Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OWASP checks #68

Open
ioggstream opened this issue Oct 7, 2022 · 1 comment
Open

OWASP checks #68

ioggstream opened this issue Oct 7, 2022 · 1 comment

Comments

@ioggstream
Copy link

I expect

OWASP dependency checks in CI
@ioggstream
Copy link
Author

Current outpu

commons-io-2.5.jar (pkg:maven/commons-io/[email protected], cpe:2.3:a:apache:commons_io:2.5:::::::) : CVE-2021-29425
fluent-hc-4.5.2.jar (pkg:maven/org.apache.httpcomponents/[email protected], cpe:2.3:a:apache:httpclient:4.5.2:::::::) : CVE-2020-13956
guava-20.0.jar (pkg:maven/com.google.guava/[email protected], cpe:2.3:a:google:guava:20.0:::::::) : CVE-2018-10237, CVE-2020-8908
hibernate-validator-5.3.5.Final.jar (pkg:maven/org.hibernate/[email protected], cpe:2.3:a:hibernate:hibernate_orm:5.3.5:::::::, cpe:2.3:a:redhat:hibernate_validator:5.3.5:::::::) : CVE-2020-25638, CVE-2017-7536, CVE-2019-14900, CVE-2019-10219, CVE-2020-10693
httpclient-4.5.3.jar (pkg:maven/org.apache.httpcomponents/[email protected], cpe:2.3:a:apache:httpclient:4.5.3:::::::) : CVE-2020-13956
httpclient-osgi-4.5.2.jar (pkg:maven/org.apache.httpcomponents/[email protected], pkg:maven/org.apache.httpcomponents/[email protected], cpe:2.3:a:apache:httpclient:4.5.2:::::::) : CVE-2020-13956
jackson-annotations-2.8.0.jar (pkg:maven/com.fasterxml.jackson.core/[email protected], cpe:2.3:a:fasterxml:jackson-modules-java8:2.8.0:::::::) : CVE-2018-1000873
jackson-core-2.8.9.jar (pkg:maven/com.fasterxml.jackson.core/[email protected], cpe:2.3:a:fasterxml:jackson-modules-java8:2.8.9:::::::) : CVE-2018-1000873
jackson-databind-2.8.9.jar (pkg:maven/com.fasterxml.jackson.core/[email protected], cpe:2.3:a:fasterxml:jackson-databind:2.8.9:::::::, cpe:2.3:a:fasterxml:jackson-modules-java8:2.8.9:::::::) : CVE-2018-14721, CVE-2017-15095, CVE-2017-17485, CVE-2018-11307, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-7489, CVE-2019-14379, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2018-5968, CVE-2020-35490, CVE-2020-35491, CVE-2018-12022, CVE-2018-12023, CVE-2019-12086, CVE-2019-14439, CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2018-1000873, CVE-2019-12384, CVE-2019-12814
jackson-mapper-asl-1.9.13.jar (pkg:maven/org.codehaus.jackson/[email protected], cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:::::::) : CVE-2017-7525, CVE-2019-10172
log4j-api-2.7.jar (pkg:maven/org.apache.logging.log4j/[email protected], cpe:2.3:a:apache:log4j:2.7:::::::) : CVE-2017-5645, CVE-2020-9488
rdf4j-model-2.1.4.jar (pkg:maven/org.eclipse.rdf4j/[email protected], cpe:2.3:a:eclipse:rdf4j:2.1.4:::::::) : CVE-2018-1000644
rdf4j-rio-binary-2.1.4.jar (pkg:maven/org.eclipse.rdf4j/[email protected], cpe:2.3:a:binary_project:binary:2.1.4:::::::, cpe:2.3:a:eclipse:rdf4j:2.1.4:::::::) : CVE-2018-1000644
rdf4j-util-2.1.4.jar (pkg:maven/org.eclipse.rdf4j/[email protected], cpe:2.3:a:eclipse:rdf4j:2.1.4:::::::) : CVE-2018-1000644, CVE-2018-20227
snakeyaml-1.17.jar (pkg:maven/org.yaml/[email protected], cpe:2.3:a:snakeyaml_project:snakeyaml:1.17:::::::, cpe:2.3:a:yaml_project:yaml:1.17:::::::) : CVE-2017-18640, CVE-2022-25857, CVE-2022-38749, CVE-2022-38751, CVE-2022-38752, CVE-2022-38750
spring-boot-1.5.6.RELEASE.jar (pkg:maven/org.springframework.boot/[email protected], cpe:2.3:a:vmware:spring_boot:1.5.6:release::::::) : CVE-2017-8046, CVE-2022-27772, CVE-2018-1196
spring-core-4.3.10.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.3.10:release::::::, cpe:2.3:a:springsource:spring_framework:4.3.10:release::::::, cpe:2.3:a:vmware:spring_framework:4.3.10:release::::::) : CVE-2018-1270, CVE-2018-1275, CVE-2022-22965, CVE-2018-11040, CVE-2018-1272, CVE-2018-15756, CVE-2018-1257, CVE-2020-5421, CVE-2022-22950, CVE-2018-11039, CVE-2018-1271, CVE-2018-1199, CVE-2022-22968, CVE-2022-22970
spring-web-4.3.10.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.3.10:release::::::, cpe:2.3:a:springsource:spring_framework:4.3.10:release::::::, cpe:2.3:a:vmware:spring_framework:4.3.10:release::::::) : CVE-2016-1000027, CVE-2018-1270, CVE-2018-1275, CVE-2022-22965, CVE-2018-11040, CVE-2018-1272, CVE-2018-15756, CVE-2018-1257, CVE-2020-5421, CVE-2022-22950, CVE-2018-11039, CVE-2018-1271, CVE-2018-1199, CVE-2022-22968, CVE-2022-22970
spring-webmvc-4.3.10.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.3.10:release::::::, cpe:2.3:a:springsource:spring_framework:4.3.10:release::::::, cpe:2.3:a:vmware:spring_framework:4.3.10:release::::::) : CVE-2018-1270, CVE-2018-1275, CVE-2022-22965, CVE-2018-11040, CVE-2018-1272, CVE-2018-15756, CVE-2018-1257, CVE-2020-5421, CVE-2022-22950, CVE-2018-11039, CVE-2018-1271, CVE-2018-1199, CVE-2020-5397, CVE-2022-22968, CVE-2022-22970, CVE-2021-22060
tomcat-embed-core-8.5.16.jar (pkg:maven/org.apache.tomcat.embed/[email protected], cpe:2.3:a:apache:tomcat:8.5.16:::::::, cpe:2.3:a:apache_tomcat:apache_tomcat:8.5.16:::::::) : CVE-2018-8014, CVE-2020-1938, CVE-2022-25762, CVE-2017-12617, CVE-2019-0232, CVE-2018-1336, CVE-2018-8034, CVE-2019-0199, CVE-2019-10072, CVE-2019-17563, CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-17527, CVE-2021-25122, CVE-2021-41079, CVE-2019-12418, CVE-2020-9484, CVE-2021-25329, CVE-2018-1305, CVE-2021-30640, CVE-2019-0221, CVE-2018-1304, CVE-2018-8037, CVE-2019-2684, CVE-2021-24122, CVE-2017-15706, CVE-2021-33037, CVE-2020-1935, CVE-2018-11784, CVE-2020-13943, CVE-2021-43980
tomcat-embed-websocket-8.5.16.jar (pkg:maven/org.apache.tomcat.embed/[email protected], cpe:2.3:a:apache:tomcat:8.5.16:::::::, cpe:2.3:a:apache_tomcat:apache_tomcat:8.5.16:::::::*) : CVE-2018-8014, CVE-2020-1938, CVE-2022-25762, CVE-2017-12617, CVE-2019-0232, CVE-2020-8022, CVE-2018-1336, CVE-2018-8034, CVE-2019-0199, CVE-2019-10072, CVE-2019-17563, CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-17527, CVE-2021-25122, CVE-2021-41079, CVE-2019-12418, CVE-2020-9484, CVE-2021-25329, CVE-2018-1305, CVE-2021-30640, CVE-2019-0221, CVE-2018-1304, CVE-2018-8037, CVE-2019-2684, CVE-2021-24122, CVE-2017-15706, CVE-2021-33037, CVE-2020-1935, CVE-2018-11784, CVE-2020-13943, CVE-2021-43980

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ioggstream