Update module github.com/labstack/echo/v4 to v4.2.0 (master) #8
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
general
https://vonagecc.jfrog.io/artifactory
Step | Level | Description | Details |
---|---|---|---|
Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
https://vonagecc.jfrog.io/artifactory/maven
Step | Level | Description | Details |
---|---|---|---|
Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
You have successfully remediated 15 vulnerabilities, but introduced 13 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
---|---|---|---|---|---|---|---|---|
CVE-2022-41721Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | golang.org/x/net-v0.0.0-20200822124328-c89045814202 | Upgrade to version: v0.2.0 | None | |
CVE-2022-32149Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> github.com/go-openapi/spec-v0.19.5 (Root Library) -> github.com/go-openapi/jsonreference-v0.19.3 -> github.com/PuerkitoBio/purell-v1.1.1 -> ❌ golang.org/x/text-v0.3.3 (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | golang.org/x/text-v0.3.3 | Upgrade to version: v0.3.8 | None | |
CVE-2022-27664Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library) |
High | 7.5 | Not Defined | 0.2% | golang.org/x/net-v0.0.0-20200822124328-c89045814202 | Upgrade to version: golang.org/x/net - 0.0.0-20220906165146-f3363e06e74c, go1.18.6, go1.19.1 | None | |
CVE-2022-27191Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> github.com/labstack/echo/v4-v4.2.0 (Root Library) -> ❌ golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a (Vulnerable Library) |
High | 7.5 | Not Defined | 0.3% | golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a | Upgrade to version: golang-golang-x-crypto-dev - 1:0.0 |
None | |
CVE-2021-44716Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library) |
High | 7.5 | Not Defined | 0.2% | golang.org/x/net-v0.0.0-20200822124328-c89045814202 | Upgrade to version: github.com/golang/net - 491a49abca63de5e07ef554052d180a1b5fe2d70 | None | |
CVE-2021-43565Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> github.com/labstack/echo/v4-v4.2.0 (Root Library) -> ❌ golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a | Upgrade to version: golang-golang-x-crypto-dev - 1:0.0 |
None | |
CVE-2021-38561Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> github.com/go-openapi/spec-v0.19.5 (Root Library) -> github.com/go-openapi/jsonreference-v0.19.3 -> github.com/PuerkitoBio/purell-v1.1.1 -> ❌ golang.org/x/text-v0.3.3 (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | golang.org/x/text-v0.3.3 | Upgrade to version: v0.3.7 | None | |
CVE-2021-33194Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | golang.org/x/net-v0.0.0-20200822124328-c89045814202 | Upgrade to version: golang.org/x/net - v0.0.0-20210520170846-37e1c6afe023 | None | |
CVE-2020-29652Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> github.com/labstack/echo/v4-v4.2.0 (Root Library) -> ❌ golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a (Vulnerable Library) |
High | 7.5 | Not Defined | 0.5% | golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a | Upgrade to version: v0.0.0-20201216223049-8b5274cf687f | None | |
CVE-2020-28852Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> github.com/go-openapi/spec-v0.19.5 (Root Library) -> github.com/go-openapi/jsonreference-v0.19.3 -> github.com/PuerkitoBio/purell-v1.1.1 -> ❌ golang.org/x/text-v0.3.3 (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | golang.org/x/text-v0.3.3 | Upgrade to version: golang-golang-x-text-dev - 0.3.5-1,0.3.5-1 | None | |
CVE-2020-28851Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> github.com/go-openapi/spec-v0.19.5 (Root Library) -> github.com/go-openapi/jsonreference-v0.19.3 -> github.com/PuerkitoBio/purell-v1.1.1 -> ❌ golang.org/x/text-v0.3.3 (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | golang.org/x/text-v0.3.3 | Upgrade to version: golang-golang-x-text-dev - 0.3.6-1,0.3.6-1 | None | |
CVE-2021-31525Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library) |
Medium | 5.9 | Not Defined | 0.9% | golang.org/x/net-v0.0.0-20200822124328-c89045814202 | Upgrade to version: golang - v1.15.12,v1.16.4,v1.17.0 | None | |
CVE-2022-29526Path to dependency file: /go.mod Path to vulnerable library: /go.mod Dependency Hierarchy: -> github.com/sirupsen/loGrUs-v1.4.2 (Root Library) -> ❌ golang.org/x/sys-v0.0.0-20200826173525-f9321e4c35a6 (Vulnerable Library) |
Medium | 5.3 | Not Defined | 0.2% | golang.org/x/sys-v0.0.0-20200826173525-f9321e4c35a6 | Upgrade to version: go1.17.10,go1.18.2,go1.19 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2020-29652 | github.com/golang/crypto-v0.0.0-20200302210149-32487eceac71 |
CVE-2021-43565 | github.com/golang/crypto-v0.0.0-20200302210149-32487eceac71 |
CVE-2021-31525 | github.com/golang/net-v0.0.0-20200301022130-244492dfa37a |
CVE-2021-44716 | github.com/golang/net-v0.0.0-20200301022130-244492dfa37a |
CVE-2020-28851 | golang.org/x/text-v0.3.2 |
CVE-2020-28852 | golang.org/x/text-v0.3.2 |
CVE-2022-27191 | github.com/golang/crypto-v0.0.0-20200302210149-32487eceac71 |
CVE-2020-14040 | golang.org/x/text-v0.3.2 |
CVE-2022-32149 | golang.org/x/text-v0.3.2 |
CVE-2020-36565 | github.com/labstack/echo/v4-v4.1.16 |
CVE-2022-29526 | github.com/golang/sys-v0.0.0-20200301025734-6b2465a0221e |
CVE-2022-41721 | github.com/golang/net-v0.0.0-20200301022130-244492dfa37a |
CVE-2021-33194 | github.com/golang/net-v0.0.0-20200301022130-244492dfa37a |
CVE-2022-27664 | github.com/golang/net-v0.0.0-20200301022130-244492dfa37a |
CVE-2021-38561 | golang.org/x/text-v0.3.2 |
Base branch total remaining vulnerabilities: 24
Base branch commit: null
Total libraries scanned: 76
Scan token: 974a5442896845bd9286943dcac04936