[Backport 2.6] Upgrade AWS version for SDKs to 1.12.687 #894
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-26136Path to dependency file: /dashboards-notifications/package.json Path to vulnerable library: /dashboards-notifications/package.json Dependency Hierarchy: -> cypress-6.9.1.tgz (Root Library) -> request-2.88.10.tgz -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library) |
 Critical |
9.8 | tough-cookie-2.5.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | None |
CVE-2022-1471Path to dependency file: /core/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar Dependency Hierarchy: -> opensearch-2.6.1-SNAPSHOT.jar (Root Library) -> opensearch-x-content-2.6.1-SNAPSHOT.jar -> ❌ snakeyaml-1.33.jar (Vulnerable Library) |
Critical |
9.8 | snakeyaml-1.33.jar | Upgrade to version: org.yaml:snakeyaml:2.0 | None |
CVE-2023-6481Path to dependency file: /build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.2.9/cdaca0cf922c5791a8efa0063ec714ca974affe3/logback-core-1.2.9.jar Dependency Hierarchy: -> ktlint-0.44.0.jar (Root Library) -> ktlint-core-0.44.0.jar -> logback-classic-1.2.9.jar -> ❌ logback-core-1.2.9.jar (Vulnerable Library) |
 High |
7.5 | logback-core-1.2.9.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 | #826 |
CVE-2023-6378Path to dependency file: /build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.2.9/7d495522b08a9a66084bf417e70eedf95ef706bc/logback-classic-1.2.9.jar Dependency Hierarchy: -> ktlint-0.44.0.jar (Root Library) -> ktlint-core-0.44.0.jar -> ❌ logback-classic-1.2.9.jar (Vulnerable Library) |
High |
7.5 | logback-classic-1.2.9.jar | Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 | #826 |
CVE-2023-5072Path to dependency file: /build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.json/json/20180813/8566b2b0391d9d4479ea225645c6ed47ef17fe41/json-20180813.jar Dependency Hierarchy: -> ❌ json-20180813.jar (Vulnerable Library) |
High |
7.5 | json-20180813.jar | Upgrade to version: org.json:json:20231013 | #664 |
CVE-2022-45688Path to dependency file: /build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.json/json/20180813/8566b2b0391d9d4479ea225645c6ed47ef17fe41/json-20180813.jar Dependency Hierarchy: -> ❌ json-20180813.jar (Vulnerable Library) |
High |
7.5 | json-20180813.jar | Upgrade to version: org.json:json:20230227 | #664 |
CVE-2023-28155Path to dependency file: /dashboards-notifications/package.json Path to vulnerable library: /dashboards-notifications/package.json Dependency Hierarchy: -> cypress-6.9.1.tgz (Root Library) -> ❌ request-2.88.10.tgz (Vulnerable Library) |
 Medium |
6.1 | request-2.88.10.tgz | Upgrade to version: @cypress/request - 3.0.0 | None |
Base branch total remaining vulnerabilities: 0
Base branch commit: 6f33b566b8d316e343ff95bd3b763d351c7d7c0f
Total libraries scanned: 381
Scan token: 1825d096d99942a09705aa11e8434bd5