Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.RELEASE - autoclosed #72

Security Report

You have successfully remediated 13 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2023-6378 Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ logback-classic-1.1.3.jar (Vulnerable Library)	High	7.5	logback-classic-1.1.3.jar	Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12	#32
CVE-2023-46120 Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> spring-rabbit-1.7.10.RELEASE.jar (Root Library) -> ❌ amqp-client-4.0.2.jar (Vulnerable Library)	High	7.5	amqp-client-4.0.2.jar	Upgrade to version: com.rabbitmq:amqp-client:5.18.0	None
CVE-2023-31418 Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ elasticsearch-5.6.4.jar (Vulnerable Library)	High	7.5	elasticsearch-5.6.4.jar	Upgrade to version: org.elasticsearch:elasticsearch:7.17.13,8.9.0	#16
CVE-2022-22971 Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> spring-rabbit-1.7.10.RELEASE.jar (Root Library) -> ❌ spring-messaging-4.3.19.RELEASE.jar (Vulnerable Library)	Medium	6.5	spring-messaging-4.3.19.RELEASE.jar	Upgrade to version: org.springframework:spring-messaging:5.2.22,5.3.20	None
CVE-2023-34050 Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> spring-rabbit-1.7.10.RELEASE.jar (Root Library) -> ❌ spring-amqp-1.7.10.RELEASE.jar (Vulnerable Library)	Medium	4.3	spring-amqp-1.7.10.RELEASE.jar	Upgrade to version: org.springframework.amqp:spring-amqp:2.4.17,3.0.10	None

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2016-10735	bootstrap-3.3.5.min.js
CVE-2018-14042	bootstrap-3.3.5.min.js
CVE-2018-20676	bootstrap-3.3.5.min.js
CVE-2018-1257	spring-messaging-4.3.7.RELEASE.jar
CVE-2018-20677	bootstrap-3.3.5.min.js
CVE-2018-11087	spring-rabbit-1.7.1.RELEASE.jar
CVE-2018-1275	spring-messaging-4.3.7.RELEASE.jar
CVE-2018-11087	spring-amqp-1.7.1.RELEASE.jar
CVE-2018-1270	spring-messaging-4.3.7.RELEASE.jar
CVE-2019-8331	bootstrap-3.3.5.min.js
CVE-2017-8045	spring-amqp-1.7.1.RELEASE.jar
CVE-2022-22971	spring-messaging-4.3.7.RELEASE.jar
CVE-2018-14040	bootstrap-3.3.5.min.js

Base branch total remaining vulnerabilities: 190
Base branch commit: 7a70279a054ef9d80ba07275ef6459b4c52010a6

Total libraries scanned: 107

Scan token: fad3db7f076f4516b02c61ad27a10087

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.RELEASE - autoclosed #72

Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.RELEASE - autoclosed #72

Security Report

Re-running checks...

Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.RELEASE - autoclosed #72

Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.R…

Update dependency org.springframework.amqp:spring-rabbit to v1.7.10.RELEASE - autoclosed #72

Security Report

Re-running checks...