Skip to content

Merging Async Query APIs feature branch into main. (#2159)

This check has been archived and is scheduled for deletion. Learn more about checks retention
Mend for GitHub.com / WhiteSource Security Check failed Sep 27, 2023 in 4m 51s

Security Report

The Security Check found 2 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-3635

Path to dependency file: /prometheus/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar

Dependency Hierarchy:

-> okhttp-4.9.3.jar (Root Library)

   -> ❌ okio-2.8.0.jar (Vulnerable Library)

High 7.5 okio-2.8.0.jar Upgrade to version: com.squareup.okio:okio-jvm:3.4.0 #2037
CVE-2023-3635

Path to dependency file: /integ-test/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio-jvm/3.0.0/ab5a73fa2ccb4a36b0b5c69fe10b16d0255bcf8/okio-jvm-3.0.0.jar

Dependency Hierarchy:

-> legacy-3.0.0.0-SNAPSHOT (Root Library)

   -> common-3.0.0.0-SNAPSHOT

     -> okhttp-4.10.0.jar

       -> okio-3.0.0.jar

         -> ❌ okio-jvm-3.0.0.jar (Vulnerable Library)

High 7.5 okio-jvm-3.0.0.jar Upgrade to version: com.squareup.okio:okio-jvm:3.4.0 #2037

Total libraries scanned: 242
Scan token: f1c1e50e532945298e3355e80f158dde
View more details on Mend for GitHub.com