Skip to content

[Snyk] Security upgrade react-scripts from 3.4.4 to 5.0.0 #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
acn-tesch wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade react-scripts from 3.4.4 to 5.0.0 #39

acn-tesch wants to merge 1 commit into from

Conversation

@acn-tesch
Copy link

@acn-tesch acn-tesch commented Oct 11, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • services/web/package.json
    • services/web/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 131/1000
Why? Confidentiality impact: Low, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 1.86, Score Version: V5		 Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8172694		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: react-scripts The new version differs by 238 commits.
  • 221e511 Publish
  • 6a3315b Update CONTRIBUTING.md
  • 5614c87 Add support for Tailwind (#11717)
  • 657739f chore(test): make all tests install with `npm ci` (#11723)
  • 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
  • 69321b0 Remove cached lockfile (#11706)
  • 3afbbc0 Update all dependencies (#11624)
  • f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
  • e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
  • c7627ce Update webpack and dev server (#11646)
  • f85b064 The default port used by `serve` has changed (#11619)
  • 544befe Update package.json (#11597)
  • 9d0369b Fix ESLint Babel preset resolution (#11547)
  • d7b23c8 test(create-react-app): assert for exit code (#10973)
  • 1465357 Prepare 5.0.0 alpha release
  • 3880ba6 Remove dependency pinning (#11474)
  • 8b9fbee Update CODEOWNERS
  • cacf590 Bump template dependency version (#11415)
  • 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
  • 50ea5ad allow CORS on webpack-dev-server (#11325)
  • 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
  • 960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
  • 134cd3c Resolve dependency issues in v5 alpha (#11294)
  • b45ae3c Update CONTRIBUTING.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: services/web/package.json & services/web/package-lock.json to re…
7c311a3 
…duce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694
@github-actions
Copy link

github-actions bot commented Oct 11, 2024

Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 7c311a3.

@acn-tesch
Copy link
Author

acn-tesch commented Oct 11, 2024

Logo
Checkmarx One – Scan Summary & Details3f7168cb-c71e-4dab-aff9-0cc62ff76353

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2023-45288 Go-golang.org/x/net-v0.0.0-20200324143707-d3edc9973b7e Vulnerable Package
HIGH CVE-2023-50782 Python-cryptography-40.0.2 Vulnerable Package
HIGH CVE-2024-1135 Python-gunicorn-21.2.0 Vulnerable Package
HIGH CVE-2024-26130 Python-cryptography-40.0.2 Vulnerable Package
HIGH CVE-2024-27351 Python-Django-4.1.13 Vulnerable Package
HIGH CVE-2024-34069 Python-Werkzeug-2.0.3 Vulnerable Package
HIGH CVE-2024-38875 Python-Django-4.1.13 Vulnerable Package
HIGH CVE-2024-39330 Python-Django-4.1.13 Vulnerable Package
HIGH CVE-2024-39614 Python-Django-4.1.13 Vulnerable Package
HIGH CVE-2024-4068 Npm-braces-3.0.2 Vulnerable Package
HIGH CVE-2024-41989 Python-Django-4.1.13 Vulnerable Package
HIGH CVE-2024-41990 Python-Django-4.1.13 Vulnerable Package
HIGH CVE-2024-41991 Python-Django-4.1.13 Vulnerable Package
HIGH CVE-2024-42005 Python-Django-4.1.13 Vulnerable Package
HIGH CVE-2024-4340 Python-sqlparse-0.2.4 Vulnerable Package
HIGH CVE-2024-45296 Npm-path-to-regexp-1.8.0 Vulnerable Package
HIGH Cx89a94f30-7a24 Python-sqlparse-0.2.4 Vulnerable Package
HIGH Missing User Instruction /Dockerfile: 27 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 15 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 29 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 119 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 86 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 126 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 79 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 211 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /docker-database.yml: 21 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 189 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 26 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 49 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /docker-database.yml: 36 Query to find passwords and secrets in infrastructure code.
HIGH Privilege Escalation Allowed /deployment.yaml: 22 Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 29 When installing a package, its pin version should be defined
MEDIUM CPU Limits Not Set /deployment.yaml: 53 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
MEDIUM CPU Limits Not Set /deployment.yaml: 25 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
MEDIUM CPU Limits Not Set /deployment.yaml: 31 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
MEDIUM CPU Limits Not Set /deployment.yaml: 22 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
MEDIUM CPU Limits Not Set /deployment.yaml: 34 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
MEDIUM CPU Limits Not Set /deployment.yaml: 40 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
MEDIUM CPU Limits Not Set /deployment.yaml: 46 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
MEDIUM CPU Requests Not Set /deployment.yaml: 31 CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
MEDIUM CPU Requests Not Set /deployment.yaml: 40 CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
MEDIUM CPU Requests Not Set /deployment.yaml: 53 CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
MEDIUM CPU Requests Not Set /deployment.yaml: 46 CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
MEDIUM CPU Requests Not Set /deployment.yaml: 22 CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
MEDIUM CPU Requests Not Set /deployment.yaml: 34 CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
MEDIUM CPU Requests Not Set /deployment.yaml: 25 CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
MEDIUM CVE-2024-21520 Python-djangorestframework-3.14.0 Vulnerable Package
MEDIUM CVE-2024-28863 Npm-tar-6.2.0 Vulnerable Package
MEDIUM CVE-2024-35195 Python-requests-2.30.0 Vulnerable Package
MEDIUM CVE-2024-39329 Python-Django-4.1.13 Vulnerable Package
MEDIUM CVE-2024-4067 Npm-micromatch-4.0.5 Vulnerable Package
MEDIUM Container Running As Root /deployment.yaml: 22 Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities...
MEDIUM Container Running With Low UID /deployment.yaml: 22 Check if containers are running with low UID, which might cause conflicts with the host's user table.
MEDIUM Cx14b19a02-387a Npm-body-parser-1.20.3 Vulnerable Package
MEDIUM Memory Limits Not Defined /deployment.yaml: 31 Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
MEDIUM Memory Limits Not Defined /deployment.yaml: 22 Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
MEDIUM Memory Requests Not Defined /deployment.yaml: 22 Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over...
MEDIUM Memory Requests Not Defined /deployment.yaml: 31 Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over...
MEDIUM NET_RAW Capabilities Not Being Dropped /deployment.yaml: 22 Containers should drop 'ALL' or at least 'NET_RAW' capabilities
MEDIUM Not Using JSON In CMD And ENTRYPOINT Arguments /Dockerfile: 45 Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments
MEDIUM Not Using JSON In CMD And ENTRYPOINT Arguments /Dockerfile: 43 Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments
MEDIUM Parameter_Tampering /services/identity/src/main/java/com/crapi/controller/ProfileController.java: 98 Attack Vector
MEDIUM Parameter_Tampering /services/identity/src/main/java/com/crapi/controller/ProfileController.java: 80 Attack Vector
MEDIUM Parameter_Tampering /services/identity/src/main/java/com/crapi/controller/AuthController.java: 142 Attack Vector
MEDIUM Parameter_Tampering /services/identity/src/main/java/com/crapi/controller/AuthController.java: 127 Attack Vector
MEDIUM Parameter_Tampering /services/identity/src/main/java/com/crapi/controller/ProfileController.java: 62 Attack Vector
MEDIUM Parameter_Tampering /services/identity/src/main/java/com/crapi/controller/ProfileController.java: 147 Attack Vector
MEDIUM Parameter_Tampering /services/identity/src/main/java/com/crapi/controller/ProfileController.java: 131 Attack Vector
MEDIUM Parameter_Tampering /services/identity/src/main/java/com/crapi/controller/ProfileController.java: 115 Attack Vector
MEDIUM Pip install Keeping Cached Packages /Dockerfile: 34 When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
MEDIUM Pip install Keeping Cached Packages /Dockerfile: 40 When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
MEDIUM Privileged Ports Mapped In Container /docker-compose.yml: 156 Privileged ports (1 to 1023) should not be mapped. Also you should drop net_bind_service linux capability from the container unless you absolutely ...
MEDIUM Seccomp Profile Is Not Configured /deployment.yaml: 22 Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
MEDIUM Security Opt Not Set /docker-compose.yml: 69 Attribute 'security_opt' should be defined.
MEDIUM Security Opt Not Set /docker-compose.yml: 183 Attribute 'security_opt' should be defined.
MEDIUM Security Opt Not Set /docker-compose.yml: 206 Attribute 'security_opt' should be defined.
MEDIUM Security Opt Not Set /docker-database.yml: 31 Attribute 'security_opt' should be defined.
MEDIUM Security Opt Not Set /docker-compose.yml: 153 Attribute 'security_opt' should be defined.
MEDIUM Security Opt Not Set /docker-compose.yml: 109 Attribute 'security_opt' should be defined.
MEDIUM Security Opt Not Set /docker-compose.yml: 228 Attribute 'security_opt' should be defined.
MEDIUM Security Opt Not Set /docker-database.yml: 15 Attribute 'security_opt' should be defined.
MEDIUM Service With External Load Balancer /ingress.yaml: 4 Service has an external load balancer, which may cause accessibility from other networks and the Internet
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 213 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 96 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 74 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 86 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 116 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 136 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 86 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 80 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 167 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 72 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 39 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 97 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 235 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 119 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 108 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 69 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 252 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 77 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 34 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 130 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 126 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /publish.yml: 106 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-build.yml: 75 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Package Version in Apk Add /Dockerfile: 39 Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
MEDIUM Unpinned Package Version in Apk Add /Dockerfile: 21 Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
MEDIUM Unpinned Package Version in Apk Add /Dockerfile: 22 Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
MEDIUM Unpinned Package Version in Apk Add /Dockerfile: 30 Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
MEDIUM Unpinned Package Version in Pip Install /Dockerfile: 34 Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
LOW CVE-2022-30636 Go-golang.org/x/crypto-v0.0.0-20200709230013-948cd5f35899 Vulnerable Package
LOW Container Capabilities Unrestricted /docker-compose.yml: 69 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Container Capabilities Unrestricted /docker-compose.yml: 206 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Container Capabilities Unrestricted /docker-compose.yml: 153 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Container Capabilities Unrestricted /docker-compose.yml: 228 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Container Capabilities Unrestricted /docker-database.yml: 31 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Container Capabilities Unrestricted /docker-compose.yml: 183 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Container Capabilities Unrestricted /docker-database.yml: 15 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Container Capabilities Unrestricted /docker-compose.yml: 109 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Healthcheck Instruction Missing /Dockerfile: 15 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Healthcheck Instruction Missing /Dockerfile: 29 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Healthcheck Instruction Missing /Dockerfile: 27 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Image Pull Policy Of The Container Is Not Set To Always /deployment.yaml: 22 Image Pull Policy of the container must be defined and set to Always
LOW Image Without Digest /deployment.yaml: 22 Images should be specified together with their digests to ensure integrity
LOW Multiple RUN, ADD, COPY, Instructions Listed /Dockerfile: 39 Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.
LOW No Drop Capabilities for Containers /deployment.yaml: 22 Sees if Kubernetes Drop Capabilities exists to ensure containers security context
LOW Pod or Container Without Security Context /deployment.yaml: 22 A security context defines privilege and access control settings for a Pod or Container
LOW Root Container Not Mounted Read-only /deployment.yaml: 22 Check if the root container filesystem is not being mounted read-only.
LOW Use_Of_Hardcoded_Password /services/web/src/constants/actionTypes.js: 28 Attack Vector
LOW Use_Of_Hardcoded_Password /services/web/src/constants/actionTypes.js: 21 Attack Vector
LOW Use_of_Hardcoded_Password /services/gateway-service/main.go: 154 Attack Vector

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-5.3.13
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-5.3.13
HIGH CVE-2020-28469 Npm-glob-parent-3.1.0
HIGH CVE-2020-28477 Npm-immer-1.10.0
HIGH CVE-2020-36518 Maven-com.fasterxml.jackson.core:jackson-databind-2.13.0
HIGH CVE-2021-23337 Npm-lodash.template-4.5.0
HIGH CVE-2021-23382 Npm-postcss-7.0.21
HIGH CVE-2021-23424 Npm-ansi-html-0.0.7
HIGH CVE-2021-23436 Npm-immer-1.10.0
HIGH CVE-2021-3757 Npm-immer-1.10.0
HIGH CVE-2021-42740 Npm-shell-quote-1.7.2
HIGH CVE-2021-44228 Maven-org.apache.logging.log4j:log4j-core-2.14.0
HIGH CVE-2021-45046 Maven-org.apache.logging.log4j:log4j-core-2.14.0
HIGH CVE-2021-46877 Maven-com.fasterxml.jackson.core:jackson-databind-2.13.0
HIGH CVE-2022-1471 Maven-org.yaml:snakeyaml-1.29
HIGH CVE-2022-22965 Maven-org.springframework:spring-webmvc-5.3.13
HIGH CVE-2022-22965 Maven-org.springframework:spring-beans-5.3.13
HIGH CVE-2022-22978 Maven-org.springframework.security:spring-security-web-5.6.0
HIGH CVE-2022-23181 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.55
HIGH CVE-2022-23539 Npm-jsonwebtoken-8.5.1
HIGH CVE-2022-23540 Npm-jsonwebtoken-8.5.1
HIGH CVE-2022-24771 Npm-node-forge-0.10.0
HIGH CVE-2022-24772 Npm-node-forge-0.10.0
HIGH CVE-2022-25857 Maven-org.yaml:snakeyaml-1.29
HIGH CVE-2022-25883 Npm-semver-5.7.1
HIGH CVE-2022-25883 Npm-semver-6.3.0
HIGH CVE-2022-31197 Maven-org.postgresql:postgresql-42.4.0
HIGH CVE-2022-31690 Maven-org.springframework.security:spring-security-web-5.6.0
HIGH CVE-2022-31692 Maven-org.springframework.security:spring-security-core-5.6.0
HIGH CVE-2022-3171 Maven-com.google.protobuf:protobuf-java-3.21.1
HIGH CVE-2022-3509 Maven-com.google.protobuf:protobuf-java-3.21.1
HIGH CVE-2022-3510 Maven-com.google.protobuf:protobuf-java-3.21.1
HIGH CVE-2022-3517 Npm-minimatch-3.0.4
HIGH CVE-2022-37599 Npm-loader-utils-1.2.3
HIGH CVE-2022-37601 Npm-loader-utils-1.2.3
HIGH CVE-2022-37603 Npm-loader-utils-1.2.3
HIGH CVE-2022-38900 Npm-decode-uri-component-0.2.2
HIGH CVE-2022-42003 Maven-com.fasterxml.jackson.core:jackson-databind-2.13.0
HIGH CVE-2022-42004 Maven-com.fasterxml.jackson.core:jackson-databind-2.13.0
HIGH CVE-2022-42252 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.55
HIGH CVE-2022-45143 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.55
HIGH CVE-2023-1370 Maven-net.minidev:json-smart-2.4.7
HIGH CVE-2023-20860 Maven-org.springframework:spring-webmvc-5.3.13
HIGH CVE-2023-20883 Maven-org.springframework.boot:spring-boot-autoconfigure-2.6.1
HIGH CVE-2023-24998 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.55
HIGH CVE-2023-26115 Npm-word-wrap-1.2.3
HIGH CVE-2023-26136 Npm-tough-cookie-2.5.0
HIGH CVE-2023-2976 Maven-com.google.guava:guava-31.1-jre
HIGH CVE-2023-34034 Maven-org.springframework.security:spring-security-config-5.6.0
HIGH CVE-2023-45133 Npm-@babel/traverse-7.22.5
HIGH CVE-2023-46234 Npm-browserify-sign-4.2.0
HIGH CVE-2023-46589 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.55
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-classic-1.2.7
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-core-1.2.7
HIGH CVE-2024-22233 Maven-org.springframework:spring-core-5.3.13
HIGH Cx347a3da7-ba99 Npm-node-forge-0.10.0
HIGH Cxab55612e-3a56 Npm-braces-3.0.2
HIGH Cxab55612e-3a56 Npm-braces-2.3.2
HIGH Cxc7705965-e0f0 Npm-@babel/core-7.9.0
HIGH Cxca84a1c2-1f12 Npm-micromatch-4.0.2
HIGH Cxca84a1c2-1f12 Npm-micromatch-3.1.10
HIGH Missing User Instruction /Dockerfile: 29
HIGH Missing User Instruction /Dockerfile: 26
HIGH Missing User Instruction /Dockerfile: 15
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 75
HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 121
HIGH Passwords And Secrets - Generic Password

More results are available on AST platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@acn-tesch @snyk-bot