SDKS-2751 WoodStox + security vulnerability improvements #927

Mend Scan Result

success

�[94mChecking for updates...
�[0m
Updating SCA (Dependencies)...
�[1A�[K

Identified 587 dependencies

Detected 2 vulnerabilities (0 Critical, 0 High, 2 Medium, 0 Low)

+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| SEVERITY | LIBRARY | ID | TOP FIX |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM | bcprov-jdk15on-1.68.jar | CVE-2023-33201 | Upgrade to version org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, |
| | | | org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, |
| | | | org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-jdk14:1.74 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM | commons-io-2.6.jar | CVE-2021-29425 | Upgrade to version commons-io:commons-io:2.7 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+

Paths at risk

P = policy violation
MSC = malicious vulnerability
CRITICAL/HIGH/MEDIUM/LOW = CVE severity

play-services-fido-20.0.1.aar [P]
forgerock-auth-ui-4.2.0]
|-- play-services-fido-20.0.1.aar [P]
play-services-auth-20.6.0.aar [P]
|-- play-services-fido-20.0.1.aar [P]
play-services-fido-20.0.1.aar [P]
mockwebserver-2.7.5.jar]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
commons-io-2.6.jar [1 MEDIUM]
forgerock-auth-4.2.0]
|-- play-services-auth-20.6.0.aar [P]
|-- play-services-fido-20.0.1.aar [P]
|-- commons-io-2.6.jar [1 MEDIUM]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
javax.annotation-api-1.3.2.pom [P]
bcprov-jdk15on-1.68.jar [1 MEDIUM]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
forgerock-authenticator-4.2.0]
|-- javax.annotation-api-1.3.2.pom [P]
javax.annotation-api-1.3.2.pom [P]
robolectric-4.8.1.pom]
|-- javax.annotation-api-1.3.2.pom [P]
sandbox-4.8.1.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.8.1.pom]
|-- javax.annotation-api-1.3.2.pom [P]
mockwebserver-2.7.5.jar]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
commons-io-2.6.jar [1 MEDIUM]
forgerock-core-4.2.0]
|-- commons-io-2.6.jar [1 MEDIUM]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
javax.annotation-api-1.3.2.pom [P]
bcprov-jdk15on-1.68.jar [1 MEDIUM]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]

Support token: c98ee19251c7c3eac12f130aaa2a3bcfb2279be9726a10

Project forgerock-android-sdk was updated, for more information visit: https://saas.whitesourcesoftware.com/Wss/WSS.html#!project;token=2b34746a134847f78df7345265565b520982b63674434af781df3c3546cc39c1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SDKS-2751 WoodStox + security vulnerability improvements #927

Mend Scan Result

SDKS-2751 WoodStox + security vulnerability improvements #927

Jobs

Run details

Mend Scan Result

Details

Re-running jobs...