SDKS-2782 cookiename/AM URL/Realm are mandatory field #887
Mend Scan Result
failure
Details
�[94mChecking for updates...
�[0m
Updating SCA (Dependencies)...
�[1A�[K
Identified 594 dependencies
Detected 4 vulnerabilities (0 Critical, 1 High, 3 Medium, 0 Low)
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| SEVERITY | LIBRARY | ID | TOP FIX |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| HIGH | woodstox-core-6.2.4.jar | CVE-2022-40152 | Upgrade to version com.fasterxml.woodstox:woodstox-core:5.4.0,6.4.0 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM | bcprov-jdk15on-1.68.jar | CVE-2023-33201 | Upgrade to version org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, |
| | | | org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, |
| | | | org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-jdk14:1.74 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM | commons-io-2.6.jar | CVE-2021-29425 | Upgrade to version commons-io:commons-io:2.7 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM | junit-4.12.jar | CVE-2020-15250 | Upgrade to version junit:junit:4.13.1 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
Detected 4 Policy violations
+--------------------------------+---------------------+-----------------------+
| LIBRARY | POLICY TYPE | POLICY NAME |
+--------------------------------+---------------------+-----------------------+
| javax.annotation-api-1.3.2.pom | License | JIRA - Viral license |
+--------------------------------+---------------------+-----------------------+
| play-services-auth-20.6.0.aar | License | JIRA - Viral license |
+--------------------------------+---------------------+-----------------------+
| play-services-fido-20.0.1.aar | License | JIRA - Viral license |
+--------------------------------+---------------------+-----------------------+
| woodstox-core-6.2.4.jar | Vulnerability Score | JIRA - High CVE |
+--------------------------------+---------------------+-----------------------+
Paths at risk
P = policy violation
MSC = malicious vulnerability
CRITICAL/HIGH/MEDIUM/LOW = CVE severity
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
play-services-fido-20.0.1.aar [P]
forgerock-auth-ui-4.2.0]
|-- play-services-fido-20.0.1.aar [P]
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
play-services-auth-20.6.0.aar [P]
|-- play-services-fido-20.0.1.aar [P]
play-services-fido-20.0.1.aar [P]
mockwebserver-2.7.5.jar]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
commons-io-2.6.jar [1 MEDIUM]
forgerock-auth-4.2.0]
|-- play-services-auth-20.6.0.aar [P]
|-- play-services-fido-20.0.1.aar [P]
|-- commons-io-2.6.jar [1 MEDIUM]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
javax.annotation-api-1.3.2.pom [P]
bcprov-jdk15on-1.68.jar [1 MEDIUM]
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
forgerock-authenticator-4.2.0]
|-- javax.annotation-api-1.3.2.pom [P]
javax.annotation-api-1.3.2.pom [P]
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
robolectric-4.8.1.pom]
|-- javax.annotation-api-1.3.2.pom [P]
sandbox-4.8.1.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.8.1.pom]
|-- javax.annotation-api-1.3.2.pom [P]
prov-1.58.0.0.jar]
|-- junit-4.12.jar [1 MEDIUM]
mockwebserver-2.7.5.jar]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
commons-io-2.6.jar [1 MEDIUM]
forgerock-core-4.2.0]
|-- commons-io-2.6.jar [1 MEDIUM]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
javax.annotation-api-1.3.2.pom [P]
bcprov-jdk15on-1.68.jar [1 MEDIUM]
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
dokka-core-1.8.20.jar]
|-- jackson-dataformat-xml-2.12.7.jar]
|-- woodstox-core-6.2.4.jar [1 HIGH, P]
Project forgerock-android-sdk was updated, for more information visit: https://saas.whitesourcesoftware.com/Wss/WSS.html#!project;token=2b34746a134847f78df7345265565b520982b63674434af781df3c3546cc39c1
Support token: 8c70a087f4893478642bfd8862d2b6a0a90fbe96adc56e