Update dependency com.google.guava:guava to v32 #122
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-38286Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /webgoat-container/pom.xml,/webwolf/pom.xml,/webgoat-server/pom.xml,/webgoat-integration-tests/pom.xml Dependency Hierarchy: -> spring-boot-starter-thymeleaf-2.5.4.jar (Root Library) -> thymeleaf-spring5-3.0.12.RELEASE.jar -> ❌ thymeleaf-3.0.12.RELEASE.jar (Vulnerable Library) |
 High |
7.5 | thymeleaf-3.0.12.RELEASE.jar | Upgrade to version: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE | None |
CVE-2023-3223Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /webgoat-container/pom.xml,/webgoat-server/pom.xml,/webwolf/pom.xml,/webgoat-integration-tests/pom.xml Dependency Hierarchy: -> spring-boot-starter-undertow-2.5.4.jar (Root Library) -> ❌ undertow-servlet-2.2.10.Final.jar (Vulnerable Library) |
High |
7.5 | undertow-servlet-2.2.10.Final.jar | Upgrade to version: io.undertow:undertow-servlet:2.2.25.Final,2.3.7.Final | None |
CVE-2023-20883Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /webgoat-container/pom.xml,/webgoat-server/pom.xml,/webwolf/pom.xml,/docker/pom.xml,/webgoat-integration-tests/pom.xml Dependency Hierarchy: -> spring-boot-starter-validation-2.5.4.jar (Root Library) -> spring-boot-starter-2.5.4.jar -> ❌ spring-boot-autoconfigure-2.5.4.jar (Vulnerable Library) |
High |
7.5 | spring-boot-autoconfigure-2.5.4.jar | Upgrade to version: org.springframework.boot:spring-boot-autoconfigure:2.5.12,2.6.12,2.7.12,3.0.7 | None |
CVE-2022-0084Path to dependency file: /webgoat-integration-tests/pom.xml Path to vulnerable library: /webgoat-integration-tests/pom.xml,/webgoat-container/pom.xml,/webwolf/pom.xml,/webgoat-server/pom.xml Dependency Hierarchy: -> spring-boot-starter-undertow-2.5.4.jar (Root Library) -> undertow-core-2.2.10.Final.jar -> ❌ xnio-api-3.8.4.Final.jar (Vulnerable Library) |
High |
7.5 | xnio-api-3.8.4.Final.jar | Upgrade to version: org.jboss.xnio:xnio-api:3.8.8.Final | None |
CVE-2023-34055Path to dependency file: /webgoat-server/pom.xml Path to vulnerable library: /webgoat-server/pom.xml,/webwolf/pom.xml,/webgoat-container/pom.xml,/docker/pom.xml,/webgoat-integration-tests/pom.xml Dependency Hierarchy: -> spring-boot-starter-validation-2.5.4.jar (Root Library) -> spring-boot-starter-2.5.4.jar -> ❌ spring-boot-2.5.4.jar (Vulnerable Library) |
 Medium |
6.5 | spring-boot-2.5.4.jar | Upgrade to version: org.springframework.boot:spring-boot:2.7.18,3.0.13,3.1.6 | None |
CVE-2020-11023Path to vulnerable library: /webgoat-container/src/main/resources/static/js/jquery/jquery-1.10.2.min.js Dependency Hierarchy: -> ❌ jquery-1.10.2.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.10.2.min.js | Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 | #38 |
CVE-2020-11022Path to vulnerable library: /webgoat-container/src/main/resources/static/js/jquery/jquery-1.10.2.min.js Dependency Hierarchy: -> ❌ jquery-1.10.2.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.10.2.min.js | Upgrade to version: jQuery - 3.5.0 | #39 |
CVE-2019-11358Path to vulnerable library: /webgoat-container/src/main/resources/static/js/jquery/jquery-1.10.2.min.js Dependency Hierarchy: -> ❌ jquery-1.10.2.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.10.2.min.js | Upgrade to version: jquery - 3.4.0 | #12 |
CVE-2015-9251Path to vulnerable library: /webgoat-container/src/main/resources/static/js/jquery/jquery-1.10.2.min.js Dependency Hierarchy: -> ❌ jquery-1.10.2.min.js (Vulnerable Library) |
Medium |
5.5 | jquery-1.10.2.min.js | Upgrade to version: jQuery - 3.0.0 | #15 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2023-2976 | guava-30.1-jre.jar |
Base branch total remaining vulnerabilities: 118
Base branch commit: null
Total libraries scanned: 188
Scan token: 62adcbf045844393afdef9f844009be8