Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.springframework:spring-web to v5 #276

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency org.springframework:spring-web to v5

46e93ab
Select commit
Loading
Failed to load commit list.
Open

Update dependency org.springframework:spring-web to v5 #276

Update dependency org.springframework:spring-web to v5
46e93ab
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed May 6, 2024 in 2m 47s

Security Report

You have successfully remediated 22 vulnerabilities, but introduced 23 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-44228

Path to dependency file: /apps/rest-showcase/pom.xml

Path to vulnerable library: /apps/rest-showcase/pom.xml,/apps/showcase/pom.xml

Dependency Hierarchy:

-> ❌ log4j-core-2.10.0.jar (Vulnerable Library)

Critical 10.0 log4j-core-2.10.0.jar Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.2,2.15.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 None
CVE-2016-1000027

Path to dependency file: /apps/showcase/pom.xml

Path to vulnerable library: /apps/showcase/pom.xml,/plugins/spring/pom.xml,/plugins/junit/pom.xml,/plugins/rest/pom.xml,/core/pom.xml

Dependency Hierarchy:

-> ❌ spring-web-5.3.34.jar (Vulnerable Library)

Critical 9.8 spring-web-5.3.34.jar Upgrade to version: org.springframework:spring-web:6.0.0 #105
CVE-2021-45046

Path to dependency file: /apps/rest-showcase/pom.xml

Path to vulnerable library: /apps/rest-showcase/pom.xml,/apps/showcase/pom.xml

Dependency Hierarchy:

-> ❌ log4j-core-2.10.0.jar (Vulnerable Library)

Critical 9.0 log4j-core-2.10.0.jar Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.2,2.16.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 None
CVE-2023-49735

Path to dependency file: /apps/showcase/pom.xml

Path to vulnerable library: /apps/showcase/pom.xml,/plugins/portlet-tiles/pom.xml,/plugins/tiles/pom.xml

Dependency Hierarchy:

-> ❌ tiles-core-3.0.7.jar (Vulnerable Library)

High 7.5 tiles-core-3.0.7.jar None
CVE-2019-10086

Path to dependency file: /bundles/admin/pom.xml

Path to vulnerable library: /bundles/admin/pom.xml,/core/pom.xml,/plugins/bean-validation/pom.xml,/apps/showcase/pom.xml,/plugins/tiles/pom.xml,/plugins/portlet-tiles/pom.xml,/plugins/osgi/pom.xml,/plugins/sitemesh/pom.xml,/plugins/rest/pom.xml,/bundles/demo/pom.xml

Dependency Hierarchy:

-> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library)

High 7.3 commons-beanutils-1.9.2.jar Upgrade to version: commons-beanutils:commons-beanutils:1.9.4 None
CVE-2014-0114

Path to dependency file: /bundles/admin/pom.xml

Path to vulnerable library: /bundles/admin/pom.xml,/core/pom.xml,/plugins/bean-validation/pom.xml,/apps/showcase/pom.xml,/plugins/tiles/pom.xml,/plugins/portlet-tiles/pom.xml,/plugins/osgi/pom.xml,/plugins/sitemesh/pom.xml,/plugins/rest/pom.xml,/bundles/demo/pom.xml

Dependency Hierarchy:

-> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library)

High 7.3 commons-beanutils-1.9.2.jar Upgrade to version: commons-beanutils:commons-beanutils:1.9.4;org.apache.struts:struts2-core:2.0.5 #37
CVE-2021-44832

Path to dependency file: /apps/rest-showcase/pom.xml

Path to vulnerable library: /apps/rest-showcase/pom.xml,/apps/showcase/pom.xml

Dependency Hierarchy:

-> ❌ log4j-core-2.10.0.jar (Vulnerable Library)

Medium 6.6 log4j-core-2.10.0.jar Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.2,2.12.4,2.17.1 None
CVE-2023-1932

Path to dependency file: /apps/showcase/pom.xml

Path to vulnerable library: /apps/showcase/pom.xml

Dependency Hierarchy:

-> ❌ hibernate-validator-5.1.3.Final.jar (Vulnerable Library)

Medium 6.1 hibernate-validator-5.1.3.Final.jar Upgrade to version: org.hibernate.validator:hibernate-validator:6.2.0.Final None
CVE-2020-7656

Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js

Dependency Hierarchy:

-> ❌ jquery-1.3.2.min.js (Vulnerable Library)

Medium 6.1 jquery-1.3.2.min.js Upgrade to version: jquery - 1.9.0 #128
CVE-2019-8331

Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Medium 6.1 bootstrap-3.3.4.min.js Upgrade to version: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1 #109
CVE-2019-11358

Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js

Dependency Hierarchy:

-> ❌ jquery-1.3.2.min.js (Vulnerable Library)

Medium 6.1 jquery-1.3.2.min.js Upgrade to version: jquery - 3.4.0 #93
CVE-2018-20677

Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Medium 6.1 bootstrap-3.3.4.min.js Upgrade to version: bootstrap - 3.4.0 #27
CVE-2018-20676

Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Medium 6.1 bootstrap-3.3.4.min.js Upgrade to version: bootstrap - 3.4.0 #138
CVE-2018-14042

Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Medium 6.1 bootstrap-3.3.4.min.js Upgrade to version: bootstrap - 3.4.0,4.1.2 #25
CVE-2016-10735

Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Medium 6.1 bootstrap-3.3.4.min.js Upgrade to version: bootstrap - 3.4.0, 4.0.0-beta.2 #137
CVE-2015-9251

Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js

Dependency Hierarchy:

-> ❌ jquery-1.3.2.min.js (Vulnerable Library)

Medium 6.1 jquery-1.3.2.min.js Upgrade to version: jQuery - 3.0.0 #11
CVE-2012-6708

Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js

Dependency Hierarchy:

-> ❌ jquery-1.3.2.min.js (Vulnerable Library)

Medium 6.1 jquery-1.3.2.min.js Upgrade to version: jQuery - v1.9.0 #9
CVE-2021-45105

Path to dependency file: /apps/rest-showcase/pom.xml

Path to vulnerable library: /apps/rest-showcase/pom.xml,/apps/showcase/pom.xml

Dependency Hierarchy:

-> ❌ log4j-core-2.10.0.jar (Vulnerable Library)

Medium 5.9 log4j-core-2.10.0.jar Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.3,2.17.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 None
CVE-2020-15250

Path to dependency file: /plugins/junit/pom.xml

Path to vulnerable library: /plugins/junit/pom.xml,/bundles/demo/pom.xml,/plugins/plexus/pom.xml,/core/pom.xml,/bundles/admin/pom.xml

Dependency Hierarchy:

-> ❌ junit-4.12.jar (Vulnerable Library)

Medium 5.5 junit-4.12.jar Upgrade to version: junit:junit:4.13.1 None
CVE-2020-10693

Path to dependency file: /apps/showcase/pom.xml

Path to vulnerable library: /apps/showcase/pom.xml

Dependency Hierarchy:

-> ❌ hibernate-validator-5.1.3.Final.jar (Vulnerable Library)

Medium 5.3 hibernate-validator-5.1.3.Final.jar Upgrade to version: org.hibernate:hibernate-validator:6.0.20.Final,6.1.5.Final #200
CVE-2020-9488

Path to dependency file: /apps/rest-showcase/pom.xml

Path to vulnerable library: /apps/rest-showcase/pom.xml,/apps/showcase/pom.xml

Dependency Hierarchy:

-> ❌ log4j-core-2.10.0.jar (Vulnerable Library)

Low 3.7 log4j-core-2.10.0.jar Upgrade to version: ch.qos.reload4j:reload4j:1.2.18.3 None
CVE-2018-14040

Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Low 3.7 bootstrap-3.3.4.min.js Upgrade to version: bootstrap - 3.4.0,4.1.2 #23
CVE-2011-4969

Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js

Dependency Hierarchy:

-> ❌ jquery-1.3.2.min.js (Vulnerable Library)

Low 3.7 jquery-1.3.2.min.js Upgrade to version: 1.6.3 #7

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2020-5421 spring-web-4.3.13.RELEASE.jar
CVE-2018-11040 spring-webmvc-4.3.13.RELEASE.jar
CVE-2022-22970 spring-core-4.3.13.RELEASE.jar
CVE-2018-15756 spring-web-4.3.13.RELEASE.jar
CVE-2018-1272 spring-core-4.3.13.RELEASE.jar
CVE-2021-22096 spring-web-4.3.13.RELEASE.jar
CVE-2018-11039 spring-web-4.3.13.RELEASE.jar
CVE-2021-22096 spring-core-4.3.13.RELEASE.jar
CVE-2022-22970 spring-beans-4.3.13.RELEASE.jar
CVE-2018-1199 spring-core-4.3.13.RELEASE.jar
CVE-2024-22243 spring-web-4.3.13.RELEASE.jar
CVE-2022-22965 spring-beans-4.3.13.RELEASE.jar
CVE-2024-22262 spring-web-4.3.13.RELEASE.jar
CVE-2021-22060 spring-core-4.3.13.RELEASE.jar
CVE-2018-1271 spring-webmvc-4.3.13.RELEASE.jar
CVE-2018-11040 spring-web-4.3.13.RELEASE.jar
CVE-2022-22950 spring-expression-4.3.13.RELEASE.jar
CVE-2024-22259 spring-web-4.3.13.RELEASE.jar
CVE-2021-22096 spring-webmvc-4.3.13.RELEASE.jar
CVE-2023-20861 spring-expression-4.3.13.RELEASE.jar
CVE-2023-20863 spring-expression-4.3.13.RELEASE.jar
CVE-2016-1000027 spring-web-4.3.13.RELEASE.jar

Base branch total remaining vulnerabilities: 164
Base branch commit: null


Total libraries scanned: 127

Scan token: 9ff34abdbce14c2c8d49be6b54b49c88

View more details on Mend for GitHub.com