[AUTO] Increment version to 2.17.2-SNAPSHOT #1692

Security Report

4 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2024-7254 Path to dependency file: /core/build.gradle Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar Dependency Hierarchy: -> opensearch-2.17.2-SNAPSHOT.jar (Root Library) -> ❌ protobuf-java-3.22.3.jar (Vulnerable Library)	High	7.5	protobuf-java-3.22.3.jar	Upgrade to version: com.google.protobuf:protobuf-javalite - 3.25.5,4.28.2,4.27.5;com.google.protobuf:protobuf-java - 4.27.5,3.25.5,4.28.2	None
CVE-2024-12798 Path to dependency file: /build.gradle Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.3.14/436bd0d56730df756cff6d12d0f97df6f275e4a/logback-core-1.3.14.jar Dependency Hierarchy: -> ktlint-0.45.1.jar (Root Library) -> logback-classic-1.3.14.jar -> ❌ logback-core-1.3.14.jar (Vulnerable Library)	Medium	6.6	logback-core-1.3.14.jar	Upgrade to version: ch.qos.logback:logback-core:1.5.13, ch.qos.logback:logback-classic:1.5.13	None
CVE-2024-12798 Path to dependency file: /build.gradle Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.3.14/a2f0045eae641a356b74afb0d3b85268181a93cf/logback-classic-1.3.14.jar Dependency Hierarchy: -> ktlint-0.45.1.jar (Root Library) -> ❌ logback-classic-1.3.14.jar (Vulnerable Library)	Medium	6.6	logback-classic-1.3.14.jar	Upgrade to version: ch.qos.logback:logback-core:1.5.13, ch.qos.logback:logback-classic:1.5.13	None
CVE-2024-12801 Path to dependency file: /build.gradle Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.3.14/436bd0d56730df756cff6d12d0f97df6f275e4a/logback-core-1.3.14.jar Dependency Hierarchy: -> ktlint-0.45.1.jar (Root Library) -> logback-classic-1.3.14.jar -> ❌ logback-core-1.3.14.jar (Vulnerable Library)	Medium	4.4	logback-core-1.3.14.jar	Upgrade to version: ch.qos.logback:logback-core:1.5.13	None

Base branch total remaining vulnerabilities: 0
Base branch commit: 90972752699d3fb27a077b64dbaae4588d5d8303

Total libraries scanned: 161

Scan token: 6b4ed5eedb38447ea7cdb5a811ad4473

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[AUTO] Increment version to 2.17.2-SNAPSHOT #1692

[AUTO] Increment version to 2.17.2-SNAPSHOT #1692

Security Report

Re-running checks...

[AUTO] Increment version to 2.17.2-SNAPSHOT #1692

Are you sure you want to change the base?

Increment version to 2.17.2-SNAPSHOT

[AUTO] Increment version to 2.17.2-SNAPSHOT #1692

Security Report

Re-running checks...