Skip to content

Merge pull request #101 from whitesource/WEI-3783

WS on WS / WhiteSource Security Check failed May 20, 2024 in 1m 0s

Security Report

The Security Check found 6 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2023-6378

Path to dependency file: /wss-agent-hash-calculator/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar

Dependency Hierarchy:

-> ❌ logback-classic-1.2.3.jar (Vulnerable Library)

High 8.7 logback-classic-1.2.3.jar Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 #90

Reachable

CVE-2022-42003

Path to dependency file: /wss-agent-report/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar

Dependency Hierarchy:

-> ❌ jackson-databind-2.13.3.jar (Vulnerable Library)

High 8.7 jackson-databind-2.13.3.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1 #85

Reachable

CVE-2022-42004

Path to dependency file: /wss-agent-report/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar

Dependency Hierarchy:

-> ❌ jackson-databind-2.13.3.jar (Vulnerable Library)

High 8.2 jackson-databind-2.13.3.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 #85

Reachable

CVE-2021-42550

Path to dependency file: /wss-agent-hash-calculator/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar

Dependency Hierarchy:

-> ❌ logback-classic-1.2.3.jar (Vulnerable Library)

High 7.5 logback-classic-1.2.3.jar Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 #90

Reachable

CVE-2021-42550

Path to dependency file: /wss-agent-hash-calculator/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar

Dependency Hierarchy:

-> logback-classic-1.2.3.jar (Root Library)

   -> ❌ logback-core-1.2.3.jar (Vulnerable Library)

High 7.5 logback-core-1.2.3.jar Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 #90

Reachable

CVE-2023-6481

Path to dependency file: /wss-agent-hash-calculator/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar

Dependency Hierarchy:

-> logback-classic-1.2.3.jar (Root Library)

   -> ❌ logback-core-1.2.3.jar (Vulnerable Library)

High 8.7 logback-core-1.2.3.jar Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 #90

Unreachable


Total libraries scanned: 23
Scan token: 2d095965a80a45979524d6410ee3b7ba