Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update loadgenerator (major) #67

Merged
merged 1 commit into from
Oct 6, 2023

chore(deps): update loadgenerator

74c25df
Select commit
Loading
Failed to load commit list.
Merged

chore(deps): update loadgenerator (major) #67

chore(deps): update loadgenerator
74c25df
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Sep 27, 2023 in 6m 39s

Security Report

You have successfully remediated 2 vulnerabilities, but introduced 10 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-40175

Path to dependency file: /src/emailservice/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-5.6.4.gem

Dependency Hierarchy:

-> ❌ puma-5.6.4.gem (Vulnerable Library)

Critical 9.8 puma-5.6.4.gem Upgrade to version: puma - 5.6.7,6.3.1 None
CVE-2022-45442

Path to dependency file: /src/emailservice/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sinatra-2.2.0.gem

Dependency Hierarchy:

-> ❌ sinatra-2.2.0.gem (Vulnerable Library)

High 8.8 sinatra-2.2.0.gem Upgrade to version: sinatra - 2.2.3,3.0.4 None
CVE-2023-43642

Path to dependency file: /src/frauddetectionservice/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial.snappy/snappy-java/1.1.10.1/4a1e1a22cba39145dfa20f2fef4e1ca38c8e02a1/snappy-java-1.1.10.1.jar

Dependency Hierarchy:

-> kafka-clients-3.5.1.jar (Root Library)

   -> ❌ snappy-java-1.1.10.1.jar (Vulnerable Library)

High 7.5 snappy-java-1.1.10.1.jar Upgrade to version: org.xerial.snappy:snappy-java:1.1.10.4 None
CVE-2023-32731

Path to dependency file: /src/recommendationservice/requirements.txt

Path to vulnerable library: /src/recommendationservice/requirements.txt,/src/recommendationservice/requirements.txt

Dependency Hierarchy:

-> ❌ grpcio-1.51.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

High 7.5 grpcio-1.51.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: grpc- 1.53.0;grpcio- 1.53.0;io.grpc:grpc-protobuf:1.53.0 None
CVE-2023-27539

Path to dependency file: /src/emailservice/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rack-2.2.3.1.gem

Dependency Hierarchy:

-> sinatra-2.2.0.gem (Root Library)

   -> ❌ rack-2.2.3.1.gem (Vulnerable Library)

High 7.5 rack-2.2.3.1.gem Upgrade to version: rack - 2.2.6.4,3.0.6.1 None
CVE-2023-27530

Path to dependency file: /src/emailservice/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rack-2.2.3.1.gem

Dependency Hierarchy:

-> sinatra-2.2.0.gem (Root Library)

   -> ❌ rack-2.2.3.1.gem (Vulnerable Library)

High 7.5 rack-2.2.3.1.gem Upgrade to version: rack - 2.0.9.3,2.1.4.3,2.2.6.3,3.0.4.2 None
CVE-2022-44572

Path to dependency file: /src/emailservice/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rack-2.2.3.1.gem

Dependency Hierarchy:

-> sinatra-2.2.0.gem (Root Library)

   -> ❌ rack-2.2.3.1.gem (Vulnerable Library)

High 7.5 rack-2.2.3.1.gem Upgrade to version: rack - 2.0.9.2,2.1.4.2,2.2.6.2,3.0.4.1 None
CVE-2022-44571

Path to dependency file: /src/emailservice/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rack-2.2.3.1.gem

Dependency Hierarchy:

-> sinatra-2.2.0.gem (Root Library)

   -> ❌ rack-2.2.3.1.gem (Vulnerable Library)

High 7.5 rack-2.2.3.1.gem Upgrade to version: rack - 2.0.9.2,2.1.4.2,2.2.6.2,3.0.4.1 None
CVE-2022-44570

Path to dependency file: /src/emailservice/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rack-2.2.3.1.gem

Dependency Hierarchy:

-> sinatra-2.2.0.gem (Root Library)

   -> ❌ rack-2.2.3.1.gem (Vulnerable Library)

High 7.5 rack-2.2.3.1.gem Upgrade to version: rack - 2.0.9.2,2.1.4.2,2.2.6.2,3.0.4.1 None
CVE-2022-3171

Path to dependency file: /src/emailservice/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/google-protobuf-3.21.1.gem

Dependency Hierarchy:

-> opentelemetry-exporter-otlp-0.21.3.gem (Root Library)

   -> ❌ google-protobuf-3.21.1.gem (Vulnerable Library)

High 7.5 google-protobuf-3.21.1.gem Upgrade to version: com.google.protobuf:protobuf-java:3.16.3,3.19.6,3.20.3,3.21.7;com.google.protobuf:protobuf-javalite:3.16.3,3.19.6,3.20.3,3.21.7;com.google.protobuf:protobuf-kotlin:3.19.6,3.20.3,3.21.7;com.google.protobuf:protobuf-kotlin-lite:3.19.6,3.20.3,3.21.7;google-protobuf - 3.19.6,3.20.3,3.21.7 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2023-40175 puma-5.6.6.gem
CVE-2023-37920 certifi-2022.12.7-py3-none-any.whl

Base branch total remaining vulnerabilities: 13
Base branch commit: 745cc0693b09ec8ce357ae5e1b6808ab96ec08d0


Total libraries scanned: 977

Scan token: 54040cf7a6ed48088e304e62668dbb41

View more details on Mend for GitHub.com