Skip to content

Story #13565: Upgrade dependencies#81

Merged
marob merged 6 commits intomasterfrom
story_13565-upgrade-dependencies
Oct 14, 2024
Merged

Story #13565: Upgrade dependencies#81
marob merged 6 commits intomasterfrom
story_13565-upgrade-dependencies

Conversation

@marob
Copy link
Contributor

@marob marob commented Oct 14, 2024
edited
Loading

Pour réduire les vulnérabilités remontées par Checkmarx

@vitam-prg
Copy link

vitam-prg commented Oct 14, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details38b9d03a-ec07-4286-9173-277ce8258012

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2024-47554 Maven-commons-io:commons-io-2.11.0 Vulnerable Package
HIGH CVE-2024-47554 Maven-commons-io:commons-io-2.6 Vulnerable Package
HIGH CVE-2024-7254 Maven-com.google.protobuf:protobuf-java-3.21.5 Vulnerable Package
MEDIUM CVE-2024-26308 Maven-org.apache.commons:commons-compress-1.21 Vulnerable Package

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2019-12402 Maven-org.apache.commons:commons-compress-1.18
HIGH CVE-2019-13990 Maven-org.quartz-scheduler:quartz-2.2.0
HIGH CVE-2019-14379 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-14379 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-14439 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-14439 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-14540 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-14540 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-14892 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-14892 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-14893 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-14893 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-16335 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-16335 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-16942 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-16942 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-16943 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-16943 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-17267 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-17267 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-17359 Maven-org.bouncycastle:bcprov-jdk15on-1.62
HIGH CVE-2019-17531 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-17531 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2019-20330 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2019-20330 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-10650 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-10650 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-10672 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-10672 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-10673 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-10673 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-10968 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-10968 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-10969 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-10969 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-11111 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-11111 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-11112 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-11112 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-11113 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-11113 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-11619 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-11619 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-11620 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-11620 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-14060 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-14060 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-14061 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-14061 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-14062 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-14062 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-14195 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-14195 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-24616 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-24616 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-24750 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-24750 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-25649 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-25649 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-35490 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-35490 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-35491 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-35491 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-35728 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-35728 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36179 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36179 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36180 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36180 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36181 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36181 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36182 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36182 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36183 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36183 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36184 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36184 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36185 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36185 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36186 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36186 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36187 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36187 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36188 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36188 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36189 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-36189 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36518 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-36518 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-8840 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-8840 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-9546 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-9546 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-9547 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2020-9547 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-9548 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2020-9548 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2021-20190 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2021-20190 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2021-33813 Maven-org.jdom:jdom2-2.0.6
HIGH CVE-2021-37714 Maven-org.jsoup:jsoup-1.12.1
HIGH CVE-2022-25647 Maven-com.google.code.gson:gson-2.8.5
HIGH CVE-2022-40151 Maven-com.fasterxml.woodstox:woodstox-core-5.3.0
HIGH CVE-2022-40151 Maven-com.fasterxml.woodstox:woodstox-core-5.0.3
HIGH CVE-2022-42004 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
HIGH CVE-2022-42004 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9.1
HIGH CVE-2022-42889 Maven-org.apache.commons:commons-text-1.7
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-classic-1.2.3
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-core-1.2.3
HIGH CVE-2023-6481 Maven-ch.qos.logback:logback-core-1.2.3
HIGH Cx78f40514-81ff Maven-org.apache.commons:commons-collections4-4.2
HIGH Cx8fd408ac-dd80 Maven-com.beust:jcommander-1.35
MEDIUM CVE-2019-12384 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
MEDIUM CVE-2019-12406 Maven-org.apache.cxf:cxf-core-3.3.2
MEDIUM CVE-2019-12415 Maven-org.apache.poi:poi-ooxml-4.0.1
MEDIUM CVE-2019-12814 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.9
MEDIUM CVE-2020-13954 Maven-org.apache.cxf:cxf-rt-transports-http-3.3.2
MEDIUM CVE-2020-13956 Maven-org.apache.httpcomponents:httpclient-4.5.9
MEDIUM CVE-2020-15522 Maven-org.bouncycastle:bcprov-jdk15on-1.62
MEDIUM CVE-2020-1945 Maven-org.apache.ant:ant-1.10.5
MEDIUM CVE-2020-1950 Maven-org.apache.tika:tika-parsers-1.22
MEDIUM CVE-2020-1951 Maven-org.apache.tika:tika-parsers-1.22
MEDIUM CVE-2020-9489 Maven-org.apache.tika:tika-parsers-1.22
MEDIUM CVE-2021-22569 Maven-com.google.protobuf:protobuf-java-3.9.0
MEDIUM CVE-2021-27807 Maven-org.apache.pdfbox:pdfbox-2.0.16
MEDIUM CVE-2021-27906 Maven-org.apache.pdfbox:pdfbox-2.0.16
MEDIUM CVE-2021-28657 Maven-org.apache.tika:tika-parsers-1.22
MEDIUM CVE-2021-31811 Maven-org.apache.pdfbox:pdfbox-2.0.16
MEDIUM CVE-2021-31812 Maven-org.apache.pdfbox:pdfbox-2.0.16
MEDIUM CVE-2021-36373 Maven-org.apache.ant:ant-1.10.5
MEDIUM CVE-2021-36374 Maven-org.apache.ant:ant-1.10.5
MEDIUM CVE-2021-42550 Maven-ch.qos.logback:logback-core-1.2.3
MEDIUM CVE-2021-42550 Maven-ch.qos.logback:logback-classic-1.2.3
MEDIUM CVE-2022-24613 Maven-com.drewnoakes:metadata-extractor-2.11.0
MEDIUM CVE-2022-24614 Maven-com.drewnoakes:metadata-extractor-2.11.0
MEDIUM CVE-2022-25169 Maven-org.apache.tika:tika-core-1.22
MEDIUM CVE-2022-25169 Maven-org.apache.tika:tika-parsers-1.22
MEDIUM CVE-2022-26336 Maven-org.apache.poi:poi-scratchpad-4.0.1
MEDIUM CVE-2022-30126 Maven-org.apache.tika:tika-core-1.22
MEDIUM CVE-2022-30973 Maven-org.apache.tika:tika-core-1.22
MEDIUM CVE-2022-36033 Maven-org.jsoup:jsoup-1.12.1
MEDIUM Improper_Restriction_of_Stored_XXE_Ref /sedalib/src/main/java/fr/gouv/vitam/tools/sedalib/droid/DroidIdentifier.java: 294
LOW CVE-2022-33879 Maven-org.apache.tika:tika-core-1.22
LOW Cxeb68d52e-5509 Maven-commons-codec:commons-codec-1.12

@GiooDev GiooDev changed the title Story 13565 upgrade dependencies Story #13565: Upgrade dependencies Oct 14, 2024
@marob marob force-pushed the story_13565-upgrade-dependencies branch from ddc6fa4 to 4e4553c Compare October 14, 2024 10:08
@marob marob merged commit bdef7f2 into master Oct 14, 2024
@marob marob deleted the story_13565-upgrade-dependencies branch October 14, 2024 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bbenaissa bbenaissa bbenaissa approved these changes

@Regzox Regzox Regzox approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@marob @vitam-prg @bbenaissa @Regzox