spring-cloud-starter-netflix-eureka-server-3.0.3.jar: 174 vulnerabilities (highest severity is: 9.8) reachable #9
Description
Vulnerable Library - spring-cloud-starter-netflix-eureka-server-3.0.3.jar
Path to dependency file: /Stage 3/Microservices/Register App in Spring Cloud/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.12/tomcat-embed-websocket-9.0.12.jar
Found in HEAD commit: 0cf0718a8c215c241fb05d21292186a8226f59ed
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Exploit Maturity | EPSS | Dependency | Type | Fixed in (spring-cloud-starter-netflix-eureka-server version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2024-56337 |  Critical |
9.8 | Not Defined | 11.7% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2024-52316 | Critical |
9.8 | Not Defined | 1.0% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2024-50379 | Critical |
9.8 | Not Defined | 87.5% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2020-9548 | Critical |
9.8 | Not Defined | 69.8% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-9547 | Critical |
9.8 | Not Defined | 49.7% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-9546 | Critical |
9.8 | Not Defined | 2.3% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-8840 | Critical |
9.8 | Not Defined | 8.2% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-20330 | Critical |
9.8 | Not Defined | 2.0% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-17531 | Critical |
9.8 | Not Defined | 1.2% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-17267 | Critical |
9.8 | Not Defined | 1.4000001% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-16943 | Critical |
9.8 | Not Defined | 1.9% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-16942 | Critical |
9.8 | Not Defined | 0.4% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-16335 | Critical |
9.8 | Not Defined | 0.70000005% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-14893 | Critical |
9.8 | Not Defined | 0.70000005% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-14892 | Critical |
9.8 | Not Defined | 0.9% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-14540 | Critical |
9.8 | Not Defined | 8.2% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-14379 | Critical |
9.8 | Not Defined | 1.5% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-10202 | Critical |
9.8 | Not Defined | 1.8% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2018-19362 | Critical |
9.8 | Not Defined | 6.8% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2018-19361 | Critical |
9.8 | Not Defined | 4.1% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2018-19360 | Critical |
9.8 | Not Defined | 6.8% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-11113 |  High |
8.8 | Not Defined | 61.699997% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-11112 | High |
8.8 | Not Defined | 11.4% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-11111 | High |
8.8 | Not Defined | 2.2% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-10969 | High |
8.8 | Not Defined | 1.5% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-10968 | High |
8.8 | Not Defined | 6.6% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-10673 | High |
8.8 | Not Defined | 20.5% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-10672 | High |
8.8 | Not Defined | 40.1% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-20190 | High |
8.1 | Not Defined | 0.5% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36189 | High |
8.1 | Not Defined | 2.8999999% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36188 | High |
8.1 | Not Defined | 7.0% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36187 | High |
8.1 | Not Defined | 2.0% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36186 | High |
8.1 | Not Defined | 2.2% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36185 | High |
8.1 | Not Defined | 2.0% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36184 | High |
8.1 | Not Defined | 5.1% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36183 | High |
8.1 | Not Defined | 2.4% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36182 | High |
8.1 | Not Defined | 2.1% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36181 | High |
8.1 | Not Defined | 6.3% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36180 | High |
8.1 | Not Defined | 2.0% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36179 | High |
8.1 | Not Defined | 61.3% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-35728 | High |
8.1 | Not Defined | 39.7% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-35491 | High |
8.1 | Not Defined | 6.8999996% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-35490 | High |
8.1 | Not Defined | 4.7% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-24750 | High |
8.1 | Not Defined | 2.1% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-24616 | High |
8.1 | Not Defined | 3.8% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-14195 | High |
8.1 | Not Defined | 9.5% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-14062 | High |
8.1 | Not Defined | 7.7% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-14061 | High |
8.1 | Not Defined | 6.2% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-14060 | High |
8.1 | Not Defined | 8.7% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-11620 | High |
8.1 | Not Defined | 2.2% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-11619 | High |
8.1 | Not Defined | 1.8% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-10650 | High |
8.1 | Not Defined | 6.7000003% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| WS-2021-0419 | High |
7.7 | Not Defined | gson-2.8.5.jar | Transitive | N/A* | ❌ |
|
|
| CVE-2022-25647 | High |
7.7 | Not Defined | 1.7% | gson-2.8.5.jar | Transitive | N/A* | ❌ |
|
| WS-2022-0468 | High |
7.5 | Not Defined | jackson-core-2.9.7.jar | Transitive | N/A* | ❌ |
|
|
| CVE-2024-34750 | High |
7.5 | Not Defined | 17.3% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2024-24549 | High |
7.5 | Not Defined | 52.499996% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2023-46589 | High |
7.5 | Not Defined | 50.300003% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2023-44487 | High |
7.5 | High | 94.5% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2023-24998 | High |
7.5 | Not Defined | 41.100002% | tomcat-embed-core-9.0.12.jar | Transitive | 3.1.7 | ✅ |
|
| CVE-2022-42252 | High |
7.5 | Not Defined | 0.2% | tomcat-embed-core-9.0.12.jar | Transitive | N/A* | ❌ |
|
| CVE-2022-42004 | High |
7.5 | Not Defined | 0.2% | jackson-databind-2.9.7.jar | Transitive | N/A* | ❌ |
|
| CVE-2022-42003 | High |
7.5 | Not Defined | 0.3% | jackson-databind-2.9.7.jar | Transitive | N/A* | ❌ |
|
| CVE-2021-41079 | High |
7.5 | Not Defined | 0.0% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-25122 | High |
7.5 | Not Defined | 2.8000002% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-36518 | High |
7.5 | Not Defined | 0.5% | jackson-databind-2.9.7.jar | Transitive | N/A* | ❌ |
|
| CVE-2020-25649 | High |
7.5 | Not Defined | 0.0% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-17527 | High |
7.5 | Not Defined | 8.5% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-13934 | High |
7.5 | Not Defined | 16.8% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-17563 | High |
7.5 | Not Defined | 6.0% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-14439 | High |
7.5 | Not Defined | 10.599999% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-12086 | High |
7.5 | Not Defined | 15.700001% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-10072 | High |
7.5 | Not Defined | 75.700005% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-0199 | High |
7.5 | Not Defined | 70.8% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-25329 | High |
7.0 | Not Defined | 4.6% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-9484 | High |
7.0 | Not Defined | 93.2% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2024-52317 |  Medium |
6.5 | Not Defined | 5.0% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2021-30640 | Medium |
6.5 | Not Defined | 0.2% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2023-41080 | Medium |
6.1 | Not Defined | 11.4% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2023-1932 | Medium |
6.1 | Not Defined | 0.2% | hibernate-validator-6.0.13.Final.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-10219 | Medium |
6.1 | Not Defined | 1.9% | hibernate-validator-6.0.13.Final.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-24122 | Medium |
5.9 | Not Defined | 57.1% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-12814 | Medium |
5.9 | Not Defined | 19.300001% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-12384 | Medium |
5.9 | Not Defined | 51.7% | jackson-databind-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2024-38828 | Medium |
5.3 | Not Defined | 0.2% | spring-webmvc-5.1.2.RELEASE.jar | Transitive | N/A* | ❌ |
|
| CVE-2024-21733 | Medium |
5.3 | Not Defined | 67.6% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2023-45648 | Medium |
5.3 | Not Defined | 0.6% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2023-42795 | Medium |
5.3 | Not Defined | 0.5% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2021-33037 | Medium |
5.3 | Not Defined | 2.5% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-10693 | Medium |
5.3 | Not Defined | 0.0% | hibernate-validator-6.0.13.Final.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-1935 | Medium |
4.8 | Not Defined | 0.4% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2023-28708 | Medium |
4.3 | Not Defined | 0.1% | tomcat-embed-core-9.0.12.jar | Transitive | 3.1.7 | ✅ |
|
| CVE-2020-13943 | Medium |
4.3 | Not Defined | 9.6% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-43980 |  Low |
3.7 | Not Defined | 0.2% | tomcat-embed-core-9.0.12.jar | Transitive | 3.1.2 | ✅ |
|
| CVE-2023-20873 | Critical |
9.8 | Not Defined | 0.4% | spring-boot-actuator-autoconfigure-2.1.0.RELEASE.jar | Transitive | 3.1.0 | ✅ |
|
| CVE-2019-10173 | Critical |
9.8 | Not Defined | 91.9% | xstream-1.4.10.jar | Transitive | N/A* | ❌ |
|
| CVE-2013-7285 | Critical |
9.8 | Not Defined | 15.099999% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| WS-2018-0629 | Critical |
9.1 | Not Defined | woodstox-core-5.0.3.jar | Transitive | 3.0.4 | ✅ |
|
|
| CVE-2021-39154 | High |
8.5 | Not Defined | 0.6% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39153 | High |
8.5 | Not Defined | 0.6% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39152 | High |
8.5 | Not Defined | 67.799995% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39151 | High |
8.5 | Not Defined | 0.6% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39150 | High |
8.5 | Not Defined | 2.0% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39149 | High |
8.5 | Not Defined | 0.6% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39148 | High |
8.5 | Not Defined | 0.5% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39147 | High |
8.5 | Not Defined | 0.5% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39146 | High |
8.5 | Not Defined | 44.9% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39145 | High |
8.5 | Not Defined | 0.5% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39144 | High |
8.5 | High | 94.4% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39141 | High |
8.5 | Not Defined | 81.8% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2021-39139 | High |
8.5 | Not Defined | 0.70000005% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2022-41966 | High |
8.2 | Not Defined | 3.7% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-0232 | High |
8.1 | Functional | 94.2% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-26217 | High |
8.0 | Not Defined | 93.6% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2024-47072 | High |
7.5 | Not Defined | 0.2% | xstream-1.4.10.jar | Transitive | 4.1.6 | ✅ |
|
| CVE-2024-38819 | High |
7.5 | Not Defined | 64.4% | spring-webmvc-5.1.2.RELEASE.jar | Transitive | 4.1.4 | ✅ |
|
| CVE-2024-38816 | High |
7.5 | Not Defined | 93.1% | spring-webmvc-5.1.2.RELEASE.jar | Transitive | 4.1.4 | ✅ |
|
| CVE-2024-30172 | High |
7.5 | Not Defined | 0.1% | bcprov-jdk15on-1.60.jar | Transitive | N/A* | ❌ |
|
| CVE-2024-29857 | High |
7.5 | Not Defined | 0.2% | bcprov-jdk15on-1.60.jar | Transitive | N/A* | ❌ |
|
| CVE-2022-45693 | High |
7.5 | Not Defined | 0.1% | jettison-1.3.7.jar | Transitive | 4.1.1 | ✅ |
|
| CVE-2022-45685 | High |
7.5 | Not Defined | 0.1% | jettison-1.3.7.jar | Transitive | 4.1.1 | ✅ |
|
| CVE-2021-43859 | High |
7.5 | Not Defined | 1.7% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-29505 | High |
7.5 | Not Defined | 90.8% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-21341 | High |
7.5 | Not Defined | 26.499998% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-13935 | High |
7.5 | Not Defined | 92.2% | tomcat-embed-websocket-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-17359 | High |
7.5 | Not Defined | 7.6% | bcprov-jdk15on-1.60.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-26259 | Medium |
6.8 | Not Defined | 91.399994% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2022-40152 | Medium |
6.5 | Not Defined | 0.6% | woodstox-core-5.0.3.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2022-40151 | Medium |
6.5 | Not Defined | 0.4% | xstream-1.4.10.jar | Transitive | 4.1.3 | ✅ |
|
| CVE-2022-40150 | Medium |
6.5 | Not Defined | 0.0% | jettison-1.3.7.jar | Transitive | 4.1.1 | ✅ |
|
| CVE-2022-40149 | Medium |
6.5 | Not Defined | 0.4% | jettison-1.3.7.jar | Transitive | 4.1.1 | ✅ |
|
| CVE-2021-39140 | Medium |
6.5 | Not Defined | 0.1% | xstream-1.4.10.jar | Transitive | 3.0.5 | ✅ |
|
| CVE-2020-5408 | Medium |
6.5 | Not Defined | 0.5% | spring-security-crypto-5.1.1.RELEASE.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2018-1000873 | Medium |
6.5 | Not Defined | 2.6000001% | jackson-datatype-jsr310-2.9.7.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2024-23672 | Medium |
6.3 | Not Defined | 0.6% | tomcat-embed-websocket-9.0.12.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2020-26258 | Medium |
6.3 | Not Defined | 93.7% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-21349 | Medium |
6.1 | Not Defined | 4.1% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-21347 | Medium |
6.1 | Not Defined | 2.2% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-21346 | Medium |
6.1 | Not Defined | 3.0% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2019-0221 | Medium |
6.1 | Not Defined | 3.9% | tomcat-embed-core-9.0.12.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2024-30171 | Medium |
5.9 | Not Defined | 0.0% | bcprov-jdk15on-1.60.jar | Transitive | N/A* | ❌ |
|
| CVE-2023-1436 | Medium |
5.9 | Not Defined | 0.0% | jettison-1.3.7.jar | Transitive | 4.1.1 | ✅ |
|
| CVE-2020-15522 | Medium |
5.9 | Not Defined | 0.5% | bcprov-jdk15on-1.60.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-21345 | Medium |
5.8 | Not Defined | 85.299995% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2023-33202 | Medium |
5.5 | Not Defined | 0.1% | bcprov-jdk15on-1.60.jar | Transitive | N/A* | ❌ |
|
| CVE-2021-21351 | Medium |
5.4 | Not Defined | 90.5% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2023-34055 | Medium |
5.3 | Not Defined | 0.3% | spring-boot-actuator-2.1.0.RELEASE.jar | Transitive | 4.0.0 | ✅ |
|
| CVE-2023-33201 | Medium |
5.3 | Not Defined | 0.3% | bcprov-jdk15on-1.60.jar | Transitive | N/A* | ❌ |
|
| CVE-2021-21350 | Medium |
5.3 | Not Defined | 5.7% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-21348 | Medium |
5.3 | Not Defined | 0.2% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-21344 | Medium |
5.3 | Not Defined | 22.7% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-21343 | Medium |
5.3 | Not Defined | 0.70000005% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2021-21342 | Medium |
5.3 | Not Defined | 1.0% | xstream-1.4.10.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2020-26939 | Medium |
5.3 | Not Defined | 2.4% | bcprov-jdk15on-1.60.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2024-38827 | Medium |
4.8 | Not Defined | 0.1% | spring-security-crypto-5.1.1.RELEASE.jar | Transitive | 4.1.0 | ✅ |
|
| CVE-2021-22096 | Medium |
4.3 | Not Defined | 0.2% | spring-webmvc-5.1.2.RELEASE.jar | Transitive | 3.0.4 | ✅ |
|
| CVE-2025-31651 | Critical |
9.8 | Not Defined | 0.1% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-24813 | Critical |
9.8 | Functional | 94.1% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-53506 | High |
7.5 | Not Defined | 0.2% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-52999 | High |
7.5 | Not Defined | 0.1% | jackson-core-2.9.7.jar | Transitive | N/A* | ❌ | |
| CVE-2025-52520 | High |
7.5 | Not Defined | 0.2% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-52434 | High |
7.5 | Not Defined | 0.2% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-48989 | High |
7.5 | Not Defined | 0.2% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-48988 | High |
7.5 | Not Defined | 0.1% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-48976 | High |
7.5 | Not Defined | 0.1% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-31650 | High |
7.5 | Not Defined | 1.6% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-22228 | High |
7.4 | Not Defined | 0.0% | spring-security-crypto-5.1.1.RELEASE.jar | Transitive | N/A* | ❌ | |
| CVE-2025-55668 | Medium |
6.5 | Not Defined | 0.0% | tomcat-embed-core-9.0.12.jar | Transitive | N/A* | ❌ | |
| CVE-2025-49125 | Medium |
6.5 | Not Defined | 0.1% | tomcat-embed-core-9.0.12.jar | Transitive | 4.0.0 | ✅ | |
| CVE-2025-46701 | Medium |
6.5 | Not Defined | 0.0% | tomcat-embed-core-9.0.12.jar | Transitive | N/A* | ❌ | |
| CVE-2025-46392 | Medium |
6.5 | Not Defined | 0.1% | commons-configuration-1.8.jar | Transitive | N/A* | ❌ | |
| CVE-2025-48924 | Medium |
5.3 | Not Defined | 0.3% | commons-lang-2.6.jar | Transitive | N/A* | ❌ | |
| CVE-2022-22976 | Medium |
5.3 | Not Defined | 0.4% | spring-security-crypto-5.1.1.RELEASE.jar | Transitive | 4.1.0 | ✅ | |
| CVE-2025-49128 | Medium |
4.0 | Not Defined | 0.0% | jackson-core-2.9.7.jar | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Partial details (0 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
⛑️Automatic Remediation will be attempted for this issue.