Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update checkmarx-ast-cli binaries with 2.0.64 #177

Merged
merged 1 commit into from
Jan 17, 2024
Merged

Update checkmarx-ast-cli binaries with 2.0.64 #177

merged 1 commit into from
Jan 17, 2024

Conversation

pedrompflopes
Copy link
Contributor

@pedrompflopes pedrompflopes commented Nov 15, 2023
edited
Loading

Updates checkmarx-ast-cli to 2.0.64

Auto-generated by [create-pull-request][2]

@pedrompflopes pedrompflopes requested review from a team, sshay77 and hmmachadocx and removed request for a team November 15, 2023 00:19
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 15, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details4bcb015f-cc66-4e37-aab7-686ee11013bb

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2012-0881 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
HIGH CVE-2012-0881 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
HIGH CVE-2013-4002 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
HIGH CVE-2013-4002 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-5.3.29 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-4.3.30.RELEASE Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-5.3.29 Vulnerable Package
HIGH CVE-2021-22112 Maven-org.springframework.security:spring-security-web-4.2.20.RELEASE Vulnerable Package
HIGH CVE-2022-1471 Maven-org.yaml:snakeyaml-1.33 Vulnerable Package
HIGH CVE-2022-22965 Maven-org.springframework:spring-webmvc-4.3.30.RELEASE Vulnerable Package
HIGH CVE-2022-22965 Maven-org.springframework:spring-beans-4.3.30.RELEASE Vulnerable Package
HIGH CVE-2022-31690 Maven-org.springframework.security:spring-security-web-4.2.20.RELEASE Vulnerable Package
HIGH CVE-2022-4065 Maven-org.testng:testng-6.14.3 Vulnerable Package
HIGH CVE-2022-41853 Maven-org.hsqldb:hsqldb-2.3.2 Vulnerable Package
HIGH CVE-2023-2976 Maven-com.google.guava:guava-31.1-android Vulnerable Package
HIGH CVE-2023-39017 Maven-org.quartz-scheduler:quartz-2.3.2 Vulnerable Package
HIGH Cx78f40514-81ff Maven-commons-collections:commons-collections-3.2.2 Vulnerable Package
MEDIUM CVE-2009-2625 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
MEDIUM CVE-2009-2625 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
MEDIUM CVE-2012-6153 Maven-commons-httpclient:commons-httpclient-3.1 Vulnerable Package
MEDIUM CVE-2017-10355 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
MEDIUM CVE-2017-10355 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
MEDIUM CVE-2018-2799 Maven-xerces:xercesImpl-2.8.0 Vulnerable Package
MEDIUM CVE-2018-2799 Maven-xerces:xercesImpl-2.6.2 Vulnerable Package
MEDIUM CVE-2020-1945 Maven-org.apache.ant:ant-1.10.3 Vulnerable Package
MEDIUM CVE-2021-22060 Maven-org.springframework:spring-core-4.3.30.RELEASE Vulnerable Package
MEDIUM CVE-2021-22096 Maven-org.springframework:spring-core-4.3.30.RELEASE Vulnerable Package
MEDIUM CVE-2021-36373 Maven-org.apache.ant:ant-1.10.3 Vulnerable Package
MEDIUM CVE-2021-36374 Maven-org.apache.ant:ant-1.10.3 Vulnerable Package
MEDIUM CVE-2022-22950 Maven-org.springframework:spring-core-4.3.30.RELEASE Vulnerable Package
MEDIUM CVE-2023-33201 Maven-org.bouncycastle:bcprov-jdk18on-1.72 Vulnerable Package
MEDIUM CVE-2023-33201 Maven-org.bouncycastle:bcprov-jdk15on-1.64 Vulnerable Package
MEDIUM CVE-2023-33202 Maven-org.bouncycastle:bcprov-jdk18on-1.72 Vulnerable Package
MEDIUM Unpinned Actions Full Length Commit SHA /delete-dev-releases.yml: 28 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 77 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 102 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 23 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 14 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release-drafter.yml: 33 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /ci.yml: 35 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /update-cli.yml: 32 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 115 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /ast-scan.yml: 12 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2016-5002 Maven-org.apache.ws.xmlrpc:xmlrpc-2.0.1
HIGH CVE-2016-5003 Maven-org.apache.ws.xmlrpc:xmlrpc-2.0.1
HIGH CVE-2018-1000180 Maven-org.bouncycastle:bcprov-jdk15on-1.56
HIGH CVE-2018-1000613 Maven-org.bouncycastle:bcprov-jdk15on-1.56
HIGH CVE-2019-10172 Maven-org.codehaus.jackson:jackson-mapper-asl-1.9.13
HIGH CVE-2019-10202 Maven-org.codehaus.jackson:jackson-core-asl-1.9.13
HIGH CVE-2019-17359 Maven-org.bouncycastle:bcprov-jdk15on-1.56
HIGH CVE-2019-17570 Maven-org.apache.ws.xmlrpc:xmlrpc-2.0.1
HIGH CVE-2020-25649 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2020-36518 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2021-20190 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2022-25857 Maven-org.yaml:snakeyaml-1.26
HIGH CVE-2022-42003 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2022-42004 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
MEDIUM CVE-2018-10237 Maven-com.google.guava:guava-18.0
MEDIUM CVE-2019-11269 Maven-org.springframework.security.oauth:spring-security-oauth2-2.3.4.RELEASE
MEDIUM CVE-2019-3778 Maven-org.springframework.security.oauth:spring-security-oauth2-2.3.4.RELEASE
MEDIUM CVE-2020-15250 Maven-junit:junit-4.12
MEDIUM CVE-2020-26939 Maven-org.bouncycastle:bcprov-jdk15on-1.56
MEDIUM CVE-2022-22969 Maven-org.springframework.security.oauth:spring-security-oauth2-2.3.4.RELEASE
MEDIUM CVE-2022-38749 Maven-org.yaml:snakeyaml-1.26
MEDIUM CVE-2022-38750 Maven-org.yaml:snakeyaml-1.26
MEDIUM CVE-2022-38751 Maven-org.yaml:snakeyaml-1.26
MEDIUM CVE-2022-38752 Maven-org.yaml:snakeyaml-1.26
MEDIUM Cxced0c06c-935c Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
LOW CVE-2020-8908 Maven-com.google.guava:guava-18.0

hmmachadocx
hmmachadocx previously approved these changes Nov 15, 2023
View reviewed changes
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.61 Update checkmarx-ast-cli binaries with 2.0.62 Nov 25, 2023
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.62 Update checkmarx-ast-cli binaries with 2.0.63 Nov 29, 2023
@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 3 times, most recently from 90af018 to a990c5a Compare December 5, 2023 00:20
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.0.63 Update checkmarx-ast-cli binaries with 2.0.64 Jan 16, 2024
@pedrompflopes pedrompflopes merged commit abc420e into main Jan 17, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hmmachadocx hmmachadocx hmmachadocx left review comments

@sshay77 sshay77 Awaiting requested review from sshay77 sshay77 was automatically assigned from Checkmarx/ast-galactica-team

Assignees
No one assigned
Labels
cxone
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pedrompflopes @hmmachadocx