Update dependency commons-io:commons-io to v2.14.0 #277
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2021-44228Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /apps/showcase/pom.xml,/apps/rest-showcase/pom.xml Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
 Critical |
10.0 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.2,2.15.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 | None |
CVE-2021-45046Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /apps/showcase/pom.xml,/apps/rest-showcase/pom.xml Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
Critical |
9.0 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.2,2.16.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 | None |
CVE-2023-49735Path to dependency file: /plugins/portlet-tiles/pom.xml Path to vulnerable library: /plugins/portlet-tiles/pom.xml,/plugins/tiles/pom.xml,/apps/showcase/pom.xml Dependency Hierarchy: -> ❌ tiles-core-3.0.7.jar (Vulnerable Library) |
 High |
7.5 | tiles-core-3.0.7.jar | None | |
CVE-2019-10086Path to dependency file: /plugins/bean-validation/pom.xml Path to vulnerable library: /plugins/bean-validation/pom.xml,/plugins/osgi/pom.xml,/bundles/demo/pom.xml,/core/pom.xml,/plugins/rest/pom.xml,/plugins/sitemesh/pom.xml,/plugins/tiles/pom.xml,/bundles/admin/pom.xml,/plugins/portlet-tiles/pom.xml,/plugins/portlet/pom.xml,/apps/showcase/pom.xml Dependency Hierarchy: -> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library) |
High |
7.3 | commons-beanutils-1.9.2.jar | Upgrade to version: commons-beanutils:commons-beanutils:1.9.4 | None |
CVE-2014-0114Path to dependency file: /plugins/bean-validation/pom.xml Path to vulnerable library: /plugins/bean-validation/pom.xml,/plugins/osgi/pom.xml,/bundles/demo/pom.xml,/core/pom.xml,/plugins/rest/pom.xml,/plugins/sitemesh/pom.xml,/plugins/tiles/pom.xml,/bundles/admin/pom.xml,/plugins/portlet-tiles/pom.xml,/plugins/portlet/pom.xml,/apps/showcase/pom.xml Dependency Hierarchy: -> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library) |
High |
7.3 | commons-beanutils-1.9.2.jar | Upgrade to version: commons-beanutils:commons-beanutils:1.9.4;org.apache.struts:struts2-core:2.0.5 | #37 |
CVE-2021-44832Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /apps/showcase/pom.xml,/apps/rest-showcase/pom.xml Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
 Medium |
6.6 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.2,2.12.4,2.17.1 | None |
CVE-2023-1932Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /apps/showcase/pom.xml Dependency Hierarchy: -> ❌ hibernate-validator-5.1.3.Final.jar (Vulnerable Library) |
Medium |
6.1 | hibernate-validator-5.1.3.Final.jar | Upgrade to version: org.hibernate.validator:hibernate-validator:6.2.0.Final | None |
CVE-2020-7656Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js Dependency Hierarchy: -> ❌ jquery-1.3.2.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.3.2.min.js | Upgrade to version: jquery - 1.9.0 | #128 |
CVE-2019-8331Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js Dependency Hierarchy: -> ❌ bootstrap-3.3.4.min.js (Vulnerable Library) |
Medium |
6.1 | bootstrap-3.3.4.min.js | Upgrade to version: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1 | #109 |
CVE-2019-11358Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js Dependency Hierarchy: -> ❌ jquery-1.3.2.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.3.2.min.js | Upgrade to version: jquery - 3.4.0 | #93 |
CVE-2018-20677Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js Dependency Hierarchy: -> ❌ bootstrap-3.3.4.min.js (Vulnerable Library) |
Medium |
6.1 | bootstrap-3.3.4.min.js | Upgrade to version: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0 | #27 |
CVE-2018-20676Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js Dependency Hierarchy: -> ❌ bootstrap-3.3.4.min.js (Vulnerable Library) |
Medium |
6.1 | bootstrap-3.3.4.min.js | Upgrade to version: bootstrap - 3.4.0 | #138 |
CVE-2018-14042Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js Dependency Hierarchy: -> ❌ bootstrap-3.3.4.min.js (Vulnerable Library) |
Medium |
6.1 | bootstrap-3.3.4.min.js | Upgrade to version: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0 | #25 |
CVE-2016-10735Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js Dependency Hierarchy: -> ❌ bootstrap-3.3.4.min.js (Vulnerable Library) |
Medium |
6.1 | bootstrap-3.3.4.min.js | Upgrade to version: bootstrap - 3.4.0, 4.0.0-beta.2 | #137 |
CVE-2015-9251Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js Dependency Hierarchy: -> ❌ jquery-1.3.2.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.3.2.min.js | Upgrade to version: jQuery - 3.0.0 | #11 |
CVE-2012-6708Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js Dependency Hierarchy: -> ❌ jquery-1.3.2.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.3.2.min.js | Upgrade to version: jQuery - v1.9.0 | #9 |
CVE-2021-45105Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /apps/showcase/pom.xml,/apps/rest-showcase/pom.xml Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
Medium |
5.9 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.3,2.17.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 | None |
CVE-2022-22968Path to dependency file: /plugins/portlet/pom.xml Path to vulnerable library: /plugins/portlet/pom.xml,/plugins/junit/pom.xml,/apps/showcase/pom.xml,/plugins/spring/pom.xml,/core/pom.xml,/plugins/rest/pom.xml Dependency Hierarchy: -> ❌ spring-context-4.3.13.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | spring-context-4.3.13.RELEASE.jar | Upgrade to version: org.springframework:spring-context:5.2.21,5.3.19 | None |
CVE-2020-10693Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /apps/showcase/pom.xml Dependency Hierarchy: -> ❌ hibernate-validator-5.1.3.Final.jar (Vulnerable Library) |
Medium |
5.3 | hibernate-validator-5.1.3.Final.jar | Upgrade to version: org.hibernate:hibernate-validator:6.0.20.Final,6.1.5.Final | #200 |
CVE-2020-15250Path to dependency file: /core/pom.xml Path to vulnerable library: /core/pom.xml,/bundles/admin/pom.xml,/bundles/demo/pom.xml,/plugins/junit/pom.xml,/plugins/portlet/pom.xml,/plugins/plexus/pom.xml Dependency Hierarchy: -> ❌ junit-4.12.jar (Vulnerable Library) |
Medium |
4.4 | junit-4.12.jar | Upgrade to version: junit:junit:4.13.1 | None |
CVE-2020-9488Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /apps/showcase/pom.xml,/apps/rest-showcase/pom.xml Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
 Low |
3.7 | log4j-core-2.10.0.jar | Upgrade to version: ch.qos.reload4j:reload4j:1.2.18.3 | None |
CVE-2018-14040Path to vulnerable library: /apps/showcase/src/main/webapp/js/bootstrap.min.js Dependency Hierarchy: -> ❌ bootstrap-3.3.4.min.js (Vulnerable Library) |
Low |
3.7 | bootstrap-3.3.4.min.js | Upgrade to version: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0 | #23 |
CVE-2011-4969Path to vulnerable library: /bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js Dependency Hierarchy: -> ❌ jquery-1.3.2.min.js (Vulnerable Library) |
Low |
3.7 | jquery-1.3.2.min.js | Upgrade to version: 1.6.3 | #7 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2021-29425 | commons-io-2.5.jar |
| CVE-2024-47554 | commons-io-2.5.jar |
Base branch total remaining vulnerabilities: 168
Base branch commit: null
Total libraries scanned: 129
Scan token: 388630e7a7db4eb2baabf9f521bc81d7