chore(deps): update mend: high confidence minor and patch dependency updates #20
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|
CVE-2023-2976Path to dependency file: /modules/examples/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar Dependency Hierarchy: -> cd-toolchain-99-SNAPSHOT.jar (Root Library) -> sdk-core-9.17.5.jar -> ❌ guava-30.1.1-jre.jar (Vulnerable Library) |
 Medium |
5.5 | Not Defined | 0.0% | guava-30.1.1-jre.jar | Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre | None | |
CVE-2024-47554Path to dependency file: /modules/examples/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.7/commons-io-2.7.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.7/commons-io-2.7.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.7/commons-io-2.7.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.7/commons-io-2.7.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.7/commons-io-2.7.jar Dependency Hierarchy: -> cd-toolchain-99-SNAPSHOT.jar (Root Library) -> sdk-core-9.17.5.jar -> ❌ commons-io-2.7.jar (Vulnerable Library) |
Medium |
4.3 | Not Defined | 0.0% | commons-io-2.7.jar | Upgrade to version: commons-io:commons-io:2.14.0 | None |
Base branch total remaining vulnerabilities: 0
Base branch commit: null
Total libraries scanned: 29
Scan token: 8dc39999281b403faec4080e93709b7a