Update Mend: high confidence minor and patch dependency updates #2
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
maven
/tmp/ws-scm/WebGoat/pom.xml
Step | Level | Description | Details |
---|---|---|---|
Preparing the project for scan | ⚠Warn | One or more of the installations failed | [ERROR] Failed to execute goal on project webgoat-lessons-parent: Could not resolve dependencies for project org.owasp.webgoat.lesson:webgoat-lessons-parent:pom:v8.1.0: The following artifacts could not be resolved: org.owasp.webgoat:webgoat-container:jar:tests:v8.1.0 (absent): org.owasp.webgoat:webgoat-container:jar:tests:v8.1.0 was not found in https://repo.maven.apache.org/maven2 during a pr... |
/tmp/ws-scm/WebGoat/webgoat-lessons/command-injection/pom.xml
Step | Level | Description | Details |
---|---|---|---|
Preparing the project for scan | ⚠Warn | One or more of the installations failed |
You have successfully remediated 10 vulnerabilities, but introduced 85 new vulnerabilities in this branch.
❌ New vulnerabilities:
Partial results (50 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue | Reachability |
---|---|---|---|---|---|---|
CVE-2023-20873Path to dependency file: /webgoat-integration-tests/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-actuator-2.2.2.RELEASE.jar (Root Library) -> ❌ spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar (Vulnerable Library) |
Critical | 9.8 | spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar | Upgrade to version: org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.11,3.0.6 | None | |
CVE-2022-22978Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-security-2.2.2.RELEASE.jar -> ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library) |
Critical | 9.8 | spring-security-web-5.2.1.RELEASE.jar | Upgrade to version: org.springframework.security:spring-security-web:5.5.7,5.6.4 | None | |
CVE-2022-22965Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> spring-boot-2.2.2.RELEASE.jar -> spring-context-5.2.2.RELEASE.jar -> spring-aop-5.2.2.RELEASE.jar -> ❌ spring-beans-5.2.2.RELEASE.jar (Vulnerable Library) |
Critical | 9.8 | spring-beans-5.2.2.RELEASE.jar | Upgrade to version: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 | None | |
CVE-2022-1471Path to dependency file: /webgoat-server/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> ❌ snakeyaml-1.25.jar (Vulnerable Library) |
Critical | 9.8 | snakeyaml-1.25.jar | Upgrade to version: org.yaml:snakeyaml:2.0 | None | |
CVE-2020-1745Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
Critical | 9.8 | undertow-core-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-core:2.0.30.Final | None | |
CVE-2020-10683Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar,/home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar,/home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar,/home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar Dependency Hierarchy: -> spring-boot-starter-data-jpa-2.2.2.RELEASE.jar (Root Library) -> hibernate-core-5.4.9.Final.jar -> ❌ dom4j-2.1.1.jar (Vulnerable Library) |
Critical | 9.8 | dom4j-2.1.1.jar | Upgrade to version: org.dom4j:dom4j:2.1.3,org.dom4j:dom4j:2.0.3 | None | |
CVE-2016-1000027Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-json-2.2.2.RELEASE.jar -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library) |
Critical | 9.8 | spring-web-5.2.2.RELEASE.jar | Upgrade to version: org.springframework:spring-web:6.0.0 | None | |
CVE-2021-22112Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-security-2.2.2.RELEASE.jar -> ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library) |
High | 8.8 | spring-security-web-5.2.1.RELEASE.jar | Upgrade to version: org.springframework.security:spring-security-web:5.2.9,5.3.8,5.4.4 | None | |
WS-2019-0490Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar,/home/wss-scanner/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar,/home/wss-scanner/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> asciidoctorj-1.5.8.1.jar -> ❌ jcommander-1.35.jar (Vulnerable Library) |
High | 8.1 | jcommander-1.35.jar | Upgrade to version: com.beust:jcommander:1.75 | None | |
CVE-2024-22262Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-json-2.2.2.RELEASE.jar -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library) |
High | 8.1 | spring-web-5.2.2.RELEASE.jar | Upgrade to version: org.springframework:spring-web:5.3.34;6.0.19,6.1.6 | None | |
CVE-2024-22259Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-json-2.2.2.RELEASE.jar -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library) |
High | 8.1 | spring-web-5.2.2.RELEASE.jar | Upgrade to version: org.springframework:spring-web:5.3.33,6.0.18,6.1.5 | None | |
CVE-2024-22243Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-json-2.2.2.RELEASE.jar -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library) |
High | 8.1 | spring-web-5.2.2.RELEASE.jar | Upgrade to version: org.springframework:spring-web:5.3.32,6.0.17,6.1.4 | None | |
CVE-2020-1757Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 8.1 | undertow-core-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-core:2.0.30.Final, io.undertow:undertow-examples:2.0.30.Final | None | |
CVE-2022-27772Path to dependency file: /webgoat-integration-tests/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> ❌ spring-boot-2.2.2.RELEASE.jar (Vulnerable Library) |
High | 7.8 | spring-boot-2.2.2.RELEASE.jar | Upgrade to version: org.springframework.boot:spring-boot:2.2.11.RELEASE | None | |
CVE-2021-22118Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-json-2.2.2.RELEASE.jar -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library) |
High | 7.8 | spring-web-5.2.2.RELEASE.jar | Upgrade to version: org.springframework:spring-web:5.2.15,5.3.7 | None | |
CVE-2023-6481Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> spring-boot-starter-logging-2.2.2.RELEASE.jar -> logback-classic-1.2.3.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
High | 7.5 | logback-core-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 | None | |
CVE-2023-6378Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> spring-boot-starter-logging-2.2.2.RELEASE.jar -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
High | 7.5 | logback-classic-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 | None | |
CVE-2023-5685Path to dependency file: /webgoat-server/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> undertow-core-2.0.28.Final.jar -> ❌ xnio-api-3.3.8.Final.jar (Vulnerable Library) |
High | 7.5 | xnio-api-3.3.8.Final.jar | None | ||
CVE-2023-38286Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar,/home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar,/home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar,/home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-thymeleaf-2.2.2.RELEASE.jar -> thymeleaf-spring5-3.0.11.RELEASE.jar -> ❌ thymeleaf-3.0.11.RELEASE.jar (Vulnerable Library) |
High | 7.5 | thymeleaf-3.0.11.RELEASE.jar | Upgrade to version: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE | None | |
CVE-2023-3223Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.0.28.Final/undertow-servlet-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.0.28.Final/undertow-servlet-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.0.28.Final/undertow-servlet-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.0.28.Final/undertow-servlet-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-servlet-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-servlet-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-servlet:2.2.25.Final,2.3.7.Final | None | |
CVE-2023-20883Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> ❌ spring-boot-autoconfigure-2.2.2.RELEASE.jar (Vulnerable Library) |
High | 7.5 | spring-boot-autoconfigure-2.2.2.RELEASE.jar | Upgrade to version: org.springframework.boot:spring-boot-autoconfigure:2.5.12,2.6.12,2.7.12,3.0.7 | None | |
CVE-2023-1108Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.0.28.Final.jar | Upgrade to version: org.teiid:vdb-base-builder - 1.6.0;io.syndesis.server:server-runtime - 1.3.5,1.13.1;io.syndesis.meta:meta - 1.13.1,1.3.5,1.13.1 | None | |
CVE-2022-4492Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-core:2.2.24.Final,2.3.5.Final, io.undertow:undertow-examples:2.2.24.Final,2.3.5.Final, io.undertow:undertow-benchmarks:2.2.24.Final,2.3.5.Final | None | |
CVE-2022-42004Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar Dependency Hierarchy: -> jackson-datatype-jsr310-2.10.1.jar (Root Library) -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library) |
High | 7.5 | jackson-databind-2.10.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 | None | |
CVE-2022-42003Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar Dependency Hierarchy: -> jackson-datatype-jsr310-2.10.1.jar (Root Library) -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library) |
High | 7.5 | jackson-databind-2.10.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1 | None | |
CVE-2022-25857Path to dependency file: /webgoat-server/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> ❌ snakeyaml-1.25.jar (Vulnerable Library) |
High | 7.5 | snakeyaml-1.25.jar | Upgrade to version: org.yaml:snakeyaml:1.31 | None | |
CVE-2022-2053Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-core:2.2.19.Final | None | |
CVE-2022-1319Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-core:2.2.18.Final,2.3.0.Final | None | |
CVE-2022-1259Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-core:2.2.25.Final,2.3.6.Final | None | |
CVE-2022-0084Path to dependency file: /webgoat-server/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> undertow-core-2.0.28.Final.jar -> ❌ xnio-api-3.3.8.Final.jar (Vulnerable Library) |
High | 7.5 | xnio-api-3.3.8.Final.jar | Upgrade to version: org.jboss.xnio:xnio-api:3.8.8.Final | None | |
CVE-2021-46877Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar Dependency Hierarchy: -> jackson-datatype-jsr310-2.10.1.jar (Root Library) -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library) |
High | 7.5 | jackson-databind-2.10.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1 | None | |
CVE-2021-3859Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-core:2.2.15.Final | None | |
CVE-2021-3690Path to dependency file: /webgoat-server/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-websockets-jsr/2.0.28.Final/undertow-websockets-jsr-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-websockets-jsr/2.0.28.Final/undertow-websockets-jsr-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-websockets-jsr/2.0.28.Final/undertow-websockets-jsr-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-websockets-jsr/2.0.28.Final/undertow-websockets-jsr-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-websockets-jsr-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-websockets-jsr-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-websockets-jsr:2.0.40.Final, 2.2.10.Final | None | |
CVE-2020-5398Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-json-2.2.2.RELEASE.jar -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library) |
High | 7.5 | spring-web-5.2.2.RELEASE.jar | Upgrade to version: org.springframework:spring-web:5.0.16.RELEASE,org.springframework:spring-web:5.1.13.RELEASE,org.springframework:spring-web:5.2.3.RELEASE | None | |
CVE-2020-36518Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar Dependency Hierarchy: -> jackson-datatype-jsr310-2.10.1.jar (Root Library) -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library) |
High | 7.5 | jackson-databind-2.10.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 | None | |
CVE-2020-27782Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-core:2.0.33.Final,2.1.5.Final | None | |
CVE-2020-25649Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar Dependency Hierarchy: -> jackson-datatype-jsr310-2.10.1.jar (Root Library) -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library) |
High | 7.5 | jackson-databind-2.10.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.4,2.9.10.7,2.10.5.1,2.11.0.rc1 | None | |
CVE-2020-10705Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.0.28.Final.jar | Upgrade to version: io.undertow:undertow-core:2.1.1.Final | None | |
CVE-2019-14888Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar Dependency Hierarchy: -> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library) -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library) |
High | 7.5 | undertow-core-2.0.28.Final.jar | Upgrade to version: 2.0.29.Final | None | |
CVE-2017-7957Path to dependency file: /webgoat-integration-tests/pom.xml Path to vulnerable library: /webgoat-integration-tests/pom.xml,/webgoat-server/pom.xml,/webgoat-lessons/vulnerable-components/pom.xml Dependency Hierarchy: -> ❌ xstream-1.4.5.jar (Vulnerable Library) |
High | 7.5 | xstream-1.4.5.jar | Upgrade to version: 1.4.10 | #5 | |
CVE-2017-18640Path to dependency file: /webgoat-server/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> ❌ snakeyaml-1.25.jar (Vulnerable Library) |
High | 7.5 | snakeyaml-1.25.jar | Upgrade to version: org.yaml:snakeyaml:1.26 | None | |
CVE-2016-3674Path to dependency file: /webgoat-integration-tests/pom.xml Path to vulnerable library: /webgoat-integration-tests/pom.xml,/webgoat-server/pom.xml,/webgoat-lessons/vulnerable-components/pom.xml Dependency Hierarchy: -> ❌ xstream-1.4.5.jar (Vulnerable Library) |
High | 7.5 | xstream-1.4.5.jar | Upgrade to version: 1.4.9 | #5 | |
CVE-2020-25638Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar Dependency Hierarchy: -> spring-boot-starter-data-jpa-2.2.2.RELEASE.jar (Root Library) -> ❌ hibernate-core-5.4.9.Final.jar (Vulnerable Library) |
High | 7.4 | hibernate-core-5.4.9.Final.jar | Upgrade to version: org.hibernate:hibernate-core:5.3.20.Final,5.4.24.Final | None | |
CVE-2021-42550Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> spring-boot-starter-logging-2.2.2.RELEASE.jar -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
Medium | 6.6 | logback-classic-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 | None | |
CVE-2021-42550Path to dependency file: /webwolf/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> spring-boot-starter-logging-2.2.2.RELEASE.jar -> logback-classic-1.2.3.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
Medium | 6.6 | logback-core-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 | None | |
CVE-2023-34055Path to dependency file: /webgoat-integration-tests/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> ❌ spring-boot-2.2.2.RELEASE.jar (Vulnerable Library) |
Medium | 6.5 | spring-boot-2.2.2.RELEASE.jar | Upgrade to version: org.springframework.boot:spring-boot:2.7.18,3.0.13,3.1.6 | None | |
CVE-2023-20863Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> spring-boot-2.2.2.RELEASE.jar -> spring-context-5.2.2.RELEASE.jar -> ❌ spring-expression-5.2.2.RELEASE.jar (Vulnerable Library) |
Medium | 6.5 | spring-expression-5.2.2.RELEASE.jar | Upgrade to version: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8 | None | |
CVE-2023-20861Path to dependency file: /webgoat-container/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> spring-boot-2.2.2.RELEASE.jar -> spring-context-5.2.2.RELEASE.jar -> ❌ spring-expression-5.2.2.RELEASE.jar (Vulnerable Library) |
Medium | 6.5 | spring-expression-5.2.2.RELEASE.jar | Upgrade to version: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7 | None | |
CVE-2022-41854Path to dependency file: /webgoat-server/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> ❌ snakeyaml-1.25.jar (Vulnerable Library) |
Medium | 6.5 | snakeyaml-1.25.jar | Upgrade to version: org.yaml:snakeyaml:1.32 | None | |
CVE-2022-38752Path to dependency file: /webgoat-server/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar Dependency Hierarchy: -> webgoat-container-v8.1.0.jar (Root Library) -> spring-boot-starter-web-2.2.2.RELEASE.jar -> spring-boot-starter-2.2.2.RELEASE.jar -> ❌ snakeyaml-1.25.jar (Vulnerable Library) |
Medium | 6.5 | snakeyaml-1.25.jar | Upgrade to version: org.yaml:snakeyaml:1.32 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2020-11022 | jquery-3.3.1.tgz |
CVE-2021-41182 | jquery-ui-1.10.4.js |
CVE-2021-41183 | jquery-ui-1.10.4.js |
WS-2017-0141 | wysihtml5-0.3.0.js |
CVE-2016-7103 | jquery-ui-1.10.4.js |
CVE-2021-41184 | jquery-ui-1.10.4.js |
CVE-2019-11358 | jquery-3.3.1.tgz |
CVE-2022-31160 | jquery-ui-1.10.4.js |
CVE-2024-31033 | jjwt-0.7.0.jar |
CVE-2020-11023 | jquery-3.3.1.tgz |
Base branch total remaining vulnerabilities: 89
Base branch commit: 11c04f32f167ff5cba0aaa5bccd3d09c772bb895
Total libraries scanned: 172
Scan token: af89dbd80c8d43c0871dcd0f07599843