Update dependency com.amazonaws:aws-java-sdk to v1.12.452 #2
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2022-22965Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.3.3.RELEASE/spring-beans-4.3.3.RELEASE.jar Dependency Hierarchy: -> ❌ spring-beans-4.3.3.RELEASE.jar (Vulnerable Library) |
 Critical |
9.8 | spring-beans-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 | None |
CVE-2018-1272Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar Dependency Hierarchy: -> spring-beans-4.3.3.RELEASE.jar (Root Library) -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library) |
 High |
7.5 | spring-core-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-core:4.3.15.RELEASE,5.0.5.RELEASE;org.springframework:spring-web:4.3.15.RELEASE,5.0.5.RELEASE | None |
CVE-2023-34462Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-handler/4.1.86.Final/netty-handler-4.1.86.Final.jar Dependency Hierarchy: -> aws-java-sdk-1.12.452.jar (Root Library) -> aws-java-sdk-kinesisvideo-1.12.452.jar -> netty-codec-http-4.1.86.Final.jar -> ❌ netty-handler-4.1.86.Final.jar (Vulnerable Library) |
 Medium |
6.5 | netty-handler-4.1.86.Final.jar | Upgrade to version: io.netty:netty-handler:4.1.94.Final;io.netty:netty-all:4.1.94.Final | None |
CVE-2023-20863Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.3.RELEASE/spring-expression-4.3.3.RELEASE.jar Dependency Hierarchy: -> spring-context-4.3.3.RELEASE.jar (Root Library) -> ❌ spring-expression-4.3.3.RELEASE.jar (Vulnerable Library) |
Medium |
6.5 | spring-expression-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8 | None |
CVE-2023-20861Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.3.RELEASE/spring-expression-4.3.3.RELEASE.jar Dependency Hierarchy: -> spring-context-4.3.3.RELEASE.jar (Root Library) -> ❌ spring-expression-4.3.3.RELEASE.jar (Vulnerable Library) |
Medium |
6.5 | spring-expression-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7 | None |
CVE-2022-22950Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.3.RELEASE/spring-expression-4.3.3.RELEASE.jar Dependency Hierarchy: -> spring-context-4.3.3.RELEASE.jar (Root Library) -> ❌ spring-expression-4.3.3.RELEASE.jar (Vulnerable Library) |
Medium |
6.5 | spring-expression-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-expression:5.2.20,5.3.17 | None |
CVE-2022-22970Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar Dependency Hierarchy: -> spring-beans-4.3.3.RELEASE.jar (Root Library) -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | spring-core-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20 | None |
CVE-2022-22970Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.3.3.RELEASE/spring-beans-4.3.3.RELEASE.jar Dependency Hierarchy: -> ❌ spring-beans-4.3.3.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | spring-beans-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20 | None |
CVE-2022-22968Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.3.RELEASE/spring-context-4.3.3.RELEASE.jar Dependency Hierarchy: -> ❌ spring-context-4.3.3.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | spring-context-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-context:5.2.21,5.3.19 | None |
CVE-2018-1199Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar Dependency Hierarchy: -> spring-beans-4.3.3.RELEASE.jar (Root Library) -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | spring-core-4.3.3.RELEASE.jar | Upgrade to version: org.springframework.security:spring-security-web:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework.security:spring-security-config:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework:spring-core:4.3.14.RELEASE,5.0.3.RELEASE | None |
CVE-2021-22096Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar Dependency Hierarchy: -> spring-beans-4.3.3.RELEASE.jar (Root Library) -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | spring-core-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-core:5.2.18.RELEASE,5.3.12;org.springframework:spring-web:5.2.18.RELEASE,5.3.12;org.springframework:spring-webmvc:5.2.18.RELEASE,5.3.12;org.springframework:spring-webflux:5.2.18.RELEASE,5.3.12 | None |
CVE-2021-22060Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.3.RELEASE/spring-core-4.3.3.RELEASE.jar Dependency Hierarchy: -> spring-beans-4.3.3.RELEASE.jar (Root Library) -> ❌ spring-core-4.3.3.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | spring-core-4.3.3.RELEASE.jar | Upgrade to version: org.springframework:spring-core:5.2.19, 5.3.14;org.springframework:spring-web:5.2.19, 5.3.14 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2020-36183 | jackson-databind-2.6.7.3.jar |
| CVE-2020-24616 | jackson-databind-2.6.7.3.jar |
| CVE-2020-10969 | jackson-databind-2.6.7.3.jar |
| CVE-2018-7489 | jackson-databind-2.6.7.3.jar |
| CVE-2020-14060 | jackson-databind-2.6.7.3.jar |
| CVE-2018-19360 | jackson-databind-2.6.7.3.jar |
| CVE-2022-31159 | aws-java-sdk-s3-1.11.856.jar |
| CVE-2020-9548 | jackson-databind-2.6.7.3.jar |
| CVE-2021-37137 | netty-codec-4.1.48.Final.jar |
| WS-2018-0125 | jackson-core-2.6.7.jar |
| CVE-2019-14540 | jackson-databind-2.6.7.3.jar |
| CVE-2021-21290 | netty-handler-4.1.48.Final.jar |
| CVE-2020-36182 | jackson-databind-2.6.7.3.jar |
| CVE-2017-17485 | jackson-databind-2.6.7.3.jar |
| CVE-2020-8840 | jackson-databind-2.6.7.3.jar |
| CVE-2020-36181 | jackson-databind-2.6.7.3.jar |
| CVE-2021-37136 | netty-codec-4.1.48.Final.jar |
| CVE-2020-36189 | jackson-databind-2.6.7.3.jar |
| CVE-2020-36186 | jackson-databind-2.6.7.3.jar |
| CVE-2020-10672 | jackson-databind-2.6.7.3.jar |
| WS-2018-0124 | jackson-core-2.6.7.jar |
| CVE-2020-10650 | jackson-databind-2.6.7.3.jar |
| CVE-2020-36184 | jackson-databind-2.6.7.3.jar |
| WS-2019-0379 | commons-codec-1.11.jar |
| CVE-2019-14893 | jackson-databind-2.6.7.3.jar |
| CVE-2020-11112 | jackson-databind-2.6.7.3.jar |
| CVE-2020-14061 | jackson-databind-2.6.7.3.jar |
| CVE-2020-9546 | jackson-databind-2.6.7.3.jar |
| CVE-2020-25649 | jackson-databind-2.6.7.3.jar |
| CVE-2020-36188 | jackson-databind-2.6.7.3.jar |
| CVE-2018-11307 | jackson-databind-2.6.7.3.jar |
| CVE-2020-28491 | jackson-dataformat-cbor-2.6.7.jar |
| CVE-2020-11113 | jackson-databind-2.6.7.3.jar |
| CVE-2019-10202 | jackson-databind-2.6.7.3.jar |
| CVE-2019-17267 | jackson-databind-2.6.7.3.jar |
| CVE-2021-43797 | netty-codec-http-4.1.48.Final.jar |
| CVE-2022-42003 | jackson-databind-2.6.7.3.jar |
| CVE-2020-36187 | jackson-databind-2.6.7.3.jar |
| CVE-2020-11620 | jackson-databind-2.6.7.3.jar |
| WS-2020-0408 | netty-handler-4.1.48.Final.jar |
| CVE-2022-24823 | netty-common-4.1.48.Final.jar |
| CVE-2021-21295 | netty-codec-http-4.1.48.Final.jar |
| CVE-2020-9547 | jackson-databind-2.6.7.3.jar |
| CVE-2020-11111 | jackson-databind-2.6.7.3.jar |
| CVE-2019-20330 | jackson-databind-2.6.7.3.jar |
| CVE-2020-24750 | jackson-databind-2.6.7.3.jar |
| CVE-2020-36180 | jackson-databind-2.6.7.3.jar |
| CVE-2020-14062 | jackson-databind-2.6.7.3.jar |
| CVE-2022-42004 | jackson-databind-2.6.7.3.jar |
| CVE-2020-13956 | httpclient-4.5.9.jar |
| CVE-2020-36179 | jackson-databind-2.6.7.3.jar |
| CVE-2023-34462 | netty-handler-4.1.48.Final.jar |
| CVE-2021-20190 | jackson-databind-2.6.7.3.jar |
| CVE-2021-21290 | netty-codec-http-4.1.48.Final.jar |
| CVE-2020-10673 | jackson-databind-2.6.7.3.jar |
| CVE-2019-17531 | jackson-databind-2.6.7.3.jar |
| CVE-2020-36518 | jackson-databind-2.6.7.3.jar |
| CVE-2020-36185 | jackson-databind-2.6.7.3.jar |
| CVE-2020-14195 | jackson-databind-2.6.7.3.jar |
Base branch total remaining vulnerabilities: 59
Base branch commit: edf57a7ea55f953b7c479aa0dee540a8a3597e1a
Total libraries scanned: 364
Scan token: cfff566a9409401bb2895f188ec8e61d