Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade org.owasp.esapi:esapi from 2.1.0.1 to 2.5.2.0 #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: pom.xml to reduce vulnerabilities

d336d49
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade org.owasp.esapi:esapi from 2.1.0.1 to 2.5.2.0 #21

fix: pom.xml to reduce vulnerabilities
d336d49
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Nov 9, 2023 in 1m 19s

Security Report

You have successfully remediated 26 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2023-43643

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/owasp/antisamy/antisamy/1.7.3/antisamy-1.7.3.jar

Dependency Hierarchy:

-> esapi-2.5.2.0.jar (Root Library)

   -> ❌ antisamy-1.7.3.jar (Vulnerable Library)

Medium 6.1 antisamy-1.7.3.jar Upgrade to version: org.owasp.antisamy:antisamy:1.7.4 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2022-29546 nekohtml-1.9.16.jar
CVE-2017-14735 antisamy-1.5.3.jar
CVE-2022-24839 nekohtml-1.9.16.jar
CVE-2016-3092 commons-fileupload-1.3.1.jar
CVE-2021-29425 commons-io-2.2.jar
CVE-2022-29577 antisamy-1.5.3.jar
WS-2014-0034 commons-fileupload-1.3.1.jar
CVE-2016-1000031 commons-fileupload-1.3.1.jar
CVE-2019-10086 commons-beanutils-core-1.8.3.jar
CVE-2014-0107 xalan-2.7.0.jar
CVE-2012-0881 xercesImpl-2.8.0.jar
CVE-2016-10006 antisamy-1.5.3.jar
CVE-2022-28366 nekohtml-1.9.16.jar
CVE-2020-14338 xercesImpl-2.8.0.jar
CVE-2014-0114 commons-beanutils-core-1.8.3.jar
CVE-2016-2510 bsh-core-2.0b4.jar
CVE-2012-5783 commons-httpclient-3.1.jar
CVE-2013-4002 xercesImpl-2.8.0.jar
CVE-2022-23457 esapi-2.1.0.1.jar
CVE-2023-24998 commons-fileupload-1.3.1.jar
CVE-2022-23437 xercesImpl-2.8.0.jar
CVE-2021-35043 antisamy-1.5.3.jar
CVE-2022-34169 xalan-2.7.0.jar
CVE-2022-28367 antisamy-1.5.3.jar
CVE-2009-2625 xercesImpl-2.8.0.jar
CVE-2022-24891 esapi-2.1.0.1.jar

Base branch total remaining vulnerabilities: 56
Base branch commit: 6e9d2b2c3cdc6e1f15dddccbb05eb939899b1843


Total libraries scanned: 40

Scan token: 361a828ec9774e18a7cf232a9aa1c004

View more details on Mend for GitHub.com