Update dependency ch.qos.logback:logback-classic to v1.2.0 #17

Security Report

You have successfully remediated 9 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue	Reachability
CVE-2019-14540 Path to dependency file: /pom.xml Path to vulnerable library: /Users/alexmaybaum/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library)	High	9.8	jackson-databind-2.8.4.jar	Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1	#9	Reachable
CVE-2018-19362 Path to dependency file: /pom.xml Path to vulnerable library: /Users/alexmaybaum/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library)	High	9.8	jackson-databind-2.8.4.jar	Upgrade to version: 2.9.8	#9	Reachable
CVE-2018-19361 Path to dependency file: /pom.xml Path to vulnerable library: /Users/alexmaybaum/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library)	High	9.8	jackson-databind-2.8.4.jar	Upgrade to version: 2.9.8	#9	Reachable
CVE-2017-17485 Path to dependency file: /pom.xml Path to vulnerable library: /Users/alexmaybaum/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar Dependency Hierarchy: -> spring-rabbit-1.7.1.RELEASE.jar (Root Library) -> http-client-1.1.1.RELEASE.jar -> ❌ jackson-databind-2.8.4.jar (Vulnerable Library)	High	9.8	jackson-databind-2.8.4.jar	Upgrade to version: 2.9.4	#9	Reachable
CVE-2015-5211 Path to dependency file: /pom.xml Path to vulnerable library: /Users/alexmaybaum/.m2/repository/org/springframework/spring-webmvc/4.2.1.RELEASE/spring-webmvc-4.2.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-webmvc-4.2.1.RELEASE.jar (Vulnerable Library)	High	8.6	spring-webmvc-4.2.1.RELEASE.jar	Upgrade to version: org.springframework:spring-web:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE,org.springframework:spring-webmvc:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE,org.springframework:spring-websocket:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE	#13	Reachable

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
WS-2014-0034	commons-fileupload-1.3.1.jar
CVE-2017-3589	mysql-connector-java-5.1.36.jar
CVE-2017-3523	mysql-connector-java-5.1.36.jar
CVE-2019-12384	jackson-databind-2.8.4.jar
WS-2017-3734	httpclient-4.3.6.jar
CVE-2017-15095	jackson-databind-2.8.4.jar
CVE-2017-8045	spring-amqp-1.7.1.RELEASE.jar
CVE-2018-11039	spring-web-4.2.1.RELEASE.jar
CVE-2017-5929	logback-classic-1.1.3.jar

Base branch total remaining vulnerabilities: 104
Base branch commit: null

Total libraries scanned: 108

Scan token: 24733d493b7747d69f9094007d31160d

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency ch.qos.logback:logback-classic to v1.2.0 #17

Update dependency ch.qos.logback:logback-classic to v1.2.0 #17

Security Report

Re-running checks...

Update dependency ch.qos.logback:logback-classic to v1.2.0 #17

Are you sure you want to change the base?

Update dependency ch.qos.logback:logback-classic to v1.2.0

Update dependency ch.qos.logback:logback-classic to v1.2.0 #17

Security Report

Re-running checks...