Update .whitesource
Security Report
Partial results (60 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|
CVE-2018-14721Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
 Critical |
10.0 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.7,2.8.11.3,2.7.9.5,2.6.7.3 | #26 | |
CVE-2022-22978Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-security-web-4.0.1.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | spring-security-web-4.0.1.RELEASE.jar | Upgrade to version: org.springframework.security:spring-security-web:5.5.7,5.6.4 | #24 | |
CVE-2022-22965Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.2.1.RELEASE/spring-beans-4.2.1.RELEASE.jar Dependency Hierarchy: -> spring-web-4.2.1.RELEASE.jar (Root Library) -> spring-aop-4.2.1.RELEASE.jar -> ❌ spring-beans-4.2.1.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | spring-beans-4.2.1.RELEASE.jar | Upgrade to version: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 | #25 | |
CVE-2022-1471Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.15/snakeyaml-1.15.jar Dependency Hierarchy: -> elasticsearch-5.6.4.jar (Root Library) -> ❌ snakeyaml-1.15.jar (Vulnerable Library) |
Critical |
9.8 | snakeyaml-1.15.jar | Upgrade to version: org.yaml:snakeyaml:2.0 | #16 | |
CVE-2020-9548Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 | #26 | |
CVE-2020-9547Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 | #26 | |
CVE-2020-9546Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 | #26 | |
CVE-2020-8840Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 | #26 | |
CVE-2020-10683Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar Dependency Hierarchy: -> hibernate-entitymanager-4.3.11.Final.jar (Root Library) -> hibernate-core-4.3.11.Final.jar -> ❌ dom4j-1.6.1.jar (Vulnerable Library) |
Critical |
9.8 | dom4j-1.6.1.jar | Upgrade to version: org.dom4j:dom4j:2.1.3,org.dom4j:dom4j:2.0.3 | #27 | |
CVE-2019-20330Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 | #26 | |
CVE-2019-17531Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: 2.10 | #26 | |
CVE-2019-17267Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 | #26 | |
CVE-2019-16943Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | #26 | |
CVE-2019-16942Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | #26 | |
CVE-2019-16335Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: 2.9.10 | #26 | |
CVE-2019-14893Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | #26 | |
CVE-2019-14892Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10 | #26 | |
CVE-2019-14540Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1 | #26 | |
CVE-2019-14379Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: 2.9.9.2 | #26 | |
CVE-2019-10202Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.0.0 | #26 | |
CVE-2018-7489Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: 2.8.11.1,2.9.5 | #26 | |
CVE-2018-19360Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.8,2.10.0.pr1 | #26 | |
CVE-2018-14720Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: 2.9.7 | #26 | |
CVE-2018-14719Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: 2.9.7 | #26 | |
CVE-2018-14718Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: 2.9.7 | #26 | |
CVE-2018-1275Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-messaging/4.3.7.RELEASE/spring-messaging-4.3.7.RELEASE.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> ❌ spring-messaging-4.3.7.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | spring-messaging-4.3.7.RELEASE.jar | Upgrade to version: 5.0.5,4.3.16 | #26 | |
CVE-2018-1273Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/data/spring-data-commons/1.10.1.RELEASE/spring-data-commons-1.10.1.RELEASE.jar Dependency Hierarchy: -> spring-data-jpa-1.8.1.RELEASE.jar (Root Library) -> ❌ spring-data-commons-1.10.1.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | spring-data-commons-1.10.1.RELEASE.jar | Upgrade to version: org.springframework.data:spring-data-commons:1.13.11,2.0.6 | #33 | |
CVE-2018-1270Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-messaging/4.3.7.RELEASE/spring-messaging-4.3.7.RELEASE.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> ❌ spring-messaging-4.3.7.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | spring-messaging-4.3.7.RELEASE.jar | Upgrade to version: 5.0.5,4.3.15 | #26 | |
CVE-2018-11307Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: jackson-databind-2.9.6 | #26 | |
CVE-2017-8045Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/amqp/spring-amqp/1.7.1.RELEASE/spring-amqp-1.7.1.RELEASE.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> ❌ spring-amqp-1.7.1.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | spring-amqp-1.7.1.RELEASE.jar | Upgrade to version: org.springframework.amqp:spring-amqp:1.5.7,1.6.11,1.7.4 | #26 | |
CVE-2017-7525Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.1,2.7.9.1,2.8.9 | #26 | |
CVE-2017-5929Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.1.3/logback-core-1.1.3.jar Dependency Hierarchy: -> logback-classic-1.1.3.jar (Root Library) -> ❌ logback-core-1.1.3.jar (Vulnerable Library) |
Critical |
9.8 | logback-core-1.1.3.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.0;ch.qos.logback:logback-access:1.2.0;ch.qos.logback:logback-classic:1.2.0 | #32 | |
CVE-2017-5929Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.1.3/logback-classic-1.1.3.jar Dependency Hierarchy: -> ❌ logback-classic-1.1.3.jar (Vulnerable Library) |
Critical |
9.8 | logback-classic-1.1.3.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.0;ch.qos.logback:logback-access:1.2.0;ch.qos.logback:logback-classic:1.2.0 | #32 | |
CVE-2017-17485Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: 2.9.4 | #26 | |
CVE-2017-15095Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.4.jar | Upgrade to version: 2.8.10,2.9.1 | #26 | |
CVE-2017-12629Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/lucene/lucene-queryparser/6.6.1/lucene-queryparser-6.6.1.jar Dependency Hierarchy: -> elasticsearch-5.6.4.jar (Root Library) -> ❌ lucene-queryparser-6.6.1.jar (Vulnerable Library) |
Critical |
9.8 | lucene-queryparser-6.6.1.jar | Upgrade to version: org.apache.lucene:lucene-queryparser:5.5.5,6.6.2,7.1.0,org.apache.solr:solr-core:5.5.5,6.6.2,7.1.0 | #16 | |
CVE-2016-1000027Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.1.RELEASE/spring-web-4.2.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-web-4.2.1.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | spring-web-4.2.1.RELEASE.jar | Upgrade to version: org.springframework:spring-web:6.0.0 | #25 | |
CVE-2015-5211Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.2.1.RELEASE/spring-webmvc-4.2.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-webmvc-4.2.1.RELEASE.jar (Vulnerable Library) |
Critical |
9.6 | spring-webmvc-4.2.1.RELEASE.jar | Upgrade to version: org.springframework:spring-web:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE,org.springframework:spring-webmvc:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE,org.springframework:spring-websocket:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE | #30 | |
CVE-2015-5211Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.1.RELEASE/spring-web-4.2.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-web-4.2.1.RELEASE.jar (Vulnerable Library) |
Critical |
9.6 | spring-web-4.2.1.RELEASE.jar | Upgrade to version: org.springframework:spring-web:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE,org.springframework:spring-webmvc:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE,org.springframework:spring-websocket:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE | #25 | |
CVE-2019-20445Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar Dependency Hierarchy: -> transport-5.6.4.jar (Root Library) -> transport-netty4-client-5.6.4.jar -> ❌ netty-codec-http-4.1.13.Final.jar (Vulnerable Library) |
Critical |
9.1 | netty-codec-http-4.1.13.Final.jar | Upgrade to version: io.netty:netty-codec-http:4.1.44 | #20 | |
CVE-2019-20444Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar Dependency Hierarchy: -> transport-5.6.4.jar (Root Library) -> transport-netty4-client-5.6.4.jar -> ❌ netty-codec-http-4.1.13.Final.jar (Vulnerable Library) |
Critical |
9.1 | netty-codec-http-4.1.13.Final.jar | Upgrade to version: io.netty:netty-all:4.1.44.Final | #20 | |
CVE-2019-20444Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty/3.10.6.Final/netty-3.10.6.Final.jar Dependency Hierarchy: -> transport-5.6.4.jar (Root Library) -> transport-netty3-client-5.6.4.jar -> ❌ netty-3.10.6.Final.jar (Vulnerable Library) |
Critical |
9.1 | netty-3.10.6.Final.jar | Upgrade to version: io.netty:netty-all:4.1.44.Final | #20 | |
WS-2021-0170Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.2.1.RELEASE/spring-core-4.2.1.RELEASE.jar Dependency Hierarchy: -> spring-web-4.2.1.RELEASE.jar (Root Library) -> spring-aop-4.2.1.RELEASE.jar -> spring-beans-4.2.1.RELEASE.jar -> ❌ spring-core-4.2.1.RELEASE.jar (Vulnerable Library) |
Critical |
9.0 | spring-core-4.2.1.RELEASE.jar | Upgrade to version: org.springframework:spring-core:v4.1.9.RELEASE,v4.2.3.RELEASE | #25 | |
CVE-2021-22112Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-security-web-4.0.1.RELEASE.jar (Vulnerable Library) |
 High |
8.8 | spring-security-web-4.0.1.RELEASE.jar | Upgrade to version: org.springframework.security:spring-security-web:5.2.9,5.3.8,5.4.4 | #24 | |
CVE-2020-11113Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4;2.10.0 | #26 | |
CVE-2020-11112Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0 | #26 | |
CVE-2020-11111Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0 | #26 | |
CVE-2020-10969Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.6;com.fasterxml.jackson.core:jackson-databind:2.7.9.7 | #26 | |
CVE-2020-10968Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.4.jar | Upgrade to version: jackson-databind-2.9.10.4 | #26 | |
CVE-2020-10673Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 | #26 | |
CVE-2020-10672Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.4.jar | Upgrade to version: jackson-databind-2.9.10.4 | #26 | |
CVE-2018-3831Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar Dependency Hierarchy: -> ❌ elasticsearch-5.6.4.jar (Vulnerable Library) |
High |
8.8 | elasticsearch-5.6.4.jar | Upgrade to version: org.elasticsearch:elasticsearch:5.6.12,6.4.1 | #16 | |
CVE-2017-3523Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.35.jar (Vulnerable Library) |
High |
8.5 | mysql-connector-java-5.1.35.jar | Upgrade to version: mysql:mysql-connector-java:5.1.41 | #39 | |
CVE-2023-22102Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.35.jar (Vulnerable Library) |
High |
8.3 | mysql-connector-java-5.1.35.jar | Upgrade to version: com.mysql:mysql-connector-j:8.2.0 | #39 | |
CVE-2021-20190Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind-2.9.10.7 | #26 | |
CVE-2020-36189Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #26 | |
CVE-2020-36188Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #26 | |
CVE-2020-36187Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #26 | |
CVE-2020-36186Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #26 | |
CVE-2020-36185Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #26 |
Total libraries scanned: 107
Scan token: b7acccdc883f44febba8c266cb986cb7