Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

spring-cloud-starter-netflix-eureka-server-3.0.3.jar: 156 vulnerabilities (highest severity is: 9.8) reachable #9

Open
mend-for-github-com bot opened this issue Feb 4, 2025 · 0 comments
Open

spring-cloud-starter-netflix-eureka-server-3.0.3.jar: 156 vulnerabilities (highest severity is: 9.8) reachable #9

mend-for-github-com bot opened this issue Feb 4, 2025 · 0 comments
Labels
Mend: dependency security vulnerability Security vulnerability detected by Mend

Comments

@mend-for-github-com
Copy link

mend-for-github-com bot commented Feb 4, 2025
edited
Loading

Vulnerable Library - spring-cloud-starter-netflix-eureka-server-3.0.3.jar

Path to dependency file: /Stage 3/Microservices/Register App in Spring Cloud/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.12/tomcat-embed-websocket-9.0.12.jar

Found in HEAD commit: 0cf0718a8c215c241fb05d21292186a8226f59ed

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-cloud-starter-netflix-eureka-server version) Remediation Possible** Reachability
CVE-2024-56337 Critical 9.8 Not Defined 0.0% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2024-52316 Critical 9.8 Not Defined 0.0% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2024-50379 Critical 9.8 Not Defined 0.0% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2020-9548 Critical 9.8 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-9547 Critical 9.8 Not Defined 0.4% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-9546 Critical 9.8 Not Defined 0.4% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-8840 Critical 9.8 Not Defined 1.2% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-20330 Critical 9.8 Not Defined 0.6% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-17531 Critical 9.8 Not Defined 0.6% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-17267 Critical 9.8 Not Defined 0.6% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-16943 Critical 9.8 Not Defined 0.6% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-16942 Critical 9.8 Not Defined 0.6% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-16335 Critical 9.8 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-14893 Critical 9.8 Not Defined 2.1% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-14892 Critical 9.8 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-14540 Critical 9.8 Not Defined 0.6% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-14379 Critical 9.8 Not Defined 1.0% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-10202 Critical 9.8 Not Defined 2.1% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2018-19362 Critical 9.8 Not Defined 0.70000005% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2018-19361 Critical 9.8 Not Defined 0.70000005% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2018-19360 Critical 9.8 Not Defined 0.70000005% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-11113 High 8.8 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-11112 High 8.8 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-11111 High 8.8 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-10969 High 8.8 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-10968 High 8.8 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-10673 High 8.8 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-10672 High 8.8 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2021-20190 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36189 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36188 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36187 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36186 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36185 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36184 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36183 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36182 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36181 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36180 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-36179 High 8.1 Not Defined 0.8% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-35728 High 8.1 Not Defined 0.70000005% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-35491 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-35490 High 8.1 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-24750 High 8.1 Not Defined 0.4% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-24616 High 8.1 Not Defined 0.70000005% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-14195 High 8.1 Not Defined 1.7% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-14062 High 8.1 Not Defined 1.4000001% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-14061 High 8.1 Not Defined 1.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-14060 High 8.1 Not Defined 3.2% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-11620 High 8.1 Not Defined 2.1% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-11619 High 8.1 Not Defined 2.0% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-10650 High 8.1 Not Defined 0.8% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
WS-2021-0419 High 7.7 Not Defined gson-2.8.5.jar Transitive N/A*

Reachable
CVE-2022-25647 High 7.7 Not Defined 0.5% gson-2.8.5.jar Transitive N/A*

Reachable
WS-2022-0468 High 7.5 Not Defined jackson-core-2.9.7.jar Transitive N/A*

Reachable
CVE-2024-34750 High 7.5 Not Defined 0.0% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2024-24549 High 7.5 Not Defined 0.0% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2023-46589 High 7.5 Not Defined 0.6% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2023-44487 High 7.5 High 80.1% tomcat-embed-core-9.0.12.jar Transitive N/A*

Reachable
CVE-2023-24998 High 7.5 Not Defined 1.1% tomcat-embed-core-9.0.12.jar Transitive 3.1.7

Reachable
CVE-2022-42252 High 7.5 Not Defined 0.2% tomcat-embed-core-9.0.12.jar Transitive N/A*

Reachable
CVE-2022-42004 High 7.5 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive N/A*

Reachable
CVE-2022-42003 High 7.5 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive N/A*

Reachable
CVE-2021-41079 High 7.5 Not Defined 0.5% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2021-25122 High 7.5 Not Defined 0.2% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2020-36518 High 7.5 Not Defined 0.5% jackson-databind-2.9.7.jar Transitive N/A*

Reachable
CVE-2020-25649 High 7.5 Not Defined 0.2% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2020-17527 High 7.5 Not Defined 0.3% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2020-13934 High 7.5 Not Defined 92.6% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2019-17563 High 7.5 Not Defined 0.5% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2019-14439 High 7.5 Not Defined 0.2% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-12086 High 7.5 Not Defined 0.3% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-10072 High 7.5 Not Defined 17.0% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2019-0199 High 7.5 Not Defined 18.0% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2021-25329 High 7.0 Not Defined 0.0% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2020-9484 High 7.0 Not Defined 93.3% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2024-52317 Medium 6.5 Not Defined 0.0% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2021-30640 Medium 6.5 Not Defined 0.1% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2023-41080 Medium 6.1 Not Defined 0.5% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2023-1932 Medium 6.1 Not Defined 0.0% hibernate-validator-6.0.13.Final.jar Transitive 3.0.4

Reachable
CVE-2019-10219 Medium 6.1 Not Defined 0.2% hibernate-validator-6.0.13.Final.jar Transitive 3.0.4

Reachable
CVE-2021-24122 Medium 5.9 Not Defined 0.3% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2019-12814 Medium 5.9 Not Defined 3.2% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2019-12384 Medium 5.9 Not Defined 44.5% jackson-databind-2.9.7.jar Transitive 3.0.4

Reachable
CVE-2024-38828 Medium 5.3 Not Defined 0.0% spring-webmvc-5.1.2.RELEASE.jar Transitive N/A*

Reachable
CVE-2024-21733 Medium 5.3 Not Defined 0.70000005% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2023-45648 Medium 5.3 Not Defined 0.4% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2023-42795 Medium 5.3 Not Defined 1.4000001% tomcat-embed-core-9.0.12.jar Transitive 4.0.0

Reachable
CVE-2021-33037 Medium 5.3 Not Defined 15.5% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2020-10693 Medium 5.3 Not Defined 0.1% hibernate-validator-6.0.13.Final.jar Transitive 3.0.4

Reachable
CVE-2020-1935 Medium 4.8 Not Defined 0.8% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2023-28708 Medium 4.3 Not Defined 0.1% tomcat-embed-core-9.0.12.jar Transitive 3.1.7

Reachable
CVE-2020-13943 Medium 4.3 Not Defined 0.1% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Reachable
CVE-2021-43980 Low 3.7 Not Defined 0.1% tomcat-embed-core-9.0.12.jar Transitive 3.1.2

Reachable
CVE-2023-20873 Critical 9.8 Not Defined 0.70000005% spring-boot-actuator-autoconfigure-2.1.0.RELEASE.jar Transitive 3.1.0

Unreachable
CVE-2019-10173 Critical 9.8 Not Defined 74.299995% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2013-7285 Critical 9.8 Not Defined 24.699999% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
WS-2018-0629 Critical 9.1 Not Defined woodstox-core-5.0.3.jar Transitive 3.0.4

Unreachable
CVE-2021-39154 High 8.5 Not Defined 1.6% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39153 High 8.5 Not Defined 1.6% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39152 High 8.5 Not Defined 0.70000005% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39151 High 8.5 Not Defined 1.6% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39150 High 8.5 Not Defined 0.5% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39149 High 8.5 Not Defined 1.6% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39148 High 8.5 Not Defined 1.6% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39147 High 8.5 Not Defined 1.6% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39146 High 8.5 Not Defined 5.7% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39145 High 8.5 Not Defined 1.1% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39144 High 8.5 High 97.2% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39141 High 8.5 Not Defined 13.099999% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2021-39139 High 8.5 Not Defined 2.0% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2022-41966 High 8.2 Not Defined 0.8% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2019-0232 High 8.1 Not Defined 97.399994% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Unreachable
CVE-2020-26217 High 8.0 Not Defined 97.299995% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2024-47072 High 7.5 Not Defined 0.0% xstream-1.4.10.jar Transitive N/A*

Unreachable
CVE-2024-38819 High 7.5 Not Defined 0.0% spring-webmvc-5.1.2.RELEASE.jar Transitive 4.1.4

Unreachable
CVE-2024-38816 High 7.5 Not Defined 0.1% spring-webmvc-5.1.2.RELEASE.jar Transitive 4.1.4

Unreachable
CVE-2024-30172 High 7.5 Not Defined 0.0% bcprov-jdk15on-1.60.jar Transitive N/A*

Unreachable
CVE-2024-29857 High 7.5 Not Defined 0.0% bcprov-jdk15on-1.60.jar Transitive N/A*

Unreachable
CVE-2022-45693 High 7.5 Not Defined 0.1% jettison-1.3.7.jar Transitive 4.1.1

Unreachable
CVE-2022-45685 High 7.5 Not Defined 0.1% jettison-1.3.7.jar Transitive 4.1.1

Unreachable
CVE-2021-43859 High 7.5 Not Defined 6.6% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2021-29505 High 7.5 Not Defined 5.1% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2021-21341 High 7.5 Not Defined 7.4% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2020-13935 High 7.5 Not Defined 46.7% tomcat-embed-websocket-9.0.12.jar Transitive 3.0.4

Unreachable
CVE-2019-17359 High 7.5 Not Defined 1.1% bcprov-jdk15on-1.60.jar Transitive 3.0.4

Unreachable
CVE-2020-26259 Medium 6.8 Not Defined 44.3% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2022-40152 Medium 6.5 Not Defined 0.8% woodstox-core-5.0.3.jar Transitive 3.0.4

Unreachable
CVE-2022-40151 Medium 6.5 Not Defined 0.8% xstream-1.4.10.jar Transitive 4.1.3

Unreachable
CVE-2022-40150 Medium 6.5 Not Defined 0.1% jettison-1.3.7.jar Transitive 4.1.1

Unreachable
CVE-2022-40149 Medium 6.5 Not Defined 0.2% jettison-1.3.7.jar Transitive 4.1.1

Unreachable
CVE-2021-39140 Medium 6.5 Not Defined 1.2% xstream-1.4.10.jar Transitive 3.0.5

Unreachable
CVE-2020-5408 Medium 6.5 Not Defined 0.1% spring-security-crypto-5.1.1.RELEASE.jar Transitive 3.0.4

Unreachable
CVE-2018-1000873 Medium 6.5 Not Defined 0.4% jackson-datatype-jsr310-2.9.7.jar Transitive 3.0.4

Unreachable
CVE-2024-23672 Medium 6.3 Not Defined 0.0% tomcat-embed-websocket-9.0.12.jar Transitive 4.0.0

Unreachable
CVE-2020-26258 Medium 6.3 Not Defined 83.0% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2021-21349 Medium 6.1 Not Defined 0.5% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2021-21347 Medium 6.1 Not Defined 11.0% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2021-21346 Medium 6.1 Not Defined 11.0% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2019-0221 Medium 6.1 Not Defined 2.1% tomcat-embed-core-9.0.12.jar Transitive 3.0.4

Unreachable
CVE-2024-30171 Medium 5.9 Not Defined 0.0% bcprov-jdk15on-1.60.jar Transitive N/A*

Unreachable
CVE-2023-1436 Medium 5.9 Not Defined 0.1% jettison-1.3.7.jar Transitive 4.1.1

Unreachable
CVE-2020-15522 Medium 5.9 Not Defined 0.1% bcprov-jdk15on-1.60.jar Transitive 3.0.4

Unreachable
CVE-2021-21345 Medium 5.8 Not Defined 15.700001% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2023-33202 Medium 5.5 Not Defined 0.1% bcprov-jdk15on-1.60.jar Transitive N/A*

Unreachable
CVE-2021-21351 Medium 5.4 Not Defined 87.8% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2023-34055 Medium 5.3 Not Defined 0.1% spring-boot-actuator-2.1.0.RELEASE.jar Transitive 4.0.0

Unreachable
CVE-2023-33201 Medium 5.3 Not Defined 0.1% bcprov-jdk15on-1.60.jar Transitive N/A*

Unreachable
CVE-2021-21350 Medium 5.3 Not Defined 11.0% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2021-21348 Medium 5.3 Not Defined 1.4000001% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2021-21344 Medium 5.3 Not Defined 11.0% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2021-21343 Medium 5.3 Not Defined 0.70000005% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2021-21342 Medium 5.3 Not Defined 1.3000001% xstream-1.4.10.jar Transitive 3.0.4

Unreachable
CVE-2020-26939 Medium 5.3 Not Defined 0.1% bcprov-jdk15on-1.60.jar Transitive 3.0.4

Unreachable
CVE-2024-38827 Medium 4.8 Not Defined 0.0% spring-security-crypto-5.1.1.RELEASE.jar Transitive 4.1.0

Unreachable
CVE-2021-22096 Medium 4.3 Not Defined 0.1% spring-webmvc-5.1.2.RELEASE.jar Transitive 3.0.4

Unreachable

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (0 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

⛑️Automatic Remediation will be attempted for this issue.
@mend-for-github-com mend-for-github-com bot added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: dependency security vulnerability Security vulnerability detected by Mend
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants