Custodela / Riches

0 stars 3 forks source link

Update buildspec.yml #370

Closed kmcdon83 closed 3 years ago

kmcdon83 commented 3 years ago

Scan submitted to Checkmarx

kmcdon83 commented 3 years ago

Logo Checkmarx SCA - Scan Summary & Details

Cx-SCA Summary

Total Packages Identified: 51 Scan Risk Score: 10.00

High 54 High severity vulnerabilities Medium 29 Medium severity vulnerabilities Low 1 Low severity vulnerabilities View more details on Checkmarx UI

Cx-SCA vulnerability result overview

Vulnerability ID Package Severity CVSS score Publish date Current version Recommended version Link in CxSCA Reference – NVD link
CVE-2012-0838 com.opensymphony:xwork HIGH 10.0 2012-03-02T22:55:00 2.0.4 Vulnerability Link CVE-2012-0838
CVE-2012-0838 org.apache.struts:struts2-core HIGH 10.0 2012-03-02T22:55:00 2.0.11 Vulnerability Link CVE-2012-0838
CVE-2017-5638 org.apache.struts:struts2-core HIGH 10.0 2017-03-11T02:59:00 2.0.11 Vulnerability Link CVE-2017-5638
CVE-2013-4316 org.apache.struts:struts2-core HIGH 10.0 2013-09-30T21:55:00 2.0.11 Vulnerability Link CVE-2013-4316
CVE-2015-7501 commons-collections:commons-collections HIGH 9.8 2017-11-09T17:29:00 2.1 Vulnerability Link CVE-2015-7501
CVE-2016-1000031 commons-fileupload:commons-fileupload HIGH 9.8 2016-10-25T14:29:00 1.2.1 Vulnerability Link CVE-2016-1000031
CVE-2020-17530 com.opensymphony:xwork HIGH 9.8 2020-12-11T02:15:00 2.0.4 Vulnerability Link CVE-2020-17530
CVE-2016-4438 com.opensymphony:xwork HIGH 9.8 2016-07-04T22:59:00 2.0.4 Vulnerability Link CVE-2016-4438
CVE-2020-10683 dom4j:dom4j HIGH 9.8 2020-05-01T19:15:00 1.4 Vulnerability Link CVE-2020-10683
CVE-2020-17530 org.apache.struts:struts2-core HIGH 9.8 2020-12-11T02:15:00 2.0.11 Vulnerability Link CVE-2020-17530
CVE-2019-0230 org.apache.struts:struts2-core HIGH 9.8 2020-08-13T08:26:00 2.0.11 Vulnerability Link CVE-2019-0230
CVE-2017-12611 org.apache.struts:struts2-core HIGH 9.8 2017-09-20T17:29:00 2.0.11 Vulnerability Link CVE-2017-12611
CVE-2016-4436 org.apache.struts:struts2-core HIGH 9.8 2016-10-03T15:59:00 2.0.11 Vulnerability Link CVE-2016-4436
CVE-2016-3082 org.apache.struts:struts2-core HIGH 9.8 2016-04-26T14:59:00 2.0.11 Vulnerability Link CVE-2016-3082
CVE-2013-1965 com.opensymphony:xwork HIGH 9.3 2013-07-10T19:55:00 2.0.4 Vulnerability Link CVE-2013-1965
CVE-2012-0391 com.opensymphony:xwork HIGH 9.3 2012-01-08T15:55:00 2.0.4 Vulnerability Link CVE-2012-0391
CVE-2013-2115 com.opensymphony:xwork HIGH 9.3 2013-07-10T19:55:00 2.0.4 Vulnerability Link CVE-2013-2115
CVE-2013-1966 com.opensymphony:xwork HIGH 9.3 2013-07-10T19:55:00 2.0.4 Vulnerability Link CVE-2013-1966
CVE-2012-0392 org.apache.struts:struts2-core HIGH 9.3 2012-01-08T15:55:00 2.0.11 Vulnerability Link CVE-2012-0392
CVE-2012-0391 org.apache.struts:struts2-core HIGH 9.3 2012-01-08T15:55:00 2.0.11 Vulnerability Link CVE-2012-0391
CVE-2013-2251 org.apache.struts:struts2-core HIGH 9.3 2013-07-20T03:37:00 2.0.11 Vulnerability Link CVE-2013-2251
CVE-2013-2135 org.apache.struts:struts2-core HIGH 9.3 2013-07-16T18:55:00 2.0.11 Vulnerability Link CVE-2013-2135
CVE-2013-2134 org.apache.struts:struts2-core HIGH 9.3 2013-07-16T18:55:00 2.0.11 Vulnerability Link CVE-2013-2134
CVE-2013-1965 org.apache.struts:struts2-core HIGH 9.3 2013-07-10T19:55:00 2.0.11 Vulnerability Link CVE-2013-1965
CVE-2016-4461 com.opensymphony:xwork HIGH 8.8 2017-10-16T16:29:00 2.0.4 Vulnerability Link CVE-2016-4461
CVE-2016-0785 com.opensymphony:xwork HIGH 8.8 2016-04-12T16:59:00 2.0.4 Vulnerability Link CVE-2016-0785
CVE-2012-1592 org.apache.struts:struts2-core HIGH 8.8 2019-12-05T21:15:00 2.0.11 Vulnerability Link CVE-2012-1592
CVE-2016-4461 org.apache.struts:struts2-core HIGH 8.8 2017-10-16T16:29:00 2.0.11 Vulnerability Link CVE-2016-4461
CVE-2016-3090 org.apache.struts:struts2-core HIGH 8.8 2017-10-30T14:29:00 2.0.11 Vulnerability Link CVE-2016-3090
CVE-2016-0785 org.apache.struts:struts2-core HIGH 8.8 2016-04-12T16:59:00 2.0.11 Vulnerability Link CVE-2016-0785
CVE-2018-11776 com.opensymphony:xwork HIGH 8.1 2018-08-22T13:29:00 2.0.4 Vulnerability Link CVE-2018-11776
CVE-2018-11776 org.apache.struts:struts2-core HIGH 8.1 2018-08-22T13:29:00 2.0.11 Vulnerability Link CVE-2018-11776
CVE-2016-3081 org.apache.struts:struts2-core HIGH 8.1 2016-04-26T14:59:00 2.0.11 Vulnerability Link CVE-2016-3081
CVE-2006-1547 struts:struts HIGH 7.8 2006-03-30T22:02:00 1.1 Vulnerability Link CVE-2006-1547
CVE-2014-0114 commons-beanutils:commons-beanutils HIGH 7.5 2014-04-30T10:49:00 1.7.0 Vulnerability Link CVE-2014-0114
CVE-2015-6420 commons-collections:commons-collections HIGH 7.5 2015-12-15T05:59:00 2.1 Vulnerability Link CVE-2015-6420
Cx78f40514-81ff commons-collections:commons-collections HIGH 7.5 2018-10-31T10:39:00 2.1 Vulnerability Link N\A
CVE-2014-0050 commons-fileupload:commons-fileupload HIGH 7.5 2014-04-01T06:27:00 1.2.1 Vulnerability Link CVE-2014-0050
CVE-2013-2186 commons-fileupload:commons-fileupload HIGH 7.5 2013-10-28T21:55:00 1.2.1 Vulnerability Link CVE-2013-2186
CVE-2016-3092 commons-fileupload:commons-fileupload HIGH 7.5 2016-07-04T22:59:00 1.2.1 Vulnerability Link CVE-2016-3092
CVE-2017-9804 com.opensymphony:xwork HIGH 7.5 2017-09-20T17:29:00 2.0.4 Vulnerability Link CVE-2017-9804
CVE-2017-9787 com.opensymphony:xwork HIGH 7.5 2017-07-13T15:29:00 2.0.4 Vulnerability Link CVE-2017-9787
CVE-2015-5209 com.opensymphony:xwork HIGH 7.5 2017-08-29T15:29:00 2.0.4 Vulnerability Link CVE-2015-5209
CVE-2014-0112 com.opensymphony:xwork HIGH 7.5 2014-04-29T10:37:00 2.0.4 Vulnerability Link CVE-2014-0112
CVE-2018-1000632 dom4j:dom4j HIGH 7.5 2018-08-20T19:31:00 1.4 Vulnerability Link CVE-2018-1000632
CVE-2019-0233 org.apache.struts:struts2-core HIGH 7.5 2020-08-13T11:18:00 2.0.11 Vulnerability Link CVE-2019-0233
CVE-2015-5209 org.apache.struts:struts2-core HIGH 7.5 2017-08-29T15:29:00 2.0.11 Vulnerability Link CVE-2015-5209
CVE-2015-1831 org.apache.struts:struts2-core HIGH 7.5 2015-07-16T14:59:00 2.0.11 Vulnerability Link CVE-2015-1831
CVE-2014-0113 org.apache.struts:struts2-core HIGH 7.5 2014-04-29T10:37:00 2.0.11 Vulnerability Link CVE-2014-0113
CVE-2014-0112 org.apache.struts:struts2-core HIGH 7.5 2014-04-29T10:37:00 2.0.11 Vulnerability Link CVE-2014-0112
CVE-2006-1546 struts:struts HIGH 7.5 2006-03-30T22:02:00 1.1 Vulnerability Link CVE-2006-1546
CVE-2014-0114 struts:struts HIGH 7.5 2014-04-30T10:49:00 1.1 Vulnerability Link CVE-2014-0114
CVE-2015-0254 taglibs:standard HIGH 7.5 2015-03-09T14:59:00 1.1.2 Vulnerability Link CVE-2015-0254
CVE-2016-5018 tomcat:jasper-runtime HIGH 7.5 2017-08-10T16:29:00 5.0.28 Vulnerability Link CVE-2016-5018
CVE-2012-4386 org.apache.struts:struts2-core MEDIUM 6.8 2012-09-05T23:55:00 2.0.11 Vulnerability Link CVE-2012-4386
CVE-2012-0394 org.apache.struts:struts2-core MEDIUM 6.8 2012-01-08T15:55:00 2.0.11 Vulnerability Link CVE-2012-0394
CVE-2014-7809 org.apache.struts:struts2-core MEDIUM 6.8 2014-12-10T15:59:00 2.0.11 Vulnerability Link CVE-2014-7809
CVE-2012-0393 org.apache.struts:struts2-core MEDIUM 6.4 2012-01-08T15:55:00 2.0.11 Vulnerability Link CVE-2012-0393
CVE-2016-2162 com.opensymphony:xwork MEDIUM 6.1 2016-04-12T16:59:00 2.0.4 Vulnerability Link CVE-2016-2162
CVE-2016-4003 org.apache.struts:struts2-core MEDIUM 6.1 2016-04-12T16:59:00 2.0.11 Vulnerability Link CVE-2016-4003
CVE-2016-2162 org.apache.struts:struts2-core MEDIUM 6.1 2016-04-12T16:59:00 2.0.11 Vulnerability Link CVE-2016-2162
CVE-2015-5169 org.apache.struts:struts2-core MEDIUM 6.1 2017-09-25T21:29:00 2.0.11 Vulnerability Link CVE-2015-5169
CVE-2015-2992 org.apache.struts:struts2-core MEDIUM 6.1 2020-02-27T18:15:00 2.0.11 Vulnerability Link CVE-2015-2992
CVE-2014-0116 org.apache.struts:struts2-core MEDIUM 5.8 2014-05-08T10:55:00 2.0.11 Vulnerability Link CVE-2014-0116
CVE-2013-4310 org.apache.struts:struts2-core MEDIUM 5.8 2013-09-30T21:55:00 2.0.11 Vulnerability Link CVE-2013-4310
CVE-2013-2248 org.apache.struts:struts2-core MEDIUM 5.8 2013-07-20T03:37:00 2.0.11 Vulnerability Link CVE-2013-2248
CVE-2016-3093 com.opensymphony:xwork MEDIUM 5.3 2016-06-07T18:59:00 2.0.4 Vulnerability Link CVE-2016-3093
CVE-2016-3093 opensymphony:ognl MEDIUM 5.3 2016-06-07T18:59:00 2.6.11 Vulnerability Link CVE-2016-3093
CVE-2008-6504 com.opensymphony:xwork MEDIUM 5.0 2009-03-23T14:19:00 2.0.4 Vulnerability Link CVE-2008-6504
CVE-2010-1870 com.opensymphony:xwork MEDIUM 5.0 2010-08-17T20:00:00 2.0.4 Vulnerability Link CVE-2010-1870
CVE-2011-2088 com.opensymphony:xwork MEDIUM 5.0 2011-05-13T17:05:00 2.0.4 Vulnerability Link CVE-2011-2088
CVE-2012-4387 com.opensymphony:xwork MEDIUM 5.0 2012-09-05T23:55:00 2.0.4 Vulnerability Link CVE-2012-4387
CVE-2008-6505 org.apache.struts:struts2-core MEDIUM 5.0 2009-03-23T14:19:00 2.0.11 Vulnerability Link CVE-2008-6505
CVE-2011-5057 org.apache.struts:struts2-core MEDIUM 5.0 2012-01-08T17:55:00 2.0.11 Vulnerability Link CVE-2011-5057
CVE-2014-0094 org.apache.struts:struts2-core MEDIUM 5.0 2014-03-11T13:00:00 2.0.11 Vulnerability Link CVE-2014-0094
CVE-2012-1006 org.apache.struts:struts2-core MEDIUM 4.3 2012-02-07T04:09:00 2.0.11 Vulnerability Link CVE-2012-1006
CVE-2008-6682 org.apache.struts:struts2-core MEDIUM 4.3 2009-04-09T15:08:00 2.0.11 Vulnerability Link CVE-2008-6682
CVE-2005-3745 struts:struts MEDIUM 4.3 2005-11-22T11:03:00 1.1 Vulnerability Link CVE-2005-3745
CVE-2006-1548 struts:struts MEDIUM 4.3 2006-03-30T22:02:00 1.1 Vulnerability Link CVE-2006-1548
CVE-2009-0781 tomcat:jasper-compiler MEDIUM 4.3 2009-03-09T21:30:00 5.0.28 Vulnerability Link CVE-2009-0781
CVE-2009-0781 tomcat:jasper-runtime MEDIUM 4.3 2009-03-09T21:30:00 5.0.28 Vulnerability Link CVE-2009-0781
CVE-2009-0781 tomcat:servlet-api MEDIUM 4.3 2009-03-09T21:30:00 5.0.18 Vulnerability Link CVE-2009-0781
CVE-2013-0248 commons-fileupload:commons-fileupload MEDIUM 3.3 2013-03-15T20:55:00 1.2.1 Vulnerability Link CVE-2013-0248
CVE-2011-1772 com.opensymphony:xwork LOW 2.6 2011-05-13T17:05:00 2.0.4 Vulnerability Link CVE-2011-1772