Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.apache.curator:curator-test to v5 #316

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency org.apache.curator:curator-test to v5

093ad61
Select commit
Loading
Failed to load commit list.
Open

Update dependency org.apache.curator:curator-test to v5 #316

Update dependency org.apache.curator:curator-test to v5
093ad61
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Oct 13, 2024 in 5h 3m 59s

Security Report

You have successfully remediated 18 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-47554

Path to dependency file: /owner-extras/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar

Dependency Hierarchy:

-> curator-framework-4.3.0.jar (Root Library)

   -> curator-client-4.3.0.jar

     -> zookeeper-3.9.2.jar

       -> ❌ commons-io-2.11.0.jar (Vulnerable Library)

High 7.5 commons-io-2.11.0.jar Upgrade to version: commons-io:commons-io:2.14.0 None
CVE-2023-2976

Path to dependency file: /owner-extras/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar

Dependency Hierarchy:

-> curator-framework-4.3.0.jar (Root Library)

   -> curator-client-4.3.0.jar

     -> ❌ guava-32.0.0-jre.jar (Vulnerable Library)

Medium 5.5 guava-32.0.0-jre.jar Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre #362

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2022-24823 netty-common-4.1.45.Final.jar
CVE-2022-23305 log4j-1.2.17.jar
CVE-2020-11612 netty-codec-4.1.45.Final.jar
CVE-2021-4104 log4j-1.2.17.jar
CVE-2022-23307 log4j-1.2.17.jar
CVE-2021-21290 netty-handler-4.1.45.Final.jar
CVE-2023-44981 zookeeper-3.5.7.jar
CVE-2021-37137 netty-codec-4.1.45.Final.jar
WS-2020-0408 netty-handler-4.1.45.Final.jar
CVE-2023-2976 guava-27.0.1-jre.jar
CVE-2023-34462 netty-handler-4.1.45.Final.jar
CVE-2020-9488 log4j-1.2.17.jar
CVE-2023-26464 log4j-1.2.17.jar
CVE-2019-17571 log4j-1.2.17.jar
CVE-2020-9493 log4j-1.2.17.jar
CVE-2020-8908 guava-27.0.1-jre.jar
CVE-2022-23302 log4j-1.2.17.jar
CVE-2021-37136 netty-codec-4.1.45.Final.jar

Base branch total remaining vulnerabilities: 18
Base branch commit: f18b796d7f5af8487373381091d7cd1ed60baf15


Total libraries scanned: 34

Scan token: 68d618615f984154b142bc240e17538a

View more details on Mend Bolt for GitHub