Security Report
The Security Check found 21 vulnerabilities.
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-41419Path to dependency file: /src/loadgenerator/requirements.txt Path to vulnerable library: /src/loadgenerator/requirements.txt Dependency Hierarchy: -> ❌ gevent-22.10.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library) |
Critical | 9.8 | gevent-22.10.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Upgrade to version: gevent - 23.9.0 | #68 |
CVE-2023-37920Path to dependency file: /src/loadgenerator/requirements.txt Path to vulnerable library: /src/loadgenerator/requirements.txt Dependency Hierarchy: -> ❌ certifi-2022.12.7-py3-none-any.whl (Vulnerable Library) |
Critical | 9.8 | certifi-2022.12.7-py3-none-any.whl | Upgrade to version: certifi - 2023.7.22 | #57 |
CVE-2023-36665Path to dependency file: /src/frontend/package.json Path to vulnerable library: /src/frontend/package.json,/src/paymentservice/package.json Dependency Hierarchy: -> ts-proto-1.163.0.tgz (Root Library) -> ❌ protobufjs-7.2.4.tgz (Vulnerable Library) |
Critical | 9.8 | protobufjs-7.2.4.tgz | Upgrade to version: protobufjs - 6.11.4,7.2.5 | #141 |
WS-2023-0045Path to dependency file: /src/shippingservice/Cargo.toml Path to vulnerable library: /src/shippingservice/Cargo.toml Dependency Hierarchy: -> tonic-build-0.10.2.crate (Root Library) -> prost-build-0.12.1.crate -> tempfile-3.3.0.crate -> ❌ remove_dir_all-0.5.3.crate (Vulnerable Library) |
Critical | 9.1 | remove_dir_all-0.5.3.crate | Upgrade to version: remove_dir_all - 0.8.0 | #95 |
CVE-2024-34069Path to dependency file: /src/loadgenerator/requirements.txt Path to vulnerable library: /src/loadgenerator/requirements.txt Dependency Hierarchy: -> ❌ Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library) |
High | 7.5 | Werkzeug-2.2.3-py3-none-any.whl | Upgrade to version: Werkzeug - 3.0.3 | #90 |
CVE-2024-27308Path to dependency file: /src/shippingservice/Cargo.toml Path to vulnerable library: /src/shippingservice/Cargo.toml Dependency Hierarchy: -> reqwest-0.11.13.crate (Root Library) -> h2-0.3.18.crate -> tokio-1.33.0.crate -> ❌ mio-0.8.9.crate (Vulnerable Library) |
High | 7.5 | mio-0.8.9.crate | Upgrade to version: mio - 0.8.11 | #123 |
CVE-2024-21647Path to dependency file: /src/emailservice/Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-6.4.0.gem Dependency Hierarchy: -> ❌ puma-6.4.0.gem (Vulnerable Library) |
High | 7.5 | puma-6.4.0.gem | Upgrade to version: puma - 5.6.8,6.4.2 | #122 |
CVE-2023-46136Path to dependency file: /src/loadgenerator/requirements.txt Path to vulnerable library: /src/loadgenerator/requirements.txt Dependency Hierarchy: -> ❌ Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library) |
High | 7.5 | Werkzeug-2.2.3-py3-none-any.whl | Upgrade to version: werkzeug - 2.3.8,3.0.1 | #90 |
CVE-2023-44487Path to dependency file: /src/adservice/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http2/4.1.97.Final/893888d09a7bef0d0ba973d7471943e765d0fd08/netty-codec-http2-4.1.97.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http2/4.1.97.Final/893888d09a7bef0d0ba973d7471943e765d0fd08/netty-codec-http2-4.1.97.Final.jar Dependency Hierarchy: -> grpc-netty-1.59.0.jar (Root Library) -> ❌ netty-codec-http2-4.1.97.Final.jar (Vulnerable Library) |
High | 7.5 | netty-codec-http2-4.1.97.Final.jar | Upgrade to version: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3,v1.57.1,v1.58.3, kubernetes/kubernetes - v1.25.15,v1.26.10,v1.27.7,v1.28.3,v1.29.0, kubernetes/apimachinery - v0.25.15,v0.26.10,v0.27.7,v0.28.3,v0.29.0 | #93 |
CVE-2019-0820Path to dependency file: /src/cartservice/tests/cartservice.tests.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg Dependency Hierarchy: -> xunit.2.6.1.nupkg (Root Library) -> xunit.core.2.6.1.nupkg -> xunit.extensibility.core.2.6.1.nupkg -> netstandard.library.1.6.1.nupkg -> system.xml.xdocument.4.3.0.nupkg -> system.xml.readerwriter.4.3.0.nupkg -> ❌ system.text.regularexpressions.4.3.0.nupkg (Vulnerable Library) |
High | 7.5 | system.text.regularexpressions.4.3.0.nupkg | Upgrade to version: System.Text.RegularExpressions - 4.3.1 | #97 |
CVE-2023-48795Path to dependency file: /src/accountingservice/go.mod Path to vulnerable library: /go/pkg/mod/cache/download/golang.org/x/crypto/@v/v0.14.0.mod,/go/pkg/mod/cache/download/golang.org/x/crypto/@v/v0.14.0.mod Dependency Hierarchy: -> github.com/IbM/sarama-v1.42.0 (Root Library) -> github.com/jcmturner/gokrb5/v8-v8.4.4 -> ❌ golang.org/x/crypto-v0.14.0 (Vulnerable Library) |
Medium | 5.9 | golang.org/x/crypto-v0.14.0 | Upgrade to version: putty - 0.80, openssh - V_9_6_P1, golang/crypto - v0.17.0, asyncssh - 2.14.2, libssh-0.9.8, libssh-0.10.6, teraterm - v5.1, paramiko - 3.4.0, russh - 0.40.2, com.github.mwiede:jsch:0.2.15, proftpd - v1.3.8b, thrussh - 0.35.1, teraterm - v5.1, org.connectbot:sshlib:2.2.22, mscdex/ssh2 - 1.15.0, jtesta/ssh-audit - v3.1.0, Oryx-Embedded/CycloneSSH - v2.3.4, opnsense/src - 23.7, winscp - 6.2.2, PowerShell/openssh-portable - v9.5.0.0 | #121 |
CVE-2024-26141Path to dependency file: /src/emailservice/Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rack-2.2.8.gem Dependency Hierarchy: -> sinatra-3.1.0.gem (Root Library) -> ❌ rack-2.2.8.gem (Vulnerable Library) |
Medium | 5.8 | rack-2.2.8.gem | Upgrade to version: rack - 2.2.8.1,3.0.9.1 | #124 |
CVE-2024-37168Path to dependency file: /src/frontend/package.json Path to vulnerable library: /src/frontend/package.json,/src/paymentservice/package.json Dependency Hierarchy: -> ❌ grpc-js-1.9.9.tgz (Vulnerable Library) |
Medium | 5.3 | grpc-js-1.9.9.tgz | Upgrade to version: @grpc/grpc-js - 1.8.22,1.9.15,1.10.9 | #142 |
CVE-2024-29025Path to dependency file: /src/frauddetectionservice/build.gradle.kts Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http/4.1.97.Final/af78acec783ffd77c63d8aeecc21041fd39ac54f/netty-codec-http-4.1.97.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http/4.1.97.Final/af78acec783ffd77c63d8aeecc21041fd39ac54f/netty-codec-http-4.1.97.Final.jar Dependency Hierarchy: -> grpc-netty-1.59.0.jar (Root Library) -> netty-handler-proxy-4.1.97.Final.jar -> ❌ netty-codec-http-4.1.97.Final.jar (Vulnerable Library) |
Medium | 5.3 | netty-codec-http-4.1.97.Final.jar | Upgrade to version: io.netty:netty-codec-http:4.1.108.Final | #93 |
CVE-2024-26146Path to dependency file: /src/emailservice/Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rack-2.2.8.gem Dependency Hierarchy: -> sinatra-3.1.0.gem (Root Library) -> ❌ rack-2.2.8.gem (Vulnerable Library) |
Medium | 5.3 | rack-2.2.8.gem | Upgrade to version: rack - 2.0.9.4,2.1.4.4,2.2.8.1,3.0.9.1 | #124 |
CVE-2024-25126Path to dependency file: /src/emailservice/Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rack-2.2.8.gem Dependency Hierarchy: -> sinatra-3.1.0.gem (Root Library) -> ❌ rack-2.2.8.gem (Vulnerable Library) |
Medium | 5.3 | rack-2.2.8.gem | Upgrade to version: rack - 2.2.8.1,3.0.9.1 | #124 |
CVE-2024-1681Path to dependency file: /src/loadgenerator/requirements.txt Path to vulnerable library: /src/loadgenerator/requirements.txt Dependency Hierarchy: -> ❌ Flask_Cors-4.0.0-py2.py3-none-any.whl (Vulnerable Library) |
Medium | 5.3 | Flask_Cors-4.0.0-py2.py3-none-any.whl | Upgrade to version: flask-cors - 4.0.1 | #127 |
CVE-2023-44270Path to dependency file: /src/frontend/package.json Path to vulnerable library: /src/frontend/package.json Dependency Hierarchy: -> next-12.3.4.tgz (Root Library) -> ❌ postcss-8.4.14.tgz (Vulnerable Library) |
Medium | 5.3 | postcss-8.4.14.tgz | Upgrade to version: postcss - 8.4.31 | #94 |
CVE-2018-8292Path to dependency file: /src/cartservice/tests/cartservice.tests.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg Dependency Hierarchy: -> xunit.2.6.1.nupkg (Root Library) -> xunit.core.2.6.1.nupkg -> xunit.extensibility.core.2.6.1.nupkg -> netstandard.library.1.6.1.nupkg -> ❌ system.net.http.4.3.0.nupkg (Vulnerable Library) |
Medium | 5.3 | system.net.http.4.3.0.nupkg | Upgrade to version: System.Net.Http - 4.3.4;Microsoft.PowerShell.Commands.Utility - 6.1.0-rc.1 | #97 |
CVE-2024-32028Path to dependency file: /src/cartservice/src/cartservice.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/opentelemetry.instrumentation.aspnetcore/1.5.1-beta.1/opentelemetry.instrumentation.aspnetcore.1.5.1-beta.1.nupkg Dependency Hierarchy: -> ❌ opentelemetry.instrumentation.aspnetcore.1.5.1-beta.1.nupkg (Vulnerable Library) |
Medium | 4.1 | opentelemetry.instrumentation.aspnetcore.1.5.1-beta.1.nupkg | Upgrade to version: OpenTelemetry.Instrumentation.Http - 1.8.1, OpenTelemetry.Instrumentation.AspNetCore - 1.8.1 | #129 |
CVE-2024-32028Path to dependency file: /src/cartservice/src/cartservice.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/opentelemetry.instrumentation.http/1.5.1-beta.1/opentelemetry.instrumentation.http.1.5.1-beta.1.nupkg Dependency Hierarchy: -> ❌ opentelemetry.instrumentation.http.1.5.1-beta.1.nupkg (Vulnerable Library) |
Medium | 4.1 | opentelemetry.instrumentation.http.1.5.1-beta.1.nupkg | Upgrade to version: OpenTelemetry.Instrumentation.Http - 1.8.1, OpenTelemetry.Instrumentation.AspNetCore - 1.8.1 | #128 |
Total libraries scanned: 981
Scan token: f138c449ab2049ba995c0d2fdd8dc2d6