Update dependency org.springframework.amqp:spring-rabbit to v3 #85
Security Report
β New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|
WS-2019-0379Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar Dependency Hierarchy: -> transport-5.6.4.jar (Root Library) Β Β -> reindex-client-5.6.4.jar Β Β Β Β -> elasticsearch-rest-client-5.6.4.jar Β Β Β Β Β Β -> β commons-codec-1.10.jar (Vulnerable Library) |
 Medium |
6.5 | commons-codec-1.10.jar | Upgrade to version: commons-codec:commons-codec:1.13 | #20 | |
WS-2017-3734Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/httpcomponents/httpclient/4.5.2/httpclient-4.5.2.jar Dependency Hierarchy: -> transport-5.6.4.jar (Root Library) Β Β -> reindex-client-5.6.4.jar Β Β Β Β -> elasticsearch-rest-client-5.6.4.jar Β Β Β Β Β Β -> β httpclient-4.5.2.jar (Vulnerable Library) |
Medium |
5.3 | httpclient-4.5.2.jar | Upgrade to version: org.apache.httpcomponents:httpclient:4.5.3 | #20 | |
CVE-2020-13956Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/httpcomponents/httpclient/4.5.2/httpclient-4.5.2.jar Dependency Hierarchy: -> transport-5.6.4.jar (Root Library) Β Β -> reindex-client-5.6.4.jar Β Β Β Β -> elasticsearch-rest-client-5.6.4.jar Β Β Β Β Β Β -> β httpclient-4.5.2.jar (Vulnerable Library) |
Medium |
5.3 | httpclient-4.5.2.jar | Upgrade to version: org.apache.httpcomponents:httpclient:4.5.13;org.apache.httpcomponents:httpclient-osgi:4.5.13;org.apache.httpcomponents.client5:httpclient5:5.0.3;org.apache.httpcomponents.client5:httpclient5-osgi:5.0.3 | #20 |
βοΈ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2020-10969 | jackson-databind-2.8.4.jar |
| CVE-2020-24750 | jackson-databind-2.8.4.jar |
| CVE-2020-36185 | jackson-databind-2.8.4.jar |
| CVE-2019-12086 | jackson-databind-2.8.4.jar |
| CVE-2020-10650 | jackson-databind-2.8.4.jar |
| CVE-2020-11112 | jackson-databind-2.8.4.jar |
| CVE-2020-9546 | jackson-databind-2.8.4.jar |
| CVE-2019-12814 | jackson-databind-2.8.4.jar |
| CVE-2018-7489 | jackson-databind-2.8.4.jar |
| CVE-2020-14062 | jackson-databind-2.8.4.jar |
| CVE-2018-14718 | jackson-databind-2.8.4.jar |
| CVE-2017-17485 | jackson-databind-2.8.4.jar |
| CVE-2019-16942 | jackson-databind-2.8.4.jar |
| CVE-2020-36518 | jackson-databind-2.8.4.jar |
| CVE-2020-36187 | jackson-databind-2.8.4.jar |
| CVE-2018-12023 | jackson-databind-2.8.4.jar |
| CVE-2020-14195 | jackson-databind-2.8.4.jar |
| CVE-2020-9548 | jackson-databind-2.8.4.jar |
| CVE-2020-36179 | jackson-databind-2.8.4.jar |
| CVE-2018-19361 | jackson-databind-2.8.4.jar |
| CVE-2023-34050 | spring-amqp-1.7.1.RELEASE.jar |
| CVE-2020-36180 | jackson-databind-2.8.4.jar |
| CVE-2019-12384 | jackson-databind-2.8.4.jar |
| CVE-2019-17531 | jackson-databind-2.8.4.jar |
| CVE-2020-36181 | jackson-databind-2.8.4.jar |
| WS-2019-0379 | commons-codec-1.6.jar |
| CVE-2021-20190 | jackson-databind-2.8.4.jar |
| CVE-2018-14721 | jackson-databind-2.8.4.jar |
| CVE-2020-8840 | jackson-databind-2.8.4.jar |
| CVE-2018-19362 | jackson-databind-2.8.4.jar |
| CVE-2018-1257 | spring-messaging-4.3.7.RELEASE.jar |
| CVE-2018-11087 | spring-rabbit-1.7.1.RELEASE.jar |
| CVE-2018-1275 | spring-messaging-4.3.7.RELEASE.jar |
| CVE-2018-11087 | spring-amqp-1.7.1.RELEASE.jar |
| WS-2017-3734 | httpclient-4.3.6.jar |
| CVE-2020-10968 | jackson-databind-2.8.4.jar |
| CVE-2018-1270 | spring-messaging-4.3.7.RELEASE.jar |
| CVE-2019-16943 | jackson-databind-2.8.4.jar |
| CVE-2019-14540 | jackson-databind-2.8.4.jar |
| CVE-2020-10673 | jackson-databind-2.8.4.jar |
| CVE-2020-36186 | jackson-databind-2.8.4.jar |
| CVE-2018-19360 | jackson-databind-2.8.4.jar |
| CVE-2020-9547 | jackson-databind-2.8.4.jar |
| CVE-2019-20330 | jackson-databind-2.8.4.jar |
| CVE-2020-10672 | jackson-databind-2.8.4.jar |
| CVE-2017-7525 | jackson-databind-2.8.4.jar |
| CVE-2020-11113 | jackson-databind-2.8.4.jar |
| CVE-2018-11307 | jackson-databind-2.8.4.jar |
| CVE-2020-11619 | jackson-databind-2.8.4.jar |
| CVE-2020-24616 | jackson-databind-2.8.4.jar |
| CVE-2020-36184 | jackson-databind-2.8.4.jar |
| CVE-2020-36182 | jackson-databind-2.8.4.jar |
| CVE-2018-12022 | jackson-databind-2.8.4.jar |
| CVE-2019-16335 | jackson-databind-2.8.4.jar |
| CVE-2017-15095 | jackson-databind-2.8.4.jar |
| CVE-2020-14061 | jackson-databind-2.8.4.jar |
| CVE-2022-42004 | jackson-databind-2.8.4.jar |
| CVE-2019-14893 | jackson-databind-2.8.4.jar |
| CVE-2020-11620 | jackson-databind-2.8.4.jar |
| CVE-2020-36189 | jackson-databind-2.8.4.jar |
| CVE-2019-17267 | jackson-databind-2.8.4.jar |
| CVE-2022-42003 | jackson-databind-2.8.4.jar |
| CVE-2018-14720 | jackson-databind-2.8.4.jar |
| CVE-2019-14892 | jackson-databind-2.8.4.jar |
| CVE-2017-8045 | spring-amqp-1.7.1.RELEASE.jar |
| CVE-2020-36188 | jackson-databind-2.8.4.jar |
| CVE-2020-13956 | httpclient-4.3.6.jar |
| CVE-2022-22971 | spring-messaging-4.3.7.RELEASE.jar |
| CVE-2020-11111 | jackson-databind-2.8.4.jar |
| CVE-2020-14060 | jackson-databind-2.8.4.jar |
| CVE-2019-14439 | jackson-databind-2.8.4.jar |
| CVE-2018-5968 | jackson-databind-2.8.4.jar |
| CVE-2019-10202 | jackson-databind-2.8.4.jar |
| CVE-2018-14719 | jackson-databind-2.8.4.jar |
| CVE-2020-36183 | jackson-databind-2.8.4.jar |
| CVE-2019-14379 | jackson-databind-2.8.4.jar |
Base branch total remaining vulnerabilities: 190
Base branch commit: c7ee49b4ed6b956bb9f0c4d21c5015ee42c9776b
Total libraries scanned: 106
Scan token: c120bf12bbf3469eae92108b48a36f48