Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pom.xml #46

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update pom.xml #46

wants to merge 1 commit into from

Conversation

gvocstr
Copy link
Owner

@gvocstr gvocstr commented May 9, 2022

No description provided.

@gvocstr
Copy link
Owner Author

gvocstr commented May 9, 2022

Logo
Checkmarx AST – Scan Summary & Details63d15f87-4f16-41d7-86fa-ef9caeb39575

New

Severity Issue File / Package Scan Engine
HIGH ALB Listening on HTTP /terraform_examples/positive2.tf: 70 CxKICS
HIGH ALB Listening on HTTP /terraform_examples/positive1.tf: 9 CxKICS
HIGH CVE-2014-0114 Maven-commons-beanutils:commons-beanutils-1.8.0 CxSCA
HIGH CVE-2016-5007 Maven-org.springframework.security:spring-security-config-3.2.4.RELEASE CxSCA
HIGH CVE-2017-1000048 Npm-qs-6.0.0 CxSCA
HIGH CVE-2018-1272 Maven-org.springframework:spring-core-3.2.4.RELEASE CxSCA
HIGH CVE-2019-10744 Npm-lodash-4.17.11 CxSCA
HIGH CVE-2019-11272 Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE CxSCA
HIGH CVE-2020-7212 Pip-urllib3-1.25.7 CxSCA
HIGH CVE-2020-8203 Npm-lodash-4.17.11 CxSCA
HIGH CVE-2021-23337 Npm-lodash-4.17.11 CxSCA
HIGH CVE-2021-33503 Pip-urllib3-1.25.7 CxSCA
HIGH CVE-2022-22965 Maven-org.springframework:spring-core-3.2.4.RELEASE CxSCA
HIGH CVE-2022-22965 Maven-org.springframework:spring-beans-3.2.8.RELEASE CxSCA
HIGH Cx058c174c-6acf Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cx0b298b14-e919 Npm-scs-0.0.1 CxSCA
HIGH Cx0b414307-5d4b Npm-lodash-4.17.11 CxSCA
HIGH Cx252b6052-344d Npm-momnet-2.29.1 CxSCA
HIGH Cx29903ca3-2624 Npm-momnet-2.29.1 CxSCA
HIGH Cx412ba4a9-fb67 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cx465ad166-7219 Npm-scs-0.0.1 CxSCA
HIGH Cx4a153530-844a Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cx56a5bcf3-3ec4 Npm-scs-0.0.1 CxSCA
HIGH Cx5f2c1b15-649f Npm-flow-dev-tools-99.10.9 CxSCA
HIGH Cx685a2c6c-12d6 Npm-scs-0.0.1 CxSCA
HIGH Cx6af9e958-e3bd Npm-scs-0.0.1 CxSCA
HIGH Cx7f6c8f43-4f75 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cx9a167607-a01e Npm-flow-dev-tools-99.10.9 CxSCA
HIGH Cxa6781af7-70e2 Npm-scs-0.0.1 CxSCA
HIGH Cxabf8a0bc-d89d Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxb4b2ead3-45aa Npm-flow-dev-tools-99.10.9 CxSCA
HIGH Cxbd45c2b9-4622 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxbd47781c-9568 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxc98139b3-46cd Npm-node-ipc-9.2.2 CxSCA
HIGH Cxca4ddfcf-54ef Npm-node-ipc-9.2.2 CxSCA
HIGH Cxcc09496a-59c8 Npm-js-yaml-3.6.1 CxSCA
HIGH Cxd1df8707-be05 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxdca8e59f-8bfe Npm-inflight-1.0.6 CxSCA
HIGH Cxec49316b-56df Npm-js-yaml-3.6.1 CxSCA
HIGH EC2 Instance Has Public IP /terraform_examples/negative2.tf: 83, 96, 109 CxKICS
HIGH EC2 Instance Has Public IP /terraform_examples/positive2.tf: 82, 95, 108 CxKICS
HIGH Missing User Instruction /Dockerfile: 1 CxKICS
HIGH Reflected_XSS_All_Clients /test/b.java: 21 CxSAST
HIGH Reflected_XSS_All_Clients /src/xss.java: 21, 27, 35, 49, 56, 63, 70, 77, 84 CxSAST
HIGH Run Using Upgrade Commands /Dockerfile: 5 CxKICS
HIGH SQL_Injection /src/Login.java: 22, 23 CxSAST
MEDIUM ALB Not Dropping Invalid Headers /terraform_examples/negative2.tf: 49 CxKICS
MEDIUM ALB Not Dropping Invalid Headers /terraform_examples/positive1.tf: 15 CxKICS
MEDIUM ALB Not Dropping Invalid Headers /terraform_examples/negative1.tf: 15 CxKICS
MEDIUM ALB Not Dropping Invalid Headers /terraform_examples/positive2.tf: 49 CxKICS
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 CxKICS
MEDIUM CVE-2014-3578 Maven-org.springframework:spring-core-3.2.4.RELEASE CxSCA
MEDIUM CVE-2019-3795 Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE CxSCA
MEDIUM CVE-2020-15250 Maven-junit:junit-4.8.1 CxSCA
MEDIUM CVE-2020-26137 Pip-urllib3-1.25.7 CxSCA
MEDIUM CVE-2020-28500 Npm-lodash-4.17.11 CxSCA
MEDIUM CVE-2020-5408 Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE CxSCA
MEDIUM CVE-2021-22060 Maven-org.springframework:spring-core-3.2.4.RELEASE CxSCA
MEDIUM CVE-2022-22950 Maven-org.springframework:spring-expression-3.2.8.RELEASE CxSCA
MEDIUM CVE-2022-22950 Maven-org.springframework:spring-core-3.2.4.RELEASE CxSCA
MEDIUM Cx0112f5f3-9c14 Npm-ua-parser-js-0.7.29 CxSCA
MEDIUM Cx826eb034-0ad0 Npm-event-pubsub-5.0.3 CxSCA
MEDIUM Cxb6f8b590-28b9 Npm-momnet-2.29.1 CxSCA
MEDIUM Cxbe21bf0e-a39f Npm-node-ipc-9.2.2 CxSCA
MEDIUM Cxcda94183-0bb9 Npm-node-ipc-9.2.2 CxSCA
MEDIUM Cxd5971f26-a20c Npm-scs-0.0.1 CxSCA
MEDIUM Cxee5d4ba0-5460 Npm-strong-type-0.1.6 CxSCA
MEDIUM IAM Access Analyzer Undefined /terraform_examples/negative1.tf: 1 CxKICS
MEDIUM VPC FlowLogs Disabled /terraform_examples/positive2.tf: 26 CxKICS
MEDIUM VPC FlowLogs Disabled /terraform_examples/negative2.tf: 26 CxKICS
MEDIUM VPC Without Network Firewall /terraform_examples/positive2.tf: 26 CxKICS
MEDIUM VPC Without Network Firewall /terraform_examples/negative2.tf: 26 CxKICS
LOW ALB Deletion Protection Disabled /terraform_examples/positive2.tf: 49 CxKICS
LOW ALB Deletion Protection Disabled /terraform_examples/negative2.tf: 49 CxKICS
LOW ALB Deletion Protection Disabled /terraform_examples/positive1.tf: 15 CxKICS
LOW ALB Deletion Protection Disabled /terraform_examples/negative1.tf: 15 CxKICS
LOW EC2 Instance Using Default Security Group /terraform_examples/positive2.tf: 83, 96, 109 CxKICS
LOW EC2 Instance Using Default Security Group /terraform_examples/negative2.tf: 84, 97, 110 CxKICS
LOW Healthcheck Instruction Missing /Dockerfile: 1 CxKICS
LOW Shield Advanced Not In Use /terraform_examples/positive2.tf: 49 CxKICS
LOW Shield Advanced Not In Use /terraform_examples/negative1.tf: 15 CxKICS
LOW Shield Advanced Not In Use /terraform_examples/positive1.tf: 15 CxKICS
LOW Shield Advanced Not In Use /terraform_examples/negative2.tf: 49 CxKICS

@gvocstr
Copy link
Owner Author

gvocstr commented May 9, 2022

Logo
Checkmarx AST – Scan Summary & Detailsc792db8b-ea35-46d0-a2ec-ab40bf4d1b85

New Issues

Severity Issue File / Package Scan Engine
HIGH Cx10ce9646-899d Npm-momnet-2.29.1 CxSCA
HIGH Cx23797ad1-b4b2 Npm-scs-0.0.1 CxSCA
HIGH Cx23e34bdc-70cb Npm-scs-0.0.1 CxSCA
HIGH Cx2718ae13-9a22 Npm-scs-0.0.1 CxSCA
HIGH Cx2a106fbd-68ad Npm-scs-0.0.1 CxSCA
HIGH Cx2b4e9736-a215 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cx49a3a08d-bdfc Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cx4b9fe624-39d4 Npm-scs-0.0.1 CxSCA
HIGH Cx6ae9bf46-e24b Npm-node-ipc-9.2.2 CxSCA
HIGH Cx73e9a5eb-67aa Npm-momnet-2.29.1 CxSCA
HIGH Cx7a894ca3-d362 Npm-flow-dev-tools-99.10.9 CxSCA
HIGH Cx81086390-5577 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cx89ea0522-9289 Npm-scs-0.0.1 CxSCA
HIGH Cxabce789a-1e89 Npm-flow-dev-tools-99.10.9 CxSCA
HIGH Cxac2266e0-8165 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxac8909b8-4d63 Npm-node-ipc-9.2.2 CxSCA
HIGH Cxb5f88aea-d242 Npm-flow-dev-tools-99.10.9 CxSCA
HIGH Cxed4d4ba5-7a1c Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxfe6bae68-cb1b Npm-ua-parser-js-0.7.29 CxSCA
MEDIUM Cx342da779-a916 Npm-node-ipc-9.2.2 CxSCA
MEDIUM Cx64c9a4e0-a7c7 Npm-strong-type-0.1.6 CxSCA
MEDIUM Cx695d41d8-4b99 Npm-ua-parser-js-0.7.29 CxSCA
MEDIUM Cx933cb42d-b8c0 Npm-node-ipc-9.2.2 CxSCA
MEDIUM Cxb8e9ec8b-9bbb Npm-event-pubsub-5.0.3 CxSCA
MEDIUM Cxc6a9734e-21b6 Npm-scs-0.0.1 CxSCA
MEDIUM Cxef37aa7f-a889 Npm-momnet-2.29.1 CxSCA

Fixed Issues

Severity Issue File / Package Scan Engine
HIGH CVE-2019-17571 Maven-log4j:log4j-1.2.17 CxSCA
HIGH CVE-2021-4104 Maven-log4j:log4j-1.2.17 CxSCA
HIGH CVE-2022-23302 Maven-log4j:log4j-1.2.17 CxSCA
HIGH CVE-2022-23305 Maven-log4j:log4j-1.2.17 CxSCA
HIGH CVE-2022-23307 Maven-log4j:log4j-1.2.17 CxSCA
HIGH Cx01df62ef-7fc3 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cx0f84ae7b-e581 Npm-node-ipc-9.2.2 CxSCA
HIGH Cx161c3c23-85c6 Npm-scs-0.0.1 CxSCA
HIGH Cx3cf74206-7862 Npm-flow-dev-tools-99.10.9 CxSCA
HIGH Cx43de42da-9a75 Npm-scs-0.0.1 CxSCA
HIGH Cx48534cc8-d382 Npm-scs-0.0.1 CxSCA
HIGH Cx546dec70-8820 Npm-momnet-2.29.1 CxSCA
HIGH Cx5d0e9161-57aa Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cx6ed4aee9-58ab Npm-scs-0.0.1 CxSCA
HIGH Cx9327d8b4-16ac Npm-scs-0.0.1 CxSCA
HIGH Cx9f5f5e7d-e493 Npm-scs-0.0.1 CxSCA
HIGH Cxabe45e9a-4a5c Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxac29c201-2a43 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxb16010cd-4291 Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxe56ef7d5-0435 Npm-momnet-2.29.1 CxSCA
HIGH Cxe5eb15d5-454f Npm-ua-parser-js-0.7.29 CxSCA
HIGH Cxe9b503dc-1108 Npm-flow-dev-tools-99.10.9 CxSCA
HIGH Cxf9944a09-f6b9 Npm-flow-dev-tools-99.10.9 CxSCA
HIGH Cxff713bf4-8215 Npm-node-ipc-9.2.2 CxSCA
MEDIUM Cx336a0da9-dd77 Npm-scs-0.0.1 CxSCA
MEDIUM Cx6f89335d-ad1d Npm-node-ipc-9.2.2 CxSCA
MEDIUM Cxb3667e4b-784a Npm-event-pubsub-5.0.3 CxSCA
MEDIUM Cxb5763e38-6088 Npm-strong-type-0.1.6 CxSCA
MEDIUM Cxec236646-1c3a Npm-node-ipc-9.2.2 CxSCA
MEDIUM Cxef1ed761-6a40 Npm-ua-parser-js-0.7.29 CxSCA
MEDIUM Cxf81d1788-2e6e Npm-momnet-2.29.1 CxSCA

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@gvocstr