Update dependency org.codehaus.plexus:plexus-container-default to v2 #266
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2021-44228Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
 Critical |
10.0 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.2,2.15.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 | None |
CVE-2021-45046Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
Critical |
9.0 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.2,2.16.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 | None |
CVE-2019-10086Path to dependency file: /plugins/portlet-tiles/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar Dependency Hierarchy: -> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library) |
 High |
7.3 | commons-beanutils-1.9.2.jar | Upgrade to version: commons-beanutils:commons-beanutils:1.9.4 | None |
CVE-2014-0114Path to dependency file: /plugins/portlet-tiles/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar Dependency Hierarchy: -> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library) |
High |
7.3 | commons-beanutils-1.9.2.jar | Upgrade to version: commons-beanutils:commons-beanutils:1.9.4;org.apache.struts:struts2-core:2.0.5 | #37 |
CVE-2021-44832Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
 Medium |
6.6 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.2,2.12.4,2.17.1 | None |
CVE-2020-11023Path to dependency file: /assembly/target/docs/tag-developers/index.html Path to vulnerable library: /assembly/target/docs/tag-developers/index.html,/assembly/target/docs/core-developers/index.html,/assembly/target/docs/maven-archetypes/index.html,/assembly/target/docs/plugins/index.html,/assembly/target/docs/getting-started/index.html,/assembly/target/docs/security/index.html Dependency Hierarchy: -> ❌ jquery-1.11.0.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.11.0.min.js | Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 | #139 |
CVE-2020-11022Path to dependency file: /assembly/target/docs/tag-developers/index.html Path to vulnerable library: /assembly/target/docs/tag-developers/index.html,/assembly/target/docs/core-developers/index.html,/assembly/target/docs/maven-archetypes/index.html,/assembly/target/docs/plugins/index.html,/assembly/target/docs/getting-started/index.html,/assembly/target/docs/security/index.html Dependency Hierarchy: -> ❌ jquery-1.11.0.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.11.0.min.js | Upgrade to version: jQuery - 3.5.0 | #129 |
CVE-2019-11358Path to dependency file: /assembly/target/docs/tag-developers/index.html Path to vulnerable library: /assembly/target/docs/tag-developers/index.html,/assembly/target/docs/core-developers/index.html,/assembly/target/docs/maven-archetypes/index.html,/assembly/target/docs/plugins/index.html,/assembly/target/docs/getting-started/index.html,/assembly/target/docs/security/index.html Dependency Hierarchy: -> ❌ jquery-1.11.0.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.11.0.min.js | Upgrade to version: jquery - 3.4.0 | #93 |
CVE-2015-9251Path to dependency file: /assembly/target/docs/tag-developers/index.html Path to vulnerable library: /assembly/target/docs/tag-developers/index.html,/assembly/target/docs/core-developers/index.html,/assembly/target/docs/maven-archetypes/index.html,/assembly/target/docs/plugins/index.html,/assembly/target/docs/getting-started/index.html,/assembly/target/docs/security/index.html Dependency Hierarchy: -> ❌ jquery-1.11.0.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-1.11.0.min.js | Upgrade to version: jQuery - 3.0.0 | #11 |
CVE-2021-45105Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
Medium |
5.9 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.3,2.17.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 | None |
CVE-2020-15250Path to dependency file: /core/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar,/home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar,/home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar,/home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar,/home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar Dependency Hierarchy: -> ❌ junit-4.12.jar (Vulnerable Library) |
Medium |
5.5 | junit-4.12.jar | Upgrade to version: junit:junit:4.13.1 | None |
CVE-2022-22968Path to dependency file: /core/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar Dependency Hierarchy: -> ❌ spring-context-4.3.13.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | spring-context-4.3.13.RELEASE.jar | Upgrade to version: org.springframework:spring-context:5.2.21,5.3.19 | None |
CVE-2020-10693Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-validator/5.1.3.Final/hibernate-validator-5.1.3.Final.jar Dependency Hierarchy: -> ❌ hibernate-validator-5.1.3.Final.jar (Vulnerable Library) |
Medium |
5.3 | hibernate-validator-5.1.3.Final.jar | Upgrade to version: org.hibernate:hibernate-validator:6.0.20.Final,6.1.5.Final | #200 |
CVE-2020-9488Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
 Low |
3.7 | log4j-core-2.10.0.jar | Upgrade to version: ch.qos.reload4j:reload4j:1.2.18.3 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2022-4244 | plexus-utils-1.2.jar |
| CVE-2022-4245 | plexus-utils-1.2.jar |
| WS-2016-7057 | plexus-utils-1.2.jar |
| WS-2016-7062 | plexus-utils-1.2.jar |
| CVE-2017-1000487 | plexus-utils-1.2.jar |
Base branch total remaining vulnerabilities: 171
Base branch commit: null
Total libraries scanned: 169
Scan token: 4474a61bc3c543beaf0a538d91ade3c6