Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update checkmarx-ast-cli binaries with 2.0.53 #162

Merged
merged 1 commit into from
Jul 27, 2023
Merged

Update checkmarx-ast-cli binaries with 2.0.53 #162

merged 1 commit into from
Jul 27, 2023

Conversation

pedrompflopes
Copy link
Contributor

@pedrompflopes pedrompflopes commented Jun 30, 2023
edited
Loading

Updates checkmarx-ast-cli to 2.0.53

Auto-generated by [create-pull-request][2]

@pedrompflopes pedrompflopes requested review from a team, diogopcx and tiagobcx and removed request for a team June 30, 2023 11:33
@github-actions
Copy link

github-actions bot commented Jun 30, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details44388bd2-c47d-4caa-b9c5-cca7419974f8

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-5.3.19 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-5.3.19 Vulnerable Package
HIGH CVE-2022-31690 Maven-org.springframework.security:spring-security-web-5.6.3 Vulnerable Package
HIGH CVE-2022-31692 Maven-org.springframework.security:spring-security-core-5.6.3 Vulnerable Package
HIGH CVE-2022-4065 Maven-org.testng:testng-6.14.3 Vulnerable Package
HIGH CVE-2023-20860 Maven-org.springframework:spring-webmvc-5.3.19 Vulnerable Package
HIGH CVE-2023-20863 Maven-org.springframework:spring-expression-5.3.19 Vulnerable Package
HIGH CVE-2023-20863 Maven-org.springframework:spring-expression-5.3.18 Vulnerable Package
HIGH CVE-2023-34034 Maven-org.springframework.security:spring-security-config-5.6.3 Vulnerable Package
HIGH Cx78f40514-81ff Maven-commons-collections:commons-collections-3.2.2 Vulnerable Package
HIGH Cx8bc13cba-30bf Maven-org.bitbucket.b_c:jose4j-0.7.12 Vulnerable Package
MEDIUM CVE-2012-6153 Maven-commons-httpclient:commons-httpclient-3.1 Vulnerable Package
MEDIUM CVE-2022-41854 Maven-org.yaml:snakeyaml-2.0 Vulnerable Package
MEDIUM CVE-2023-20861 Maven-org.springframework:spring-expression-5.3.19 Vulnerable Package
MEDIUM CVE-2023-20861 Maven-org.springframework:spring-expression-5.3.18 Vulnerable Package
MEDIUM CVE-2023-2976 Maven-com.google.guava:guava-31.1-android Vulnerable Package
MEDIUM CVE-2023-33201 Maven-org.bouncycastle:bcprov-jdk15on-1.70 Vulnerable Package

Fixed Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2018-1000180 Maven-org.bouncycastle:bcprov-jdk15on-1.56 Vulnerable Package
HIGH CVE-2018-1000613 Maven-org.bouncycastle:bcprov-jdk15on-1.56 Vulnerable Package
HIGH CVE-2019-17359 Maven-org.bouncycastle:bcprov-jdk15on-1.56 Vulnerable Package
HIGH CVE-2020-25649 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5 Vulnerable Package
HIGH CVE-2020-36518 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5 Vulnerable Package
HIGH CVE-2021-20190 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5 Vulnerable Package
HIGH CVE-2022-25857 Maven-org.yaml:snakeyaml-1.26 Vulnerable Package
HIGH CVE-2022-42003 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5 Vulnerable Package
HIGH CVE-2022-42004 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5 Vulnerable Package
HIGH Cxa9261daf-3755 Maven-org.bouncycastle:bcprov-jdk15on-1.56 Vulnerable Package
MEDIUM CVE-2018-10237 Maven-com.google.guava:guava-18.0 Vulnerable Package
MEDIUM CVE-2020-14338 Maven-xerces:xercesImpl-2.12.1 Vulnerable Package
MEDIUM CVE-2020-15522 Maven-org.bouncycastle:bcprov-jdk15on-1.56 Vulnerable Package
MEDIUM CVE-2020-26939 Maven-org.bouncycastle:bcprov-jdk15on-1.56 Vulnerable Package
MEDIUM CVE-2022-23437 Maven-xerces:xercesImpl-2.12.1 Vulnerable Package
MEDIUM CVE-2022-38749 Maven-org.yaml:snakeyaml-1.26 Vulnerable Package
MEDIUM CVE-2022-38750 Maven-org.yaml:snakeyaml-1.26 Vulnerable Package
MEDIUM CVE-2022-38751 Maven-org.yaml:snakeyaml-1.26 Vulnerable Package
MEDIUM CVE-2022-38752 Maven-org.yaml:snakeyaml-1.26 Vulnerable Package
MEDIUM Cxced0c06c-935c Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5 Vulnerable Package
LOW CVE-2020-8908 Maven-com.google.guava:guava-18.0 Vulnerable Package

@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.50 Update checkmarx-ast-cli binaries with 2.0.51 Jul 14, 2023
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.51 Update checkmarx-ast-cli binaries with 2.0.52 Jul 19, 2023
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.52 Update checkmarx-ast-cli binaries with 2.0.53 Jul 27, 2023
@pedrompflopes pedrompflopes merged commit 4c18c99 into main Jul 27, 2023
5 checks passed
@pedrompflopes pedrompflopes deleted the feature/update_cli branch July 27, 2023 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diogopcx diogopcx Awaiting requested review from diogopcx diogopcx was automatically assigned from Checkmarx/ast-galactica-team

@tiagobcx tiagobcx Awaiting requested review from tiagobcx tiagobcx was automatically assigned from Checkmarx/ast-galactica-team

Assignees
No one assigned
Labels
cxone
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pedrompflopes