Skip to content

Merge pull request #507 from AndreKurait/GithubGradleImprovements

Mend for GitHub.com / Mend Security Check failed Feb 14, 2024 in 14m 28s

Security Report

The Security Check found 3 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-21634

Path to dependency file: /TrafficCapture/replayerPlugins/jsonMessageTransformers/jsonJMESPathMessageTransformerProvider/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar

Dependency Hierarchy:

-> aws-msk-iam-auth-1.1.9.jar (Root Library)

   -> aws-java-sdk-core-1.12.524.jar

     -> ❌ ion-java-1.0.2.jar (Vulnerable Library)

High 7.5 ion-java-1.0.2.jar Upgrade to version: com.amazon.ion:ion-java:1.10.5 #397
CVE-2023-46136

Path to dependency file: /FetchMigration/python/dev-requirements.txt

Path to vulnerable library: /FetchMigration/python/dev-requirements.txt

Dependency Hierarchy:

-> ❌ Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library)

High 7.5 Werkzeug-2.2.3-py3-none-any.whl Upgrade to version: werkzeug - 2.3.8,3.0.1 #402
CVE-2023-51074

Path to dependency file: /TrafficCapture/trafficCaptureProxyServerTest/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.jayway.jsonpath/json-path/2.8.0/b4ab3b7a9e425655a0ca65487bbbd6d7ddb75160/json-path-2.8.0.jar

Dependency Hierarchy:

-> ApacheJMeter_http-5.6.2.jar (Root Library)

   -> ApacheJMeter_components-5.6.2.jar

     -> ❌ json-path-2.8.0.jar (Vulnerable Library)

Medium 5.3 json-path-2.8.0.jar Upgrade to version: com.jayway.jsonpath:json-path:2.9.0 #482

Total libraries scanned: 609
Scan token: 82c9595b4a904ceba44a0064bbde2a2d
View more details on Mend for GitHub.com