oliveregger
commented
5 months ago another security issue with parsson:jar:1.0.0 https://nvd.nist.gov/vuln/detail/CVE-2023-4043
+- ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base:jar:7.0.1:compile [INFO] | +- com.fasterxml.woodstox:woodstox-core:jar:6.4.0:compile [INFO] | | - org.codehaus.woodstox:stax2-api:jar:4.2.1:compile [INFO] | +- org.apache.commons:commons-csv:jar:1.10.0:compile [INFO] | +- co.elastic.apm:apm-agent-api:jar:1.44.0:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-server:jar:7.0.1:compile [INFO] | | +- com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:jar:20211018.2:compile [INFO] | | - org.simplejavamail:simple-java-mail:jar:6.6.1:compile [INFO] | | +- org.simplejavamail:core-module:jar:6.6.1:compile [INFO] | | | +- com.sun.mail:jakarta.mail:jar:1.6.5:compile [INFO] | | | - com.github.bbottema:emailaddress-rfc2822:jar:2.2.0:compile [INFO] | | - com.github.bbottema:jetbrains-runtime-annotations:jar:1.0.0:runtime [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-server-mdm:jar:7.0.1:compile [INFO] | | +- org.fhir:ucum:jar:1.0.8:compile [INFO] | | +- info.debatty:java-string-similarity:jar:1.2.1:compile [INFO] | | | - net.jcip:jcip-annotations:jar:1.0:compile [INFO] | | +- org.springframework:spring-context:jar:6.1.3:compile [INFO] | | - ca.uhn.hapi.fhir:hapi-fhir-caching-api:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-storage:jar:7.0.1:compile [INFO] | | - org.quartz-scheduler:quartz:jar:2.3.2:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-jpaserver-subscription:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-jpaserver-searchparam:jar:7.0.1:compile [INFO] | | - org.springframework.retry:spring-retry:jar:2.0.4:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-sql-migrate:jar:7.0.1:compile [INFO] | | +- org.springframework:spring-jdbc:jar:6.1.3:compile [INFO] | | +- org.hibernate.orm:hibernate-core:jar:6.4.1.Final:compile [INFO] | | | - jakarta.inject:jakarta.inject-api:jar:2.0.1:runtime [INFO] | | +- jakarta.transaction:jakarta.transaction-api:jar:2.0.1:compile [INFO] | | +- com.oracle.database.jdbc:ojdbc11:jar:23.3.0.23.09:compile [INFO] | | - org.flywaydb:flyway-core:jar:9.4.0:compile [INFO] | | - com.electronwill.night-config:toml:jar:3.6.6:compile [INFO] | | - com.electronwill.night-config:core:jar:3.6.6:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-jpaserver-model:jar:7.0.1:compile [INFO] | | - ca.uhn.hapi.fhir:hapi-fhir-jpa:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-validation:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-structures-dstu2:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-structures-dstu3:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-structures-r4:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-structures-r4b:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-structures-r5:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-structures-hl7org-dstu2:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-validation-resources-dstu2:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-validation-resources-dstu3:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-validation-resources-r4:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-validation-resources-r4b:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-validation-resources-r5:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-storage-batch2:jar:7.0.1:compile [INFO] | +- ca.uhn.hapi.fhir:hapi-fhir-storage-batch2-jobs:jar:7.0.1:compile [INFO] | +- org.apache.commons:commons-dbcp2:jar:2.11.0:compile [INFO] | | - org.apache.commons:commons-pool2:jar:2.12.0:compile [INFO] | +- net.ttddyy:datasource-proxy:jar:1.10:compile [INFO] | +- org.javassist:javassist:jar:3.22.0-GA:compile [INFO] | +- com.graphql-java:graphql-java:jar:21.0:compile [INFO] | | +- com.graphql-java:java-dataloader:jar:3.2.0:compile [INFO] | | - org.reactivestreams:reactive-streams:jar:1.0.3:compile [INFO] | +- com.healthmarketscience.sqlbuilder:sqlbuilder:jar:3.0.2:compile [INFO] | +- org.springdoc:springdoc-openapi-starter-webmvc-ui:jar:2.2.0:compile [INFO] | | - org.springdoc:springdoc-openapi-starter-webmvc-api:jar:2.2.0:compile [INFO] | | - org.springdoc:springdoc-openapi-starter-common:jar:2.2.0:compile [INFO] | +- org.thymeleaf:thymeleaf:jar:3.1.2.RELEASE:compile [INFO] | | +- ognl:ognl:jar:3.3.4:compile [INFO] | | +- org.attoparser:attoparser:jar:2.0.7.RELEASE:compile [INFO] | | - org.unbescape:unbescape:jar:1.1.6.RELEASE:compile [INFO] | +- org.thymeleaf:thymeleaf-spring6:jar:3.1.2.RELEASE:compile [INFO] | +- org.jscience:jscience:jar:4.3.1:compile [INFO] | +- io.dogote:json-patch:jar:1.15:compile [INFO] | | - com.github.fge:jackson-coreutils:jar:1.6:compile [INFO] | | - com.github.fge:msg-simple:jar:1.1:compile [INFO] | | - com.github.fge:btf:jar:1.2:compile [INFO] | +- com.github.dnault:xml-patch:jar:0.3.1:compile [INFO] | +- org.springframework:spring-core:jar:6.1.3:compile [INFO] | +- org.springframework.data:spring-data-jpa:jar:3.2.0:compile [INFO] | | +- org.springframework:spring-orm:jar:6.1.0:compile [INFO] | | - org.antlr:antlr4-runtime:jar:4.10.1:compile [INFO] | +- org.springframework.data:spring-data-commons:jar:3.2.0:compile [INFO] | +- org.springframework:spring-messaging:jar:6.1.3:compile [INFO] | +- org.springframework:spring-tx:jar:6.1.3:compile [INFO] | +- org.springframework:spring-context-support:jar:6.1.3:compile [INFO] | +- org.springframework:spring-webmvc:jar:6.1.3:compile [INFO] | | +- org.springframework:spring-aop:jar:6.1.3:compile [INFO] | | - org.springframework:spring-expression:jar:6.1.3:compile [INFO] | +- org.springframework:spring-websocket:jar:6.1.3:compile [INFO] | +- org.glassfish:jakarta.el:jar:4.0.2:compile [INFO] | | - jakarta.el:jakarta.el-api:jar:4.0.0:compile [INFO] | +- co.elastic.clients:elasticsearch-java:jar:8.12.0:compile [INFO] | | +- org.elasticsearch.client:elasticsearch-rest-client:jar:8.12.0:compile [INFO] | | | +- org.apache.httpcomponents:httpasyncclient:jar:4.1.5:compile [INFO] | | | - org.apache.httpcomponents:httpcore-nio:jar:4.4.13:compile [INFO] | | +- org.eclipse.parsson:parsson:jar:1.0.0:compile
qligier
New versions of FHIR core and HAPI FHIR are available. New high severity vulnerability in Spring-web: https://github.com/ahdis/matchbox/security/code-scanning/58