Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/checkmarx scan #9

Merged
merged 28 commits into from
Dec 14, 2023
Merged

Feature/checkmarx scan #9

merged 28 commits into from
Dec 14, 2023

Conversation

mv-arctiq
Copy link

No description provided.

@github-actions
Copy link

Logo
Checkmarx One – Scan Summary & Detailse872b279-9ff5-41f9-b281-a4dba7edefe7

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2011-2730 Maven-org.springframework:spring-2.5.6 Vulnerable Package
HIGH CVE-2012-0881 Maven-xerces:xercesImpl-2.11.0 Vulnerable Package
HIGH CVE-2013-4002 Maven-xerces:xercesImpl-2.11.0 Vulnerable Package
HIGH CVE-2014-0114 Maven-commons-beanutils:commons-beanutils-1.9.3 Vulnerable Package
HIGH CVE-2014-0225 Maven-org.springframework:spring-web-3.1.1.RELEASE Vulnerable Package
HIGH CVE-2014-3600 Maven-org.apache.activemq:artemis-selector-1.5.5 Vulnerable Package
HIGH CVE-2015-2156 Maven-io.netty:netty-3.5.7.Final Vulnerable Package
HIGH CVE-2015-2156 Maven-io.netty:netty-3.5.5.Final Vulnerable Package
HIGH CVE-2015-2575 Maven-mysql:mysql-connector-java-5.1.9 Vulnerable Package
HIGH CVE-2015-3253 Maven-org.codehaus.groovy:groovy-all-2.4.4 Vulnerable Package
HIGH CVE-2015-3253 Maven-org.codehaus.groovy:groovy-all-2.4.0 Vulnerable Package
HIGH CVE-2015-4852 Maven-commons-collections:commons-collections-3.2.1 Vulnerable Package
HIGH CVE-2015-4852 Maven-commons-collections:commons-collections-3.1 Vulnerable Package
HIGH CVE-2015-5237 Maven-com.google.protobuf:protobuf-java-2.4.1 Vulnerable Package
HIGH CVE-2015-7501 Maven-commons-collections:commons-collections-3.2.1 Vulnerable Package
HIGH CVE-2015-7501 Maven-commons-collections:commons-collections-3.1 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-5.3.9 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-4.3.9.RELEASE Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-5.3.9 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-4.3.9.RELEASE Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-3.1.1.RELEASE Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-2.5.6 Vulnerable Package
HIGH CVE-2016-1000031 Maven-commons-fileupload:commons-fileupload-1.3.1 Vulnerable Package
HIGH CVE-2016-1000338 Maven-org.bouncycastle:bcprov-jdk15on-1.51 Vulnerable Package
HIGH CVE-2016-1000340 Maven-org.bouncycastle:bcprov-jdk15on-1.51 Vulnerable Package
HIGH CVE-2016-1000342 Maven-org.bouncycastle:bcprov-jdk15on-1.51 Vulnerable Package
HIGH CVE-2016-1000343 Maven-org.bouncycastle:bcprov-jdk15on-1.51 Vulnerable Package
HIGH CVE-2016-1000344 Maven-org.bouncycastle:bcprov-jdk15on-1.51 Vulnerable Package
HIGH CVE-2016-1000352 Maven-org.bouncycastle:bcprov-jdk15on-1.51 Vulnerable Package
HIGH CVE-2016-10707 Maven-org.webjars:jquery-2.2.4 Vulnerable Package
HIGH CVE-2016-10707 Maven-org.webjars:jquery-2.1.0-3 Vulnerable Package
HIGH CVE-2016-10707 Maven-org.webjars:jquery-1.11.1 Vulnerable Package
HIGH CVE-2016-10750 Maven-com.hazelcast:hazelcast-3.7.7 Vulnerable Package
HIGH CVE-2016-2141 Maven-org.jgroups:jgroups-3.6.7.Final Vulnerable Package
HIGH CVE-2016-2510 Maven-org.beanshell:bsh-2.0b4 Vulnerable Package
HIGH CVE-2016-3092 Maven-commons-fileupload:commons-fileupload-1.3.1 Vulnerable Package
HIGH CVE-2016-3674 Maven-com.thoughtworks.xstream:xstream-1.4.7 Vulnerable Package
HIGH CVE-2016-5007 Maven-org.springframework:spring-core-4.0.7.RELEASE Vulnerable Package
HIGH CVE-2016-5007 Maven-org.springframework.security:spring-security-core-3.2.10.RELEASE Vulnerable Package
HIGH CVE-2016-6814 Maven-org.codehaus.groovy:groovy-all-2.4.4 Vulnerable Package
HIGH CVE-2016-6814 Maven-org.codehaus.groovy:groovy-all-2.4.0 Vulnerable Package
HIGH CVE-2016-7051 Maven-com.fasterxml.jackson.core:jackson-core-2.8.1 Vulnerable Package
HIGH CVE-2016-7051 Maven-com.fasterxml.jackson.core:jackson-core-2.7.3 Vulnerable Package
HIGH CVE-2016-7051 Maven-com.fasterxml.jackson.core:jackson-core-2.6.1 Vulnerable Package
HIGH CVE-2016-7051 Maven-com.fasterxml.jackson.core:jackson-core-2.3.3 Vulnerable Package
HIGH CVE-2016-9878 Maven-org.springframework:spring-2.5.6 Vulnerable Package
HIGH CVE-2017-1000487 Maven-org.codehaus.plexus:plexus-utils-3.0.8 Vulnerable Package
HIGH CVE-2017-1000487 Maven-org.codehaus.plexus:plexus-utils-1.5.15 Vulnerable Package
HIGH CVE-2017-1000487 Maven-org.codehaus.plexus:plexus-utils-1.4.2 Vulnerable Package
HIGH CVE-2017-1000487 Maven-org.codehaus.plexus:plexus-utils-1.0.4 Vulnerable Package
HIGH CVE-2017-12165 Maven-io.undertow:undertow-core-1.4.15.Final Vulnerable Package
HIGH CVE-2017-12174 Maven-org.apache.activemq:artemis-commons-1.5.5 Vulnerable Package
HIGH CVE-2017-12617 Maven-org.apache.tomcat.embed:tomcat-embed-core-8.5.15 Vulnerable Package
HIGH CVE-2017-12972 Maven-com.nimbusds:nimbus-jose-jwt-3.1.2 Vulnerable Package
HIGH CVE-2017-12974 Maven-com.nimbusds:nimbus-jose-jwt-3.1.2 Vulnerable Package
HIGH CVE-2017-15095 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2017-15095 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2017-17485 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2017-17485 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2017-18640 Maven-org.yaml:snakeyaml-1.6 Vulnerable Package
HIGH CVE-2017-18640 Maven-org.yaml:snakeyaml-1.17 Vulnerable Package
HIGH CVE-2017-2670 Maven-io.undertow:undertow-core-1.4.15.Final Vulnerable Package
HIGH CVE-2017-3523 Maven-mysql:mysql-connector-java-5.1.9 Vulnerable Package
HIGH CVE-2017-5637 Maven-org.apache.zookeeper:zookeeper-3.4.6 Vulnerable Package
HIGH CVE-2017-5929 Maven-ch.qos.logback:logback-core-1.1.7 Vulnerable Package
HIGH CVE-2017-5929 Maven-ch.qos.logback:logback-core-1.1.11 Vulnerable Package
HIGH CVE-2017-5929 Maven-ch.qos.logback:logback-classic-1.1.7 Vulnerable Package
HIGH CVE-2017-5929 Maven-ch.qos.logback:logback-classic-1.1.11 Vulnerable Package
HIGH CVE-2017-7525 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2017-7525 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2017-7536 Maven-org.hibernate:hibernate-validator-5.3.5.Final Vulnerable Package
HIGH CVE-2017-7656 Maven-org.eclipse.jetty:jetty-server-9.4.5.v20170502 Vulnerable Package
HIGH CVE-2017-7656 Maven-org.eclipse.jetty:jetty-server-9.2.15.v20160210 Vulnerable Package
HIGH CVE-2017-7656 Maven-org.eclipse.jetty:jetty-http-9.4.5.v20170502 Vulnerable Package
HIGH CVE-2017-7656 Maven-org.eclipse.jetty:jetty-http-9.2.15.v20160210 Vulnerable Package
HIGH CVE-2017-7657 Maven-org.eclipse.jetty:jetty-server-9.4.5.v20170502 Vulnerable Package
HIGH CVE-2017-7657 Maven-org.eclipse.jetty:jetty-server-9.2.15.v20160210 Vulnerable Package
HIGH CVE-2017-7657 Maven-org.eclipse.jetty:jetty-http-9.4.5.v20170502 Vulnerable Package
HIGH CVE-2017-7657 Maven-org.eclipse.jetty:jetty-http-9.2.15.v20160210 Vulnerable Package
HIGH CVE-2017-7658 Maven-org.eclipse.jetty:jetty-server-9.4.5.v20170502 Vulnerable Package
HIGH CVE-2017-7658 Maven-org.eclipse.jetty:jetty-server-9.2.15.v20160210 Vulnerable Package
HIGH CVE-2017-7660 Maven-org.apache.solr:solr-solrj-5.5.4 Vulnerable Package
HIGH CVE-2017-7675 Maven-org.apache.tomcat.embed:tomcat-embed-core-8.5.15 Vulnerable Package
HIGH CVE-2017-7957 Maven-com.thoughtworks.xstream:xstream-1.4.7 Vulnerable Package
HIGH CVE-2017-8028 Maven-org.springframework.amqp:spring-amqp-1.7.3.RELEASE Vulnerable Package
HIGH CVE-2017-8045 Maven-org.springframework.amqp:spring-amqp-1.7.3.RELEASE Vulnerable Package
HIGH CVE-2017-9735 Maven-org.eclipse.jetty:jetty-util-9.4.5.v20170502 Vulnerable Package
HIGH CVE-2017-9735 Maven-org.eclipse.jetty:jetty-util-9.2.15.v20160210 Vulnerable Package
HIGH CVE-2018-1000130 Maven-org.jolokia:jolokia-core-1.3.6 Vulnerable Package
HIGH CVE-2018-1000134 Maven-com.unboundid:unboundid-ldapsdk-3.2.1 Vulnerable Package
HIGH CVE-2018-1000180 Maven-org.bouncycastle:bcprov-jdk15on-1.56 Vulnerable Package
HIGH CVE-2018-1000613 Maven-org.bouncycastle:bcprov-jdk15on-1.56 Vulnerable Package
HIGH CVE-2018-1000613 Maven-org.bouncycastle:bcprov-jdk15on-1.51 Vulnerable Package
HIGH CVE-2018-1000632 Maven-dom4j:dom4j-1.6.1 Vulnerable Package
HIGH CVE-2018-10054 Maven-com.h2database:h2-1.4.195 Vulnerable Package
HIGH CVE-2018-10054 Maven-com.h2database:h2-1.2.132 Vulnerable Package
HIGH CVE-2018-1048 Maven-io.undertow:undertow-core-1.4.15.Final Vulnerable Package
HIGH CVE-2018-10899 Maven-org.jolokia:jolokia-core-1.3.6 Vulnerable Package
HIGH CVE-2018-10936 Maven-org.postgresql:postgresql-9.4.1212.jre7 Vulnerable Package
HIGH CVE-2018-11040 Maven-org.springframework:spring-webmvc-4.3.9.RELEASE Vulnerable Package
HIGH CVE-2018-11040 Maven-org.springframework:spring-web-4.3.9.RELEASE Vulnerable Package
HIGH CVE-2018-11040 Maven-org.springframework:spring-web-3.1.1.RELEASE Vulnerable Package
HIGH CVE-2018-11307 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2018-11307 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2018-1131 Maven-org.infinispan:infinispan-commons-8.2.6.Final Vulnerable Package
HIGH CVE-2018-11775 Maven-org.apache.activemq:activemq-client-5.14.5 Vulnerable Package
HIGH CVE-2018-12022 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2018-12022 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2018-12023 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2018-12023 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2018-12538 Maven-org.eclipse.jetty:jetty-server-9.4.5.v20170502 Vulnerable Package
HIGH CVE-2018-12545 Maven-org.eclipse.jetty:jetty-server-9.4.5.v20170502 Vulnerable Package
HIGH CVE-2018-1259 Maven-org.springframework.data:spring-data-commons-1.13.4.RELEASE Vulnerable Package
HIGH CVE-2018-1260 Maven-org.springframework.security.oauth:spring-security-oauth2-2.0.14.RELEASE Vulnerable Package
HIGH CVE-2018-1270 Maven-org.springframework:spring-messaging-4.3.9.RELEASE Vulnerable Package
HIGH CVE-2018-1272 Maven-org.springframework:spring-webmvc-4.3.9.RELEASE Vulnerable Package
HIGH CVE-2018-1272 Maven-org.springframework:spring-web-4.3.9.RELEASE Vulnerable Package
HIGH CVE-2018-1272 Maven-org.springframework:spring-web-3.1.1.RELEASE Vulnerable Package
HIGH CVE-2018-1272 Maven-org.springframework:spring-core-4.3.9.RELEASE Vulnerable Package
HIGH CVE-2018-1272 Maven-org.springframework:spring-core-4.0.7.RELEASE Vulnerable Package
HIGH CVE-2018-1273 Maven-org.springframework.data:spring-data-commons-1.13.4.RELEASE Vulnerable Package
HIGH CVE-2018-1274 Maven-org.springframework.data:spring-data-commons-1.13.4.RELEASE Vulnerable Package
HIGH CVE-2018-1275 Maven-org.springframework:spring-messaging-4.3.9.RELEASE Vulnerable Package
HIGH CVE-2018-1336 Maven-org.apache.tomcat.embed:tomcat-embed-core-8.5.15 Vulnerable Package
HIGH CVE-2018-14718 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2018-14718 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2018-14719 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2018-14719 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2018-14720 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2018-14720 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2018-14721 Maven-com.fasterxml.jackson.core:jackson-databind-2.8.8 Vulnerable Package
HIGH CVE-2018-14721 Maven-com.fasterxml.jackson.core:jackson-databind-2.3.3 Vulnerable Package
HIGH CVE-2018-15756 Maven-org.springframework:spring-web-4.3.9.RELEASE

More results are available on AST platform

@mv-arctiq mv-arctiq merged commit 0ae6c2c into master Dec 14, 2023
1 check failed
@mv-arctiq mv-arctiq deleted the feature/checkmarx-scan branch December 14, 2023 21:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mv-arctiq @notarock