[Snyk] Upgrade @opentelemetry/sdk-trace-base from 1.22.0 to 1.24.1 #2508
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-27309Path to dependency file: /persistence/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-metadata/3.6.1/568acb2c4d16ac625be067dcfb68fc75f39e76b6/kafka-metadata-3.6.1.jar Dependency Hierarchy: -> spring-kafka-test-3.1.2.jar (Root Library) -> ❌ kafka-metadata-3.6.1.jar (Vulnerable Library) |
 Critical |
9.8 | kafka-metadata-3.6.1.jar | Upgrade to version: org.apache.kafka:kafka-metadata:3.6.2 | #2433 |
CVE-2024-22257Path to dependency file: /security/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-core/6.2.2/8cf7e96179c6f253ab36f76ebb24538a7e619f49/spring-security-core-6.2.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-core/6.2.2/8cf7e96179c6f253ab36f76ebb24538a7e619f49/spring-security-core-6.2.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-core/6.2.2/8cf7e96179c6f253ab36f76ebb24538a7e619f49/spring-security-core-6.2.2.jar Dependency Hierarchy: -> spring-boot-starter-security-3.2.3.jar (Root Library) -> spring-security-web-6.2.2.jar -> ❌ spring-security-core-6.2.2.jar (Vulnerable Library) |
 High |
8.2 | spring-security-core-6.2.2.jar | Upgrade to version: org.springframework.security:spring-security-core:5.7.12,5.8.11,6.1.8,6.2.3 | #2388 |
CVE-2024-22262Path to dependency file: /release-toggles/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.5/4f4e92cc52ee33260f1ee0cdc7b7a2f22d49708c/spring-web-6.1.5.jar Dependency Hierarchy: -> ❌ spring-web-6.1.5.jar (Vulnerable Library) |
High |
8.1 | spring-web-6.1.5.jar | Upgrade to version: org.springframework:spring-web:5.3.34;6.0.19,6.1.6 | #2430 |
CVE-2024-22262Path to dependency file: /file-storage/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar Dependency Hierarchy: -> spring-boot-starter-webflux-3.2.3.jar (Root Library) -> ❌ spring-web-6.1.4.jar (Vulnerable Library) |
High |
8.1 | spring-web-6.1.4.jar | Upgrade to version: org.springframework:spring-web:5.3.34;6.0.19,6.1.6 | #2430 |
CVE-2024-22259Path to dependency file: /file-storage/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/6.1.4/b237532e03330a7cf8f66dc147e62bbbe44c702f/spring-web-6.1.4.jar Dependency Hierarchy: -> spring-boot-starter-webflux-3.2.3.jar (Root Library) -> ❌ spring-web-6.1.4.jar (Vulnerable Library) |
High |
8.1 | spring-web-6.1.4.jar | Upgrade to version: org.springframework:spring-web:5.3.33,6.0.18,6.1.5 | #2367 |
CVE-2024-23944Path to dependency file: /file-storage/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.zookeeper/zookeeper/3.8.3/97bb82af5b529ec14e9c2d44b96884544f0db743/zookeeper-3.8.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.zookeeper/zookeeper/3.8.3/97bb82af5b529ec14e9c2d44b96884544f0db743/zookeeper-3.8.3.jar Dependency Hierarchy: -> spring-kafka-test-3.1.2.jar (Root Library) -> ❌ zookeeper-3.8.3.jar (Vulnerable Library) |
High |
7.5 | zookeeper-3.8.3.jar | Upgrade to version: org.apache.zookeeper:zookeeper:3.8.4,3.9.2 | #2366 |
CVE-2024-22271Path to dependency file: /functions/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.cloud/spring-cloud-function-context/4.1.0/dd0151b549e90b302a31feb1eb1870411eb3dd9e/spring-cloud-function-context-4.1.0.jar Dependency Hierarchy: -> spring-cloud-starter-function-web-4.1.0.jar (Root Library) -> spring-cloud-function-web-4.1.0.jar -> ❌ spring-cloud-function-context-4.1.0.jar (Vulnerable Library) |
 Medium |
6.5 | spring-cloud-function-context-4.1.0.jar | Upgrade to version: org.springframework.cloud:spring-cloud-function-context:4.1.2 | None |
CVE-2024-29025Path to dependency file: /persistence/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http/4.1.107.Final/4d8e9e51b7254bd26a42fe17bdcae32e4c6ebb3/netty-codec-http-4.1.107.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http/4.1.107.Final/4d8e9e51b7254bd26a42fe17bdcae32e4c6ebb3/netty-codec-http-4.1.107.Final.jar Dependency Hierarchy: -> r2dbc-mariadb-1.2.0.jar (Root Library) -> reactor-netty-1.1.16.jar -> reactor-netty-http-1.1.16.jar -> ❌ netty-codec-http-4.1.107.Final.jar (Vulnerable Library) |
Medium |
5.3 | netty-codec-http-4.1.107.Final.jar | Upgrade to version: io.netty:netty-codec-http:4.1.108.Final | #2404 |
Base branch total remaining vulnerabilities: 78
Base branch commit: 2dce83a9832f93747ffc1ee14c0b97c8ba5f69db
Total libraries scanned: 549
Scan token: 57ca5d6eb94a4fa2a84a458adefb777b