Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency com.amazonaws:aws-java-sdk to v1.12.452 #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency com.amazonaws:aws-java-sdk to v1.12.452

6378f53
Select commit
Loading
Failed to load commit list.
Open

Update dependency com.amazonaws:aws-java-sdk to v1.12.452 #2

Update dependency com.amazonaws:aws-java-sdk to v1.12.452
6378f53
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Nov 14, 2023 in 1m 11s

Security Report

You have successfully remediated 59 vulnerabilities, but introduced 12 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-22965

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.3.3.RELEASE/spring-beans-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> ❌ spring-beans-4.3.3.RELEASE.jar (Vulnerable Library)

Critical 9.8 spring-beans-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 None
CVE-2018-1272

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> spring-beans-4.3.3.RELEASE.jar (Root Library)

   -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library)

High 7.5 spring-core-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-core:4.3.15.RELEASE,5.0.5.RELEASE;org.springframework:spring-web:4.3.15.RELEASE,5.0.5.RELEASE None
CVE-2023-34462

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-handler/4.1.86.Final/netty-handler-4.1.86.Final.jar

Dependency Hierarchy:

-> aws-java-sdk-1.12.452.jar (Root Library)

   -> aws-java-sdk-kinesisvideo-1.12.452.jar

     -> netty-codec-http-4.1.86.Final.jar

       -> ❌ netty-handler-4.1.86.Final.jar (Vulnerable Library)

Medium 6.5 netty-handler-4.1.86.Final.jar Upgrade to version: io.netty:netty-handler:4.1.94.Final;io.netty:netty-all:4.1.94.Final None
CVE-2023-20863

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.3.RELEASE/spring-expression-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> spring-context-4.3.3.RELEASE.jar (Root Library)

   -> ❌ spring-expression-4.3.3.RELEASE.jar (Vulnerable Library)

Medium 6.5 spring-expression-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8 None
CVE-2023-20861

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.3.RELEASE/spring-expression-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> spring-context-4.3.3.RELEASE.jar (Root Library)

   -> ❌ spring-expression-4.3.3.RELEASE.jar (Vulnerable Library)

Medium 6.5 spring-expression-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7 None
CVE-2022-22950

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.3.RELEASE/spring-expression-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> spring-context-4.3.3.RELEASE.jar (Root Library)

   -> ❌ spring-expression-4.3.3.RELEASE.jar (Vulnerable Library)

Medium 6.5 spring-expression-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-expression:5.2.20,5.3.17 None
CVE-2022-22970

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> spring-beans-4.3.3.RELEASE.jar (Root Library)

   -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library)

Medium 5.3 spring-core-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20 None
CVE-2022-22970

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.3.3.RELEASE/spring-beans-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> ❌ spring-beans-4.3.3.RELEASE.jar (Vulnerable Library)

Medium 5.3 spring-beans-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20 None
CVE-2022-22968

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.3.RELEASE/spring-context-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> ❌ spring-context-4.3.3.RELEASE.jar (Vulnerable Library)

Medium 5.3 spring-context-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-context:5.2.21,5.3.19 None
CVE-2018-1199

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> spring-beans-4.3.3.RELEASE.jar (Root Library)

   -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library)

Medium 5.3 spring-core-4.3.3.RELEASE.jar Upgrade to version: org.springframework.security:spring-security-web:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework.security:spring-security-config:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework:spring-core:4.3.14.RELEASE,5.0.3.RELEASE None
CVE-2021-22096

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> spring-beans-4.3.3.RELEASE.jar (Root Library)

   -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library)

Medium 4.3 spring-core-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-core:5.2.18.RELEASE,5.3.12;org.springframework:spring-web:5.2.18.RELEASE,5.3.12;org.springframework:spring-webmvc:5.2.18.RELEASE,5.3.12;org.springframework:spring-webflux:5.2.18.RELEASE,5.3.12 None
CVE-2021-22060

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar

Dependency Hierarchy:

-> spring-beans-4.3.3.RELEASE.jar (Root Library)

   -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library)

Medium 4.3 spring-core-4.3.3.RELEASE.jar Upgrade to version: org.springframework:spring-core:5.2.19, 5.3.14;org.springframework:spring-web:5.2.19, 5.3.14 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2020-36183 jackson-databind-2.6.7.3.jar
CVE-2020-24616 jackson-databind-2.6.7.3.jar
CVE-2020-10969 jackson-databind-2.6.7.3.jar
CVE-2018-7489 jackson-databind-2.6.7.3.jar
CVE-2020-14060 jackson-databind-2.6.7.3.jar
CVE-2018-19360 jackson-databind-2.6.7.3.jar
CVE-2022-31159 aws-java-sdk-s3-1.11.856.jar
CVE-2020-9548 jackson-databind-2.6.7.3.jar
CVE-2021-37137 netty-codec-4.1.48.Final.jar
WS-2018-0125 jackson-core-2.6.7.jar
CVE-2019-14540 jackson-databind-2.6.7.3.jar
CVE-2021-21290 netty-handler-4.1.48.Final.jar
CVE-2020-36182 jackson-databind-2.6.7.3.jar
CVE-2017-17485 jackson-databind-2.6.7.3.jar
CVE-2020-8840 jackson-databind-2.6.7.3.jar
CVE-2020-36181 jackson-databind-2.6.7.3.jar
CVE-2021-37136 netty-codec-4.1.48.Final.jar
CVE-2020-36189 jackson-databind-2.6.7.3.jar
CVE-2020-36186 jackson-databind-2.6.7.3.jar
CVE-2020-10672 jackson-databind-2.6.7.3.jar
WS-2018-0124 jackson-core-2.6.7.jar
CVE-2020-10650 jackson-databind-2.6.7.3.jar
CVE-2020-36184 jackson-databind-2.6.7.3.jar
WS-2019-0379 commons-codec-1.11.jar
CVE-2019-14893 jackson-databind-2.6.7.3.jar
CVE-2020-11112 jackson-databind-2.6.7.3.jar
CVE-2020-14061 jackson-databind-2.6.7.3.jar
CVE-2020-9546 jackson-databind-2.6.7.3.jar
CVE-2020-25649 jackson-databind-2.6.7.3.jar
CVE-2020-36188 jackson-databind-2.6.7.3.jar
CVE-2018-11307 jackson-databind-2.6.7.3.jar
CVE-2020-28491 jackson-dataformat-cbor-2.6.7.jar
CVE-2020-11113 jackson-databind-2.6.7.3.jar
CVE-2019-10202 jackson-databind-2.6.7.3.jar
CVE-2019-17267 jackson-databind-2.6.7.3.jar
CVE-2021-43797 netty-codec-http-4.1.48.Final.jar
CVE-2022-42003 jackson-databind-2.6.7.3.jar
CVE-2020-36187 jackson-databind-2.6.7.3.jar
CVE-2020-11620 jackson-databind-2.6.7.3.jar
WS-2020-0408 netty-handler-4.1.48.Final.jar
CVE-2022-24823 netty-common-4.1.48.Final.jar
CVE-2021-21295 netty-codec-http-4.1.48.Final.jar
CVE-2020-9547 jackson-databind-2.6.7.3.jar
CVE-2020-11111 jackson-databind-2.6.7.3.jar
CVE-2019-20330 jackson-databind-2.6.7.3.jar
CVE-2020-24750 jackson-databind-2.6.7.3.jar
CVE-2020-36180 jackson-databind-2.6.7.3.jar
CVE-2020-14062 jackson-databind-2.6.7.3.jar
CVE-2022-42004 jackson-databind-2.6.7.3.jar
CVE-2020-13956 httpclient-4.5.9.jar
CVE-2020-36179 jackson-databind-2.6.7.3.jar
CVE-2023-34462 netty-handler-4.1.48.Final.jar
CVE-2021-20190 jackson-databind-2.6.7.3.jar
CVE-2021-21290 netty-codec-http-4.1.48.Final.jar
CVE-2020-10673 jackson-databind-2.6.7.3.jar
CVE-2019-17531 jackson-databind-2.6.7.3.jar
CVE-2020-36518 jackson-databind-2.6.7.3.jar
CVE-2020-36185 jackson-databind-2.6.7.3.jar
CVE-2020-14195 jackson-databind-2.6.7.3.jar

Base branch total remaining vulnerabilities: 59
Base branch commit: edf57a7ea55f953b7c479aa0dee540a8a3597e1a


Total libraries scanned: 364

Scan token: cfff566a9409401bb2895f188ec8e61d

View more details on Mend for GitHub.com