Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade org.owasp.esapi:esapi from 2.1.0.1 to 2.5.4.0 #24

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: pom.xml to reduce vulnerabilities

33cfe82
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade org.owasp.esapi:esapi from 2.1.0.1 to 2.5.4.0 #24

fix: pom.xml to reduce vulnerabilities
33cfe82
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed May 30, 2024 in 1m 44s

Security Report

You have successfully remediated 26 vulnerabilities, but introduced 4 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2017-3523

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.25/mysql-connector-java-5.1.25.jar

Dependency Hierarchy:

-> ❌ mysql-connector-java-5.1.25.jar (Vulnerable Library)

High 8.5 mysql-connector-java-5.1.25.jar Upgrade to version: mysql:mysql-connector-java:5.1.41 #15

Unreachable
CVE-2017-3586

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.25/mysql-connector-java-5.1.25.jar

Dependency Hierarchy:

-> ❌ mysql-connector-java-5.1.25.jar (Vulnerable Library)

Medium 6.4 mysql-connector-java-5.1.25.jar Upgrade to version: 5.1.42 #15

Unreachable
CVE-2017-3589

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.25/mysql-connector-java-5.1.25.jar

Dependency Hierarchy:

-> ❌ mysql-connector-java-5.1.25.jar (Vulnerable Library)

Low 3.3 mysql-connector-java-5.1.25.jar Upgrade to version: 5.1.42 #15

Unreachable
CVE-2018-14040

Path to dependency file: /src/main/webapp/dfi/style_bootstrap.html

Path to vulnerable library: /src/main/webapp/dfi/style_bootstrap.html

Dependency Hierarchy:

-> ❌ bootstrap-3.3.7.min.js (Vulnerable Library)

Low 3.7 bootstrap-3.3.7.min.js Upgrade to version: bootstrap - 3.4.0,4.1.2 #12

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2022-29546 nekohtml-1.9.16.jar
CVE-2022-24839 nekohtml-1.9.16.jar
CVE-2016-3092 commons-fileupload-1.3.1.jar
CVE-2021-29425 commons-io-2.2.jar
CVE-2022-29577 antisamy-1.5.3.jar
WS-2014-0034 commons-fileupload-1.3.1.jar
CVE-2016-1000031 commons-fileupload-1.3.1.jar
CVE-2023-43643 antisamy-1.5.3.jar
CVE-2019-10086 commons-beanutils-core-1.8.3.jar
CVE-2024-23635 antisamy-1.5.3.jar
CVE-2022-28366 nekohtml-1.9.16.jar
CVE-2020-14338 xercesImpl-2.8.0.jar
CVE-2014-0114 commons-beanutils-core-1.8.3.jar
CVE-2016-2510 bsh-core-2.0b4.jar
CVE-2012-5783 commons-httpclient-3.1.jar
CVE-2013-4002 xercesImpl-2.8.0.jar
CVE-2022-23457 esapi-2.1.0.1.jar
CVE-2023-24998 commons-fileupload-1.3.1.jar
WS-2023-0429 esapi-2.1.0.1.jar
WS-2023-0388 esapi-2.1.0.1.jar
CVE-2022-23437 xercesImpl-2.8.0.jar
CVE-2021-35043 antisamy-1.5.3.jar
CVE-2022-34169 xalan-2.7.0.jar
CVE-2022-28367 antisamy-1.5.3.jar
CVE-2009-2625 xercesImpl-2.8.0.jar
CVE-2022-24891 esapi-2.1.0.1.jar

Base branch total remaining vulnerabilities: 53
Base branch commit: 6e9d2b2c3cdc6e1f15dddccbb05eb939899b1843


Total libraries scanned: 40

Scan token: 7b5446d2f097458e9c86704bc6c306eb

View more details on Mend for GitHub.com