.9.6.tgz (Vulnerable Library) |
8.8 | traverse-7.9.6.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #240 | |
CVE-2022-46175Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/react-dev-utils/node_modules/json5/package.json,/console2/node_modules/adjust-sourcemap-loader/node_modules/json5/package.json,/console2/node_modules/loader-utils/node_modules/json5/package.json,/console2/node_modules/resolve-url-loader/node_modules/json5/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> loader-utils-1.2.3.tgz -> ❌ json5-1.0.1.tgz (Vulnerable Library) |
8.8 | json5-1.0.1.tgz | Upgrade to version: json5 - 2.2.2 | #161 | |
CVE-2022-46175Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/json5/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> core-7.9.0.tgz -> ❌ json5-2.1.3.tgz (Vulnerable Library) |
8.8 | json5-2.1.3.tgz | Upgrade to version: json5 - 2.2.2 | #161 | |
CVE-2021-23434Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/object-path/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> resolve-url-loader-3.1.1.tgz -> adjust-sourcemap-loader-2.0.0.tgz -> ❌ object-path-0.11.4.tgz (Vulnerable Library) |
8.6 | object-path-0.11.4.tgz | Upgrade to version: object-path - 0.11.6 | #72 | |
CVE-2020-26238Path to dependency file: /server/impl/pom.xml Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml Dependency Hierarchy: -> ❌ cron-utils-9.0.2.jar (Vulnerable Library) |
8.1 | cron-utils-9.0.2.jar | Upgrade to version: com.cronutils:cron-utils:9.1.3 | #26 | |
CVE-2019-20920Path to dependency file: /examples/forms_wizard/forms/userData/index.html Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html Dependency Hierarchy: -> ❌ handlebars-4.1.2.min.js (Vulnerable Library) |
8.1 | handlebars-4.1.2.min.js | Upgrade to version: handlebars - 4.5.3 | #193 | |
CVE-2022-31197Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.9.jar (Vulnerable Library) |
8.0 | postgresql-42.2.9.jar | Upgrade to version: org.postgresql:postgresql:42.2.26,42.4.1 | #140 | |
CVE-2021-43138Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/async/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> portfinder-1.0.28.tgz -> ❌ async-2.6.3.tgz (Vulnerable Library) |
7.8 | async-2.6.3.tgz | Upgrade to version: async - 2.6.4,3.2.2 | #128 | |
WS-2021-0419Path to dependency file: /runtime/v1/impl/pom.xml Path to vulnerable library: /runtime/v1/impl/pom.xml,/it/common/pom.xml,/runtime/v2/runner/pom.xml,/runtime/common/pom.xml,/server/impl/pom.xml,/server/plugins/ansible/client/pom.xml,/cli/pom.xml,/docker-images/agent/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/client/pom.xml Dependency Hierarchy: -> concord-server-impl-1.75.1-SNAPSHOT.jar (Root Library) -> javers-core-3.11.1.jar -> ❌ gson-2.8.6.jar (Vulnerable Library) |
7.7 | gson-2.8.6.jar | Upgrade to version: com.google.code.gson:gson:2.8.9 | #90 | |
CVE-2020-13692Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.9.jar (Vulnerable Library) |
7.7 | postgresql-42.2.9.jar | Upgrade to version: org.postgresql:postgresql:42.2.13 | #18 | |
WS-2022-0322Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/d3-color/package.json Dependency Hierarchy: -> d3-5.16.0.tgz (Root Library) -> ❌ d3-color-1.4.1.tgz (Vulnerable Library) |
7.5 | d3-color-1.4.1.tgz | Upgrade to version: d3-color - 3.1.0 | #149 | |
WS-2021-0152Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/color-string/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> optimize-css-assets-webpack-plugin-5.0.3.tgz -> cssnano-4.1.10.tgz -> cssnano-preset-default-4.0.7.tgz -> postcss-colormin-4.0.3.tgz -> color-3.1.2.tgz -> ❌ color-string-1.5.3.tgz (Vulnerable Library) |
7.5 | color-string-1.5.3.tgz | Upgrade to version: color-string - 1.5.5 | #88 | |
WS-2020-0450Path to dependency file: /examples/forms_wizard/forms/userData/index.html Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html Dependency Hierarchy: -> ❌ handlebars-4.1.2.min.js (Vulnerable Library) |
7.5 | handlebars-4.1.2.min.js | Upgrade to version: handlebars - 4.6.0 | #190 | |
CVE-2024-4068Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/braces/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> chokidar-2.1.8.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
7.5 | braces-2.3.2.tgz | Upgrade to version: braces - 3.0.3 | #269 | |
CVE-2024-4068Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/chokidar/node_modules/braces/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.42.0.tgz -> watchpack-1.7.4.tgz -> chokidar-3.4.2.tgz -> ❌ braces-3.0.2.tgz (Vulnerable Library) |
7.5 | braces-3.0.2.tgz | Upgrade to version: braces - 3.0.3 | #269 | |
CVE-2024-29857Path to dependency file: /k8s/agent-operator/pom.xml Path to vulnerable library: /k8s/agent-operator/pom.xml Dependency Hierarchy: -> bcpkix-jdk15on-1.64.jar (Root Library) -> ❌ bcprov-jdk15on-1.64.jar (Vulnerable Library) |
7.5 | bcprov-jdk15on-1.64.jar | Upgrade to version: org.bouncycastle:bcprov-jdk15to18:1.78, org.bouncycastle:bcprov-jdk18on:1.78 | #272 | |
CVE-2023-6481Path to dependency file: /server/plugins/ansible/client/pom.xml Path to vulnerable library: /server/plugins/ansible/client/pom.xml,/server/plugins/noderoster/client/pom.xml,/server/dist/pom.xml,/cli/pom.xml,/docker-images/agent/pom.xml,/server/impl/pom.xml,/k8s/agent-operator/pom.xml,/runtime/v1/impl/pom.xml,/runtime/v2/runner/pom.xml,/it/common/pom.xml,/server/plugins/noderoster/impl/pom.xml,/runtime/common/pom.xml Dependency Hierarchy: -> concord-server-impl-1.75.1-SNAPSHOT.jar (Root Library) -> logback-classic-1.2.3.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
7.5 | logback-core-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 | #243 | |
CVE-2023-6378Path to dependency file: /cli/pom.xml Path to vulnerable library: /cli/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/plugins/ansible/client/pom.xml,/server/plugins/noderoster/client/pom.xml,/server/dist/pom.xml,/runtime/v2/runner/pom.xml,/docker-images/agent/pom.xml,/runtime/v1/impl/pom.xml,/k8s/agent-operator/pom.xml,/it/common/pom.xml,/runtime/common/pom.xml Dependency Hierarchy: -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
7.5 | logback-classic-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 | #244 | |
CVE-2023-52428Path to dependency file: /server/plugins/oidc/pom.xml Path to vulnerable library: /server/plugins/oidc/pom.xml,/server/dist/pom.xml,/server/plugins/iam-sso/pom.xml Dependency Hierarchy: -> ❌ nimbus-jose-jwt-8.8.jar (Vulnerable Library) |
7.5 | nimbus-jose-jwt-8.8.jar | Upgrade to version: com.nimbusds:nimbus-jose-jwt:9.37.2 | #264 | |
CVE-2023-46234Path to dependency file: /console2/package.json Path to vulnerable library: /console2/node_modules/browserify-sign/package.json Dependency Hierarchy: -> react-scripts-3.4.3.tgz (Root Library) -> webpack-4.42.0.tgz -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> ❌ browserify-sign-4.2.1.tgz (Vulnerable Library) |
7.5 | browserify-sign-4.2.1.tgz | Upgrade to version: browserify-sign - 4.2.2 | #242 | |
CVE-2023-43642Path to dependency file: /server/plugins/kafka-event-sink/pom.xml Path to vulnerable library: /server/plugins/kafka-event-sink/pom.xml Dependency Hierarchy: -> kafka-clients-2.4.0.jar (Root Library) -> ❌ snappy-java-1.1.7.3.jar (Vulnerable Library) |
7.5 | snappy-java-1.1.7.3.jar | Upgrade to version: org.xerial.snappy:snappy-java:1.1.10.4 | #237 | |
CVE-2023-36478Path to dependency file: /server/dist/pom.xml Path to vulnerable library: /server/dist/pom.xml,/server/queue-client/pom.xml,/server/impl/pom.xml,/docker-images/agent/pom.xml,/server/plugins/noderoster/impl/pom.xml Dependency Hierarchy: -> concord-queue-client-1.75.1-SNAPSHOT.jar (Root Library) -> websocket-client-9.4.26.v20200117.jar -> jetty-client-9.4.26.v20200117.jar -> ❌ jetty-http-9.4.26.v20200117.jar (Vulnerable Library) |
7.5 | jetty-http-9.4.26.v20200117.jar | Upgrade to version: org.eclipse.jetty.http2:http2-hpack:9.4.53.v20231009,10.0.16,11.0.16;org.eclipse.jetty.http3:http3-qpack:10.0.16,11.0.16;org.eclipse.jetty:jetty-http:9.4.53.v20231009,10.0.16,11.0.16 | #239 | |
CVE-2023-3635Path to dependency file: /runtime/v2/runner/pom.xml Path to vulnerable library: /runtime/v2/runner/pom.xml,/it/common/pom.xml,/runtime/common/pom.xml,/docker-images/agent/pom.xml,/runtime/v1/impl/pom.xml,/server/plugins/ansible/client/pom.xml,/cli/pom.xml,/server/plugins/noderoster/client/pom.xml,/client/pom.xml,/k8s/agent-operator/pom.xml Dependency Hierarchy: -> kubernetes-client-4.8.0.jar (Root Library) -> okhttp-3.14.1.jar -> ❌ okio-1.15.0.jar (Vulnerable Library) |
7.5 | okio-1.15.0.jar | Upgrade to version: com.squareup.okio:okio-jvm:3.4.0 | #231 | |
CVE-2023-34455Path to dependency file: /server/plugins/kafka-event-sink/pom.xml Path to vulnerable library: /server/plugins/kafka-event-sink/pom.xml Dependency Hierarchy: -> kafka-clients-2.4.0.jar (Root Library) -> ❌ snappy-java-1.1.7.3.jar (Vulnerable Library) |
7.5 | snappy-java-1.1.7.3.jar | Upgrade to version: org.xerial.snappy:snappy-java:1.1.10.1 | #214 |
Total libraries scanned: 1788
Scan token: 3027cd6d5f02f4d00990c6d6b766b1f4d1718560800004_3