Skip to content

Update dependency org.springframework.amqp:spring-rabbit to v2 #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
staging-whitesource-for-github-com wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency org.springframework.amqp:spring-rabbit to v2

4e4a51f
Select commit
Loading
Failed to load commit list.
Open

Update dependency org.springframework.amqp:spring-rabbit to v2 #8

Update dependency org.springframework.amqp:spring-rabbit to v2
4e4a51f
Select commit
Loading
Failed to load commit list.
Staging - WhiteSource for GitHub.com / Mend Security Check failed Dec 4, 2025 in 3m 48s

Security Report

You have successfully remediated 53 vulnerabilities, but introduced 4 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2022-22965

Path to dependency file: /vprofile-project3/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.1.1.RELEASE/spring-beans-5.1.1.RELEASE.jar

Dependency Hierarchy:

-> spring-rabbit-2.1.0.RELEASE.jar (Root Library)

   -> spring-context-5.1.1.RELEASE.jar

     -> spring-aop-5.1.1.RELEASE.jar

       -> ❌ spring-beans-5.1.1.RELEASE.jar (Vulnerable Library)

Critical 9.8 Transitive spring-beans-5.1.1.RELEASE.jar spring-rabbit-2.1.0.RELEASE.jar Transitive org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 None

Reachable
CVE-2022-22970

Path to dependency file: /vprofile-project3/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.1.1.RELEASE/spring-core-5.1.1.RELEASE.jar

Dependency Hierarchy:

-> spring-rabbit-2.1.0.RELEASE.jar (Root Library)

   -> spring-amqp-2.1.0.RELEASE.jar

     -> ❌ spring-core-5.1.1.RELEASE.jar (Vulnerable Library)

Medium 5.3 Transitive spring-core-5.1.1.RELEASE.jar spring-rabbit-2.1.0.RELEASE.jar Transitive org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20 None

Reachable
CVE-2018-1257

Path to dependency file: /vprofile-project3/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.1.1.RELEASE/spring-core-5.1.1.RELEASE.jar

Dependency Hierarchy:

-> spring-rabbit-2.1.0.RELEASE.jar (Root Library)

   -> spring-amqp-2.1.0.RELEASE.jar

     -> ❌ spring-core-5.1.1.RELEASE.jar (Vulnerable Library)

Medium 6.5 Transitive spring-core-5.1.1.RELEASE.jar spring-rabbit-2.1.0.RELEASE.jar Transitive 5.0.6,4.3.17 None
CVE-2018-1271

Path to dependency file: /vprofile-project3/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.1.1.RELEASE/spring-core-5.1.1.RELEASE.jar

Dependency Hierarchy:

-> spring-rabbit-2.1.0.RELEASE.jar (Root Library)

   -> spring-amqp-2.1.0.RELEASE.jar

     -> ❌ spring-core-5.1.1.RELEASE.jar (Vulnerable Library)

Medium 5.9 Transitive spring-core-5.1.1.RELEASE.jar spring-rabbit-2.1.0.RELEASE.jar Transitive org.springframework:spring-webflux:5.0.5.RELEASE,org.springframework:spring-webmvc:4.3.15.RELEASE,5.0.5.RELEASE None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2020-25649 jackson-databind-2.9.10.4.jar
CVE-2018-11040 spring-web-4.3.7.RELEASE.jar
CVE-2020-35490 jackson-databind-2.9.10.4.jar
CVE-2022-22965 spring-beans-4.3.7.RELEASE.jar
CVE-2020-36187 jackson-databind-2.9.10.4.jar
CVE-2022-42004 jackson-databind-2.9.10.4.jar
CVE-2020-14062 jackson-databind-2.9.10.4.jar
CVE-2020-36181 jackson-databind-2.9.10.4.jar
CVE-2020-36184 jackson-databind-2.9.10.4.jar
CVE-2022-22970 spring-core-4.3.7.RELEASE.jar
CVE-2018-1272 spring-core-4.3.7.RELEASE.jar
CVE-2020-24616 jackson-databind-2.9.10.4.jar
CVE-2020-36183 jackson-databind-2.9.10.4.jar
CVE-2020-35491 jackson-databind-2.9.10.4.jar
CVE-2020-14061 jackson-databind-2.9.10.4.jar
CVE-2020-11022 jquery-1.11.2.min.js
CVE-2022-22970 spring-beans-4.3.7.RELEASE.jar
WS-2019-0379 commons-codec-1.6.jar
CVE-2018-1257 spring-core-4.3.7.RELEASE.jar
CVE-2022-22950 spring-expression-4.3.7.RELEASE.jar
CVE-2018-1257 spring-messaging-4.3.7.RELEASE.jar
CVE-2018-11087 spring-rabbit-1.7.1.RELEASE.jar
CVE-2018-1275 spring-messaging-4.3.7.RELEASE.jar
CVE-2020-36179 jackson-databind-2.9.10.4.jar
CVE-2018-11087 spring-amqp-1.7.1.RELEASE.jar
WS-2017-3734 httpclient-4.3.6.jar
CVE-2018-1270 spring-messaging-4.3.7.RELEASE.jar
CVE-2020-36189 jackson-databind-2.9.10.4.jar
CVE-2020-36188 jackson-databind-2.9.10.4.jar
CVE-2018-1271 spring-core-4.3.7.RELEASE.jar
CVE-2018-15756 spring-core-4.3.7.RELEASE.jar
CVE-2018-15756 spring-web-4.3.7.RELEASE.jar
CVE-2017-16137 debug-2.2.0.tgz
CVE-2020-36185 jackson-databind-2.9.10.4.jar
CVE-2020-36182 jackson-databind-2.9.10.4.jar
CVE-2020-14060 jackson-databind-2.9.10.4.jar
CVE-2018-11040 spring-core-4.3.7.RELEASE.jar
CVE-2021-22096 spring-web-4.3.7.RELEASE.jar
CVE-2018-1199 spring-core-4.3.7.RELEASE.jar
CVE-2020-11023 jquery-1.11.2.min.js
CVE-2021-20190 jackson-databind-2.9.10.4.jar
CVE-2020-35728 jackson-databind-2.9.10.4.jar
CVE-2020-14195 jackson-databind-2.9.10.4.jar
CVE-2020-5421 spring-web-4.3.7.RELEASE.jar
CVE-2019-11358 jquery-1.11.2.min.js
CVE-2015-9251 jquery-1.11.2.min.js
CVE-2022-42003 jackson-databind-2.9.10.4.jar
CVE-2020-24750 jackson-databind-2.9.10.4.jar
CVE-2020-36180 jackson-databind-2.9.10.4.jar
CVE-2017-8045 spring-amqp-1.7.1.RELEASE.jar
CVE-2018-11039 spring-web-4.3.7.RELEASE.jar
CVE-2022-22971 spring-messaging-4.3.7.RELEASE.jar
CVE-2020-36186 jackson-databind-2.9.10.4.jar

Base branch total remaining vulnerabilities: 122
Base branch commit: 0000244cad89eae59281956f46e9d04fe9b7072a


Total libraries scanned: 400

Scan token: 044c9f80cd0a448da2d0b6961c31b940

View more details on Staging - WhiteSource for GitHub.com