Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.RELEASE - autoclosed #67

Closed
wants to merge 1 commit into from

Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.R…

fe81667
Select commit
Loading
Failed to load commit list.
Closed

Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.RELEASE - autoclosed #67

Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.R…
fe81667
Select commit
Loading
Failed to load commit list.
This check has been archived and is scheduled for deletion. Learn more about checks retention
Mend for GitHub.com / Mend Security Check failed Sep 17, 2023 in 1m 52s

Security Report

You have successfully remediated 13 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2022-22971

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-messaging/4.3.19.RELEASE/spring-messaging-4.3.19.RELEASE.jar

Dependency Hierarchy:

-> spring-rabbit-1.7.10.RELEASE.jar (Root Library)

   -> ❌ spring-messaging-4.3.19.RELEASE.jar (Vulnerable Library)

Medium 6.5 spring-messaging-4.3.19.RELEASE.jar Upgrade to version: org.springframework:spring-messaging:5.2.22,5.3.20 None

CVE-2020-23064

Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp

Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp,/target/vprofile-v2/WEB-INF/views/user.jsp

Dependency Hierarchy:

-> ❌ jquery-3.2.1.min.js (Vulnerable Library)

Medium 6.1 jquery-3.2.1.min.js Upgrade to version: jquery - 3.5.0 #21

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2016-10735 bootstrap-3.3.5.min.js
CVE-2018-14042 bootstrap-3.3.5.min.js
CVE-2018-20676 bootstrap-3.3.5.min.js
CVE-2018-1257 spring-messaging-4.3.7.RELEASE.jar
CVE-2018-20677 bootstrap-3.3.5.min.js
CVE-2018-11087 spring-rabbit-1.7.1.RELEASE.jar
CVE-2018-1275 spring-messaging-4.3.7.RELEASE.jar
CVE-2018-11087 spring-amqp-1.7.1.RELEASE.jar
CVE-2018-1270 spring-messaging-4.3.7.RELEASE.jar
CVE-2019-8331 bootstrap-3.3.5.min.js
CVE-2017-8045 spring-amqp-1.7.1.RELEASE.jar
CVE-2022-22971 spring-messaging-4.3.7.RELEASE.jar
CVE-2018-14040 bootstrap-3.3.5.min.js

Base branch total remaining vulnerabilities: 187
Base branch commit: 7a70279a054ef9d80ba07275ef6459b4c52010a6


Total libraries scanned: 107

Scan token: eebc2c8213fe4d7b807aac113de04277

View more details on Mend for GitHub.com