Update mockito monorepo to v5 (major) #141
Security Report
4 new vulnerabilities were introduced in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2024-23672Path to dependency file: /modules/customiere-all/pom.xml Path to vulnerable library: /modules/customiere-all/pom.xml Dependency Hierarchy: -> customiere-crm-clients-0.1.0-SNAPSHOT.jar (Root Library) -> spring-boot-starter-hateoas-2.3.4.RELEASE.jar -> spring-boot-starter-web-2.3.4.RELEASE.jar -> spring-boot-starter-tomcat-2.3.4.RELEASE.jar -> ❌ tomcat-embed-websocket-9.0.38.jar (Vulnerable Library) |
High | 7.5 | tomcat-embed-websocket-9.0.38.jar | Upgrade to version: org.apache.tomcat:tomcat-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17 ,org.apache.tomcat.embed:tomcat-embed-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17 | None |
CVE-2023-1932Path to dependency file: /modules/customiere-actuator/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.5.Final/hibernate-validator-6.1.5.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.5.Final/hibernate-validator-6.1.5.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.5.Final/hibernate-validator-6.1.5.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.5.Final/hibernate-validator-6.1.5.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.5.Final/hibernate-validator-6.1.5.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.5.Final/hibernate-validator-6.1.5.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.5.Final/hibernate-validator-6.1.5.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.5.Final/hibernate-validator-6.1.5.Final.jar Dependency Hierarchy: -> spring-boot-starter-validation-2.3.4.RELEASE.jar (Root Library) -> ❌ hibernate-validator-6.1.5.Final.jar (Vulnerable Library) |
Medium | 6.1 | hibernate-validator-6.1.5.Final.jar | Upgrade to version: org.hibernate.validator:hibernate-validator:6.2.0.Final | None |
CVE-2023-34055Path to dependency file: /modules/customiere-security/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.4.RELEASE/spring-boot-2.3.4.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.4.RELEASE/spring-boot-2.3.4.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.4.RELEASE/spring-boot-2.3.4.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.4.RELEASE/spring-boot-2.3.4.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.4.RELEASE/spring-boot-2.3.4.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.4.RELEASE/spring-boot-2.3.4.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.4.RELEASE/spring-boot-2.3.4.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.4.RELEASE/spring-boot-2.3.4.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-actuator-2.3.4.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.4.RELEASE.jar -> ❌ spring-boot-2.3.4.RELEASE.jar (Vulnerable Library) |
Medium | 5.3 | spring-boot-2.3.4.RELEASE.jar | Upgrade to version: org.springframework.boot:spring-boot:2.7.18,3.0.13,3.1.6 | None |
CVE-2023-34054Path to dependency file: /modules/customiere-crm-clients/pom.xml Path to vulnerable library: /modules/customiere-crm-clients/pom.xml,/modules/customiere-all/pom.xml Dependency Hierarchy: -> ❌ reactor-netty-0.9.12.RELEASE.jar (Vulnerable Library) |
Medium | 5.3 | reactor-netty-0.9.12.RELEASE.jar | Upgrade to version: io.projectreactor.netty:reactor-netty:1.0.39,1.1.13, io.projectreactor.netty:reactor-netty-http:1.0.39,1.1.13 | None |
Base branch total remaining vulnerabilities: 102
Base branch commit: null
Total libraries scanned: 219
Scan token: 0e09ad296ad4400cae8e7e7a9d7d6e84