#5768 Upgrade to latest simple-java-mail and switch to jakarta.mail #6261
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-7272Path to dependency file: /hapi-fhir-jpaserver-elastic-test-utilities/pom.xml Path to vulnerable library: /hapi-fhir-jpaserver-elastic-test-utilities/pom.xml,/hapi-fhir-cli/hapi-fhir-cli-app/pom.xml,/hapi-fhir-jpaserver-hfql/pom.xml,/hapi-fhir-jpaserver-base/pom.xml,/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml,/hapi-fhir-jpaserver-ips/pom.xml,/hapi-fhir-cli/hapi-fhir-cli-api/pom.xml,/hapi-fhir-docs/pom.xml,/hapi-fhir-jpaserver-test-utilities/pom.xml,/hapi-fhir-jpaserver-uhnfhirtest/pom.xml Dependency Hierarchy: -> elasticsearch-java-8.11.1.jar (Root Library) -> ❌ parsson-1.0.0.jar (Vulnerable Library) |
 High |
8.6 | parsson-1.0.0.jar | Upgrade to version: org.eclipse.parsson:jakarta.json:1.0.4,1.1.3, org.eclipse.parsson:parsson:1.0.4,1.1.3 | #6181 |
CVE-2024-40094Path to dependency file: /hapi-fhir-jpaserver-hfql/pom.xml Path to vulnerable library: /hapi-fhir-jpaserver-hfql/pom.xml,/hapi-fhir-jpaserver-test-utilities/pom.xml,/hapi-fhir-cli/hapi-fhir-cli-api/pom.xml,/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml,/hapi-fhir-jpaserver-elastic-test-utilities/pom.xml,/hapi-fhir-docs/pom.xml,/hapi-fhir-jpaserver-ips/pom.xml,/hapi-fhir-jpaserver-base/pom.xml,/hapi-fhir-cli/hapi-fhir-cli-app/pom.xml,/hapi-fhir-jpaserver-uhnfhirtest/pom.xml Dependency Hierarchy: -> ❌ graphql-java-21.0.jar (Vulnerable Library) |
High |
7.5 | graphql-java-21.0.jar | Upgrade to version: com.graphql-java:graphql-java:19.11,20.9,21.5 | #6189 |
CVE-2024-38816Path to dependency file: /hapi-fhir-jpaserver-hfql/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/6.1.8/spring-webmvc-6.1.8.jar Dependency Hierarchy: -> ❌ spring-webmvc-6.1.8.jar (Vulnerable Library) |
High |
7.5 | spring-webmvc-6.1.8.jar | Upgrade to version: org.springframework:spring-webflux:6.1.13, org.springframework:spring-webmvc:6.1.13 | None |
CVE-2022-31129Path to dependency file: /hapi-fhir-jpaserver-uhnfhirtest/pom.xml Path to vulnerable library: /hapi-fhir-jpaserver-uhnfhirtest/pom.xml,/hapi-fhir-docs/pom.xml,/hapi-fhir-testpage-overlay/pom.xml,/hapi-fhir-cli/hapi-fhir-cli-app/pom.xml Dependency Hierarchy: -> ❌ moment-2.27.0.jar (Vulnerable Library) |
High |
7.5 | moment-2.27.0.jar | Upgrade to version: moment - 2.29.4 | #4202 |
CVE-2022-24785Path to dependency file: /hapi-fhir-jpaserver-uhnfhirtest/pom.xml Path to vulnerable library: /hapi-fhir-jpaserver-uhnfhirtest/pom.xml,/hapi-fhir-docs/pom.xml,/hapi-fhir-testpage-overlay/pom.xml,/hapi-fhir-cli/hapi-fhir-cli-app/pom.xml Dependency Hierarchy: -> ❌ moment-2.27.0.jar (Vulnerable Library) |
High |
7.5 | moment-2.27.0.jar | Upgrade to version: moment - 2.29.2 | #4203 |
CVE-2023-4043Path to dependency file: /hapi-fhir-jpaserver-elastic-test-utilities/pom.xml Path to vulnerable library: /hapi-fhir-jpaserver-elastic-test-utilities/pom.xml,/hapi-fhir-cli/hapi-fhir-cli-app/pom.xml,/hapi-fhir-jpaserver-hfql/pom.xml,/hapi-fhir-jpaserver-base/pom.xml,/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml,/hapi-fhir-jpaserver-ips/pom.xml,/hapi-fhir-cli/hapi-fhir-cli-api/pom.xml,/hapi-fhir-docs/pom.xml,/hapi-fhir-jpaserver-test-utilities/pom.xml,/hapi-fhir-jpaserver-uhnfhirtest/pom.xml Dependency Hierarchy: -> elasticsearch-java-8.11.1.jar (Root Library) -> ❌ parsson-1.0.0.jar (Vulnerable Library) |
 Medium |
5.9 | parsson-1.0.0.jar | Upgrade to version: org.eclipse.parsson:parsson:1.0.5,1.1.4;org.eclipse.parsson/jakarta.json:1.0.5,1.1.4 | #5530 |
Base branch total remaining vulnerabilities: 4
Base branch commit: c00292767de3ebb7420bef11cfdf0baa79ffaac0
Total libraries scanned: 599
Scan token: 9b0c5bd87f8b4b91b1d1902fe641f279