Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update checkmarx-ast-cli binaries with 2.1.4 #208

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update checkmarx-ast-cli binaries with 2.1.4 #208

wants to merge 1 commit into from

Conversation

pedrompflopes
Copy link
Contributor

@pedrompflopes pedrompflopes commented May 14, 2024
edited

Updates checkmarx-ast-cli to 2.1.4

Auto-generated by [create-pull-request][2]

@pedrompflopes pedrompflopes requested review from a team, sshay77 and tiagobcx and removed request for a team May 14, 2024 00:19
@github-actions GitHub Actions
Copy link

github-actions bot commented May 14, 2024
edited

Logo
Checkmarx One – Scan Summary & Details153043ce-fd45-4279-8f05-deb0f75ebdca

Policy Management Violations

Policy Name Rule(s) Break Build
[SAST-ML0] Not allowed NEW Sast vulnerabilities true

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-5.3.29 Vulnerable Package
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-5.3.29 Vulnerable Package
HIGH CVE-2022-4065 Maven-org.testng:testng-6.14.3 Vulnerable Package
HIGH CVE-2023-2976 Maven-com.google.guava:guava-31.1-android Vulnerable Package
HIGH CVE-2024-22243 Maven-org.springframework:spring-web-5.3.29 Vulnerable Package
HIGH CVE-2024-22257 Maven-org.springframework.security:spring-security-core-5.8.7 Vulnerable Package
HIGH CVE-2024-22259 Maven-org.springframework:spring-web-5.3.29 Vulnerable Package
HIGH CVE-2024-22262 Maven-org.springframework:spring-web-5.3.29 Vulnerable Package
HIGH Cx78f40514-81ff Maven-commons-collections:commons-collections-3.2.2 Vulnerable Package
MEDIUM CVE-2012-6153 Maven-commons-httpclient:commons-httpclient-3.1 Vulnerable Package
MEDIUM CVE-2020-1945 Maven-org.apache.ant:ant-1.10.3 Vulnerable Package
MEDIUM CVE-2021-36373 Maven-org.apache.ant:ant-1.10.3 Vulnerable Package
MEDIUM CVE-2021-36374 Maven-org.apache.ant:ant-1.10.3 Vulnerable Package
MEDIUM CVE-2023-33201 Maven-org.bouncycastle:bcprov-jdk18on-1.72 Vulnerable Package
MEDIUM CVE-2023-33201 Maven-org.bouncycastle:bcprov-jdk15on-1.64 Vulnerable Package
MEDIUM CVE-2023-33202 Maven-org.bouncycastle:bcprov-jdk15on-1.64 Vulnerable Package
MEDIUM CVE-2023-33202 Maven-org.bouncycastle:bcprov-jdk18on-1.72 Vulnerable Package
MEDIUM CVE-2024-25710 Maven-org.apache.commons:commons-compress-1.24.0 Vulnerable Package
MEDIUM CVE-2024-26308 Maven-org.apache.commons:commons-compress-1.24.0 Vulnerable Package
MEDIUM CVE-2024-29857 Maven-org.bouncycastle:bcprov-jdk18on-1.76 Vulnerable Package
MEDIUM CVE-2024-29857 Maven-org.bouncycastle:bcprov-jdk18on-1.72 Vulnerable Package
MEDIUM CVE-2024-29857 Maven-org.bouncycastle:bcprov-jdk15on-1.64 Vulnerable Package
MEDIUM CVE-2024-30171 Maven-org.bouncycastle:bcprov-jdk18on-1.76 Vulnerable Package
MEDIUM CVE-2024-30171 Maven-org.bouncycastle:bcprov-jdk18on-1.72 Vulnerable Package
MEDIUM CVE-2024-30171 Maven-org.bouncycastle:bcprov-jdk15on-1.64 Vulnerable Package
MEDIUM CVE-2024-30172 Maven-org.bouncycastle:bcpkix-jdk18on-1.72 Vulnerable Package
MEDIUM CVE-2024-30172 Maven-org.bouncycastle:bcprov-jdk15on-1.64 Vulnerable Package
MEDIUM CVE-2024-30172 Maven-org.bouncycastle:bcprov-jdk18on-1.76 Vulnerable Package
MEDIUM CVE-2024-30172 Maven-org.bouncycastle:bcpkix-jdk18on-1.76 Vulnerable Package
MEDIUM CVE-2024-30172 Maven-org.bouncycastle:bcprov-jdk18on-1.72 Vulnerable Package
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: [102](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/release.yml# L102) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /update-cli.yml: [32](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/update-cli.yml# L32) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /delete-dev-releases.yml: [28](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/delete-dev-releases.yml# L28) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: [23](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/dependabot-auto-merge.yml# L23) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: [14](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/dependabot-auto-merge.yml# L14) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /ci.yml: [35](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/ci.yml# L35) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: [77](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/release.yml# L77) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: [115](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/release.yml# L115) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release-drafter.yml: [33](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/release-drafter.yml# L33) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /ast-scan.yml: [12](https://github.com/Checkmarx/ast-teamcity-plugin/blob/feature/update_cli//.github/workflows/ast-scan.yml# L12) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2016-5002 Maven-org.apache.ws.xmlrpc:xmlrpc-2.0.1
HIGH CVE-2016-5003 Maven-org.apache.ws.xmlrpc:xmlrpc-2.0.1
HIGH CVE-2018-1000180 Maven-org.bouncycastle:bcprov-jdk15on-1.56
HIGH CVE-2018-1000613 Maven-org.bouncycastle:bcprov-jdk15on-1.56
HIGH CVE-2019-10172 Maven-org.codehaus.jackson:jackson-mapper-asl-1.9.13
HIGH CVE-2019-10202 Maven-org.codehaus.jackson:jackson-core-asl-1.9.13
HIGH CVE-2019-17359 Maven-org.bouncycastle:bcprov-jdk15on-1.56
HIGH CVE-2019-17570 Maven-org.apache.ws.xmlrpc:xmlrpc-2.0.1
HIGH CVE-2020-25649 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2020-36518 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2021-20190 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2022-22978 Maven-org.springframework.security:spring-security-web-5.6.3
HIGH CVE-2022-25857 Maven-org.yaml:snakeyaml-1.26
HIGH CVE-2022-42003 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
HIGH CVE-2022-42004 Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
MEDIUM CVE-2018-10237 Maven-com.google.guava:guava-18.0
MEDIUM CVE-2019-11269 Maven-org.springframework.security.oauth:spring-security-oauth2-2.3.4.RELEASE
MEDIUM CVE-2019-3778 Maven-org.springframework.security.oauth:spring-security-oauth2-2.3.4.RELEASE
MEDIUM CVE-2020-14338 Maven-xerces:xercesImpl-2.12.1
MEDIUM CVE-2020-15250 Maven-junit:junit-4.12
MEDIUM CVE-2020-26939 Maven-org.bouncycastle:bcprov-jdk15on-1.56
MEDIUM CVE-2022-22968 Maven-org.springframework:spring-context-5.3.18
MEDIUM CVE-2022-22969 Maven-org.springframework.security.oauth:spring-security-oauth2-2.3.4.RELEASE
MEDIUM CVE-2022-22970 Maven-org.springframework:spring-core-5.3.19
MEDIUM CVE-2022-22970 Maven-org.springframework:spring-beans-5.3.18
MEDIUM CVE-2022-22970 Maven-org.springframework:spring-beans-5.3.19
MEDIUM CVE-2022-22970 Maven-org.springframework:spring-core-5.3.18
MEDIUM CVE-2022-22971 Maven-org.springframework:spring-core-5.3.19
MEDIUM CVE-2022-22971 Maven-org.springframework:spring-core-5.3.18
MEDIUM CVE-2022-22976 Maven-org.springframework.security:spring-security-core-5.6.3
MEDIUM CVE-2022-22976 Maven-org.springframework.security:spring-security-crypto-5.6.3
MEDIUM CVE-2022-23437 Maven-xerces:xercesImpl-2.12.1
MEDIUM CVE-2022-38749 Maven-org.yaml:snakeyaml-1.26
MEDIUM CVE-2022-38750 Maven-org.yaml:snakeyaml-1.26
MEDIUM CVE-2022-38751 Maven-org.yaml:snakeyaml-1.26
MEDIUM CVE-2022-38752 Maven-org.yaml:snakeyaml-1.26
MEDIUM Cxced0c06c-935c Maven-com.fasterxml.jackson.core:jackson-databind-2.10.5
LOW CVE-2020-8908 Maven-com.google.guava:guava-18.0
LOW Cxeb68d52e-5509 Maven-commons-codec:commons-codec-1.11

@pedrompflopes pedrompflopes force-pushed the feature/update_cli branch 2 times, most recently from 9f4b85f to c018ad7 Compare May 20, 2024 00:20
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.1.1 Update checkmarx-ast-cli binaries with 2.1.2 May 20, 2024
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.1.2 Update checkmarx-ast-cli binaries with 2.1.3 May 23, 2024
@pedrompflopes pedrompflopes changed the title Update checkmarx-ast-cli binaries with 2.1.3 Update checkmarx-ast-cli binaries with 2.1.4 May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sshay77 sshay77 Awaiting requested review from sshay77 sshay77 was automatically assigned from Checkmarx/ast-galactica-team

@tiagobcx tiagobcx Awaiting requested review from tiagobcx tiagobcx was automatically assigned from Checkmarx/ast-galactica-team

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
cxone
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@pedrompflopes