Skip to content

Add fingerprint ingest processor (#13724)

Mend for GitHub.com / Mend Security Check failed Jun 14, 2024 in 20m 42s

Security Report

The Security Check found 6 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-5685

Path to dependency file: /test/fixtures/hdfs-fixture/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.xnio/xnio-api/3.8.8.Final/1ba9c8b9a8dea1c6cd656155943e6d4c2c631fa7/xnio-api-3.8.8.Final.jar

Dependency Hierarchy:

-> kerb-admin-2.0.3.jar (Root Library)

   -> ❌ xnio-api-3.8.8.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.8.8.Final.jar #14181
CVE-2023-52428

Path to dependency file: /test/fixtures/hdfs-fixture/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.nimbusds/nimbus-jose-jwt/9.31/229ba7b31d1f886968896c48aeeba5a1586b00bc/nimbus-jose-jwt-9.31.jar

Dependency Hierarchy:

-> hadoop-minicluster-3.4.0.jar (Root Library)

   -> hadoop-common-3.4.0.jar

     -> hadoop-auth-3.4.0.jar

       -> ❌ nimbus-jose-jwt-9.31.jar (Vulnerable Library)

High 7.5 nimbus-jose-jwt-9.31.jar Upgrade to version: com.nimbusds:nimbus-jose-jwt:9.37.2 #14180
CVE-2024-35255

Path to dependency file: /plugins/repository-azure/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.azure/azure-identity/1.11.4/59b5ce48888f638b80d85ef5aa0e22a265d3dc89/azure-identity-1.11.4.jar

Dependency Hierarchy:

-> ❌ azure-identity-1.11.4.jar (Vulnerable Library)

Medium 5.5 azure-identity-1.11.4.jar Upgrade to version: @azure/identity (npm) - 4.2.1, @azure/msal-node (npm) - 2.9.1, Azure.Identity (NuGet) - 1.11.4, Microsoft.Identity.Client (NuGet) - 4.61.3, azure-identity (pip) - 1.16.1, com.azure:azure-identity:1.12.2 (Maven), github.com/Azure/azure-sdk-for-go/sdk/azidentity (go) - 1.6.0 #14279
CVE-2023-50572

Path to dependency file: /test/fixtures/hdfs-fixture/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jline/jline/3.22.0/512dde71f1ba9cb87f318e4e1e3acc77dc67a712/jline-3.22.0.jar

Dependency Hierarchy:

-> kerb-admin-2.0.3.jar (Root Library)

   -> ❌ jline-3.22.0.jar (Vulnerable Library)

Medium 5.5 jline-3.22.0.jar Upgrade to version: org.jline:jline-console:3.25.0,org.jline:jline:3.25.0 #14181
CVE-2024-29133

Path to dependency file: /test/fixtures/hdfs-fixture/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-configuration2/2.8.0/6a76acbe14d2c01d4758a57171f3f6a150dbd462/commons-configuration2-2.8.0.jar

Dependency Hierarchy:

-> hadoop-minicluster-3.4.0.jar (Root Library)

   -> hadoop-common-3.4.0.jar

     -> ❌ commons-configuration2-2.8.0.jar (Vulnerable Library)

Medium 4.4 commons-configuration2-2.8.0.jar Upgrade to version: org.apache.commons:commons-configuration2:2.10.1 #14180
CVE-2024-29131

Path to dependency file: /test/fixtures/hdfs-fixture/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-configuration2/2.8.0/6a76acbe14d2c01d4758a57171f3f6a150dbd462/commons-configuration2-2.8.0.jar

Dependency Hierarchy:

-> hadoop-minicluster-3.4.0.jar (Root Library)

   -> hadoop-common-3.4.0.jar

     -> ❌ commons-configuration2-2.8.0.jar (Vulnerable Library)

Medium 4.4 commons-configuration2-2.8.0.jar Upgrade to version: org.apache.commons:commons-configuration2:2.10.1 #14180

Total libraries scanned: 625
Scan token: 6fed814528f446ecbe385618f2ef94dc
View more details on Mend for GitHub.com