Skip to content

Merge pull request #1 from billmcchesney1/whitesource/configure

Mend for GitHub.com / WhiteSource Security Check failed Mar 3, 2024 in 18m 11s

Security Report

The Security Check found 457 vulnerabilities.

Partial results (67 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-44228

Path to dependency file: /api/pacman-api-vulnerability/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.9.0/log4j-core-2.9.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.9.0/log4j-core-2.9.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.9.0/log4j-core-2.9.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.9.0/log4j-core-2.9.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.9.0/log4j-core-2.9.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.9.0/log4j-core-2.9.0.jar,/home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.9.0/log4j-core-2.9.0.jar

Dependency Hierarchy:

-> ❌ log4j-core-2.9.0.jar (Vulnerable Library)

Critical 10.0 log4j-core-2.9.0.jar Upgrade to version: org.apache.logging.log4j:log4j-core:2.3.1,2.12.2,2.15.0;org.ops4j.pax.logging:pax-logging-log4j2:1.11.10,2.0.11 #248
CVE-2018-14721

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 10.0 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.7,2.8.11.3,2.7.9.5,2.6.7.3 #15
CVE-2018-14721

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 10.0 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.7,2.8.11.3,2.7.9.5,2.6.7.3 #15
CVE-2018-14721

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 10.0 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.7,2.8.11.3,2.7.9.5,2.6.7.3 #15
CVE-2018-14721

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 10.0 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.7,2.8.11.3,2.7.9.5,2.6.7.3 #15
CVE-2023-39017

Path to dependency file: /api/pacman-api-notifications/pom.xml

Path to vulnerable library: /api/pacman-api-notifications/pom.xml

Dependency Hierarchy:

-> ❌ quartz-jobs-2.2.3.jar (Vulnerable Library)

Critical 9.8 quartz-jobs-2.2.3.jar Upgrade to version: org.quartz-scheduler:quartz-jobs - 2.4.0-rc2 #443
CVE-2023-20873

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.0.4.RELEASE/spring-boot-actuator-autoconfigure-2.0.4.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.0.4.RELEASE/spring-boot-actuator-autoconfigure-2.0.4.RELEASE.jar

Dependency Hierarchy:

-> spring-cloud-starter-security-2.0.0.RELEASE.jar (Root Library)

   -> spring-boot-starter-actuator-2.0.4.RELEASE.jar

     -> ❌ spring-boot-actuator-autoconfigure-2.0.4.RELEASE.jar (Vulnerable Library)

Critical 9.8 spring-boot-actuator-autoconfigure-2.0.4.RELEASE.jar Upgrade to version: org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.11,3.0.6 #412
CVE-2022-22978

Path to dependency file: /api/pacman-api-admin/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.0.7.RELEASE/spring-security-web-5.0.7.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.0.7.RELEASE/spring-security-web-5.0.7.RELEASE.jar

Dependency Hierarchy:

-> spring-boot-starter-security-2.0.4.RELEASE.jar (Root Library)

   -> ❌ spring-security-web-5.0.7.RELEASE.jar (Vulnerable Library)

Critical 9.8 spring-security-web-5.0.7.RELEASE.jar Upgrade to version: org.springframework.security:spring-security-web:5.5.7,5.6.4 #418
CVE-2022-22965

Path to dependency file: /api/pacman-api-admin/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.0.8.RELEASE/spring-beans-5.0.8.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.0.8.RELEASE/spring-beans-5.0.8.RELEASE.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-starter-2.0.0.RELEASE.jar

       -> spring-boot-starter-2.0.4.RELEASE.jar

         -> spring-boot-2.0.4.RELEASE.jar

           -> spring-context-5.0.8.RELEASE.jar

             -> spring-aop-5.0.8.RELEASE.jar

               -> ❌ spring-beans-5.0.8.RELEASE.jar (Vulnerable Library)

Critical 9.8 spring-beans-5.0.8.RELEASE.jar Upgrade to version: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 #320
CVE-2022-1471

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.19/snakeyaml-1.19.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.19/snakeyaml-1.19.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-starter-2.0.0.RELEASE.jar

       -> spring-boot-starter-2.0.4.RELEASE.jar

         -> ❌ snakeyaml-1.19.jar (Vulnerable Library)

Critical 9.8 snakeyaml-1.19.jar Upgrade to version: org.yaml:snakeyaml:2.0 #367
CVE-2020-9548

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 #76
CVE-2020-9548

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 #76
CVE-2020-9548

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 #76
CVE-2020-9548

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 #76
CVE-2020-9547

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 #74
CVE-2020-9547

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 #74
CVE-2020-9547

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 #74
CVE-2020-9547

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 #74
CVE-2020-9546

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 #71
CVE-2020-9546

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 #71
CVE-2020-9546

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 #71
CVE-2020-9546

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 #71
CVE-2020-8840

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 #45
CVE-2020-8840

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 #45
CVE-2020-8840

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 #45
CVE-2020-8840

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 #45
CVE-2020-10683

Path to dependency file: /api/pacman-api-admin/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar

Dependency Hierarchy:

-> spring-boot-starter-data-jpa-2.0.4.RELEASE.jar (Root Library)

   -> hibernate-core-5.2.17.Final.jar

     -> ❌ dom4j-1.6.1.jar (Vulnerable Library)

Critical 9.8 dom4j-1.6.1.jar Upgrade to version: org.dom4j:dom4j:2.1.3,org.dom4j:dom4j:2.0.3 #366
CVE-2019-20330

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 #152
CVE-2019-20330

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 #152
CVE-2019-20330

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 #152
CVE-2019-20330

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 #152
CVE-2019-17531

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: 2.10 #5
CVE-2019-17531

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: 2.10 #5
CVE-2019-17531

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: 2.10 #5
CVE-2019-17531

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: 2.10 #5
CVE-2019-17495

Path to dependency file: /api/pacman-api-statistics/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/springfox/springfox-swagger-ui/2.7.0/springfox-swagger-ui-2.7.0.jar,/home/wss-scanner/.m2/repository/io/springfox/springfox-swagger-ui/2.7.0/springfox-swagger-ui-2.7.0.jar,/home/wss-scanner/.m2/repository/io/springfox/springfox-swagger-ui/2.7.0/springfox-swagger-ui-2.7.0.jar,/home/wss-scanner/.m2/repository/io/springfox/springfox-swagger-ui/2.7.0/springfox-swagger-ui-2.7.0.jar,/home/wss-scanner/.m2/repository/io/springfox/springfox-swagger-ui/2.7.0/springfox-swagger-ui-2.7.0.jar,/home/wss-scanner/.m2/repository/io/springfox/springfox-swagger-ui/2.7.0/springfox-swagger-ui-2.7.0.jar,/home/wss-scanner/.m2/repository/io/springfox/springfox-swagger-ui/2.7.0/springfox-swagger-ui-2.7.0.jar,/home/wss-scanner/.m2/repository/io/springfox/springfox-swagger-ui/2.7.0/springfox-swagger-ui-2.7.0.jar

Dependency Hierarchy:

-> ❌ springfox-swagger-ui-2.7.0.jar (Vulnerable Library)

Critical 9.8 springfox-swagger-ui-2.7.0.jar Upgrade to version: swagger-ui - 3.23.11, io.springfox:springfox-swagger-ui:2.10.0 #284
CVE-2019-17267

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 #25
CVE-2019-17267

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 #25
CVE-2019-17267

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 #25
CVE-2019-17267

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 #25
CVE-2019-16943

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 #46
CVE-2019-16943

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 #46
CVE-2019-16943

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 #46
CVE-2019-16943

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 #46
CVE-2019-16942

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 #44
CVE-2019-16942

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 #44
CVE-2019-16942

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 #44
CVE-2019-16942

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 #44
CVE-2019-16335

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: 2.9.10 #21
CVE-2019-16335

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: 2.9.10 #21
CVE-2019-16335

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: 2.9.10 #21
CVE-2019-16335

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: 2.9.10 #21
CVE-2019-14893

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 #63
CVE-2019-14893

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 #63
CVE-2019-14893

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 #63
CVE-2019-14893

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 #63
CVE-2019-14892

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10 #66
CVE-2019-14892

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10 #66
CVE-2019-14892

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10 #66
CVE-2019-14892

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10 #66
CVE-2019-14540

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1 #3
CVE-2019-14540

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1 #3
CVE-2019-14540

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1 #3
CVE-2019-14540

Path to dependency file: /commons/pac-batch-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.7.2/jackson-databind-2.6.7.2.jar

Dependency Hierarchy:

-> azure-1.22.0.jar (Root Library)

   -> azure-client-runtime-1.6.4.jar

     -> client-runtime-1.6.4.jar

       -> converter-jackson-2.4.0.jar

         -> ❌ jackson-databind-2.6.7.2.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.6.7.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1 #3
CVE-2019-14379

Path to dependency file: /jobs/pacman-cloud-notifications/pom.xml

Path to vulnerable library: /jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.8.7.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.8.7.jar Upgrade to version: 2.9.9.2 #73
CVE-2019-14379

Path to dependency file: /jobs/azure-discovery/pom.xml

Path to vulnerable library: /jobs/azure-discovery/pom.xml

Dependency Hierarchy:

-> ❌ jackson-databind-2.9.4.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.4.jar Upgrade to version: 2.9.9.2 #73
CVE-2019-14379

Path to dependency file: /commons/pac-api-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar

Dependency Hierarchy:

-> api-commons-1.0.1-SNAPSHOT.jar (Root Library)

   -> spring-cloud-starter-config-2.0.0.RELEASE.jar

     -> spring-cloud-config-client-2.0.0.RELEASE.jar

       -> ❌ jackson-databind-2.9.6.jar (Vulnerable Library)

Critical 9.8 jackson-databind-2.9.6.jar Upgrade to version: 2.9.9.2 #73

Total libraries scanned: 377
Scan token: 1fd88bb7dcc154fd582d8bd5ea2e0a97f1709488800102_955
View more details on Mend for GitHub.com