Skip to content

Update pom.xml#11

Open
stanezil wants to merge 1 commit intomainfrom
pom-test
Open

Update pom.xml#11
stanezil wants to merge 1 commit intomainfrom
pom-test

Conversation

@stanezil
Copy link
Copy Markdown
Contributor

@stanezil stanezil commented Jun 11, 2025

No description provided.

@wiz-31e53e2d7d
Copy link
Copy Markdown

wiz-31e53e2d7d Bot commented Jun 11, 2025

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities 1 Critical 16 High 13 Medium 3 Low
Data Finding Sensitive Data
Secret Finding Secrets
IaC Misconfiguration IaC Misconfigurations
Total 1 Critical 16 High 13 Medium 3 Low

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

wiz-31e53e2d7d[bot]
wiz-31e53e2d7d Bot reviewed Jun 11, 2025
View reviewed changes
Comment thread pom.xml
Copy link
Copy Markdown

@wiz-31e53e2d7d wiz-31e53e2d7d Bot Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High Vulnerability Finding on line 24

The following vulnerability impacts org.springframework.boot:spring-boot-autoconfigure versions <2.6.15: CVE-2023-20883.

It can be remediated by updating to version 2.6.15 or higher.

Dependency Tree 
org.springframework.boot:[email protected]
└── org.springframework.boot:[email protected]
    └── org.springframework.boot:[email protected]

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

Suggested change
<version>2.6.15</version>

wiz-31e53e2d7d[bot]
wiz-31e53e2d7d Bot reviewed Jun 11, 2025
View reviewed changes
Comment thread pom.xml
Copy link
Copy Markdown

@wiz-31e53e2d7d wiz-31e53e2d7d Bot Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High Vulnerability Finding on line 24

The following vulnerability impacts org.springframework.boot:spring-boot versions <3.3.11: CVE-2025-22235.

It can be remediated by updating to version 3.3.11 or higher.

Dependency Tree 
org.springframework.boot:[email protected]
└── org.springframework.boot:[email protected]
    └── org.springframework.boot:[email protected]

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

Suggested change
<version>3.3.11</version>

wiz-31e53e2d7d[bot]
wiz-31e53e2d7d Bot reviewed Jun 11, 2025
View reviewed changes
Comment thread pom.xml
Copy link
Copy Markdown

@wiz-31e53e2d7d wiz-31e53e2d7d Bot Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High Vulnerability Finding on line 29

The following vulnerabilities impact com.fasterxml.jackson.core:jackson-databind versions <2.13.4.2: CVE-2020-36518, CVE-2022-42003, CVE-2022-42004.

These can be remediated by updating to version 2.13.4.2 or higher.

Dependency Tree 
org.springframework.boot:[email protected]
└── org.springframework.boot:[email protected]
    └── com.fasterxml.jackson.core:[email protected]

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

Suggested change
<version>2.6.3</version>

wiz-31e53e2d7d[bot]
wiz-31e53e2d7d Bot reviewed Jun 11, 2025
View reviewed changes
Comment thread pom.xml
Copy link
Copy Markdown

@wiz-31e53e2d7d wiz-31e53e2d7d Bot Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High Vulnerability Finding on line 24

The following vulnerability impacts ch.qos.logback:logback-classic versions <1.2.13: CVE-2023-6378.

It can be remediated by updating to version 1.2.13 or higher.

Dependency Tree 
org.springframework.boot:[email protected]
└── org.springframework.boot:[email protected]
    └── org.springframework.boot:[email protected]
        └── ch.qos.logback:[email protected]

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

Suggested change
<version>2.6.3</version>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wiz-31e53e2d7d wiz-31e53e2d7d[bot] wiz-31e53e2d7d[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stanezil