chore(deps): update module google.golang.org/grpc to v1.56.3 [securit…
Mend Bolt for GitHub / WhiteSource Security Check
failed
Apr 1, 2024 in 7m 8s
Security Report
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-46136Path to dependency file: /slackbot/requirements.txt Path to vulnerable library: /slackbot/requirements.txt Dependency Hierarchy: -> ❌ Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library) |
 High |
7.5 | Werkzeug-2.2.3-py3-none-any.whl | Upgrade to version: werkzeug - 2.3.8,3.0.1 | #268 |
CVE-2024-22195Path to dependency file: /slackbot/requirements.txt Path to vulnerable library: /slackbot/requirements.txt Dependency Hierarchy: -> ❌ Jinja2-3.1.2-py3-none-any.whl (Vulnerable Library) |
 Medium |
6.1 | Jinja2-3.1.2-py3-none-any.whl | Upgrade to version: jinja2 - 3.1.3 | #270 |
CVE-2023-48795Path to dependency file: /app/go.mod Path to vulnerable library: /app/go.mod Dependency Hierarchy: -> ❌ golang.org/x/crypto-v0.5.0 (Vulnerable Library) |
Medium |
5.9 | golang.org/x/crypto-v0.5.0 | Upgrade to version: putty - 0.80, openssh - V_9_6_P1, golang/crypto - v0.17.0, asyncssh - 2.14.2, libssh-0.9.8, libssh-0.10.6, teraterm - v5.1, paramiko - 3.4.0, russh - 0.40.2, com.github.mwiede:jsch:0.2.15, proftpd - v1.3.8b, thrussh - 0.35.1, teraterm - v5.1, org.connectbot:sshlib:2.2.22, mscdex/ssh2 - 1.15.0, jtesta/ssh-audit - v3.1.0, Oryx-Embedded/CycloneSSH - v2.3.4, opnsense/src - 23.7, winscp - 6.2.2, PowerShell/openssh-portable - v9.5.0.0 | #269 |
CVE-2023-29401Path to dependency file: /app/go.mod Path to vulnerable library: /app/go.mod Dependency Hierarchy: -> ❌ github.com/gin-gonic/GIN-v1.9.0 (Vulnerable Library) |
Medium |
4.3 | github.com/gin-gonic/GIN-v1.9.0 | #260 |
Total libraries scanned: 39
Scan token: 8d02888863674ae2bc10d404ad967ad6
Loading