[AUTO] Increment version to 1.3.13-SNAPSHOT #1955
Security Report
You have successfully remediated 2 vulnerabilities, but introduced 5 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-32697Path to dependency file: /integ-test/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial/sqlite-jdbc/3.28.0/406b4fa58eab5d29d779fa86cedb60c7ee071b57/sqlite-jdbc-3.28.0.jar Dependency Hierarchy: -> ❌ sqlite-jdbc-3.28.0.jar (Vulnerable Library) |
Critical | 9.8 | sqlite-jdbc-3.28.0.jar | Upgrade to version: org.xerial:sqlite-jdbc:3.41.2.2 | #1669 |
CVE-2022-45868Path to dependency file: /integ-test/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.h2database/h2/2.1.214/d5c2005c9e3279201e12d4776c948578b16bf8b2/h2-2.1.214.jar Dependency Hierarchy: -> ❌ h2-2.1.214.jar (Vulnerable Library) |
High | 7.8 | h2-2.1.214.jar | Upgrade to version: com.h2database:h2:2.2.220 | #1105 |
CVE-2023-2976Path to dependency file: /protocol/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/30.1.1-jre/87e0fd1df874ea3cbe577702fe6f17068b790fd8/guava-30.1.1-jre.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/30.1.1-jre/87e0fd1df874ea3cbe577702fe6f17068b790fd8/guava-30.1.1-jre.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/30.1.1-jre/87e0fd1df874ea3cbe577702fe6f17068b790fd8/guava-30.1.1-jre.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/30.1.1-jre/87e0fd1df874ea3cbe577702fe6f17068b790fd8/guava-30.1.1-jre.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/30.1.1-jre/87e0fd1df874ea3cbe577702fe6f17068b790fd8/guava-30.1.1-jre.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/30.1.1-jre/87e0fd1df874ea3cbe577702fe6f17068b790fd8/guava-30.1.1-jre.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/30.1.1-jre/87e0fd1df874ea3cbe577702fe6f17068b790fd8/guava-30.1.1-jre.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/30.1.1-jre/87e0fd1df874ea3cbe577702fe6f17068b790fd8/guava-30.1.1-jre.jar Dependency Hierarchy: -> checkstyle-8.45.1.jar (Root Library) -> ❌ guava-30.1.1-jre.jar (Vulnerable Library) |
High | 7.1 | guava-30.1.1-jre.jar | Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre | #1767 |
CVE-2023-26112Path to dependency file: /sql-cli Path to vulnerable library: /sql-cli Dependency Hierarchy: -> ❌ configobj-5.0.8-py2.py3-none-any.whl (Vulnerable Library) |
Medium | 5.9 | configobj-5.0.8-py2.py3-none-any.whl | None | |
CVE-2022-40896Path to dependency file: /sql-cli Path to vulnerable library: /sql-cli Dependency Hierarchy: -> ❌ Pygments-2.11.1-py3-none-any.whl (Vulnerable Library) |
Medium | 5.5 | Pygments-2.11.1-py3-none-any.whl | Upgrade to version: pygments - 2.15.0 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2023-3635 | okio-jvm-3.0.0.jar |
CVE-2023-3635 | okio-2.8.0.jar |
Base branch total remaining vulnerabilities: 2
Base branch commit: 61d1eb7d6bab3bed88adbe9c40f027cea52f5c94
Total libraries scanned: 214
Scan token: a6e78461a8014fb9a5bf84af18861d74