Update dependency org.springframework.security:spring-security-config to v4.1.1.RELEASE #220
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2022-22978Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/4.1.1.RELEASE/spring-security-core-4.1.1.RELEASE.jar Dependency Hierarchy: -> spring-security-web-4.1.1.RELEASE.jar (Root Library) -> ❌ spring-security-core-4.1.1.RELEASE.jar (Vulnerable Library) |
 Critical |
9.8 | Transitive spring-security-core-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | Transitive org.springframework.security:spring-security-core:5.6.4,https://github.com/spring-projects/spring-security.git - no_fix,org.springframework.security:spring-security-web:5.5.7,org.springframework.security:spring-security-core:5.5.7,org.springframework.security:spring-security-core:5.4.11,org.springframework.security:spring-security-web:5.6.4,org.springframework.security:spring-security-web:5.4.11,org.springframework.security:spring-security-web:5.5.7,org.springframework.security:spring-security-core:5.6.4,org.springframework.security:spring-security-web:5.4.11,org.springframework.security:spring-security-web:5.6.4,org.springframework.security:spring-security-core:5.4.11,org.springframework.security:spring-security-core:5.5.7 |
#232 |
|
CVE-2024-22257Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/4.1.1.RELEASE/spring-security-core-4.1.1.RELEASE.jar Dependency Hierarchy: -> spring-security-web-4.1.1.RELEASE.jar (Root Library) -> ❌ spring-security-core-4.1.1.RELEASE.jar (Vulnerable Library) |
 High |
8.2 | Transitive spring-security-core-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | Transitive 5.7.12 |
None |
|
CVE-2016-9879Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.1.1.RELEASE/spring-security-web-4.1.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-security-web-4.1.1.RELEASE.jar (Vulnerable Library) |
High |
7.5 | Direct spring-security-web-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | 4.1.4.RELEASE | #159 |
|
CVE-2019-11272Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/4.1.1.RELEASE/spring-security-core-4.1.1.RELEASE.jar Dependency Hierarchy: -> spring-security-web-4.1.1.RELEASE.jar (Root Library) -> ❌ spring-security-core-4.1.1.RELEASE.jar (Vulnerable Library) |
High |
7.3 | Transitive spring-security-core-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | Transitive org.springframework.security:spring-security-cas:4.2.13.RELEASE |
#35 |
|
WS-2017-3767Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.1.1.RELEASE/spring-security-web-4.1.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-security-web-4.1.1.RELEASE.jar (Vulnerable Library) |
 Medium |
6.6 | Direct spring-security-web-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | #66 |
|
|
WS-2020-0293Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.1.1.RELEASE/spring-security-web-4.1.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-security-web-4.1.1.RELEASE.jar (Vulnerable Library) |
Medium |
5.9 | Direct spring-security-web-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | #93 |
|
|
WS-2016-7107Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.1.1.RELEASE/spring-security-web-4.1.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-security-web-4.1.1.RELEASE.jar (Vulnerable Library) |
Medium |
5.9 | Direct spring-security-web-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | #117 |
|
|
CVE-2020-5407Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/4.1.1.RELEASE/spring-security-core-4.1.1.RELEASE.jar Dependency Hierarchy: -> spring-security-web-4.1.1.RELEASE.jar (Root Library) -> ❌ spring-security-core-4.1.1.RELEASE.jar (Vulnerable Library) |
High |
8.8 | Transitive spring-security-core-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | Transitive https://github.com/spring-projects/spring-security.git - no_fix |
#242 | |
CVE-2018-1199Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.1.1.RELEASE/spring-security-web-4.1.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-security-web-4.1.1.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Direct spring-security-web-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | org.springframework.security:spring-security-web:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework.security:spring-security-config:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework:spring-core:4.3.14.RELEASE,5.0.3.RELEASE | #221 | |
CVE-2018-1199Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-config/4.1.1.RELEASE/spring-security-config-4.1.1.RELEASE.jar Dependency Hierarchy: -> ❌ spring-security-config-4.1.1.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Direct spring-security-config-4.1.1.RELEASE.jar |
spring-security-config-4.1.1.RELEASE.jar | org.springframework.security:spring-security-web:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework.security:spring-security-config:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework:spring-core:4.3.14.RELEASE,5.0.3.RELEASE | #221 | |
CVE-2018-1199Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/4.1.1.RELEASE/spring-security-core-4.1.1.RELEASE.jar Dependency Hierarchy: -> spring-security-web-4.1.1.RELEASE.jar (Root Library) -> ❌ spring-security-core-4.1.1.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Transitive spring-security-core-4.1.1.RELEASE.jar |
spring-security-web-4.1.1.RELEASE.jar | Transitive org.springframework.security:spring-security-web:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework.security:spring-security-config:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework:spring-core:4.3.14.RELEASE,5.0.3.RELEASE |
#221 |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2020-24750 | jackson-databind-2.8.4.jar |
| CVE-2020-36185 | jackson-databind-2.8.4.jar |
| CVE-2020-10650 | jackson-databind-2.8.4.jar |
| CVE-2020-11112 | jackson-databind-2.8.4.jar |
| CVE-2020-14062 | jackson-databind-2.8.4.jar |
| CVE-2018-14718 | jackson-databind-2.8.4.jar |
| CVE-2020-36518 | jackson-databind-2.8.4.jar |
| CVE-2020-36187 | jackson-databind-2.8.4.jar |
| CVE-2020-14195 | jackson-databind-2.8.4.jar |
| CVE-2016-5007 | spring-security-config-4.0.2.RELEASE.jar |
| CVE-2024-22257 | spring-security-core-4.0.2.RELEASE.jar |
| CVE-2020-9548 | jackson-databind-2.8.4.jar |
| CVE-2020-36179 | jackson-databind-2.8.4.jar |
| CVE-2018-19361 | jackson-databind-2.8.4.jar |
| GHSA-257q-pv89-v3xv | jquery-3.2.1.min.js |
| CVE-2020-5407 | spring-security-core-4.0.2.RELEASE.jar |
| CVE-2020-36180 | jackson-databind-2.8.4.jar |
| CVE-2020-36181 | jackson-databind-2.8.4.jar |
| CVE-2019-17531 | jackson-databind-2.8.4.jar |
| CVE-2018-14721 | jackson-databind-2.8.4.jar |
| CVE-2018-19362 | jackson-databind-2.8.4.jar |
| CVE-2016-5007 | spring-security-web-4.0.2.RELEASE.jar |
| WS-2016-7107 | spring-security-web-4.0.2.RELEASE.jar |
| CVE-2019-11272 | spring-security-core-4.0.2.RELEASE.jar |
| CVE-2019-14540 | jackson-databind-2.8.4.jar |
| CVE-2020-10673 | jackson-databind-2.8.4.jar |
| CVE-2020-36186 | jackson-databind-2.8.4.jar |
| WS-2017-3767 | spring-security-web-4.0.2.RELEASE.jar |
| CVE-2022-22978 | spring-security-core-4.0.2.RELEASE.jar |
| CVE-2020-11113 | jackson-databind-2.8.4.jar |
| CVE-2022-25647 | gson-2.8.2.jar |
| CVE-2020-11619 | jackson-databind-2.8.4.jar |
| CVE-2020-24616 | jackson-databind-2.8.4.jar |
| CVE-2020-36184 | jackson-databind-2.8.4.jar |
| CVE-2018-1199 | spring-security-core-4.0.2.RELEASE.jar |
| CVE-2020-36182 | jackson-databind-2.8.4.jar |
| WS-2020-0293 | spring-security-web-4.0.2.RELEASE.jar |
| CVE-2020-25638 | hibernate-core-4.3.11.Final.jar |
| CVE-2020-14061 | jackson-databind-2.8.4.jar |
| CVE-2020-11620 | jackson-databind-2.8.4.jar |
| CVE-2019-14893 | jackson-databind-2.8.4.jar |
| CVE-2020-36189 | jackson-databind-2.8.4.jar |
| CVE-2018-14720 | jackson-databind-2.8.4.jar |
| CVE-2019-14892 | jackson-databind-2.8.4.jar |
| CVE-2020-36188 | jackson-databind-2.8.4.jar |
| CVE-2020-11111 | jackson-databind-2.8.4.jar |
| CVE-2020-14060 | jackson-databind-2.8.4.jar |
| CVE-2019-14439 | jackson-databind-2.8.4.jar |
| CVE-2018-5968 | jackson-databind-2.8.4.jar |
| CVE-2018-14719 | jackson-databind-2.8.4.jar |
| CVE-2020-36183 | jackson-databind-2.8.4.jar |
| CVE-2016-9879 | spring-security-web-4.0.2.RELEASE.jar |
| CVE-2019-14379 | jackson-databind-2.8.4.jar |
Base branch total remaining vulnerabilities: 186
Base branch commit: 80eb1448744dcd3ab7e403f5f4f723c4c6760ae9
Total libraries scanned: 107
Scan token: aceb816e8326472186b966addb50ad20