Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Mend: high confidence minor and patch dependency updates #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+2,315 −2,515

Update Mend: high confidence minor and patch dependency updates

ddcf554
Select commit
Failed to load commit list.
Open

Update Mend: high confidence minor and patch dependency updates #2

Update Mend: high confidence minor and patch dependency updates
ddcf554
Select commit
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed May 17, 2024 in 6m 45s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

maven

/tmp/ws-scm/WebGoat/pom.xml

Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project webgoat-lessons-parent: Could not resolve dependencies for project org.owasp.webgoat.lesson:webgoat-lessons-parent:pom:v8.1.0: The following artifacts could not be resolved: org.owasp.webgoat:webgoat-container:jar:tests:v8.1.0 (absent): org.owasp.webgoat:webgoat-container:jar:tests:v8.1.0 was not found in https://repo.maven.apache.org/maven2 during a pr...

/tmp/ws-scm/WebGoat/webgoat-lessons/command-injection/pom.xml

Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed

You have successfully remediated 10 vulnerabilities, but introduced 85 new vulnerabilities in this branch.

❌ New vulnerabilities:

Partial results (50 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2023-20873

Path to dependency file: /webgoat-integration-tests/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar

Dependency Hierarchy:

-> spring-boot-starter-actuator-2.2.2.RELEASE.jar (Root Library)

   -> ❌ spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar (Vulnerable Library)

Critical 9.8 spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar Upgrade to version: org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.11,3.0.6 None
CVE-2022-22978

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-security-2.2.2.RELEASE.jar

     -> ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library)

Critical 9.8 spring-security-web-5.2.1.RELEASE.jar Upgrade to version: org.springframework.security:spring-security-web:5.5.7,5.6.4 None
CVE-2022-22965

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> spring-boot-2.2.2.RELEASE.jar

         -> spring-context-5.2.2.RELEASE.jar

           -> spring-aop-5.2.2.RELEASE.jar

             -> ❌ spring-beans-5.2.2.RELEASE.jar (Vulnerable Library)

Critical 9.8 spring-beans-5.2.2.RELEASE.jar Upgrade to version: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 None
CVE-2022-1471

Path to dependency file: /webgoat-server/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> ❌ snakeyaml-1.25.jar (Vulnerable Library)

Critical 9.8 snakeyaml-1.25.jar Upgrade to version: org.yaml:snakeyaml:2.0 None
CVE-2020-1745

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

Critical 9.8 undertow-core-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-core:2.0.30.Final None
CVE-2020-10683

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar,/home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar,/home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar,/home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar

Dependency Hierarchy:

-> spring-boot-starter-data-jpa-2.2.2.RELEASE.jar (Root Library)

   -> hibernate-core-5.4.9.Final.jar

     -> ❌ dom4j-2.1.1.jar (Vulnerable Library)

Critical 9.8 dom4j-2.1.1.jar Upgrade to version: org.dom4j:dom4j:2.1.3,org.dom4j:dom4j:2.0.3 None
CVE-2016-1000027

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-json-2.2.2.RELEASE.jar

       -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)

Critical 9.8 spring-web-5.2.2.RELEASE.jar Upgrade to version: org.springframework:spring-web:6.0.0 None
CVE-2021-22112

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-security-2.2.2.RELEASE.jar

     -> ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library)

High 8.8 spring-security-web-5.2.1.RELEASE.jar Upgrade to version: org.springframework.security:spring-security-web:5.2.9,5.3.8,5.4.4 None
WS-2019-0490

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar,/home/wss-scanner/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar,/home/wss-scanner/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> asciidoctorj-1.5.8.1.jar

     -> ❌ jcommander-1.35.jar (Vulnerable Library)

High 8.1 jcommander-1.35.jar Upgrade to version: com.beust:jcommander:1.75 None
CVE-2024-22262

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-json-2.2.2.RELEASE.jar

       -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)

High 8.1 spring-web-5.2.2.RELEASE.jar Upgrade to version: org.springframework:spring-web:5.3.34;6.0.19,6.1.6 None
CVE-2024-22259

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-json-2.2.2.RELEASE.jar

       -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)

High 8.1 spring-web-5.2.2.RELEASE.jar Upgrade to version: org.springframework:spring-web:5.3.33,6.0.18,6.1.5 None
CVE-2024-22243

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-json-2.2.2.RELEASE.jar

       -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)

High 8.1 spring-web-5.2.2.RELEASE.jar Upgrade to version: org.springframework:spring-web:5.3.32,6.0.17,6.1.4 None
CVE-2020-1757

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 8.1 undertow-core-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-core:2.0.30.Final, io.undertow:undertow-examples:2.0.30.Final None
CVE-2022-27772

Path to dependency file: /webgoat-integration-tests/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> ❌ spring-boot-2.2.2.RELEASE.jar (Vulnerable Library)

High 7.8 spring-boot-2.2.2.RELEASE.jar Upgrade to version: org.springframework.boot:spring-boot:2.2.11.RELEASE None
CVE-2021-22118

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-json-2.2.2.RELEASE.jar

       -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)

High 7.8 spring-web-5.2.2.RELEASE.jar Upgrade to version: org.springframework:spring-web:5.2.15,5.3.7 None
CVE-2023-6481

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> spring-boot-starter-logging-2.2.2.RELEASE.jar

         -> logback-classic-1.2.3.jar

           -> ❌ logback-core-1.2.3.jar (Vulnerable Library)

High 7.5 logback-core-1.2.3.jar Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 None
CVE-2023-6378

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> spring-boot-starter-logging-2.2.2.RELEASE.jar

         -> ❌ logback-classic-1.2.3.jar (Vulnerable Library)

High 7.5 logback-classic-1.2.3.jar Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 None
CVE-2023-5685

Path to dependency file: /webgoat-server/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> undertow-core-2.0.28.Final.jar

     -> ❌ xnio-api-3.3.8.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.3.8.Final.jar None
CVE-2023-38286

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar,/home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar,/home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar,/home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-thymeleaf-2.2.2.RELEASE.jar

     -> thymeleaf-spring5-3.0.11.RELEASE.jar

       -> ❌ thymeleaf-3.0.11.RELEASE.jar (Vulnerable Library)

High 7.5 thymeleaf-3.0.11.RELEASE.jar Upgrade to version: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE None
CVE-2023-3223

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.0.28.Final/undertow-servlet-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.0.28.Final/undertow-servlet-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.0.28.Final/undertow-servlet-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.0.28.Final/undertow-servlet-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-servlet-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-servlet-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-servlet:2.2.25.Final,2.3.7.Final None
CVE-2023-20883

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> ❌ spring-boot-autoconfigure-2.2.2.RELEASE.jar (Vulnerable Library)

High 7.5 spring-boot-autoconfigure-2.2.2.RELEASE.jar Upgrade to version: org.springframework.boot:spring-boot-autoconfigure:2.5.12,2.6.12,2.7.12,3.0.7 None
CVE-2023-1108

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-core-2.0.28.Final.jar Upgrade to version: org.teiid:vdb-base-builder - 1.6.0;io.syndesis.server:server-runtime - 1.3.5,1.13.1;io.syndesis.meta:meta - 1.13.1,1.3.5,1.13.1 None
CVE-2022-4492

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-core-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-core:2.2.24.Final,2.3.5.Final, io.undertow:undertow-examples:2.2.24.Final,2.3.5.Final, io.undertow:undertow-benchmarks:2.2.24.Final,2.3.5.Final None
CVE-2022-42004

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar

Dependency Hierarchy:

-> jackson-datatype-jsr310-2.10.1.jar (Root Library)

   -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library)

High 7.5 jackson-databind-2.10.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 None
CVE-2022-42003

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar

Dependency Hierarchy:

-> jackson-datatype-jsr310-2.10.1.jar (Root Library)

   -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library)

High 7.5 jackson-databind-2.10.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1 None
CVE-2022-25857

Path to dependency file: /webgoat-server/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> ❌ snakeyaml-1.25.jar (Vulnerable Library)

High 7.5 snakeyaml-1.25.jar Upgrade to version: org.yaml:snakeyaml:1.31 None
CVE-2022-2053

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-core-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-core:2.2.19.Final None
CVE-2022-1319

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-core-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-core:2.2.18.Final,2.3.0.Final None
CVE-2022-1259

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-core-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-core:2.2.25.Final,2.3.6.Final None
CVE-2022-0084

Path to dependency file: /webgoat-server/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> undertow-core-2.0.28.Final.jar

     -> ❌ xnio-api-3.3.8.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.3.8.Final.jar Upgrade to version: org.jboss.xnio:xnio-api:3.8.8.Final None
CVE-2021-46877

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar

Dependency Hierarchy:

-> jackson-datatype-jsr310-2.10.1.jar (Root Library)

   -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library)

High 7.5 jackson-databind-2.10.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1 None
CVE-2021-3859

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-core-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-core:2.2.15.Final None
CVE-2021-3690

Path to dependency file: /webgoat-server/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-websockets-jsr/2.0.28.Final/undertow-websockets-jsr-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-websockets-jsr/2.0.28.Final/undertow-websockets-jsr-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-websockets-jsr/2.0.28.Final/undertow-websockets-jsr-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-websockets-jsr/2.0.28.Final/undertow-websockets-jsr-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-websockets-jsr-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-websockets-jsr-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-websockets-jsr:2.0.40.Final, 2.2.10.Final None
CVE-2020-5398

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-json-2.2.2.RELEASE.jar

       -> ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)

High 7.5 spring-web-5.2.2.RELEASE.jar Upgrade to version: org.springframework:spring-web:5.0.16.RELEASE,org.springframework:spring-web:5.1.13.RELEASE,org.springframework:spring-web:5.2.3.RELEASE None
CVE-2020-36518

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar

Dependency Hierarchy:

-> jackson-datatype-jsr310-2.10.1.jar (Root Library)

   -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library)

High 7.5 jackson-databind-2.10.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 None
CVE-2020-27782

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-core-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-core:2.0.33.Final,2.1.5.Final None
CVE-2020-25649

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar

Dependency Hierarchy:

-> jackson-datatype-jsr310-2.10.1.jar (Root Library)

   -> ❌ jackson-databind-2.10.1.jar (Vulnerable Library)

High 7.5 jackson-databind-2.10.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.4,2.9.10.7,2.10.5.1,2.11.0.rc1 None
CVE-2020-10705

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-core-2.0.28.Final.jar Upgrade to version: io.undertow:undertow-core:2.1.1.Final None
CVE-2019-14888

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)

   -> ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)

High 7.5 undertow-core-2.0.28.Final.jar Upgrade to version: 2.0.29.Final None
CVE-2017-7957

Path to dependency file: /webgoat-integration-tests/pom.xml

Path to vulnerable library: /webgoat-integration-tests/pom.xml,/webgoat-server/pom.xml,/webgoat-lessons/vulnerable-components/pom.xml

Dependency Hierarchy:

-> ❌ xstream-1.4.5.jar (Vulnerable Library)

High 7.5 xstream-1.4.5.jar Upgrade to version: 1.4.10 #5
CVE-2017-18640

Path to dependency file: /webgoat-server/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> ❌ snakeyaml-1.25.jar (Vulnerable Library)

High 7.5 snakeyaml-1.25.jar Upgrade to version: org.yaml:snakeyaml:1.26 None
CVE-2016-3674

Path to dependency file: /webgoat-integration-tests/pom.xml

Path to vulnerable library: /webgoat-integration-tests/pom.xml,/webgoat-server/pom.xml,/webgoat-lessons/vulnerable-components/pom.xml

Dependency Hierarchy:

-> ❌ xstream-1.4.5.jar (Vulnerable Library)

High 7.5 xstream-1.4.5.jar Upgrade to version: 1.4.9 #5
CVE-2020-25638

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar

Dependency Hierarchy:

-> spring-boot-starter-data-jpa-2.2.2.RELEASE.jar (Root Library)

   -> ❌ hibernate-core-5.4.9.Final.jar (Vulnerable Library)

High 7.4 hibernate-core-5.4.9.Final.jar Upgrade to version: org.hibernate:hibernate-core:5.3.20.Final,5.4.24.Final None
CVE-2021-42550

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> spring-boot-starter-logging-2.2.2.RELEASE.jar

         -> ❌ logback-classic-1.2.3.jar (Vulnerable Library)

Medium 6.6 logback-classic-1.2.3.jar Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 None
CVE-2021-42550

Path to dependency file: /webwolf/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> spring-boot-starter-logging-2.2.2.RELEASE.jar

         -> logback-classic-1.2.3.jar

           -> ❌ logback-core-1.2.3.jar (Vulnerable Library)

Medium 6.6 logback-core-1.2.3.jar Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 None
CVE-2023-34055

Path to dependency file: /webgoat-integration-tests/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> ❌ spring-boot-2.2.2.RELEASE.jar (Vulnerable Library)

Medium 6.5 spring-boot-2.2.2.RELEASE.jar Upgrade to version: org.springframework.boot:spring-boot:2.7.18,3.0.13,3.1.6 None
CVE-2023-20863

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> spring-boot-2.2.2.RELEASE.jar

         -> spring-context-5.2.2.RELEASE.jar

           -> ❌ spring-expression-5.2.2.RELEASE.jar (Vulnerable Library)

Medium 6.5 spring-expression-5.2.2.RELEASE.jar Upgrade to version: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8 None
CVE-2023-20861

Path to dependency file: /webgoat-container/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> spring-boot-2.2.2.RELEASE.jar

         -> spring-context-5.2.2.RELEASE.jar

           -> ❌ spring-expression-5.2.2.RELEASE.jar (Vulnerable Library)

Medium 6.5 spring-expression-5.2.2.RELEASE.jar Upgrade to version: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7 None
CVE-2022-41854

Path to dependency file: /webgoat-server/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> ❌ snakeyaml-1.25.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.25.jar Upgrade to version: org.yaml:snakeyaml:1.32 None
CVE-2022-38752

Path to dependency file: /webgoat-server/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar

Dependency Hierarchy:

-> webgoat-container-v8.1.0.jar (Root Library)

   -> spring-boot-starter-web-2.2.2.RELEASE.jar

     -> spring-boot-starter-2.2.2.RELEASE.jar

       -> ❌ snakeyaml-1.25.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.25.jar Upgrade to version: org.yaml:snakeyaml:1.32 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2020-11022 jquery-3.3.1.tgz
CVE-2021-41182 jquery-ui-1.10.4.js
CVE-2021-41183 jquery-ui-1.10.4.js
WS-2017-0141 wysihtml5-0.3.0.js
CVE-2016-7103 jquery-ui-1.10.4.js
CVE-2021-41184 jquery-ui-1.10.4.js
CVE-2019-11358 jquery-3.3.1.tgz
CVE-2022-31160 jquery-ui-1.10.4.js
CVE-2024-31033 jjwt-0.7.0.jar
CVE-2020-11023 jquery-3.3.1.tgz

Base branch total remaining vulnerabilities: 89
Base branch commit: 11c04f32f167ff5cba0aaa5bccd3d09c772bb895


Total libraries scanned: 172

Scan token: af89dbd80c8d43c0871dcd0f07599843

View more details on Mend for GitHub.com