Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update checkmarx-ast-cli binaries with 2.1.0 #186

Merged
merged 1 commit into from
May 13, 2024
Merged

Update checkmarx-ast-cli binaries with 2.1.0 #186

merged 1 commit into from
May 13, 2024

Conversation

pedrompflopes
Copy link
Contributor

@pedrompflopes pedrompflopes commented Jan 27, 2024
edited
Loading

Updates checkmarx-ast-cli to 2.1.0

Auto-generated by [create-pull-request][2]

@pedrompflopes pedrompflopes requested review from a team, diogopcx and tiagobcx and removed request for a team January 27, 2024 00:18
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 27, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details4fb81996-2727-43fc-b686-c074f667f9f1

Policy Management Violations

Policy Name Rule(s) Break Build
[SAST-ML0] Not allowed NEW Sast vulnerabilities true

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2012-0881 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
HIGH CVE-2012-0881 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
HIGH CVE-2013-4002 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
HIGH CVE-2013-4002 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-5.3.29 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-5.3.29 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-4.3.30.RELEASE Vulnerable Package
HIGH CVE-2021-22112 Maven-org.springframework.security:spring-security-web-4.2.20.RELEASE Vulnerable Package
HIGH CVE-2022-1471 Maven-org.yaml:snakeyaml-1.33 Vulnerable Package
HIGH CVE-2022-22965 Maven-org.springframework:spring-beans-4.3.30.RELEASE Vulnerable Package
HIGH CVE-2022-22965 Maven-org.springframework:spring-webmvc-4.3.30.RELEASE Vulnerable Package
HIGH CVE-2022-31690 Maven-org.springframework.security:spring-security-web-4.2.20.RELEASE Vulnerable Package
HIGH CVE-2022-4065 Maven-org.testng:testng-6.14.3 Vulnerable Package
HIGH CVE-2023-2976 Maven-com.google.guava:guava-31.1-android Vulnerable Package
HIGH CVE-2023-51775 Maven-org.bitbucket.b_c:jose4j-0.9.3 Vulnerable Package
HIGH CVE-2024-22243 Maven-org.springframework:spring-web-5.3.29 Vulnerable Package
HIGH CVE-2024-22257 Maven-org.springframework.security:spring-security-core-5.8.7 Vulnerable Package
HIGH CVE-2024-22257 Maven-org.springframework.security:spring-security-core-4.2.20.RELEASE Vulnerable Package
HIGH CVE-2024-22259 Maven-org.springframework:spring-web-5.3.29 Vulnerable Package
HIGH CVE-2024-22262 Maven-org.springframework:spring-web-5.3.29 Vulnerable Package
HIGH Cx78f40514-81ff Maven-commons-collections:commons-collections-3.2.2 Vulnerable Package
MEDIUM CVE-2009-2625 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
MEDIUM CVE-2009-2625 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
MEDIUM CVE-2012-6153 Maven-commons-httpclient:commons-httpclient-3.1 Vulnerable Package
MEDIUM CVE-2017-10355 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
MEDIUM CVE-2017-10355 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
MEDIUM CVE-2018-2799 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
MEDIUM CVE-2018-2799 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
MEDIUM CVE-2020-1945 Maven-org.apache.ant:ant-1.10.3 Vulnerable Package
MEDIUM CVE-2021-22060 Maven-org.springframework:spring-core-4.3.30.RELEASE Vulnerable Package
MEDIUM CVE-2021-22096 Maven-org.springframework:spring-core-4.3.30.RELEASE Vulnerable Package
MEDIUM CVE-2021-36373 Maven-org.apache.ant:ant-1.10.3 Vulnerable Package
MEDIUM CVE-2021-36374 Maven-org.apache.ant:ant-1.10.3 Vulnerable Package
MEDIUM CVE-2022-22950 Maven-org.springframework:spring-core-4.3.30.RELEASE Vulnerable Package
MEDIUM CVE-2023-33201 Maven-org.bouncycastle:bcprov-jdk18on-1.72 Vulnerable Package
MEDIUM CVE-2023-33201 Maven-org.bouncycastle:bcprov-jdk15on-1.64 Vulnerable Package
MEDIUM CVE-2023-33202 Maven-org.bouncycastle:bcprov-jdk18on-1.72 Vulnerable Package
MEDIUM CVE-2023-33202 Maven-org.bouncycastle:bcprov-jdk15on-1.64 Vulnerable Package
MEDIUM CVE-2024-25710 Maven-org.apache.commons:commons-compress-1.24.0 Vulnerable Package
MEDIUM CVE-2024-26308 Maven-org.apache.commons:commons-compress-1.24.0 Vulnerable Package
MEDIUM Unpinned Actions Full Length Commit SHA /release-drafter.yml: 33 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 77 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 102 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /ast-scan.yml: 12 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /update-cli.yml: 32 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 23 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 14 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /delete-dev-releases.yml: 28 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 115 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /ci.yml: 35 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2016-5002 Maven-org.apache.ws.xmlrpc:xmlrpc-2.0.1
HIGH CVE-2016-5003 Maven-org.apache.ws.xmlrpc:xmlrpc-2.0.1
HIGH CVE-2018-1000180 Maven-org.bouncycastle:bcprov-jdk15on-1.56
HIGH CVE-2018-1000613 Maven-org.bouncycastle:bcprov-jdk15on-1.56
HIGH CVE-2019-10172 Maven-org.codehaus.jackson:jackson-mapper-asl-1.9.13
HIGH CVE-2019-10202 Maven-org.codehaus.jackson:jackson-core-asl-1.9.13
HIGH CVE-2019-17359 Maven-org.bouncycastle:bcprov-jdk15on-1.56
HIGH CVE-2019-17570 Maven-org.apache.ws.xmlrpc:xmlrpc-2.0.1
HIGH CVE-2020-25649 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2020-36518 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2021-20190 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2022-25857 Maven-org.yaml:snakeyaml-1.26
HIGH CVE-2022-42003 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2022-42004 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
MEDIUM CVE-2018-10237 Maven-com.google.guava:guava-18.0
MEDIUM CVE-2019-11269 Maven-org.springframework.security.oauth:spring-security-oauth2-2.3.4.RELEASE
MEDIUM CVE-2019-3778 Maven-org.springframework.security.oauth:spring-security-oauth2-2.3.4.RELEASE
MEDIUM CVE-2020-15250 Maven-junit:junit-4.12
MEDIUM CVE-2020-26939 Maven-org.bouncycastle:bcprov-jdk15on-1.56
MEDIUM CVE-2022-22969 Maven-org.springframework.security.oauth:spring-security-oauth2-2.3.4.RELEASE
MEDIUM CVE-2022-38749 Maven-org.yaml:snakeyaml-1.26
MEDIUM CVE-2022-38750 Maven-org.yaml:snakeyaml-1.26
MEDIUM CVE-2022-38751 Maven-org.yaml:snakeyaml-1.26
MEDIUM CVE-2022-38752 Maven-org.yaml:snakeyaml-1.26
MEDIUM Cxced0c06c-935c Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
LOW CVE-2020-8908 Maven-com.google.guava:guava-18.0

@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.65 Update checkmarx-ast-cli binaries with 2.0.66 Feb 6, 2024
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from 5eb90c7 to ad8f910 Compare February 16, 2024 00:18
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.66 Update checkmarx-ast-cli binaries with 2.0.67 Feb 20, 2024
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from 0632402 to 3ae672c Compare February 23, 2024 00:17
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.67 Update checkmarx-ast-cli binaries with 2.0.69 Feb 23, 2024
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from e098a5c to 3f4d1f2 Compare March 2, 2024 00:18
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.69 Update checkmarx-ast-cli binaries with 2.0.70 Mar 13, 2024
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from bfd3ccb to deaf636 Compare March 14, 2024 00:18
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from 2493ece to d7c790d Compare March 23, 2024 00:18
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.70 Update checkmarx-ast-cli binaries with 2.0.71 Mar 27, 2024
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from 575ee74 to 8e6af0d Compare March 28, 2024 00:19
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.71 Update checkmarx-ast-cli binaries with 2.0.72 Apr 10, 2024
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from 9a05055 to 9935791 Compare April 11, 2024 00:20
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.72 Update checkmarx-ast-cli binaries with 2.0.74 Apr 17, 2024
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from f56c27d to 7aeedfc Compare April 19, 2024 00:19
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.74 Update checkmarx-ast-cli binaries with 2.0.75 Apr 23, 2024
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 3 times, most recently from 5628e15 to 46872c4 Compare April 27, 2024 00:18
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.75 Update checkmarx-ast-cli binaries with 2.0.76 May 6, 2024
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from e0ee2db to 782b561 Compare May 7, 2024 00:19
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.76 Update checkmarx-ast-cli binaries with 2.1.0 May 8, 2024
@OrShamirCM OrShamirCM merged commit cba1929 into main May 13, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OrShamirCM OrShamirCM OrShamirCM approved these changes

@diogopcx diogopcx Awaiting requested review from diogopcx diogopcx was automatically assigned from Checkmarx/ast-galactica-team

@tiagobcx tiagobcx Awaiting requested review from tiagobcx tiagobcx was automatically assigned from Checkmarx/ast-galactica-team

Assignees
No one assigned
Labels
cxone
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pedrompflopes @OrShamirCM