Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency org.jenkins-ci.plugins:plugin to v3.57 #13

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix(deps): update dependency org.jenkins-ci.plugins:plugin to v3.57

4c764ab
Select commit
Loading
Failed to load commit list.
Open

fix(deps): update dependency org.jenkins-ci.plugins:plugin to v3.57 #13

fix(deps): update dependency org.jenkins-ci.plugins:plugin to v3.57
4c764ab
Select commit
Loading
Failed to load commit list.
Mend/5034428 / Mend Security Check failed Oct 16, 2024 in 2h 48m 21s

Security Report

The Security Check found 95 vulnerabilities.

Partial results (85 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue
CVE-2018-14721

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 10.0 Not Defined 1.0% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.5,2.8.11.3,2.9.7 None
CVE-2020-9548

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.4% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 None
CVE-2020-9547

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.70000005% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 None
CVE-2020-9546

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.70000005% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 None
CVE-2020-8840

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 3.0% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 None
CVE-2019-20330

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.6% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 None
CVE-2019-17531

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 1.0% jackson-databind-2.8.11.1.jar Upgrade to version: 2.10 None
CVE-2019-17267

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 1.4000001% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 None
CVE-2019-16943

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.5% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 None
CVE-2019-16942

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.5% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.1 None
CVE-2019-16335

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.5% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10 None
CVE-2019-14893

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 2.5% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 None
CVE-2019-14892

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.4% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10 None
CVE-2019-14540

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.6% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10 None
CVE-2019-14379

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 1.0% jackson-databind-2.8.11.1.jar Upgrade to version: 2.9.9.2 None
CVE-2019-10202

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 1.9% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.0.0 None
CVE-2018-19362

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.5% jackson-databind-2.8.11.1.jar Upgrade to version: 2.9.8 None
CVE-2018-19361

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.5% jackson-databind-2.8.11.1.jar Upgrade to version: 2.9.8 None
CVE-2018-19360

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.5% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.8 None
CVE-2018-14720

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 0.8% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.7 None
CVE-2018-14719

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 1.0% jackson-databind-2.8.11.1.jar Upgrade to version: 2.9.7 None
CVE-2018-14718

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 3.7% jackson-databind-2.8.11.1.jar Upgrade to version: 2.9.7 None
CVE-2018-11307

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Critical 9.8 Not Defined 1.3000001% jackson-databind-2.8.11.1.jar Upgrade to version: jackson-databind-2.9.6 None
CVE-2019-20445

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-codec-http-4.1.17.Final.jar (Vulnerable Library)

Critical 9.1 Not Defined 0.2% netty-codec-http-4.1.17.Final.jar Upgrade to version: io.netty:netty-codec-http:4.1.44 None
CVE-2019-20444

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-codec-http-4.1.17.Final.jar (Vulnerable Library)

Critical 9.1 Not Defined 0.9% netty-codec-http-4.1.17.Final.jar Upgrade to version: io.netty:netty-all:4.1.44.Final None
CVE-2020-11113

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.8 Not Defined 0.8% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4;2.10.0 None
CVE-2020-11112

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.8 Not Defined 0.8% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0 None
CVE-2020-11111

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.8 Not Defined 0.8% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0 None
CVE-2020-10969

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.8 Not Defined 0.8% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.6;com.fasterxml.jackson.core:jackson-databind:2.7.9.7 None
CVE-2020-10968

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.8 Not Defined 0.8% jackson-databind-2.8.11.1.jar Upgrade to version: jackson-databind-2.9.10.4 None
CVE-2020-10673

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.8 Not Defined 0.8% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 None
CVE-2020-10672

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.8 Not Defined 0.8% jackson-databind-2.8.11.1.jar Upgrade to version: jackson-databind-2.9.10.4 None
CVE-2021-20190

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.4% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind-2.9.10.7 None
CVE-2020-36189

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36188

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36187

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36186

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36185

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36184

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36183

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36182

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36181

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36180

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-36179

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.4% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-35728

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.70000005% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-35491

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-35490

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.8 None
CVE-2020-24750

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.70000005% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.6 None
CVE-2020-24616

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 1.2% jackson-databind-2.8.11.1.jar Upgrade to version: 2.9.10.6 None
CVE-2020-14195

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 3.4% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.5 None
CVE-2020-14062

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 7.2% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 None
CVE-2020-14061

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 4.7% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 None
CVE-2020-14060

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 13.500001% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 None
CVE-2020-11620

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 4.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 None
CVE-2020-11619

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 5.0% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 None
CVE-2020-10650

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 8.1 Not Defined 0.8% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.4 None
CVE-2022-27198

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> ❌ aws-credentials-1.23.jar (Vulnerable Library)

High 8.0 Not Defined 0.1% aws-credentials-1.23.jar Upgrade to version: 191.vcb_f183ce58b_9 None
CVE-2022-31159

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> ❌ aws-java-sdk-s3-1.11.403.jar (Vulnerable Library)

High 7.9 Not Defined 0.1% aws-java-sdk-s3-1.11.403.jar Upgrade to version: com.amazonaws:aws-java-sdk-s3:1.12.261 None
CVE-2024-21634

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-signer-1.11.403.jar

       -> aws-java-sdk-core-1.11.403.jar

         -> ❌ ion-java-1.0.2.jar (Vulnerable Library)

High 7.5 Not Defined 0.0% ion-java-1.0.2.jar Upgrade to version: com.amazon.ion:ion-java:1.10.5 None
CVE-2022-42004

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 7.5 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 None
CVE-2022-42003

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 7.5 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.2 None
CVE-2021-37137

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> netty-codec-http-4.1.17.Final.jar

         -> ❌ netty-codec-4.1.17.Final.jar (Vulnerable Library)

High 7.5 Not Defined 1.0% netty-codec-4.1.17.Final.jar Upgrade to version: io.netty:netty-codec:4.1.68.Final;io.netty:netty-all:4.1.68.Final None
CVE-2021-37136

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> netty-codec-http-4.1.17.Final.jar

         -> ❌ netty-codec-4.1.17.Final.jar (Vulnerable Library)

High 7.5 Not Defined 1.0% netty-codec-4.1.17.Final.jar Upgrade to version: io.netty:netty-codec:4.1.68.Final;io.netty:netty-all::4.1.68.Final None
CVE-2020-7238

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-codec-http-4.1.17.Final.jar (Vulnerable Library)

High 7.5 Not Defined 0.4% netty-codec-http-4.1.17.Final.jar Upgrade to version: io.netty:netty-all:4.1.44.Final;io.netty:netty-codec-http:4.1.44.Final None
CVE-2020-36518

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 7.5 Not Defined 0.3% jackson-databind-2.8.11.1.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 None
CVE-2020-28491

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-signer-1.11.403.jar

       -> aws-java-sdk-core-1.11.403.jar

         -> ❌ jackson-dataformat-cbor-2.6.7.jar (Vulnerable Library)

High 7.5 Not Defined 0.1% jackson-dataformat-cbor-2.6.7.jar Upgrade to version: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.11.4, com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.12.1 None
CVE-2020-11612

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> netty-codec-http-4.1.17.Final.jar

         -> ❌ netty-codec-4.1.17.Final.jar (Vulnerable Library)

High 7.5 Not Defined 0.8% netty-codec-4.1.17.Final.jar Upgrade to version: io.netty:netty-codec:4.1.46.Final;io.netty:netty-all:4.1.46.Final None
CVE-2019-16869

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-codec-http-4.1.17.Final.jar (Vulnerable Library)

High 7.5 Not Defined 2.2% netty-codec-http-4.1.17.Final.jar Upgrade to version: io.netty:netty-all:4.1.42.Final,io.netty:netty-codec-http:4.1.42.Final None
CVE-2019-14439

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 7.5 Not Defined 0.2% jackson-databind-2.8.11.1.jar Upgrade to version: 2.9.9.2 None
CVE-2019-12086

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 7.5 Not Defined 0.4% jackson-databind-2.8.11.1.jar Upgrade to version: 2.9.9 None
CVE-2018-12023

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 7.5 Not Defined 0.6% jackson-databind-2.8.11.1.jar Upgrade to version: 2.7.9.4, 2.8.11.2, 2.9.6 None
CVE-2018-12022

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

High 7.5 Not Defined 0.5% jackson-databind-2.8.11.1.jar Upgrade to version: 2.7.9.4, 2.8.11.2, 2.9.6 None
WS-2020-0408

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-handler-4.1.17.Final.jar (Vulnerable Library)

High 7.4 Not Defined netty-handler-4.1.17.Final.jar Upgrade to version: io.netty:netty-all - 4.1.68.Final-redhat-00001,4.0.0.Final,4.1.67.Final-redhat-00002;io.netty:netty-handler - 4.1.68.Final-redhat-00001,4.1.67.Final-redhat-00001 None
CVE-2023-34462

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-handler-4.1.17.Final.jar (Vulnerable Library)

Medium 6.5 Not Defined 0.1% netty-handler-4.1.17.Final.jar Upgrade to version: io.netty:netty-handler:4.1.94.Final;io.netty:netty-all:4.1.94.Final None
CVE-2021-43797

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-codec-http-4.1.17.Final.jar (Vulnerable Library)

Medium 6.5 Not Defined 0.3% netty-codec-http-4.1.17.Final.jar Upgrade to version: io.netty:netty-codec-http:4.1.71.Final,io.netty:netty-all:4.1.71.Final None
CVE-2020-2181

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-credentials-1.23.jar (Root Library)

   -> ❌ credentials-binding-1.7.jar (Vulnerable Library)

Medium 6.5 Not Defined 0.1% credentials-binding-1.7.jar Upgrade to version: org.jenkins-ci.plugins:credentials-binding:1.23;org.jenkins-ci.plugins:credentials-binding:1.20.1 None
CVE-2018-1000873

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-datatype-jsr310-2.8.11.jar (Vulnerable Library)

Medium 6.5 Not Defined 0.5% jackson-datatype-jsr310-2.8.11.jar Upgrade to version: 2.9.8 None
CVE-2021-21290

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-handler-4.1.17.Final.jar (Vulnerable Library)

Medium 6.2 Not Defined 0.0% netty-handler-4.1.17.Final.jar Upgrade to version: io.netty:netty-codec-http:4.1.59.Final None
CVE-2021-21290

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-codec-http-4.1.17.Final.jar (Vulnerable Library)

Medium 6.2 Not Defined 0.0% netty-codec-http-4.1.17.Final.jar Upgrade to version: io.netty:netty-codec-http:4.1.59.Final None
CVE-2021-21648

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-credentials-1.23.jar (Root Library)

   -> ❌ credentials-2.1.16.jar (Vulnerable Library)

Medium 6.1 Not Defined 0.1% credentials-2.1.16.jar Upgrade to version: org.jenkins-ci.plugins:credentials:2.3.19 None
CVE-2021-21295

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> ❌ netty-codec-http-4.1.17.Final.jar (Vulnerable Library)

Medium 5.9 Not Defined 18.6% netty-codec-http-4.1.17.Final.jar Upgrade to version: io.netty:netty-all:4.1.60;io.netty:netty-codec-http:4.1.60;io.netty:netty-codec-http2:4.1.60 None
CVE-2019-12814

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Medium 5.9 Not Defined 1.5% jackson-databind-2.8.11.1.jar Upgrade to version: 2.7.9.6, 2.8.11.4, 2.9.9.1, 2.10.0 None
CVE-2019-12384

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> jackson2-api-2.8.11.2.jar

     -> ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)

Medium 5.9 Not Defined 53.3% jackson-databind-2.8.11.1.jar Upgrade to version: 2.9.9.1 None
CVE-2022-24823

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-java-sdk-1.11.403.jar (Root Library)

   -> aws-java-sdk-1.11.403.jar

     -> aws-java-sdk-kinesisvideo-1.11.403.jar

       -> netty-codec-http-4.1.17.Final.jar

         -> netty-codec-4.1.17.Final.jar

           -> netty-transport-4.1.17.Final.jar

             -> netty-buffer-4.1.17.Final.jar

               -> ❌ netty-common-4.1.17.Final.jar (Vulnerable Library)

Medium 5.5 Not Defined 0.0% netty-common-4.1.17.Final.jar Upgrade to version: io.netty:netty-all;io.netty:netty-common - 4.1.77.Final None
CVE-2022-29036

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy:

-> aws-credentials-1.23.jar (Root Library)

   -> ❌ credentials-2.1.16.jar (Vulnerable Library)

Medium 5.4 Not Defined 0.1% credentials-2.1.16.jar Upgrade to version: org.jenkins-ci.plugins:credentials:1112.vc87b_7a_3597f6 None

Total libraries scanned: 178
Scan token: 5a3a32e5f905407ab0a961488740e963
View more details on Mend/5034428