Update dependency org.codehaus.plexus:plexus-container-default to v2 #266
Security Report
You have successfully remediated 5 vulnerabilities, but introduced 14 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2021-44228Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
Critical | 10.0 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.2,2.15.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 | None |
CVE-2021-45046Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
Critical | 9.0 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.2,2.16.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 | None |
CVE-2019-10086Path to dependency file: /plugins/portlet-tiles/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar Dependency Hierarchy: -> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library) |
High | 7.3 | commons-beanutils-1.9.2.jar | Upgrade to version: commons-beanutils:commons-beanutils:1.9.4 | None |
CVE-2014-0114Path to dependency file: /plugins/portlet-tiles/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar,/home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar Dependency Hierarchy: -> ❌ commons-beanutils-1.9.2.jar (Vulnerable Library) |
High | 7.3 | commons-beanutils-1.9.2.jar | Upgrade to version: commons-beanutils:commons-beanutils:1.9.4;org.apache.struts:struts2-core:2.0.5 | #37 |
CVE-2021-44832Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
Medium | 6.6 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.2,2.12.4,2.17.1 | None |
CVE-2020-11023Path to dependency file: /assembly/target/docs/tag-developers/index.html Path to vulnerable library: /assembly/target/docs/tag-developers/index.html,/assembly/target/docs/core-developers/index.html,/assembly/target/docs/maven-archetypes/index.html,/assembly/target/docs/plugins/index.html,/assembly/target/docs/getting-started/index.html,/assembly/target/docs/security/index.html Dependency Hierarchy: -> ❌ jquery-1.11.0.min.js (Vulnerable Library) |
Medium | 6.1 | jquery-1.11.0.min.js | Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 | #139 |
CVE-2020-11022Path to dependency file: /assembly/target/docs/tag-developers/index.html Path to vulnerable library: /assembly/target/docs/tag-developers/index.html,/assembly/target/docs/core-developers/index.html,/assembly/target/docs/maven-archetypes/index.html,/assembly/target/docs/plugins/index.html,/assembly/target/docs/getting-started/index.html,/assembly/target/docs/security/index.html Dependency Hierarchy: -> ❌ jquery-1.11.0.min.js (Vulnerable Library) |
Medium | 6.1 | jquery-1.11.0.min.js | Upgrade to version: jQuery - 3.5.0 | #129 |
CVE-2019-11358Path to dependency file: /assembly/target/docs/tag-developers/index.html Path to vulnerable library: /assembly/target/docs/tag-developers/index.html,/assembly/target/docs/core-developers/index.html,/assembly/target/docs/maven-archetypes/index.html,/assembly/target/docs/plugins/index.html,/assembly/target/docs/getting-started/index.html,/assembly/target/docs/security/index.html Dependency Hierarchy: -> ❌ jquery-1.11.0.min.js (Vulnerable Library) |
Medium | 6.1 | jquery-1.11.0.min.js | Upgrade to version: jquery - 3.4.0 | #93 |
CVE-2015-9251Path to dependency file: /assembly/target/docs/tag-developers/index.html Path to vulnerable library: /assembly/target/docs/tag-developers/index.html,/assembly/target/docs/core-developers/index.html,/assembly/target/docs/maven-archetypes/index.html,/assembly/target/docs/plugins/index.html,/assembly/target/docs/getting-started/index.html,/assembly/target/docs/security/index.html Dependency Hierarchy: -> ❌ jquery-1.11.0.min.js (Vulnerable Library) |
Medium | 6.1 | jquery-1.11.0.min.js | Upgrade to version: jQuery - 3.0.0 | #11 |
CVE-2021-45105Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
Medium | 5.9 | log4j-core-2.10.0.jar | Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.3,2.17.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 | None |
CVE-2020-15250Path to dependency file: /core/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar,/home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar,/home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar,/home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar,/home/wss-scanner/.m2/repository/junit/junit/4.12/junit-4.12.jar Dependency Hierarchy: -> ❌ junit-4.12.jar (Vulnerable Library) |
Medium | 5.5 | junit-4.12.jar | Upgrade to version: junit:junit:4.13.1 | None |
CVE-2022-22968Path to dependency file: /core/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.13.RELEASE/spring-context-4.3.13.RELEASE.jar Dependency Hierarchy: -> ❌ spring-context-4.3.13.RELEASE.jar (Vulnerable Library) |
Medium | 5.3 | spring-context-4.3.13.RELEASE.jar | Upgrade to version: org.springframework:spring-context:5.2.21,5.3.19 | None |
CVE-2020-10693Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-validator/5.1.3.Final/hibernate-validator-5.1.3.Final.jar Dependency Hierarchy: -> ❌ hibernate-validator-5.1.3.Final.jar (Vulnerable Library) |
Medium | 5.3 | hibernate-validator-5.1.3.Final.jar | Upgrade to version: org.hibernate:hibernate-validator:6.0.20.Final,6.1.5.Final | #200 |
CVE-2020-9488Path to dependency file: /apps/showcase/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar Dependency Hierarchy: -> ❌ log4j-core-2.10.0.jar (Vulnerable Library) |
Low | 3.7 | log4j-core-2.10.0.jar | Upgrade to version: ch.qos.reload4j:reload4j:1.2.18.3 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2022-4244 | plexus-utils-1.2.jar |
CVE-2022-4245 | plexus-utils-1.2.jar |
WS-2016-7057 | plexus-utils-1.2.jar |
WS-2016-7062 | plexus-utils-1.2.jar |
CVE-2017-1000487 | plexus-utils-1.2.jar |
Base branch total remaining vulnerabilities: 171
Base branch commit: null
Total libraries scanned: 169
Scan token: 4474a61bc3c543beaf0a538d91ade3c6