Update dependency org.apache.maven.plugins:maven-surefire-report-plugin to v3.2.5 #249
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
 High |
7.5 | logback-core-1.4.8.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 | None | |
CVE-2023-6378Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /modules/roadmap-all/pom.xml,/modules/roadmap-router-service/pom.xml,/modules/roadmap-commons/pom.xml Dependency Hierarchy: -> ❌ logback-classic-1.4.8.jar (Vulnerable Library) |
High |
7.5 | logback-classic-1.4.8.jar | Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 | None |
CVE-2022-42004Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 | #219 |
CVE-2022-42003Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1 | #220 |
CVE-2021-46877Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1 | None |
CVE-2020-36518Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
High |
7.5 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 | #200 |
WS-2021-0616Dependency Hierarchy: -> logstash-logback-encoder-6.6.jar (Root Library) -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library) |
 Medium |
5.9 | jackson-databind-2.12.0.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 | None |
CVE-2023-42503Path to dependency file: /modules/roadmap-all/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar Dependency Hierarchy: -> ❌ commons-compress-1.23.0.jar (Vulnerable Library) |
Medium |
5.5 | commons-compress-1.23.0.jar | Upgrade to version: org.apache.commons:commons-compress:1.24.0 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| WS-2018-0124 | jackson-core-2.1.3.jar |
| CVE-2020-14061 | jackson-databind-2.1.3.jar |
| CVE-2020-11112 | jackson-databind-2.1.3.jar |
| CVE-2020-10968 | jackson-databind-2.1.3.jar |
| CVE-2023-26464 | log4j-1.2.16.jar |
| CVE-2019-10202 | jackson-databind-2.1.3.jar |
| CVE-2019-16943 | jackson-databind-2.1.3.jar |
| CVE-2020-9546 | jackson-databind-2.1.3.jar |
| CVE-2019-12086 | jackson-databind-2.1.3.jar |
| CVE-2022-23302 | log4j-1.2.16.jar |
| CVE-2018-11307 | jackson-databind-2.1.3.jar |
| CVE-2020-10672 | jackson-databind-2.1.3.jar |
| CVE-2020-36183 | jackson-databind-2.1.3.jar |
| CVE-2017-7525 | jackson-databind-2.1.3.jar |
| CVE-2020-9493 | log4j-1.2.16.jar |
| CVE-2020-10650 | jackson-databind-2.1.3.jar |
| CVE-2020-14060 | jackson-databind-2.1.3.jar |
| CVE-2020-36182 | jackson-databind-2.1.3.jar |
| CVE-2020-10969 | jackson-databind-2.1.3.jar |
| CVE-2020-11113 | jackson-databind-2.1.3.jar |
| CVE-2019-20330 | jackson-databind-2.1.3.jar |
| CVE-2019-14379 | jackson-databind-2.1.3.jar |
| CVE-2020-10673 | jackson-databind-2.1.3.jar |
| CVE-2018-19361 | jackson-databind-2.1.3.jar |
| CVE-2020-36179 | jackson-databind-2.1.3.jar |
| CVE-2018-14718 | jackson-databind-2.1.3.jar |
| CVE-2019-14540 | jackson-databind-2.1.3.jar |
| CVE-2020-11619 | jackson-databind-2.1.3.jar |
| CVE-2020-9548 | jackson-databind-2.1.3.jar |
| CVE-2020-9488 | log4j-1.2.16.jar |
| CVE-2020-36185 | jackson-databind-2.1.3.jar |
| CVE-2019-12814 | jackson-databind-2.1.3.jar |
| CVE-2020-24750 | jackson-databind-2.1.3.jar |
| CVE-2020-11111 | jackson-databind-2.1.3.jar |
| CVE-2020-36518 | jackson-databind-2.1.3.jar |
| CVE-2018-12023 | jackson-databind-2.1.3.jar |
| CVE-2019-16942 | jackson-databind-2.1.3.jar |
| CVE-2018-14721 | jackson-databind-2.1.3.jar |
| CVE-2020-24616 | jackson-databind-2.1.3.jar |
| CVE-2017-17485 | jackson-databind-2.1.3.jar |
| CVE-2020-14062 | jackson-databind-2.1.3.jar |
| CVE-2020-36180 | jackson-databind-2.1.3.jar |
| CVE-2020-36188 | jackson-databind-2.1.3.jar |
| CVE-2019-17531 | jackson-databind-2.1.3.jar |
| CVE-2021-20190 | jackson-databind-2.1.3.jar |
| CVE-2022-23307 | log4j-1.2.16.jar |
| CVE-2017-15095 | jackson-databind-2.1.3.jar |
| CVE-2020-14195 | jackson-databind-2.1.3.jar |
| CVE-2019-14892 | jackson-databind-2.1.3.jar |
| CVE-2019-16335 | jackson-databind-2.1.3.jar |
| CVE-2020-36187 | jackson-databind-2.1.3.jar |
| CVE-2019-12384 | jackson-databind-2.1.3.jar |
| CVE-2020-25649 | jackson-databind-2.1.3.jar |
| CVE-2020-8840 | jackson-databind-2.1.3.jar |
| CVE-2019-14893 | jackson-databind-2.1.3.jar |
| CVE-2019-17267 | jackson-databind-2.1.3.jar |
| CVE-2018-19362 | jackson-databind-2.1.3.jar |
| CVE-2022-42003 | jackson-databind-2.1.3.jar |
| CVE-2019-14439 | jackson-databind-2.1.3.jar |
| CVE-2018-5968 | jackson-databind-2.1.3.jar |
| CVE-2020-11620 | jackson-databind-2.1.3.jar |
| CVE-2020-36186 | jackson-databind-2.1.3.jar |
| CVE-2020-36181 | jackson-databind-2.1.3.jar |
| CVE-2018-14720 | jackson-databind-2.1.3.jar |
| CVE-2022-42004 | jackson-databind-2.1.3.jar |
| CVE-2019-17571 | log4j-1.2.16.jar |
| CVE-2018-14719 | jackson-databind-2.1.3.jar |
| WS-2018-0125 | jackson-core-2.1.3.jar |
| CVE-2020-36189 | jackson-databind-2.1.3.jar |
| CVE-2018-19360 | jackson-databind-2.1.3.jar |
| CVE-2022-23305 | log4j-1.2.16.jar |
| CVE-2018-12022 | jackson-databind-2.1.3.jar |
| CVE-2020-9547 | jackson-databind-2.1.3.jar |
| CVE-2021-4104 | log4j-1.2.16.jar |
| CVE-2018-7489 | jackson-databind-2.1.3.jar |
| CVE-2020-36184 | jackson-databind-2.1.3.jar |
Base branch total remaining vulnerabilities: 81
Base branch commit: f4c4bbcd6ad3bf5b16cebca35328146b33f37a16
Total libraries scanned: 52
Scan token: 9ef9fdd2c92a4a7da3f878f1f443558f