Update .whitesource
Security Report
Partial results (93 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
WS-2022-0080Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.5.jar (Vulnerable Library) |
 Critical |
9.8 | postgresql-42.2.5.jar | Upgrade to version: org.postgresql:postgresql:42.3.3 | #2 |
CVE-2022-26520Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.5.jar (Vulnerable Library) |
Critical |
9.8 | postgresql-42.2.5.jar | Upgrade to version: org.postgresql:postgresql:42.3.3 | #2 |
CVE-2022-23221Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ h2-1.4.197.jar (Vulnerable Library) |
Critical |
9.8 | h2-1.4.197.jar | Upgrade to version: com.h2database:h2:2.1.210 | #12 |
CVE-2022-21724Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.5.jar (Vulnerable Library) |
Critical |
9.8 | postgresql-42.2.5.jar | Upgrade to version: org.postgresql:postgresql:42.2.25,42.3.2 | #2 |
CVE-2022-1471Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> liquibase-core-3.6.2.jar (Root Library) -> ❌ snakeyaml-1.18.jar (Vulnerable Library) |
Critical |
9.8 | snakeyaml-1.18.jar | Upgrade to version: org.yaml:snakeyaml:2.0 | #1 |
CVE-2022-0839Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ liquibase-core-3.6.2.jar (Vulnerable Library) |
Critical |
9.8 | liquibase-core-3.6.2.jar | Upgrade to version: org.liquibase:liquibase-core:4.8.0 | #1 |
CVE-2021-42392Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ h2-1.4.197.jar (Vulnerable Library) |
Critical |
9.8 | h2-1.4.197.jar | Upgrade to version: com.h2database:h2:2.0.206 | #12 |
CVE-2020-9548Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 | #3 |
CVE-2020-9547Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 | #3 |
CVE-2020-9546Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 | #3 |
CVE-2020-8840Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 | #3 |
CVE-2020-10683Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/dom4j/dom4j/1.1/dom4j-1.1.jar Dependency Hierarchy: -> velocity-tools-2.0.jar (Root Library) -> ❌ dom4j-1.1.jar (Vulnerable Library) |
Critical |
9.8 | dom4j-1.1.jar | Upgrade to version: org.dom4j:dom4j:2.1.3,org.dom4j:dom4j:2.0.3 | #7 |
CVE-2019-20330Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 | #3 |
CVE-2019-17531Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: 2.10 | #3 |
CVE-2019-17267Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 | #3 |
CVE-2019-16943Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | #3 |
CVE-2019-16942Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | #3 |
CVE-2019-16335Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: 2.9.10 | #3 |
CVE-2019-14893Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | #3 |
CVE-2019-14892Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10 | #3 |
CVE-2019-14540Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1 | #3 |
CVE-2019-14379Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: 2.9.9.2 | #3 |
CVE-2019-13116Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jxls-2.4.6.jar (Root Library) -> commons-beanutils-1.9.2.jar -> ❌ commons-collections-3.2.1.jar (Vulnerable Library) |
Critical |
9.8 | commons-collections-3.2.1.jar | Upgrade to version: commons-collections:commons-collections:3.2.2 | #5 |
CVE-2019-10202Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.0.0 | #3 |
CVE-2018-14719Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: 2.9.7 | #3 |
CVE-2018-14718Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: 2.9.7 | #3 |
CVE-2018-11307Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: jackson-databind-2.9.6 | #3 |
CVE-2017-5929Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jxls-2.4.6.jar (Root Library) -> ❌ logback-core-1.1.3.jar (Vulnerable Library) |
Critical |
9.8 | logback-core-1.1.3.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.0;ch.qos.logback:logback-access:1.2.0;ch.qos.logback:logback-classic:1.2.0 | #5 |
CVE-2017-17485Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
Critical |
9.8 | jackson-databind-2.8.10.jar | Upgrade to version: 2.9.4 | #3 |
CVE-2017-15708Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jxls-2.4.6.jar (Root Library) -> commons-beanutils-1.9.2.jar -> ❌ commons-collections-3.2.1.jar (Vulnerable Library) |
Critical |
9.8 | commons-collections-3.2.1.jar | Upgrade to version: org.apache.synapse:Apache-Synapse:3.0.1;commons-collections:commons-collections:3.2.2 | #5 |
CVE-2015-4852Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jxls-2.4.6.jar (Root Library) -> commons-beanutils-1.9.2.jar -> ❌ commons-collections-3.2.1.jar (Vulnerable Library) |
Critical |
9.8 | commons-collections-3.2.1.jar | Upgrade to version: commons-collections:commons-collections:3.2.2 | #5 |
CVE-2021-23926Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jxls-poi-1.0.15.jar (Root Library) -> poi-ooxml-3.17.jar -> poi-ooxml-schemas-3.17.jar -> ❌ xmlbeans-2.6.0.jar (Vulnerable Library) |
Critical |
9.1 | xmlbeans-2.6.0.jar | Upgrade to version: org.apache.xmlbeans:xmlbeans:3.0.0 | #11 |
CVE-2019-20445Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ netty-all-4.1.29.Final.jar (Vulnerable Library) |
Critical |
9.1 | netty-all-4.1.29.Final.jar | Upgrade to version: io.netty:netty-codec-http:4.1.44 | #16 |
CVE-2019-20444Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ netty-all-4.1.29.Final.jar (Vulnerable Library) |
Critical |
9.1 | netty-all-4.1.29.Final.jar | Upgrade to version: io.netty:netty-all:4.1.44.Final | #16 |
CVE-2020-13936Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar Dependency Hierarchy: -> ❌ velocity-1.7.jar (Vulnerable Library) |
 High |
8.8 | velocity-1.7.jar | Upgrade to version: org.apache.velocity:velocity-engine-core:2.3 | #4 |
CVE-2020-11113Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4;2.10.0 | #3 |
CVE-2020-11112Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0 | #3 |
CVE-2020-11111Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0 | #3 |
CVE-2020-10969Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.6;com.fasterxml.jackson.core:jackson-databind:2.7.9.7 | #3 |
CVE-2020-10968Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.10.jar | Upgrade to version: jackson-databind-2.9.10.4 | #3 |
CVE-2020-10673Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 | #3 |
CVE-2020-10672Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.8 | jackson-databind-2.8.10.jar | Upgrade to version: jackson-databind-2.9.10.4 | #3 |
CVE-2023-22102Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.47.jar (Vulnerable Library) |
High |
8.3 | mysql-connector-java-5.1.47.jar | Upgrade to version: com.mysql:mysql-connector-j:8.2.0 | #13 |
CVE-2021-20190Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind-2.9.10.7 | #3 |
CVE-2020-36189Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36188Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36187Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36186Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36185Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36184Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36183Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36182Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36181Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36180Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-36179Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #3 |
CVE-2020-24750Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.6 | #3 |
CVE-2020-24616Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: 2.9.10.6 | #3 |
CVE-2020-14195Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.5 | #3 |
CVE-2020-14062Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | #3 |
CVE-2020-14061Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | #3 |
CVE-2020-14060Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | #3 |
CVE-2020-11620Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 | #3 |
CVE-2020-11619Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 | #3 |
CVE-2020-10650Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 | #3 |
CVE-2018-5968Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
8.1 | jackson-databind-2.8.10.jar | Upgrade to version: 2.8.11.1, 2.9.4 | #3 |
CVE-2022-31197Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.5.jar (Vulnerable Library) |
High |
8.0 | postgresql-42.2.5.jar | Upgrade to version: org.postgresql:postgresql:42.2.26,42.4.1 | #2 |
CVE-2022-45868Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ h2-1.4.197.jar (Vulnerable Library) |
High |
7.8 | h2-1.4.197.jar | Upgrade to version: com.h2database:h2:2.2.220 | #12 |
CVE-2020-13692Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ postgresql-42.2.5.jar (Vulnerable Library) |
High |
7.7 | postgresql-42.2.5.jar | Upgrade to version: org.postgresql:postgresql:42.2.13 | #2 |
WS-2014-0065Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ jna-platform-4.5.2.jar (Vulnerable Library) |
High |
7.5 | jna-platform-4.5.2.jar | Upgrade to version: net.java.dev.jna:jna-platform:5.0.0 | #17 |
CVE-2023-6481Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jxls-2.4.6.jar (Root Library) -> ❌ logback-core-1.1.3.jar (Vulnerable Library) |
High |
7.5 | logback-core-1.1.3.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 | #5 |
CVE-2023-36478Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jetty-server-9.4.12.v20180830.jar (Root Library) -> ❌ jetty-http-9.4.12.v20180830.jar (Vulnerable Library) |
High |
7.5 | jetty-http-9.4.12.v20180830.jar | Upgrade to version: org.eclipse.jetty.http2:http2-hpack:9.4.53.v20231009,10.0.16,11.0.16;org.eclipse.jetty.http3:http3-qpack:10.0.16,11.0.16;org.eclipse.jetty:jetty-http:9.4.53.v20231009,10.0.16,11.0.16 | #6 |
CVE-2022-42004Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 | #3 |
CVE-2022-42003Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1 | #3 |
CVE-2022-25857Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> liquibase-core-3.6.2.jar (Root Library) -> ❌ snakeyaml-1.18.jar (Vulnerable Library) |
High |
7.5 | snakeyaml-1.18.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | #1 |
CVE-2021-37137Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ netty-all-4.1.29.Final.jar (Vulnerable Library) |
High |
7.5 | netty-all-4.1.29.Final.jar | Upgrade to version: io.netty:netty-codec:4.1.68.Final;io.netty:netty-all:4.1.68.Final | #16 |
CVE-2021-37136Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ netty-all-4.1.29.Final.jar (Vulnerable Library) |
High |
7.5 | netty-all-4.1.29.Final.jar | Upgrade to version: io.netty:netty-codec:4.1.68.Final;io.netty:netty-all::4.1.68.Final | #16 |
CVE-2021-28165Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jetty-server-9.4.12.v20180830.jar (Root Library) -> jetty-http-9.4.12.v20180830.jar -> ❌ jetty-io-9.4.12.v20180830.jar (Vulnerable Library) |
High |
7.5 | jetty-io-9.4.12.v20180830.jar | Upgrade to version: org.eclipse.jetty:jetty-io:9.4.39, org.eclipse.jetty:jetty-io:10.0.2, org.eclipse.jetty:jetty-io:11.0.2 | #6 |
CVE-2020-7238Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ netty-all-4.1.29.Final.jar (Vulnerable Library) |
High |
7.5 | netty-all-4.1.29.Final.jar | Upgrade to version: io.netty:netty-all:4.1.44.Final;io.netty:netty-codec-http:4.1.44.Final | #16 |
CVE-2020-36518Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.8.10.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 | #3 |
CVE-2020-11612Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ netty-all-4.1.29.Final.jar (Vulnerable Library) |
High |
7.5 | netty-all-4.1.29.Final.jar | Upgrade to version: io.netty:netty-codec:4.1.46.Final;io.netty:netty-all:4.1.46.Final | #16 |
CVE-2019-9518Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ netty-all-4.1.29.Final.jar (Vulnerable Library) |
High |
7.5 | netty-all-4.1.29.Final.jar | Upgrade to version: io.netty:netty-codec-http2:4.1.39.Final,io.netty:netty-all:4.1.39.Final | #16 |
CVE-2019-16869Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ netty-all-4.1.29.Final.jar (Vulnerable Library) |
High |
7.5 | netty-all-4.1.29.Final.jar | Upgrade to version: io.netty:netty-all:4.1.42.Final,io.netty:netty-codec-http:4.1.42.Final | #16 |
CVE-2019-14439Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.8.10.jar | Upgrade to version: 2.9.9.2 | #3 |
CVE-2019-12086Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.8.10.jar | Upgrade to version: 2.9.9 | #3 |
CVE-2018-12022Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jersey-media-json-jackson-2.27.jar (Root Library) -> ❌ jackson-databind-2.8.10.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.8.10.jar | Upgrade to version: 2.7.9.4, 2.8.11.2, 2.9.6 | #3 |
CVE-2018-1000632Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/dom4j/dom4j/1.1/dom4j-1.1.jar Dependency Hierarchy: -> velocity-tools-2.0.jar (Root Library) -> ❌ dom4j-1.1.jar (Vulnerable Library) |
High |
7.5 | dom4j-1.1.jar | Upgrade to version: org.dom4j:dom4j:2.0.3 | #7 |
CVE-2017-18640Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> liquibase-core-3.6.2.jar (Root Library) -> ❌ snakeyaml-1.18.jar (Vulnerable Library) |
High |
7.5 | snakeyaml-1.18.jar | Upgrade to version: org.yaml:snakeyaml:1.26 | #1 |
WS-2020-0408Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ netty-all-4.1.29.Final.jar (Vulnerable Library) |
High |
7.4 | netty-all-4.1.29.Final.jar | Upgrade to version: io.netty:netty-all - 4.1.68.Final-redhat-00001,4.0.0.Final,4.1.67.Final-redhat-00002;io.netty:netty-handler - 4.1.68.Final-redhat-00001,4.1.67.Final-redhat-00001 | #16 |
CVE-2019-10086Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jxls-2.4.6.jar (Root Library) -> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library) |
High |
7.3 | commons-beanutils-1.9.2.jar | Upgrade to version: commons-beanutils:commons-beanutils:1.9.4 | #5 |
CVE-2015-6420Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jxls-2.4.6.jar (Root Library) -> commons-beanutils-1.9.2.jar -> ❌ commons-collections-3.2.1.jar (Vulnerable Library) |
High |
7.3 | commons-collections-3.2.1.jar | Upgrade to version: commons-collections:commons-collections3.2.2,org.apache.commons:commons-collections4:4.1 | #5 |
CVE-2014-0114Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> velocity-tools-2.0.jar (Root Library) -> ❌ struts-core-1.3.8.jar (Vulnerable Library) |
High |
7.3 | struts-core-1.3.8.jar | Upgrade to version: commons-beanutils:commons-beanutils:1.9.4;org.apache.struts:struts2-core:2.0.5 | #7 |
CVE-2014-0114Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> jxls-2.4.6.jar (Root Library) -> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library) |
High |
7.3 | commons-beanutils-1.9.2.jar | Upgrade to version: commons-beanutils:commons-beanutils:1.9.4;org.apache.struts:struts2-core:2.0.5 | #5 |
CVE-2023-2976Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> guice-4.2.1.jar (Root Library) -> ❌ guava-25.1-android.jar (Vulnerable Library) |
High |
7.1 | guava-25.1-android.jar | Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre | #10 |
Total libraries scanned: 122
Scan token: f5d53d71b1664c208ca2187a9cd64222