SDKS-2988 Resolve the CVE-2023-52428 issue by upgrading the nimbus-jose-jwt #1008

Mend Scan Result

success

�[94mChecking for updates...
�[0m

Identified 614 dependencies

Detected 2 vulnerabilities (0 Critical, 0 High, 2 Medium, 0 Low)

+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| SEVERITY | LIBRARY | ID | TOP FIX |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM | bcprov-jdk15on-1.68.jar | CVE-2023-33201 | Upgrade to version org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, |
| | | | org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, |
| | | | org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-jdk14:1.74 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM | commons-io-2.6.jar | CVE-2021-29425 | Upgrade to version commons-io:commons-io:2.7 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+

Paths at risk

P = policy violation
MSC = malicious vulnerability
CRITICAL/HIGH/MEDIUM/LOW = CVE severity

play-services-fido-20.0.1.aar [P]
play-services-auth-20.6.0.aar [P]
|-- play-services-fido-20.0.1.aar [P]
play-services-fido-20.0.1.aar [P]
mockwebserver-2.7.5.jar]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
commons-io-2.6.jar [1 MEDIUM]
forgerock-auth-4.3.1]
|-- play-services-auth-20.6.0.aar [P]
|-- play-services-fido-20.0.1.aar [P]
|-- commons-io-2.6.jar [1 MEDIUM]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
javax.annotation-api-1.3.2.pom [P]
bcprov-jdk15on-1.68.jar [1 MEDIUM]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
forgerock-authenticator-4.3.1]
|-- javax.annotation-api-1.3.2.pom [P]
javax.annotation-api-1.3.2.pom [P]
robolectric-4.8.1.pom]
|-- javax.annotation-api-1.3.2.pom [P]
sandbox-4.8.1.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.8.1.pom]
|-- javax.annotation-api-1.3.2.pom [P]
mockwebserver-2.7.5.jar]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
commons-io-2.6.jar [1 MEDIUM]
forgerock-core-4.3.1]
|-- commons-io-2.6.jar [1 MEDIUM]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
javax.annotation-api-1.3.2.pom [P]
bcprov-jdk15on-1.68.jar [1 MEDIUM]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
javax.annotation-api-1.3.2.pom [P]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]

Support token: 8e376eba82ae21b6d1abcadf1ee03cae4b964bc51f4b1b

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SDKS-2988 Resolve the CVE-2023-52428 issue by upgrading the nimbus-jose-jwt #1008

Mend Scan Result

SDKS-2988 Resolve the CVE-2023-52428 issue by upgrading the nimbus-jose-jwt #1008

Jobs

Run details

Mend Scan Result

Details

Re-running jobs...