[Snyk] Upgrade @opentelemetry/resources from 1.22.0 to 1.24.1 #2506
Security Report
8 new vulnerabilities were introduced in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2024-27309Path to dependency file: /persistence/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-metadata/3.6.1/568acb2c4d16ac625be067dcfb68fc75f39e76b6/kafka-metadata-3.6.1.jar Dependency Hierarchy: -> spring-kafka-test-3.1.2.jar (Root Library) -> ❌ kafka-metadata-3.6.1.jar (Vulnerable Library) |
Critical | 9.8 | kafka-metadata-3.6.1.jar | Upgrade to version: org.apache.kafka:kafka-metadata:3.6.2 | #2433 |
CVE-2024-22257Path to dependency file: /persistence/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-core/6.2.2/8cf7e96179c6f253ab36f76ebb24538a7e619f49/spring-security-core-6.2.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-core/6.2.2/8cf7e96179c6f253ab36f76ebb24538a7e619f49/spring-security-core-6.2.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-core/6.2.2/8cf7e96179c6f253ab36f76ebb24538a7e619f49/spring-security-core-6.2.2.jar Dependency Hierarchy: -> spring-boot-starter-security-3.2.3.jar (Root Library) -> spring-security-web-6.2.2.jar -> ❌ spring-security-core-6.2.2.jar (Vulnerable Library) |
High | 8.2 | spring-security-core-6.2.2.jar | Upgrade to version: org.springframework.security:spring-security-core:5.7.12,5.8.11,6.1.8,6.2.3 | #2388 |
CVE-2024-22262Path to dependency file: /release-toggles/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.5/4f4e92cc52ee33260f1ee0cdc7b7a2f22d49708c/spring-web-6.1.5.jar Dependency Hierarchy: -> ❌ spring-web-6.1.5.jar (Vulnerable Library) |
High | 8.1 | spring-web-6.1.5.jar | Upgrade to version: org.springframework:spring-web:5.3.34;6.0.19,6.1.6 | #2430 |
CVE-2024-22262Path to dependency file: /security/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar Dependency Hierarchy: -> spring-boot-starter-webflux-3.2.3.jar (Root Library) -> ❌ spring-web-6.1.4.jar (Vulnerable Library) |
High | 8.1 | spring-web-6.1.4.jar | Upgrade to version: org.springframework:spring-web:5.3.34;6.0.19,6.1.6 | #2430 |
CVE-2024-22259Path to dependency file: /security/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar Dependency Hierarchy: -> spring-boot-starter-webflux-3.2.3.jar (Root Library) -> ❌ spring-web-6.1.4.jar (Vulnerable Library) |
High | 8.1 | spring-web-6.1.4.jar | Upgrade to version: org.springframework:spring-web:5.3.33,6.0.18,6.1.5 | #2367 |
CVE-2024-23944Path to dependency file: /persistence/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.zookeeper/zookeeper/3.8.3/97bb82af5b529ec14e9c2d44b96884544f0db743/zookeeper-3.8.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.zookeeper/zookeeper/3.8.3/97bb82af5b529ec14e9c2d44b96884544f0db743/zookeeper-3.8.3.jar Dependency Hierarchy: -> spring-kafka-test-3.1.2.jar (Root Library) -> ❌ zookeeper-3.8.3.jar (Vulnerable Library) |
High | 7.5 | zookeeper-3.8.3.jar | Upgrade to version: org.apache.zookeeper:zookeeper:3.8.4,3.9.2 | #2366 |
CVE-2024-22271Path to dependency file: /functions/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.cloud/spring-cloud-function-context/4.1.0/dd0151b549e90b302a31feb1eb1870411eb3dd9e/spring-cloud-function-context-4.1.0.jar Dependency Hierarchy: -> spring-cloud-starter-function-web-4.1.0.jar (Root Library) -> spring-cloud-function-web-4.1.0.jar -> ❌ spring-cloud-function-context-4.1.0.jar (Vulnerable Library) |
Medium | 6.5 | spring-cloud-function-context-4.1.0.jar | Upgrade to version: org.springframework.cloud:spring-cloud-function-context:4.1.2 | None |
CVE-2024-29025Path to dependency file: /file-storage/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http/4.1.107.Final/4d8e9e51b7254bd26a42fe17bdcae32e4c6ebb3/netty-codec-http-4.1.107.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http/4.1.107.Final/4d8e9e51b7254bd26a42fe17bdcae32e4c6ebb3/netty-codec-http-4.1.107.Final.jar Dependency Hierarchy: -> r2dbc-mariadb-1.2.0.jar (Root Library) -> reactor-netty-1.1.16.jar -> reactor-netty-core-1.1.16.jar -> netty-handler-proxy-4.1.107.Final.jar -> ❌ netty-codec-http-4.1.107.Final.jar (Vulnerable Library) |
Medium | 5.3 | netty-codec-http-4.1.107.Final.jar | Upgrade to version: io.netty:netty-codec-http:4.1.108.Final | #2404 |
Base branch total remaining vulnerabilities: 78
Base branch commit: 2dce83a9832f93747ffc1ee14c0b97c8ba5f69db
Total libraries scanned: 548
Scan token: 6e17a6b51f6147bf9b45e5e616889d88