Update dependency commons-validator:commons-validator to v1.8.0 #493
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2017-3523Path to dependency file: /jobs/pacman-qualys-enricher/pom.xml Path to vulnerable library: /jobs/pacman-qualys-enricher/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-cloud-discovery/pom.xml,/jobs/recommendation-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.17.jar (Vulnerable Library) |
 High |
8.5 | mysql-connector-java-5.1.17.jar | Upgrade to version: mysql:mysql-connector-java:5.1.41 | #6 |
CVE-2018-15758Path to dependency file: /api/pacman-api-admin/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/oauth/spring-security-oauth2/2.2.1.RELEASE/spring-security-oauth2-2.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/oauth/spring-security-oauth2/2.2.1.RELEASE/spring-security-oauth2-2.2.1.RELEASE.jar Dependency Hierarchy: -> spring-cloud-starter-security-2.0.0.RELEASE.jar (Root Library) -> spring-cloud-security-2.0.0.RELEASE.jar -> spring-security-oauth2-autoconfigure-2.0.0.RELEASE.jar -> ❌ spring-security-oauth2-2.2.1.RELEASE.jar (Vulnerable Library) |
High |
8.1 | spring-security-oauth2-2.2.1.RELEASE.jar | Upgrade to version: 2.3.4.RELEASE,2.2.3.RELEASE,2.1.3.RELEASE,2.0.16.RELEASE | #49 |
CVE-2017-3586Path to dependency file: /jobs/pacman-qualys-enricher/pom.xml Path to vulnerable library: /jobs/pacman-qualys-enricher/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-cloud-discovery/pom.xml,/jobs/recommendation-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.17.jar (Vulnerable Library) |
 Medium |
6.4 | mysql-connector-java-5.1.17.jar | Upgrade to version: 5.1.42 | #142 |
CVE-2018-11087Path to dependency file: /api/pacman-api-admin/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/rabbitmq/amqp-client/5.1.2/amqp-client-5.1.2.jar,/home/wss-scanner/.m2/repository/com/rabbitmq/amqp-client/5.1.2/amqp-client-5.1.2.jar Dependency Hierarchy: -> spring-cloud-starter-bus-amqp-2.0.0.RELEASE.jar (Root Library) -> spring-cloud-starter-stream-rabbit-2.0.0.RELEASE.jar -> spring-cloud-stream-binder-rabbit-2.0.0.RELEASE.jar -> spring-cloud-stream-binder-rabbit-core-2.0.0.RELEASE.jar -> spring-boot-starter-amqp-2.0.4.RELEASE.jar -> spring-rabbit-2.0.5.RELEASE.jar -> ❌ amqp-client-5.1.2.jar (Vulnerable Library) |
Medium |
5.9 | amqp-client-5.1.2.jar | Upgrade to version: 1.7.10.RELEASE,2.0.6.RELEASE | #163 |
CVE-2018-11087Path to dependency file: /commons/pac-api-commons/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/amqp/spring-amqp/2.0.5.RELEASE/spring-amqp-2.0.5.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/amqp/spring-amqp/2.0.5.RELEASE/spring-amqp-2.0.5.RELEASE.jar Dependency Hierarchy: -> spring-cloud-starter-bus-amqp-2.0.0.RELEASE.jar (Root Library) -> spring-cloud-starter-stream-rabbit-2.0.0.RELEASE.jar -> spring-cloud-stream-binder-rabbit-2.0.0.RELEASE.jar -> spring-cloud-stream-binder-rabbit-core-2.0.0.RELEASE.jar -> spring-boot-starter-amqp-2.0.4.RELEASE.jar -> spring-rabbit-2.0.5.RELEASE.jar -> ❌ spring-amqp-2.0.5.RELEASE.jar (Vulnerable Library) |
Medium |
5.9 | spring-amqp-2.0.5.RELEASE.jar | Upgrade to version: 1.7.10.RELEASE,2.0.6.RELEASE | #163 |
CVE-2018-11087Path to dependency file: /commons/pac-api-commons/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/amqp/spring-rabbit/2.0.5.RELEASE/spring-rabbit-2.0.5.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/amqp/spring-rabbit/2.0.5.RELEASE/spring-rabbit-2.0.5.RELEASE.jar Dependency Hierarchy: -> spring-cloud-starter-bus-amqp-2.0.0.RELEASE.jar (Root Library) -> spring-cloud-starter-stream-rabbit-2.0.0.RELEASE.jar -> spring-cloud-stream-binder-rabbit-2.0.0.RELEASE.jar -> spring-cloud-stream-binder-rabbit-core-2.0.0.RELEASE.jar -> spring-boot-starter-amqp-2.0.4.RELEASE.jar -> ❌ spring-rabbit-2.0.5.RELEASE.jar (Vulnerable Library) |
Medium |
5.9 | spring-rabbit-2.0.5.RELEASE.jar | Upgrade to version: 1.7.10.RELEASE,2.0.6.RELEASE | #163 |
CVE-2018-14040Path to dependency file: /api/pacman-api-auth/pom.xml Path to vulnerable library: /api/pacman-api-auth/pom.xml Dependency Hierarchy: -> ❌ bootstrap-3.3.2.jar (Vulnerable Library) |
 Low |
3.7 | bootstrap-3.3.2.jar | Upgrade to version: bootstrap - 3.4.0,4.1.2 | #67 |
CVE-2017-3589Path to dependency file: /jobs/pacman-qualys-enricher/pom.xml Path to vulnerable library: /jobs/pacman-qualys-enricher/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-cloud-discovery/pom.xml,/jobs/recommendation-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.17.jar (Vulnerable Library) |
Low |
3.3 | mysql-connector-java-5.1.17.jar | Upgrade to version: 5.1.42 | #135 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2019-10086 | commons-beanutils-1.8.3.jar |
| CVE-2014-0114 | commons-beanutils-1.8.3.jar |
Base branch total remaining vulnerabilities: 455
Base branch commit: acf9a0620c1a37cee4f2896d71e1c3731c5c7b06
Total libraries scanned: 377
Scan token: 68c1d1f4949249f78b5b3ca58efc2aff