Update dependency html-loader to v1 #284
Security Report
You have successfully remediated 142 vulnerabilities, but introduced 4 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | Vulnerable Library | Suggested Fix | Issue | |
---|---|---|---|---|---|
CVE-2021-2471Path to dependency file: /nifi-registry/nifi-registry-core/nifi-registry-test/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/8.0.15/mysql-connector-java-8.0.15.jar Dependency Hierarchy: -> ❌ mysql-connector-java-8.0.15.jar (Vulnerable Library) |
5.9 | mysql-connector-java-8.0.15.jar | Upgrade to version: mysql:mysql-connector-java:8.0.27 | None | |
CVE-2023-2976Path to dependency file: /nifi-toolkit/nifi-toolkit-zookeeper-migrator/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar Dependency Hierarchy: -> ❌ guava-28.0-jre.jar (Vulnerable Library) |
5.5 | guava-28.0-jre.jar | Upgrade to version: com.google.guava:guava:32.0.1-jre,com.google.guava:guava:32.0.1-android | None | |
CVE-2023-2976Path to dependency file: /nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/27.0.1-jre/guava-27.0.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/27.0.1-jre/guava-27.0.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/27.0.1-jre/guava-27.0.1-jre.jar Dependency Hierarchy: -> ❌ guava-27.0.1-jre.jar (Vulnerable Library) |
5.5 | guava-27.0.1-jre.jar | Upgrade to version: com.google.guava:guava:32.0.1-jre,com.google.guava:guava:32.0.1-android | None | |
CVE-2023-33264Path to dependency file: /nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/hazelcast/hazelcast/4.2/hazelcast-4.2.jar Dependency Hierarchy: -> ❌ hazelcast-4.2.jar (Vulnerable Library) |
4.3 | hazelcast-4.2.jar | Upgrade to version: com.hazelcast:hazelcast:5.1.6,5.3.0 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2016-10735 | bootstrap-3.3.1.min.js |
CVE-2021-23362 | hosted-git-info-2.6.0.tgz |
CVE-2021-23386 | dns-packet-1.3.1.tgz |
CVE-2021-32803 | tar-2.2.2.tgz |
CVE-2021-23495 | karma-5.0.4.tgz |
CVE-2021-3807 | ansi-regex-4.1.0.tgz |
CVE-2018-11696 | node-sass-4.13.1.tgz |
CVE-2022-0512 | url-parse-1.4.7.tgz |
CVE-2022-0639 | url-parse-1.4.7.tgz |
CVE-2022-0122 | node-forge-0.9.0.tgz |
CVE-2022-0536 | follow-redirects-1.7.0.tgz |
CVE-2021-3918 | json-schema-0.2.3.tgz |
CVE-2021-27290 | ssri-7.1.0.tgz |
CVE-2022-24999 | qs-6.5.2.tgz |
CVE-2020-15168 | node-fetch-2.3.0.tgz |
CVE-2020-7774 | y18n-4.0.0.tgz |
CVE-2021-43138 | async-2.6.3.tgz |
CVE-2018-20677 | bootstrap-3.3.1.min.js |
CVE-2018-19838 | node-sass-4.13.1.tgz |
CVE-2021-23424 | ansi-html-0.0.7.tgz |
CVE-2021-33623 | trim-newlines-1.0.0.tgz |
CVE-2021-23343 | path-parse-1.0.6.tgz |
CVE-2018-20821 | node-sass-4.13.1.tgz |
CVE-2020-36049 | socket.io-parser-3.2.0.tgz |
CVE-2018-11694 | node-sass-4.13.1.tgz |
CVE-2020-8203 | lodash-4.17.18.tgz |
CVE-2015-9251 | jquery-1.10.2.min.js |
CVE-2022-0155 | follow-redirects-1.7.0.tgz |
CVE-2021-23413 | jszip-3.1.5.tgz |
CVE-2018-19837 | node-sass-4.13.1.tgz |
CVE-2020-7720 | node-forge-0.9.0.tgz |
CVE-2021-37701 | tar-2.2.2.tgz |
CVE-2022-24999 | qs-6.7.0.tgz |
CVE-2022-48285 | jszip-3.1.5.tgz |
CVE-2021-37701 | tar-4.4.8.tgz |
CVE-2022-46175 | json5-1.0.1.tgz |
CVE-2021-29060 | color-string-1.5.3.tgz |
CVE-2022-46175 | json5-0.5.1.tgz |
CVE-2022-24066 | simple-git-1.113.0.tgz |
CVE-2022-0437 | karma-5.0.4.tgz |
CVE-2021-23337 | lodash-4.17.18.tgz |
CVE-2018-20190 | node-sass-4.13.1.tgz |
CVE-2021-41183 | jquery-ui-1.12.1.js |
CVE-2020-7707 | property-expr-1.5.1.tgz |
CVE-2021-27290 | ssri-6.0.1.tgz |
CVE-2022-38900 | decode-uri-component-0.2.0.tgz |
CVE-2020-28502 | xmlhttprequest-ssl-1.5.5.tgz |
CVE-2020-8116 | dot-prop-4.2.0.tgz |
CVE-2019-18797 | node-sass-4.13.1.tgz |
CVE-2021-41184 | jquery-ui-1.12.1.js |
CVE-2020-15366 | ajv-6.10.0.tgz |
CVE-2019-8331 | bootstrap-3.3.1.min.js |
CVE-2018-19839 | node-sass-4.13.1.tgz |
CVE-2019-6286 | node-sass-4.13.1.tgz |
CVE-2021-29059 | is-svg-3.0.0.tgz |
CVE-2021-3807 | ansi-regex-5.0.0.tgz |
CVE-2020-7774 | y18n-3.2.1.tgz |
CVE-2020-28498 | elliptic-6.4.1.tgz |
CVE-2018-14040 | bootstrap-3.3.1.min.js |
CVE-2021-33623 | trim-newlines-3.0.0.tgz |
CVE-2021-27515 | url-parse-1.4.7.tgz |
CVE-2020-36048 | engine.io-3.2.1.tgz |
CVE-2020-13822 | elliptic-6.4.1.tgz |
CVE-2021-23364 | browserslist-4.5.5.tgz |
CVE-2020-24025 | node-sass-4.13.1.tgz |
CVE-2019-6284 | node-sass-4.13.1.tgz |
CVE-2022-31160 | jquery-ui-1.12.1.js |
CVE-2022-21704 | log4js-4.5.1.tgz |
CVE-2019-11358 | jquery-1.12.4.js |
CVE-2022-24772 | node-forge-0.9.0.tgz |
CVE-2018-11698 | node-sass-4.13.1.tgz |
CVE-2023-28155 | request-2.88.2.tgz |
CVE-2018-19827 | node-sass-4.13.1.tgz |
CVE-2022-37598 | uglify-js-3.4.10.tgz |
CVE-2019-6283 | node-sass-4.13.1.tgz |
CVE-2021-23364 | browserslist-4.12.0.tgz |
CVE-2021-23368 | postcss-7.0.29.tgz |
CVE-2015-9251 | jquery-1.12.4.js |
CVE-2022-24773 | node-forge-0.9.0.tgz |
CVE-2022-25858 | terser-4.5.1.tgz |
CVE-2022-0691 | url-parse-1.4.7.tgz |
CVE-2021-3664 | url-parse-1.4.7.tgz |
CVE-2021-23368 | postcss-7.0.14.tgz |
CVE-2020-7788 | ini-1.3.5.tgz |
CVE-2021-27292 | ua-parser-js-0.7.21.tgz |
CVE-2020-7793 | ua-parser-js-0.7.21.tgz |
WS-2019-0424 | elliptic-6.4.1.tgz |
CVE-2018-14042 | bootstrap-3.3.1.min.js |
CVE-2022-46175 | json5-2.1.0.tgz |
CVE-2020-7753 | trim-0.0.1.tgz |
CVE-2021-37712 | tar-4.4.8.tgz |
CVE-2022-1650 | eventsource-1.0.7.tgz |
CVE-2020-28481 | socket.io-2.1.1.tgz |
CVE-2022-37601 | loader-utils-0.2.17.tgz |
CVE-2021-41182 | jquery-ui-1.12.1.js |
CVE-2018-11499 | node-sass-4.13.1.tgz |
WS-2022-0008 | node-forge-0.9.0.tgz |
WS-2021-0152 | color-string-1.5.3.tgz |
CVE-2022-25758 | scss-tokenizer-0.2.3.tgz |
CVE-2018-20676 | bootstrap-3.3.1.min.js |
CVE-2020-28500 | lodash-4.17.18.tgz |
CVE-2022-0235 | node-fetch-2.3.0.tgz |
CVE-2021-28092 | is-svg-3.0.0.tgz |
CVE-2021-3803 | nth-check-1.0.2.tgz |
CVE-2021-44906 | minimist-1.2.5.tgz |
CVE-2023-28155 | request-2.87.0.tgz |
CVE-2023-0842 | xml2js-0.4.19.tgz |
CVE-2020-11022 | jquery-1.10.2.min.js |
CVE-2021-37713 | tar-4.4.8.tgz |
CVE-2020-15366 | ajv-6.10.2.tgz |
CVE-2022-0686 | url-parse-1.4.7.tgz |
WS-2019-0427 | elliptic-6.4.1.tgz |
CVE-2019-11358 | jquery-1.10.2.min.js |
CVE-2021-23382 | postcss-7.0.29.tgz |
CVE-2022-37603 | loader-utils-1.2.3.tgz |
CVE-2022-24433 | simple-git-1.113.0.tgz |
CVE-2018-19797 | node-sass-4.13.1.tgz |
CVE-2020-7660 | serialize-javascript-2.1.2.tgz |
WS-2020-0443 | socket.io-2.1.1.tgz |
CVE-2021-32640 | ws-6.2.1.tgz |
CVE-2021-32804 | tar-4.4.8.tgz |
CVE-2021-31597 | xmlhttprequest-ssl-1.5.5.tgz |
CVE-2020-28469 | glob-parent-3.1.0.tgz |
CVE-2022-24771 | node-forge-0.9.0.tgz |
CVE-2021-23382 | postcss-7.0.14.tgz |
CVE-2020-15366 | ajv-6.12.2.tgz |
CVE-2021-3807 | ansi-regex-3.0.0.tgz |
CVE-2021-37712 | tar-2.2.2.tgz |
CVE-2022-25912 | simple-git-1.113.0.tgz |
CVE-2020-7733 | ua-parser-js-0.7.21.tgz |
CVE-2018-11697 | node-sass-4.13.1.tgz |
CVE-2021-37713 | tar-2.2.2.tgz |
CVE-2020-15366 | ajv-5.5.2.tgz |
CVE-2020-28469 | glob-parent-5.1.1.tgz |
CVE-2022-37620 | html-minifier-3.5.21.tgz |
CVE-2021-32803 | tar-4.4.8.tgz |
CVE-2021-32804 | tar-2.2.2.tgz |
CVE-2022-37601 | loader-utils-1.2.3.tgz |
CVE-2020-11022 | jquery-1.12.4.js |
CVE-2022-46175 | json5-2.1.3.tgz |
CVE-2022-3517 | minimatch-3.0.4.tgz |
CVE-2022-41940 | engine.io-3.2.1.tgz |
Base branch total remaining vulnerabilities: 250
Base branch commit: d9bab7423d2f0a27e478e0a225fccf352baa0cf2
Total libraries scanned: 606
Scan token: f1c40e38b69e49c18f2226fc1095349f