Open carlosal1015 opened 6 months ago
There are some security issues related with dependencies, if possible try it to keep up to date.
─────────────────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────────┬──────────────────────────────────────────────────────────────┐ 2024-03-15T13:22:38.1849856Z │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ 2024-03-15T13:22:38.1852225Z ├─────────────────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────────┼──────────────────────────────────────────────────────────────┤ 2024-03-15T13:22:38.1854820Z │ ch.qos.logback:logback-classic (tlcockpit.jar) │ CVE-2023-6378 │ HIGH │ fixed │ 1.2.3 │ 1.3.12, 1.4.12, 1.2.13 │ logback: serialization vulnerability in logback receiver │ 2024-03-15T13:22:38.1857138Z │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-6378 │ 2024-03-15T13:22:38.1859053Z ├─────────────────────────────────────────────────────────────┤ │ │ │ │ │ │ 2024-03-15T13:22:38.1860617Z │ ch.qos.logback:logback-core (tlcockpit.jar) │ │ │ │ │ │ │ 2024-03-15T13:22:38.1862351Z │ │ │ │ │ │ │ │ 2024-03-15T13:22:38.1864015Z │ ├────────────────┼──────────┤ │ ├──────────────────────────────────────┼──────────────────────────────────────────────────────────────┤ 2024-03-15T13:22:38.1865765Z │ │ CVE-2021-42550 │ MEDIUM │ │ │ 1.2.9 │ logback: remote code execution through JNDI call from within │ 2024-03-15T13:22:38.1867459Z │ │ │ │ │ │ │ its configuration file... │ 2024-03-15T13:22:38.1869309Z │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-42550 │ 2024-03-15T13:22:38.1871131Z ├─────────────────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────┼──────────────────────────────────────────────────────────────┤ 2024-03-15T13:22:38.1874217Z │ com.fasterxml.jackson.core:jackson-databind (tlcockpit.jar) │ CVE-2018-11307 │ CRITICAL │ │ 2.9.4 │ 2.7.9.4, 2.8.11.2, 2.9.6 │ jackson-databind: Potential information exfiltration with │ 2024-03-15T13:22:38.1876548Z │ │ │ │ │ │ │ default typing, serialization gadget from MyBatis │ 2024-03-15T13:22:38.1878078Z │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-11307 │ 2024-03-15T13:22:38.1879668Z │ ├────────────────┤ │ │ ├──────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
There are some security issues related with dependencies, if possible try it to keep up to date.