Update dependency org.apache.ant:ant-commons-net to v1.10.15 #320
Security Report
You have successfully remediated 2 vulnerabilities, but introduced 4 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2024-23672Path to dependency file: /modules/customiere-all/pom.xml Path to vulnerable library: /modules/customiere-all/pom.xml Dependency Hierarchy: -> customiere-crm-clients-0.1.0-SNAPSHOT.jar (Root Library) -> spring-boot-starter-hateoas-2.3.4.RELEASE.jar -> spring-boot-starter-web-2.3.4.RELEASE.jar -> spring-boot-starter-tomcat-2.3.4.RELEASE.jar -> ❌ tomcat-embed-websocket-9.0.38.jar (Vulnerable Library) |
High | 7.5 | tomcat-embed-websocket-9.0.38.jar | Upgrade to version: org.apache.tomcat:tomcat-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17 ,org.apache.tomcat.embed:tomcat-embed-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17 | None |
CVE-2023-34054Path to dependency file: /modules/customiere-crm-clients/pom.xml Path to vulnerable library: /modules/customiere-crm-clients/pom.xml,/modules/customiere-all/pom.xml Dependency Hierarchy: -> ❌ reactor-netty-0.9.12.RELEASE.jar (Vulnerable Library) |
High | 7.5 | reactor-netty-0.9.12.RELEASE.jar | Upgrade to version: io.projectreactor.netty:reactor-netty:1.0.39,1.1.13, io.projectreactor.netty:reactor-netty-http:1.0.39,1.1.13 | None |
CVE-2023-34055Dependency Hierarchy: -> spring-boot-starter-actuator-2.3.4.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.4.RELEASE.jar -> ❌ spring-boot-2.3.4.RELEASE.jar (Vulnerable Library) |
Medium | 6.5 | spring-boot-2.3.4.RELEASE.jar | Upgrade to version: org.springframework.boot:spring-boot:2.7.18,3.0.13,3.1.6 | None |
CVE-2023-1932Dependency Hierarchy: -> spring-boot-starter-validation-2.3.4.RELEASE.jar (Root Library) -> ❌ hibernate-validator-6.1.5.Final.jar (Vulnerable Library) |
Medium | 6.1 | hibernate-validator-6.1.5.Final.jar | Upgrade to version: org.hibernate.validator:hibernate-validator:6.2.0.Final | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2023-6378 | logback-classic-1.2.3.jar |
CVE-2021-42550 | logback-classic-1.2.3.jar |
Base branch total remaining vulnerabilities: 99
Base branch commit: null
Total libraries scanned: 219
Scan token: 4f3992b12bd748329f07e5a0526f902c