Skip to content

feat: Update dependencies in hale-platform to resolve security issues #39

feat: Update dependencies in hale-platform to resolve security issues

feat: Update dependencies in hale-platform to resolve security issues #39

Triggered via pull request November 8, 2023 14:40
Status Failure
Total duration 14m 11s
Artifacts 1

check.yml

on: pull_request
Fit to window
Zoom out
Zoom in

Annotations

10 errors and 1 warning
171.[CRITICAL] CVE-2021-42392: 171#L1
h2: Remote Code Execution in Console
171.[CRITICAL] CVE-2022-23221: 171#L1
Loading of custom classes from remote servers through JNDI
1.[CRITICAL] CVE-2017-11467: 1#L1
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
7.[CRITICAL] CVE-2016-6809: 7#L1
tika: Native deserialization of Java objects in matlab files
0.[CRITICAL] CVE-2023-25158: 0#L1
GeoTools OGC Filter SQL Injection Vulnerabilities
1.[CRITICAL] CVE-2022-41853: 1#L1
Untrusted input may lead to RCE attack
10.[CRITICAL] CVE-2014-4172: 10#L1
cas-client: Bypass of security constraints via URL parameter injection
RELEASE.[CRITICAL] CVE-2022-22978: RELEASE#L1
Authorization Bypass in RegexRequestMatcher
RELEASE.[CRITICAL] CVE-2022-22965: RELEASE#L1
RCE via Data Binding on JDK 9+
RELEASE.[CRITICAL] CVE-2016-1000027: RELEASE#L1
spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization
check / run
No files were found with the provided path: build/reports/tests. No artifacts will be uploaded.

Artifacts

Produced during runtime
Name Size
Vulnerability report (HTML) Expired
296 KB