Merge pull request #1 from jgeraigery/whitesource/configure
Security Report
Partial results (61 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|
CVE-2018-14721Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
 Critical |
10.0 | Not Defined | 1.0% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.5,2.8.11.3,2.9.7 | #234 |
|
CVE-2022-22965Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.0.8.RELEASE/spring-beans-4.0.8.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-starter-1.1.9.RELEASE.jar -> spring-boot-1.1.9.RELEASE.jar -> spring-context-4.0.8.RELEASE.jar -> spring-aop-4.0.8.RELEASE.jar -> ❌ spring-beans-4.0.8.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | High | 97.5% | spring-beans-4.0.8.RELEASE.jar | Upgrade to version: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 | #234 |
|
CVE-2020-9548Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.4% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 | #234 |
|
CVE-2020-9547Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.70000005% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 | #234 |
|
CVE-2020-9546Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.70000005% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 | #234 |
|
CVE-2020-8840Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 3.0% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 | #234 |
|
CVE-2019-20330Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.6% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 | #234 |
|
CVE-2019-17531Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 1.0% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.1 | #234 |
|
CVE-2019-17267Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 1.4000001% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 | #234 |
|
CVE-2019-16943Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.5% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | #234 |
|
CVE-2019-16942Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.5% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | #234 |
|
CVE-2019-16335Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.5% | jackson-databind-2.3.4.jar | Upgrade to version: 2.9.10 | #234 |
|
CVE-2019-14893Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 2.5% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | #234 |
|
CVE-2019-14892Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.4% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10 | #234 |
|
CVE-2019-14540Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.6% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10 | #234 |
|
CVE-2019-14379Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 1.0% | jackson-databind-2.3.4.jar | Upgrade to version: 2.9.9.2 | #234 |
|
CVE-2019-10202Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 1.9% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.0.0 | #234 |
|
CVE-2018-7489Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 93.7% | jackson-databind-2.3.4.jar | Upgrade to version: 2.8.11.1,2.9.5 | #234 |
|
CVE-2018-19362Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.5% | jackson-databind-2.3.4.jar | Upgrade to version: 2.9.8 | #234 |
|
CVE-2018-19361Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.5% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.8 | #234 |
|
CVE-2018-19360Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.5% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.8,2.10.0.pr1 | #234 |
|
CVE-2018-14720Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.8% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.7 | #234 |
|
CVE-2018-14719Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 1.0% | jackson-databind-2.3.4.jar | Upgrade to version: 2.9.7 | #234 |
|
CVE-2018-14718Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 3.9% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.7 | #234 |
|
CVE-2018-11307Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 1.3000001% | jackson-databind-2.3.4.jar | Upgrade to version: jackson-databind-2.9.6 | #234 |
|
CVE-2017-7525Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 49.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.1,2.7.9.1,2.8.9 | #234 |
|
CVE-2017-17485Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 14.0% | jackson-databind-2.3.4.jar | Upgrade to version: 2.9.4 | #234 |
|
CVE-2017-15095Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 2.6000001% | jackson-databind-2.3.4.jar | Upgrade to version: 2.8.10,2.9.1 | #234 |
|
CVE-2015-5211Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.0.8.RELEASE/spring-web-4.0.8.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-security-1.1.9.RELEASE.jar (Root Library) -> ❌ spring-web-4.0.8.RELEASE.jar (Vulnerable Library) |
Critical |
9.6 | Not Defined | 0.3% | spring-web-4.0.8.RELEASE.jar | Upgrade to version: org.springframework:spring-web:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE,org.springframework:spring-webmvc:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE,org.springframework:spring-websocket:4.2.2.RELEASE,4.1.8.RELEASE,3.2.15.RELEASE | #232 |
|
WS-2021-0170Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.0.8.RELEASE/spring-core-4.0.8.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-starter-1.1.9.RELEASE.jar -> spring-boot-1.1.9.RELEASE.jar -> ❌ spring-core-4.0.8.RELEASE.jar (Vulnerable Library) |
Critical |
9.0 | Not Defined | spring-core-4.0.8.RELEASE.jar | Upgrade to version: org.springframework:spring-core:v4.1.9.RELEASE,v4.2.3.RELEASE | #234 |
|
|
CVE-2020-11113Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
 High |
8.8 | Not Defined | 0.8% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4;2.10.0 | #234 |
|
CVE-2020-11112Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.8 | Not Defined | 0.8% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0 | #234 |
|
CVE-2020-11111Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.8 | Not Defined | 0.8% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0 | #234 |
|
CVE-2020-10969Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.8 | Not Defined | 0.8% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.6;com.fasterxml.jackson.core:jackson-databind:2.7.9.7 | #234 |
|
CVE-2020-10968Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.8 | Not Defined | 0.8% | jackson-databind-2.3.4.jar | Upgrade to version: jackson-databind-2.9.10.4 | #234 |
|
CVE-2020-10673Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.8 | Not Defined | 0.8% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 | #234 |
|
CVE-2020-10672Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.8 | Not Defined | 0.8% | jackson-databind-2.3.4.jar | Upgrade to version: jackson-databind-2.9.10.4 | #234 |
|
CVE-2024-22262Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.0.8.RELEASE/spring-web-4.0.8.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-security-1.1.9.RELEASE.jar (Root Library) -> ❌ spring-web-4.0.8.RELEASE.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.1% | spring-web-4.0.8.RELEASE.jar | Upgrade to version: org.springframework:spring-web:5.3.34;6.0.19,6.1.6 | #232 |
|
CVE-2024-22259Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.0.8.RELEASE/spring-web-4.0.8.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-security-1.1.9.RELEASE.jar (Root Library) -> ❌ spring-web-4.0.8.RELEASE.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.1% | spring-web-4.0.8.RELEASE.jar | Upgrade to version: org.springframework:spring-web:5.3.33,6.0.18,6.1.5 | #232 |
|
CVE-2024-22243Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.0.8.RELEASE/spring-web-4.0.8.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-security-1.1.9.RELEASE.jar (Root Library) -> ❌ spring-web-4.0.8.RELEASE.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.1% | spring-web-4.0.8.RELEASE.jar | Upgrade to version: org.springframework:spring-web:5.3.32,6.0.17,6.1.4 | #232 |
|
CVE-2021-20190Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.4% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind-2.9.10.7 | #234 |
|
CVE-2020-36189Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36188Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36187Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36186Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36185Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36184Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36183Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36182Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36181Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36180Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-36179Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.4% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 | #234 |
|
CVE-2020-24750Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.70000005% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.6 | #234 |
|
CVE-2020-24616Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 1.2% | jackson-databind-2.3.4.jar | Upgrade to version: 2.9.10.6 | #234 |
|
CVE-2020-14195Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 3.4% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.5 | #234 |
|
CVE-2020-14062Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 7.2% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | #234 |
|
CVE-2020-14061Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 4.7% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | #234 |
|
CVE-2020-14060Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 13.500001% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | #234 |
|
CVE-2020-11620Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 4.3% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 | #234 |
|
CVE-2020-11619Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 5.0% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 | #234 |
|
CVE-2020-10650Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.4/jackson-databind-2.3.4.jar Dependency Hierarchy: -> spring-boot-starter-actuator-1.1.9.RELEASE.jar (Root Library) -> spring-boot-actuator-1.1.9.RELEASE.jar -> ❌ jackson-databind-2.3.4.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 0.8% | jackson-databind-2.3.4.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 | #234 |
|
Total libraries scanned: 39
Scan token: 38db85a7b54514040a8d0e2f33744bc2b1730462400064_411