Skip to content

Update README.md#15910

Open
cx-nitzan-massader wants to merge 1 commit intomasterfrom
NitzanMassAder-patch-3
Open

Update README.md#15910
cx-nitzan-massader wants to merge 1 commit intomasterfrom
NitzanMassAder-patch-3

Conversation

@cx-nitzan-massader
Copy link
Contributor

@cx-nitzan-massader cx-nitzan-massader commented Nov 11, 2024

No description provided.

@cx-nitzan-massader
Copy link
Contributor Author

cx-nitzan-massader commented Nov 11, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsdd7c803f-8207-47bf-9025-b7b430844ad5

Policy Management Violations - Pull/merge request blocked

Policy Name Rule(s) Break Build
Test Policy New vulnerabilities of Critical, High, Medium and Low severity levels detected true

New Issues

Severity Issue Source File / Package Checkmarx Insight
CRITICAL SQL_Injection /encode.frm: 42 Attack Vector
CRITICAL SQL_Injection /encode.frm: 41 Attack Vector
HIGH CVE-2015-2575 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
HIGH CVE-2017-3523 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
HIGH CVE-2018-3258 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
HIGH Cx039cb67c-ead3 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
HIGH Cx6f651376-312a Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
HIGH Cx7ef609d2-efb5 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
MEDIUM Add Instead of Copy /Dockerfile: 8 Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
MEDIUM Add Instead of Copy /Dockerfile: 7 Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
MEDIUM CVE-2017-3586 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
MEDIUM CVE-2019-11358 Npm-jquery-3.2.1 Vulnerable Package
MEDIUM CVE-2019-2692 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
MEDIUM CVE-2020-11022 Npm-jquery-3.2.1 Vulnerable Package
MEDIUM CVE-2020-11023 Npm-jquery-3.2.1 Vulnerable Package
MEDIUM CVE-2020-15250 Maven-junit:junit-4.10 Vulnerable Package
MEDIUM CVE-2020-2875 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
MEDIUM CVE-2020-2934 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
MEDIUM CVE-2021-2471 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
MEDIUM CVE-2022-21363 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
MEDIUM CVE-2024-34517 Maven-org.neo4j:neo4j-cypher-1.8.1 Vulnerable Package
MEDIUM Hardcoded_password_in_Connection_String /encode.frm: 67 Attack Vector
MEDIUM Image Version Using 'latest' /Dockerfile: 1 When building images, always tag them with useful tags which codify version information, intended destination (prod or test, for instance), stabili...
MEDIUM Parameter_Tampering /encode.frm: 65 Attack Vector
MEDIUM Privacy_Violation /encode.frm: 42 Attack Vector
MEDIUM Privacy_Violation /encode.frm: 11 Attack Vector
MEDIUM Unpinned Package Version in Apk Add /Dockerfile: 1 Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
LOW CVE-2017-3589 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
LOW CVE-2020-2933 Maven-mysql:mysql-connector-java-5.1.18 Vulnerable Package
LOW Curl or Wget Instead of Add /Dockerfile: 8 Use of Curl or Wget should be done instead of Add to fetch packages from remote URLs due to the use of Add being strongly discouraged
LOW Curl or Wget Instead of Add /Dockerfile: 7 Use of Curl or Wget should be done instead of Add to fetch packages from remote URLs due to the use of Add being strongly discouraged
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW MAINTAINER Instruction Being Used /Dockerfile: 2 The MAINTAINER instruction sets the Author field of the generated images. The LABEL instruction is a much more flexible version of this and you sho...
LOW Multiple RUN, ADD, COPY, Instructions Listed /Dockerfile: 7 Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cx-nitzan-massader