Skip to content

Merge pull request #1 from billmcchesney1/whitesource/configure

Mend for GitHub.com / WhiteSource Security Check failed Jun 16, 2024 in 11m 1s

Security Report

The Security Check found 234 vulnerabilities.

Partial results (69 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
WS-2022-0080

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml

Dependency Hierarchy:

-> ❌ postgresql-42.2.9.jar (Vulnerable Library)

Critical 9.8 postgresql-42.2.9.jar Upgrade to version: org.postgresql:postgresql:42.3.3 #117
CVE-2023-42282

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/ip/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-dev-server-3.11.0.tgz

     -> ❌ ip-1.1.5.tgz (Vulnerable Library)

Critical 9.8 ip-1.1.5.tgz Upgrade to version: ip - 1.1.9,2.0.1 #254
CVE-2023-34478

Path to dependency file: /server/impl/pom.xml

Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml

Dependency Hierarchy:

-> ❌ shiro-core-1.5.1.jar (Vulnerable Library)

Critical 9.8 shiro-core-1.5.1.jar Upgrade to version: org.apache.shiro:shiro-core:1.12.0 #232
CVE-2023-26136

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/tough-cookie/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> jest-24.9.0.tgz

     -> jest-cli-24.9.0.tgz

       -> jest-config-24.9.0.tgz

         -> jest-environment-jsdom-24.9.0.tgz

           -> jsdom-11.12.0.tgz

             -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 #230
CVE-2022-45047

Path to dependency file: /it/common/pom.xml

Path to vulnerable library: /it/common/pom.xml

Dependency Hierarchy:

-> ❌ sshd-core-1.6.0.jar (Vulnerable Library)

Critical 9.8 sshd-core-1.6.0.jar Upgrade to version: org.apache.sshd:sshd-core:2.9.2;org.apache.sshd:sshd-common:2.9.2;org.apache.sshd:sshd-osgi:2.9.2 #155
CVE-2022-42889

Path to dependency file: /cli/pom.xml

Path to vulnerable library: /cli/pom.xml,/runtime/v2/runner/pom.xml

Dependency Hierarchy:

-> ❌ commons-text-1.8.jar (Vulnerable Library)

Critical 9.8 commons-text-1.8.jar Upgrade to version: org.apache.commons:commons-text:1.10.0 #153
CVE-2022-40664

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/impl/pom.xml

Dependency Hierarchy:

-> ❌ shiro-web-1.5.1.jar (Vulnerable Library)

Critical 9.8 shiro-web-1.5.1.jar Upgrade to version: org.apache.shiro:shiro-web:1.10.0;org.apache.shiro:shiro-all:1.10.0 #151
CVE-2022-37601

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/adjust-sourcemap-loader/node_modules/loader-utils/package.json,/console2/node_modules/resolve-url-loader/node_modules/loader-utils/package.json,/console2/node_modules/react-dev-utils/node_modules/loader-utils/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ loader-utils-1.2.3.tgz (Vulnerable Library)

Critical 9.8 loader-utils-1.2.3.tgz Upgrade to version: loader-utils - 1.4.1,2.0.3 #152
CVE-2022-37601

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/loader-utils/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> sass-loader-8.0.2.tgz

     -> ❌ loader-utils-1.4.0.tgz (Vulnerable Library)

Critical 9.8 loader-utils-1.4.0.tgz Upgrade to version: loader-utils - 1.4.1,2.0.3 #152
CVE-2022-32532

Path to dependency file: /server/impl/pom.xml

Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml

Dependency Hierarchy:

-> ❌ shiro-core-1.5.1.jar (Vulnerable Library)

Critical 9.8 shiro-core-1.5.1.jar Upgrade to version: org.apache.shiro:shiro-core:1.9.1 #135
CVE-2022-26520

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml

Dependency Hierarchy:

-> ❌ postgresql-42.2.9.jar (Vulnerable Library)

Critical 9.8 postgresql-42.2.9.jar Upgrade to version: org.postgresql:postgresql:42.3.3 #121
CVE-2022-21724

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml

Dependency Hierarchy:

-> ❌ postgresql-42.2.9.jar (Vulnerable Library)

Critical 9.8 postgresql-42.2.9.jar Upgrade to version: org.postgresql:postgresql:42.2.25,42.3.2 #114
CVE-2022-1471

Path to dependency file: /runtime/v1/project-model/pom.xml

Path to vulnerable library: /runtime/v1/project-model/pom.xml

Dependency Hierarchy:

-> jackson-dataformat-yaml-2.10.2.jar (Root Library)

   -> ❌ snakeyaml-1.23.jar (Vulnerable Library)

Critical 9.8 snakeyaml-1.23.jar Upgrade to version: org.yaml:snakeyaml:2.0 #162
CVE-2022-1471

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/k8s/agent-operator/pom.xml,/cli/pom.xml,/runtime/v2/model/pom.xml,/server/impl/pom.xml,/docker-images/agent/pom.xml,/policy-engine/pom.xml,/server/plugins/noderoster/impl/pom.xml,/runtime/v2/sdk/pom.xml,/runtime/v2/runner/pom.xml,/runtime/v1/impl/pom.xml,/runtime/loader/pom.xml

Dependency Hierarchy:

-> kubernetes-client-4.8.0.jar (Root Library)

   -> jackson-dataformat-yaml-2.10.2.jar

     -> ❌ snakeyaml-1.24.jar (Vulnerable Library)

Critical 9.8 snakeyaml-1.24.jar Upgrade to version: org.yaml:snakeyaml:2.0 #162
CVE-2022-1471

Path to dependency file: /server/plugins/noderoster/db/pom.xml

Path to vulnerable library: /server/plugins/noderoster/db/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/liquibase-ext/pom.xml

Dependency Hierarchy:

-> concord-ansible-plugin-db-1.75.1-SNAPSHOT.jar (Root Library)

   -> concord-server-db-1.75.1-SNAPSHOT.jar

     -> liquibase-ext-1.75.1-SNAPSHOT.jar

       -> liquibase-core-3.5.1.jar

         -> ❌ snakeyaml-1.13.jar (Vulnerable Library)

Critical 9.8 snakeyaml-1.13.jar Upgrade to version: org.yaml:snakeyaml:2.0 #162
CVE-2022-0839

Path to dependency file: /server/db/pom.xml

Path to vulnerable library: /server/db/pom.xml,/server/dist/pom.xml,/server/liquibase-ext/pom.xml,/server/impl/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml

Dependency Hierarchy:

-> ❌ liquibase-core-3.5.1.jar (Vulnerable Library)

Critical 9.8 liquibase-core-3.5.1.jar Upgrade to version: org.liquibase:liquibase-core:4.8.0 #120
CVE-2022-0691

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/url-parse/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-dev-server-3.11.0.tgz

     -> sockjs-client-1.4.0.tgz

       -> ❌ url-parse-1.4.7.tgz (Vulnerable Library)

Critical 9.8 url-parse-1.4.7.tgz Upgrade to version: url-parse - 1.5.9 #134
CVE-2021-44906

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/json5/node_modules/minimist/package.json,/console2/node_modules/portfinder/node_modules/minimist/package.json,/console2/node_modules/babel-loader/node_modules/minimist/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> core-7.9.0.tgz

     -> json5-2.1.3.tgz

       -> ❌ minimist-1.2.5.tgz (Vulnerable Library)

Critical 9.8 minimist-1.2.5.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #123
CVE-2021-44906

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/minimist/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> babel-jest-24.9.0.tgz

     -> transform-24.9.0.tgz

       -> jest-haste-map-24.9.0.tgz

         -> sane-4.1.0.tgz

           -> ❌ minimist-1.2.0.tgz (Vulnerable Library)

Critical 9.8 minimist-1.2.0.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #123
CVE-2021-44906

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/mkdirp/node_modules/minimist/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.42.0.tgz

     -> mkdirp-0.5.1.tgz

       -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Critical 9.8 minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #123
CVE-2021-42740

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/shell-quote/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ shell-quote-1.7.2.tgz (Vulnerable Library)

Critical 9.8 shell-quote-1.7.2.tgz Upgrade to version: shell-quote - 1.7.3 #131
CVE-2021-41303

Path to dependency file: /server/impl/pom.xml

Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml

Dependency Hierarchy:

-> ❌ shiro-core-1.5.1.jar (Vulnerable Library)

Critical 9.8 shiro-core-1.5.1.jar Upgrade to version: org.apache.shiro:shiro-core:1.8.0 #74
CVE-2021-41269

Path to dependency file: /server/impl/pom.xml

Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml

Dependency Hierarchy:

-> ❌ cron-utils-9.0.2.jar (Vulnerable Library)

Critical 9.8 cron-utils-9.0.2.jar Upgrade to version: com.cronutils:cron-utils:9.1.6 #73
CVE-2021-3757

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/immer/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ immer-1.10.0.tgz (Vulnerable Library)

Critical 9.8 immer-1.10.0.tgz Upgrade to version: immer - 9.0.6 #75
CVE-2021-26707

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/merge-deep/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.3.3.tgz

     -> plugin-svgo-4.3.1.tgz

       -> ❌ merge-deep-3.0.2.tgz (Vulnerable Library)

Critical 9.8 merge-deep-3.0.2.tgz Upgrade to version: 3.0.3 #58
CVE-2021-23440

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/set-value/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.42.0.tgz

     -> micromatch-3.1.10.tgz

       -> snapdragon-0.8.2.tgz

         -> base-0.11.2.tgz

           -> cache-base-1.0.1.tgz

             -> ❌ set-value-2.0.0.tgz (Vulnerable Library)

Critical 9.8 set-value-2.0.0.tgz Upgrade to version: set-value - 2.0.1,4.0.1 #133
CVE-2021-23440

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/union-value/node_modules/set-value/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.42.0.tgz

     -> micromatch-3.1.10.tgz

       -> snapdragon-0.8.2.tgz

         -> base-0.11.2.tgz

           -> cache-base-1.0.1.tgz

             -> union-value-1.0.0.tgz

               -> ❌ set-value-0.4.3.tgz (Vulnerable Library)

Critical 9.8 set-value-0.4.3.tgz Upgrade to version: set-value - 2.0.1,4.0.1 #133
CVE-2021-23436

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/immer/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ immer-1.10.0.tgz (Vulnerable Library)

Critical 9.8 immer-1.10.0.tgz Upgrade to version: immer - 9.0.6 #77
CVE-2021-23383

Path to dependency file: /examples/forms_wizard/forms/userData/index.html

Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html

Dependency Hierarchy:

-> ❌ handlebars-4.1.2.min.js (Vulnerable Library)

Critical 9.8 handlebars-4.1.2.min.js Upgrade to version: handlebars - 4.7.7 #132
CVE-2021-23369

Path to dependency file: /examples/forms_wizard/forms/userData/index.html

Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html

Dependency Hierarchy:

-> ❌ handlebars-4.1.2.min.js (Vulnerable Library)

Critical 9.8 handlebars-4.1.2.min.js Upgrade to version: com.github.jknack:handlebars:4.2.0, handlebars - 4.7.7 #191
CVE-2020-7788

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/ini/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> global-modules-2.0.0.tgz

       -> global-prefix-3.0.0.tgz

         -> ❌ ini-1.3.5.tgz (Vulnerable Library)

Critical 9.8 ini-1.3.5.tgz Upgrade to version: v1.3.6 #35
CVE-2020-7774

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/y18n/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-dev-server-3.11.0.tgz

     -> yargs-13.3.2.tgz

       -> ❌ y18n-4.0.0.tgz (Vulnerable Library)

Critical 9.8 y18n-4.0.0.tgz Upgrade to version: 3.2.2, 4.0.1, 5.0.5 #20
CVE-2020-1957

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/impl/pom.xml

Dependency Hierarchy:

-> ❌ shiro-web-1.5.1.jar (Vulnerable Library)

Critical 9.8 shiro-web-1.5.1.jar Upgrade to version: org.apache.shiro:shiro-web:1.5.2 #27
CVE-2020-17510

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/impl/pom.xml

Dependency Hierarchy:

-> ❌ shiro-web-1.5.1.jar (Vulnerable Library)

Critical 9.8 shiro-web-1.5.1.jar Upgrade to version: org.apache.shiro:shiro-web:1.7.0 #42
CVE-2020-15256

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/object-path/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> resolve-url-loader-3.1.1.tgz

     -> adjust-sourcemap-loader-2.0.0.tgz

       -> ❌ object-path-0.11.4.tgz (Vulnerable Library)

Critical 9.8 object-path-0.11.4.tgz Upgrade to version: 0.11.5 #14
CVE-2020-11989

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/impl/pom.xml

Dependency Hierarchy:

-> ❌ shiro-web-1.5.1.jar (Vulnerable Library)

Critical 9.8 shiro-web-1.5.1.jar Upgrade to version: org.apache.shiro:shiro-web:1.5.3,org.apache.shiro:shiro-all:1.5.3 #11
CVE-2019-19919

Path to dependency file: /examples/forms_wizard/forms/userData/index.html

Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html

Dependency Hierarchy:

-> ❌ handlebars-4.1.2.min.js (Vulnerable Library)

Critical 9.8 handlebars-4.1.2.min.js Upgrade to version: handlebars - 3.0.8,4.3.0 #6
CVE-2019-10747

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/union-value/node_modules/set-value/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.42.0.tgz

     -> micromatch-3.1.10.tgz

       -> snapdragon-0.8.2.tgz

         -> base-0.11.2.tgz

           -> cache-base-1.0.1.tgz

             -> union-value-1.0.0.tgz

               -> ❌ set-value-0.4.3.tgz (Vulnerable Library)

Critical 9.8 set-value-0.4.3.tgz Upgrade to version: 2.0.1,3.0.1 #8
CVE-2019-10747

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/set-value/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.42.0.tgz

     -> micromatch-3.1.10.tgz

       -> snapdragon-0.8.2.tgz

         -> base-0.11.2.tgz

           -> cache-base-1.0.1.tgz

             -> ❌ set-value-2.0.0.tgz (Vulnerable Library)

Critical 9.8 set-value-2.0.0.tgz Upgrade to version: 2.0.1,3.0.1 #8
CVE-2019-10746

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/mixin-deep/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.42.0.tgz

     -> micromatch-3.1.10.tgz

       -> snapdragon-0.8.2.tgz

         -> base-0.11.2.tgz

           -> ❌ mixin-deep-1.3.1.tgz (Vulnerable Library)

Critical 9.8 mixin-deep-1.3.1.tgz Upgrade to version: 1.3.2,2.0.1 #9
CVE-2022-1650

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/eventsource/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-dev-server-3.11.0.tgz

     -> sockjs-client-1.4.0.tgz

       -> ❌ eventsource-1.0.7.tgz (Vulnerable Library)

Critical 9.3 eventsource-1.0.7.tgz Upgrade to version: eventsource - 1.1.1,2.0.2 #130
CVE-2024-29415

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/ip/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-dev-server-3.11.0.tgz

     -> ❌ ip-1.1.5.tgz (Vulnerable Library)

Critical 9.1 ip-1.1.5.tgz #270
CVE-2022-0686

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/url-parse/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-dev-server-3.11.0.tgz

     -> sockjs-client-1.4.0.tgz

       -> ❌ url-parse-1.4.7.tgz (Vulnerable Library)

Critical 9.1 url-parse-1.4.7.tgz Upgrade to version: url-parse - 1.5.8 #119
CVE-2023-4759

Path to dependency file: /runtime/v1/project-model/pom.xml

Path to vulnerable library: /runtime/v1/project-model/pom.xml,/docker-images/agent/pom.xml,/runtime/v1/impl/pom.xml,/runtime/loader/pom.xml,/it/common/pom.xml,/repository/pom.xml,/runtime/v2/runner/pom.xml,/policy-engine/pom.xml,/server/queue-client/pom.xml,/server/impl/pom.xml,/runtime/v2/model/pom.xml,/server/dist/pom.xml,/runtime/v2/sdk/pom.xml,/imports/pom.xml,/cli/pom.xml

Dependency Hierarchy:

-> ❌ org.eclipse.jgit-5.2.0.201812061821-r.jar (Vulnerable Library)

High 8.8 org.eclipse.jgit-5.2.0.201812061821-r.jar Upgrade to version: org.eclipse.jgit:org.eclipse.jgit:6.6.1.202309021850-r #228
CVE-2023-45133

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/@babel/helper-wrap-function/node_modules/@babel/traverse/package.json,/console2/node_modules/@babel/helpers/node_modules/@babel/traverse/package.json,/console2/node_modules/@babel/helper-replace-supers/node_modules/@babel/traverse/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.3.3.tgz

     -> preset-env-7.11.5.tgz

       -> plugin-transform-async-to-generator-7.10.4.tgz

         -> helper-remap-async-to-generator-7.11.4.tgz

           -> helper-wrap-function-7.10.4.tgz

             -> ❌ traverse-7.11.5.tgz (Vulnerable Library)

High 8.8 traverse-7.11.5.tgz Upgrade to version: @babel/traverse - 7.23.2 #240
CVE-2023-45133

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/@babel/traverse/package.json

Dependency Hierarchy:

-> reakit-0.16.0.tgz (Root Library)

   -> styled-components-4.4.1.tgz

     -> ❌ traverse-7.9.6.tgz (Vulnerable Library)

High 8.8 traverse-7.9.6.tgz Upgrade to version: @babel/traverse - 7.23.2 #240
CVE-2022-46175

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/react-dev-utils/node_modules/json5/package.json,/console2/node_modules/adjust-sourcemap-loader/node_modules/json5/package.json,/console2/node_modules/loader-utils/node_modules/json5/package.json,/console2/node_modules/resolve-url-loader/node_modules/json5/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> loader-utils-1.2.3.tgz

       -> ❌ json5-1.0.1.tgz (Vulnerable Library)

High 8.8 json5-1.0.1.tgz Upgrade to version: json5 - 2.2.2 #161
CVE-2022-46175

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/json5/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> core-7.9.0.tgz

     -> ❌ json5-2.1.3.tgz (Vulnerable Library)

High 8.8 json5-2.1.3.tgz Upgrade to version: json5 - 2.2.2 #161
CVE-2021-23434

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/object-path/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> resolve-url-loader-3.1.1.tgz

     -> adjust-sourcemap-loader-2.0.0.tgz

       -> ❌ object-path-0.11.4.tgz (Vulnerable Library)

High 8.6 object-path-0.11.4.tgz Upgrade to version: object-path - 0.11.6 #72
CVE-2020-26238

Path to dependency file: /server/impl/pom.xml

Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml

Dependency Hierarchy:

-> ❌ cron-utils-9.0.2.jar (Vulnerable Library)

High 8.1 cron-utils-9.0.2.jar Upgrade to version: com.cronutils:cron-utils:9.1.3 #26
CVE-2019-20920

Path to dependency file: /examples/forms_wizard/forms/userData/index.html

Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html

Dependency Hierarchy:

-> ❌ handlebars-4.1.2.min.js (Vulnerable Library)

High 8.1 handlebars-4.1.2.min.js Upgrade to version: handlebars - 4.5.3 #193
CVE-2022-31197

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml

Dependency Hierarchy:

-> ❌ postgresql-42.2.9.jar (Vulnerable Library)

High 8.0 postgresql-42.2.9.jar Upgrade to version: org.postgresql:postgresql:42.2.26,42.4.1 #140
CVE-2021-43138

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/async/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-dev-server-3.11.0.tgz

     -> portfinder-1.0.28.tgz

       -> ❌ async-2.6.3.tgz (Vulnerable Library)

High 7.8 async-2.6.3.tgz Upgrade to version: async - 2.6.4,3.2.2 #128
WS-2021-0419

Path to dependency file: /runtime/v1/impl/pom.xml

Path to vulnerable library: /runtime/v1/impl/pom.xml,/it/common/pom.xml,/runtime/v2/runner/pom.xml,/runtime/common/pom.xml,/server/impl/pom.xml,/server/plugins/ansible/client/pom.xml,/cli/pom.xml,/docker-images/agent/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/client/pom.xml

Dependency Hierarchy:

-> concord-server-impl-1.75.1-SNAPSHOT.jar (Root Library)

   -> javers-core-3.11.1.jar

     -> ❌ gson-2.8.6.jar (Vulnerable Library)

High 7.7 gson-2.8.6.jar Upgrade to version: com.google.code.gson:gson:2.8.9 #90
CVE-2020-13692

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/db/pom.xml,/server/plugins/ansible/db/pom.xml,/server/plugins/noderoster/db/pom.xml

Dependency Hierarchy:

-> ❌ postgresql-42.2.9.jar (Vulnerable Library)

High 7.7 postgresql-42.2.9.jar Upgrade to version: org.postgresql:postgresql:42.2.13 #18
WS-2022-0322

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/d3-color/package.json

Dependency Hierarchy:

-> d3-5.16.0.tgz (Root Library)

   -> ❌ d3-color-1.4.1.tgz (Vulnerable Library)

High 7.5 d3-color-1.4.1.tgz Upgrade to version: d3-color - 3.1.0 #149
WS-2021-0152

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/color-string/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> optimize-css-assets-webpack-plugin-5.0.3.tgz

     -> cssnano-4.1.10.tgz

       -> cssnano-preset-default-4.0.7.tgz

         -> postcss-colormin-4.0.3.tgz

           -> color-3.1.2.tgz

             -> ❌ color-string-1.5.3.tgz (Vulnerable Library)

High 7.5 color-string-1.5.3.tgz Upgrade to version: color-string - 1.5.5 #88
WS-2020-0450

Path to dependency file: /examples/forms_wizard/forms/userData/index.html

Path to vulnerable library: /examples/forms_wizard/forms/userData/index.html,/examples/custom_form/forms/myForm/index.html,/examples/dynamic_form_values/forms/myForm/index.html,/examples/form_l10n/forms/myOtherForm/index.html,/examples/forms_wizard/forms/userWarning/index.html

Dependency Hierarchy:

-> ❌ handlebars-4.1.2.min.js (Vulnerable Library)

High 7.5 handlebars-4.1.2.min.js Upgrade to version: handlebars - 4.6.0 #190
CVE-2024-4068

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/braces/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-dev-server-3.11.0.tgz

     -> chokidar-2.1.8.tgz

       -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 #269
CVE-2024-4068

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/chokidar/node_modules/braces/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.42.0.tgz

     -> watchpack-1.7.4.tgz

       -> chokidar-3.4.2.tgz

         -> ❌ braces-3.0.2.tgz (Vulnerable Library)

High 7.5 braces-3.0.2.tgz Upgrade to version: braces - 3.0.3 #269
CVE-2024-29857

Path to dependency file: /k8s/agent-operator/pom.xml

Path to vulnerable library: /k8s/agent-operator/pom.xml

Dependency Hierarchy:

-> bcpkix-jdk15on-1.64.jar (Root Library)

   -> ❌ bcprov-jdk15on-1.64.jar (Vulnerable Library)

High 7.5 bcprov-jdk15on-1.64.jar Upgrade to version: org.bouncycastle:bcprov-jdk15to18:1.78, org.bouncycastle:bcprov-jdk18on:1.78 #272
CVE-2023-6481

Path to dependency file: /server/plugins/ansible/client/pom.xml

Path to vulnerable library: /server/plugins/ansible/client/pom.xml,/server/plugins/noderoster/client/pom.xml,/server/dist/pom.xml,/cli/pom.xml,/docker-images/agent/pom.xml,/server/impl/pom.xml,/k8s/agent-operator/pom.xml,/runtime/v1/impl/pom.xml,/runtime/v2/runner/pom.xml,/it/common/pom.xml,/server/plugins/noderoster/impl/pom.xml,/runtime/common/pom.xml

Dependency Hierarchy:

-> concord-server-impl-1.75.1-SNAPSHOT.jar (Root Library)

   -> logback-classic-1.2.3.jar

     -> ❌ logback-core-1.2.3.jar (Vulnerable Library)

High 7.5 logback-core-1.2.3.jar Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 #243
CVE-2023-6378

Path to dependency file: /cli/pom.xml

Path to vulnerable library: /cli/pom.xml,/server/impl/pom.xml,/server/plugins/noderoster/impl/pom.xml,/server/plugins/ansible/client/pom.xml,/server/plugins/noderoster/client/pom.xml,/server/dist/pom.xml,/runtime/v2/runner/pom.xml,/docker-images/agent/pom.xml,/runtime/v1/impl/pom.xml,/k8s/agent-operator/pom.xml,/it/common/pom.xml,/runtime/common/pom.xml

Dependency Hierarchy:

-> ❌ logback-classic-1.2.3.jar (Vulnerable Library)

High 7.5 logback-classic-1.2.3.jar Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 #244
CVE-2023-52428

Path to dependency file: /server/plugins/oidc/pom.xml

Path to vulnerable library: /server/plugins/oidc/pom.xml,/server/dist/pom.xml,/server/plugins/iam-sso/pom.xml

Dependency Hierarchy:

-> ❌ nimbus-jose-jwt-8.8.jar (Vulnerable Library)

High 7.5 nimbus-jose-jwt-8.8.jar Upgrade to version: com.nimbusds:nimbus-jose-jwt:9.37.2 #264
CVE-2023-46234

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/browserify-sign/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> webpack-4.42.0.tgz

     -> node-libs-browser-2.2.1.tgz

       -> crypto-browserify-3.12.0.tgz

         -> ❌ browserify-sign-4.2.1.tgz (Vulnerable Library)

High 7.5 browserify-sign-4.2.1.tgz Upgrade to version: browserify-sign - 4.2.2 #242
CVE-2023-43642

Path to dependency file: /server/plugins/kafka-event-sink/pom.xml

Path to vulnerable library: /server/plugins/kafka-event-sink/pom.xml

Dependency Hierarchy:

-> kafka-clients-2.4.0.jar (Root Library)

   -> ❌ snappy-java-1.1.7.3.jar (Vulnerable Library)

High 7.5 snappy-java-1.1.7.3.jar Upgrade to version: org.xerial.snappy:snappy-java:1.1.10.4 #237
CVE-2023-36478

Path to dependency file: /server/dist/pom.xml

Path to vulnerable library: /server/dist/pom.xml,/server/queue-client/pom.xml,/server/impl/pom.xml,/docker-images/agent/pom.xml,/server/plugins/noderoster/impl/pom.xml

Dependency Hierarchy:

-> concord-queue-client-1.75.1-SNAPSHOT.jar (Root Library)

   -> websocket-client-9.4.26.v20200117.jar

     -> jetty-client-9.4.26.v20200117.jar

       -> ❌ jetty-http-9.4.26.v20200117.jar (Vulnerable Library)

High 7.5 jetty-http-9.4.26.v20200117.jar Upgrade to version: org.eclipse.jetty.http2:http2-hpack:9.4.53.v20231009,10.0.16,11.0.16;org.eclipse.jetty.http3:http3-qpack:10.0.16,11.0.16;org.eclipse.jetty:jetty-http:9.4.53.v20231009,10.0.16,11.0.16 #239
CVE-2023-3635

Path to dependency file: /runtime/v2/runner/pom.xml

Path to vulnerable library: /runtime/v2/runner/pom.xml,/it/common/pom.xml,/runtime/common/pom.xml,/docker-images/agent/pom.xml,/runtime/v1/impl/pom.xml,/server/plugins/ansible/client/pom.xml,/cli/pom.xml,/server/plugins/noderoster/client/pom.xml,/client/pom.xml,/k8s/agent-operator/pom.xml

Dependency Hierarchy:

-> kubernetes-client-4.8.0.jar (Root Library)

   -> okhttp-3.14.1.jar

     -> ❌ okio-1.15.0.jar (Vulnerable Library)

High 7.5 okio-1.15.0.jar Upgrade to version: com.squareup.okio:okio-jvm:3.4.0 #231
CVE-2023-34455

Path to dependency file: /server/plugins/kafka-event-sink/pom.xml

Path to vulnerable library: /server/plugins/kafka-event-sink/pom.xml

Dependency Hierarchy:

-> kafka-clients-2.4.0.jar (Root Library)

   -> ❌ snappy-java-1.1.7.3.jar (Vulnerable Library)

High 7.5 snappy-java-1.1.7.3.jar Upgrade to version: org.xerial.snappy:snappy-java:1.1.10.1 #214

Total libraries scanned: 1788
Scan token: 3027cd6d5f02f4d00990c6d6b766b1f4d1718560800004_3
View more details on Mend for GitHub.com