chore(deps): update dependency ch.qos.logback:logback-classic to v1.5.13 #82

mend-for-jackfan.us.kg · 2025-02-23T18:04:52Z

This PR contains the following updates:

Package	Type	Update	Change
ch.qos.logback:logback-classic (source, changelog)	compile	minor	`1.2.11` -> `1.5.13`

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
High	7.1	CVE-2023-6378
Medium	6.6	CVE-2024-12798
Medium	6.6	CVE-2024-12798
Medium	4.4	CVE-2024-12801

If you want to rebase/retry this PR, check this box

rafikmojr · 2025-02-23T18:07:25Z

Checkmarx One – Scan Summary & Details – 9b290a60-5ac4-4f30-8785-8edd6dd0e1fc

New Issues (88)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2024-31573	Maven-org.xmlunit:xmlunit-core-2.9.1	details Recommended version: 2.10.0 Description: XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets. This issue affects the package org.xmlunit:xmlunit-core versions prior to ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-50379	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.11	details Recommended version: 10.1.34 Description: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits Remote Code Execution on case-insen... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-52316	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.11	details Recommended version: 10.1.34 Description: Unchecked Error Condition vulnerability in Apache Tomcat versions 9.0.0-M1 through 9.0.95, 10.1.0-M1 through 10.1.30, and 11.0.0-M1 through 11.0.0-... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-56337	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.11	details Recommended version: 10.1.34 Description: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. Users running Tomcat on a case insensitive file system with the ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-22259	Maven-org.springframework:spring-web-6.0.11	details Recommended version: 6.1.14 Description: Applications that use "UriComponentsBuilder" in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform v... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-22262	Maven-org.springframework:spring-web-6.0.11	details Recommended version: 6.1.14 Description: Applications that use "UriComponentsBuilder" to parse an externally provided URL (e.g. through a query parameter) and perform validation checks on ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-23672	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.11	details Recommended version: 10.1.34 Description: Denial of Service via an incomplete cleanup vulnerability in Apache Tomcat. WebSocket clients could keep WebSocket connections open leading to incr... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-23672	Maven-org.apache.tomcat.embed:tomcat-embed-websocket-10.1.11	details Recommended version: 10.1.19 Description: Denial of Service via an incomplete cleanup vulnerability in Apache Tomcat. WebSocket clients could keep WebSocket connections open leading to incr... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-24549	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.11	details Recommended version: 10.1.34 Description: According to the class of vulnerabilities "HTTP/2 CONTINUATION Flood," implementation of the HTTP/2 protocol without proper input validation or lim... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-38286	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.11	details Recommended version: 10.1.34 Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat versions 9.0.13 through 9.0.8... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-38816	Maven-org.springframework:spring-webmvc-6.0.11	details Recommended version: 6.1.14 Description: Applications serving static resources through the functional web frameworks "WebMvc.fn" or "WebFlux.fn" are vulnerable to Path Traversal attacks. A... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-38819	Maven-org.springframework:spring-webmvc-6.0.11	details Recommended version: 6.1.14 Description: Applications serving static resources through the functional web frameworks "WebMvc.fn" or "WebFlux.fn" are vulnerable to path traversal attacks. A... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2025-24970	Maven-io.netty:netty-handler-4.1.92.Final	details Recommended version: 4.1.118.Final Description: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions 4.1.91.Final through 4.1.117.Final, 4.2.0.Alpha... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2025-24970	Maven-io.netty:netty-handler-4.1.117.Final	details Recommended version: 4.1.118.Final Description: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions 4.1.91.Final through 4.1.117.Final, 4.2.0.Alpha... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2025-24970	Maven-io.netty:netty-handler-4.1.94.Final	details Recommended version: 4.1.118.Final Description: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions 4.1.91.Final through 4.1.117.Final, 4.2.0.Alpha... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Sensitive Port Is Exposed To Entire Network	/main.tf: 138	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined

More results are available on the CxOne platform

Fixed Issues (174)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~Client_DOM_XSS~~	/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js: 28
	~~Client_DOM_XSS~~	/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js: 28
	~~Client_DOM_XSS~~	/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js: 28
	~~Cx89601373-08db~~	Npm-debug-2.6.9
	~~Cx89601373-08db~~	Npm-debug-3.2.7
	~~Cxab55612e-3a56~~	Npm-braces-3.0.2
	~~Cxf6e7f2c1-dc59~~	Npm-yauzl-2.10.0
	~~OS_Access_Violation~~	/deps/rabbitmq_codegen/amqp_codegen.py: 273
	~~OS_Access_Violation~~	/deps/rabbitmq_codegen/amqp_codegen.py: 273
	~~Prototype_Pollution~~	/deps/rabbitmq_management/priv/www/js/sammy-0.7.6.js: 1391
	~~Prototype_Pollution~~	/deps/rabbitmq_management/priv/www/js/sammy-0.7.6.js: 1391
	~~Prototype_Pollution~~	/deps/rabbitmq_management/priv/www/js/sammy-0.7.6.min.js: 731
	~~Prototype_Pollution~~	/deps/rabbitmq_management/priv/www/js/sammy-0.7.6.min.js: 731
	~~S3 Bucket SSE Disabled~~	/main.tf: 21
	~~S3 Bucket Without Enabled MFA Delete~~	/main.tf: 21
	~~Apt Get Install Pin Version Not Defined~~	/Dockerfile: 4
	~~Apt Get Install Pin Version Not Defined~~	/Dockerfile: 4
	~~Apt Get Install Pin Version Not Defined~~	/Dockerfile: 4
	~~Apt Get Install Pin Version Not Defined~~	/Dockerfile: 4
	~~Apt Get Install Pin Version Not Defined~~	/Dockerfile: 4
	~~Apt Get Install Pin Version Not Defined~~	/Dockerfile: 4
	~~Apt Get Install Pin Version Not Defined~~	/Dockerfile: 4
	~~Apt Get Install Pin Version Not Defined~~	/Dockerfile: 4
	~~Apt Get Install Pin Version Not Defined~~	/Dockerfile: 4
	~~CVE-2007-2379~~	Npm-jquery-3.5.1
	~~CVE-2014-6071~~	Npm-jquery-3.5.1
	~~CVE-2023-34055~~	Maven-org.springframework.boot:spring-boot-3.1.2
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 11
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 42
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 12
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 41
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 12
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 11
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 32
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 32
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 42
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 38
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 33
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 38
	~~Client_HTML5_Store_Sensitive_data_In_Web_Storage~~	/deps/rabbitmq_management/priv/www/js/prefs.js: 33
	~~Client_Potential_XSS~~	/deps/rabbitmq_web_stomp_examples/priv/temp-queue.html: 74
	~~Client_Potential_XSS~~	/deps/rabbitmq_web_stomp_examples/priv/temp-queue.html: 69
	~~Client_Potential_XSS~~	/deps/rabbitmq_web_stomp_examples/priv/echo.html: 67
	~~Client_Potential_XSS~~	/deps/rabbitmq_web_mqtt_examples/priv/echo.html: 70
	~~Client_Potential_XSS~~	/deps/rabbitmq_management/priv/www/js/main.js: 715
	~~Client_Potential_XSS~~	/deps/rabbitmq_management/priv/www/js/main.js: 683
	~~Client_Potential_XSS~~	/deps/rabbitmq_management/priv/www/js/main.js: 935
	~~Client_Potential_XSS~~	/deps/rabbitmq_management/priv/www/js/main.js: 935
	~~Client_Potential_XSS~~	/deps/rabbitmq_management/priv/www/js/main.js: 935
	~~Client_Potential_XSS~~	/deps/rabbitmq_management/priv/www/js/main.js: 935
	~~Client_Privacy_Violation~~	/deps/rabbitmq_management/selenium/fakeportal/app.js: 19
	~~Client_Privacy_Violation~~	/deps/rabbitmq_management/selenium/fakeportal/app.js: 18
	~~Host Namespace is Shared~~	/docker-compose-dist-tls.yml: 14
	~~Host Namespace is Shared~~	/docker-compose.yml: 4
	~~Host Namespace is Shared~~	/docker-compose-qq.yml: 51
	~~Host Namespace is Shared~~	/docker-compose-dist-tls.yml: 46
	~~Host Namespace is Shared~~	/docker-compose.yml: 4
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 173
	~~Host Namespace is Shared~~	/docker-compose.yml: 4
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 99
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 131
	~~Host Namespace is Shared~~	/docker-compose-dist-tls.yml: 58
	~~Host Namespace is Shared~~	/docker-compose-dist-metrics.yml: 46
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 56
	~~Host Namespace is Shared~~	/docker-compose-dist-metrics.yml: 52
	~~Host Namespace is Shared~~	/docker-compose-metrics.yml: 35
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 43
	~~Host Namespace is Shared~~	/docker-compose-metrics.yml: 45
	~~Host Namespace is Shared~~	/docker-compose-dist-tls.yml: 52
	~~Host Namespace is Shared~~	/docker-compose-metrics.yml: 14
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 113
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 14
	~~Host Namespace is Shared~~	/docker-compose.yml: 32
	~~Host Namespace is Shared~~	/docker-compose-qq.yml: 45
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 71
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 49
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 150
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 85
	~~Host Namespace is Shared~~	/docker-compose.yml: 3
	~~Host Namespace is Shared~~	/docker-compose-overview.yml: 162
	~~Host Namespace is Shared~~	/docker-compose.yml: 19
	~~Host Namespace is Shared~~	/docker-compose-qq.yml: 39
	~~Host Namespace is Shared~~	/docker-compose-dist-metrics.yml: 14
	~~Host Namespace is Shared~~	/docker-compose-metrics.yml: 61
	~~Host Namespace is Shared~~	/docker-compose-dist-metrics.yml: 59
	~~Host Namespace is Shared~~	/docker-compose-qq.yml: 14
	~~Host Namespace is Shared~~	/docker-compose-dist-tls.yml: 77
	~~Improper_Restriction_of_XXE_Ref~~	/deps/amqp10_common/codegen.py: 119
	~~Networks Not Set~~	/docker-compose.yml: 4
	~~Networks Not Set~~	/docker-compose.yml: 4
	~~Networks Not Set~~	/docker-compose.yml: 4

More results are available on the CxOne platform

chore(deps): update dependency ch.qos.logback:logback-classic to v1.5.13

39b64a1

mend-for-jackfan.us.kg bot added the security fix Security fix generated by Mend label Feb 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency ch.qos.logback:logback-classic to v1.5.13 #82

chore(deps): update dependency ch.qos.logback:logback-classic to v1.5.13 #82

mend-for-jackfan.us.kg bot commented Feb 23, 2025

rafikmojr commented Feb 23, 2025

chore(deps): update dependency ch.qos.logback:logback-classic to v1.5.13 #82

Are you sure you want to change the base?

chore(deps): update dependency ch.qos.logback:logback-classic to v1.5.13 #82

Conversation

mend-for-jackfan.us.kg bot commented Feb 23, 2025

rafikmojr commented Feb 23, 2025