Automated Pull Request #61
Open
Veracode-Workflow-App-Preprod / Veracode Software Composition Analysis
succeeded
May 12, 2026 in 1m 4s
Veracode Software Composition Analysis
Veracode SCA agent scanning engine ready Searching for supported projects (this may take a minute)... [Jar] Scanning /home/runner/work/veracode/veracode/.mvn/wrapper [Maven] Scanning /home/runner/work/veracode/veracode Processing results... Processing results complete Summary Report Scan ID 2fcaab17-ed35-4eca-a62b-1d98b51b7dd2 Scan Date & Time May 12 2026 01:44PM UTC Account type ENTERPRISE Scan engine 3.8.115 (latest 3.8.115) Analysis time 23 seconds User runner Project /home/runner/work/veracode/veracode Package Manager(s) Maven, Jar Open-Source Libraries Total Libraries 39 Direct Libraries 6 Transitive Libraries 33 Vulnerable Libraries 18 Security With Vulnerable Methods 0 Critical Risk Vulnerabilities 30 High Risk Vulnerabilities 79 Medium Risk Vulnerabilities 34 Low Risk Vulnerabilities 2 Vulnerabilities - Public Data CVE-2016-1000027 Critical Risk Remote Code Execution (RCE) Spring Web 5.1.4.RELEASE CVE-2022-22965 Critical Risk Remote Code Execution (RCE) spring-boot-starter-web 2.1.2.RELEASE CVE-2022-22965 Critical Risk Remote Code Execution (RCE) Spring Web MVC 5.1.4.RELEASE CVE-2022-22965 Critical Risk Remote Code Execution (RCE) Spring Beans 5.1.4.RELEASE CVE-2024-1597 Critical Risk Sql Injection PostgreSQL JDBC Driver 42.2.5 CVE-2022-26520 Critical Risk Arbitrary File Write PostgreSQL JDBC Driver 42.2.5 CVE-2022-21724 Critical Risk Remote Code Execution (RCE) PostgreSQL JDBC Driver 42.2.5 CVE-2020-1938 Critical Risk Authentication Bypass tomcat-embed-core 9.0.14 CVE-2025-24813 Critical Risk Path Equivalence tomcat-embed-core 9.0.14 CVE-2025-31651 Critical Risk Improper Neutralization Of Escape, Meta, Or Control Sequences tomcat-embed-core 9.0.14 CVE-2024-50379 Critical Risk Time-of-check Time-of-use (TOCTOU) Race Condition tomcat-embed-core 9.0.14 CVE-2024-52316 Critical Risk Authentication Bypass tomcat-embed-core 9.0.14 CVE-2024-56337 Critical Risk Time-of-Check Time-of-Use (TOCTOU) tomcat-embed-core 9.0.14 CVE-2025-66614 Critical Risk Authentication Bypass tomcat-embed-core 9.0.14 CVE-2019-16942 Critical Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2019-16943 Critical Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2019-20330 Critical Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2019-14892 Critical Risk Remote Code Execution jackson-databind 2.9.8 CVE-2019-14893 Critical Risk Remote Code Execution jackson-databind 2.9.8 CVE-2019-14540 Critical Risk Deserialization Of Untrusted Data jackson-databind 2.9.8 CVE-2019-17267 Critical Risk Remote Code Execution jackson-databind 2.9.8 CVE-2019-16335 Critical Risk Deserialization Of Untrusted Data jackson-databind 2.9.8 CVE-2019-17531 Critical Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2019-14379 Critical Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2020-8840 Critical Risk Remote Code Execution jackson-databind 2.9.8 CVE-2020-9546 Critical Risk Deserialization Of Untrusted Object jackson-databind 2.9.8 CVE-2020-9547 Critical Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2020-9548 Critical Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2021-22118 High Risk Privilege Escalation Spring Web 5.1.4.RELEASE CVE-2024-22259 High Risk Server Side Request Forgery (SSRF) Spring Web 5.1.4.RELEASE CVE-2020-5398 High Risk Reflected File Download Spring Web 5.1.4.RELEASE CVE-2024-22243 High Risk Server Side Request Forgery (SSRF) Spring Web 5.1.4.RELEASE CVE-2024-22262 High Risk Open Redirect Spring Web 5.1.4.RELEASE CVE-2020-13935 High Risk Denial Of Service (DoS) tomcat-embed-websocket 9.0.14 CVE-2024-23672 High Risk Denial Of Service (DoS) tomcat-embed-websocket 9.0.14 CVE-2024-38819 High Risk Path Traversal Spring Web MVC 5.1.4.RELEASE CVE-2020-5398 High Risk Reflected File Download Spring Web MVC 5.1.4.RELEASE CVE-2025-35036 High Risk Arbitrary Code Injection org.hibernate.validator:hibernate-validator 6.0.14.Final CVE-2026-42198 High Risk Pgjdbc: Unbounded PBKDF2 Iterations In SCRAM Authentication Allows CPU Exhaustion DoS PostgreSQL JDBC Driver 42.2.5 CVE-2020-13692 High Risk XML External Entity (XXE) PostgreSQL JDBC Driver 42.2.5 CVE-2022-31197 High Risk SQL Injection PostgreSQL JDBC Driver 42.2.5 CVE-2023-20883 High Risk Denial Of Service (DoS) spring-boot-autoconfigure 2.1.2.RELEASE CVE-2023-6378 High Risk Denial Of Service (DoS) Logback Core Module 1.2.3 CVE-2024-12798 High Risk Arbitrary Code Execution Logback Core Module 1.2.3 CVE-2026-40973 High Risk Improper Control Of Temporary Directory Access spring-boot 2.1.2.RELEASE CVE-2026-40975 High Risk Weak Random Value Generation For Secrets (weak PRNG) spring-boot 2.1.2.RELEASE CVE-2022-27772 High Risk Directory Traversal spring-boot 2.1.2.RELEASE CVE-2021-25122 High Risk Information Disclosure tomcat-embed-core 9.0.14 CVE-2019-0199 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2023-46589 High Risk Request Smuggling tomcat-embed-core 9.0.14 CVE-2025-46701 High Risk Improper Handling Of Case Sensitivity tomcat-embed-core 9.0.14 CVE-2025-49125 High Risk Authentication Bypass tomcat-embed-core 9.0.14 CVE-2024-34750 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2025-48988 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2023-24998 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2025-48989 High Risk Improper Resource Shutdown Or Release tomcat-embed-core 9.0.14 CVE-2021-25329 High Risk Remote Code Execution tomcat-embed-core 9.0.14 CVE-2024-24549 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2020-17527 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2023-28709 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2025-55752 High Risk Relative Path Traversal tomcat-embed-core 9.0.14 CVE-2022-23181 High Risk Time Of Check To Time Of Use (TOCTOU) tomcat-embed-core 9.0.14 CVE-2023-44487 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2026-34487 High Risk Apache Tomcat Vulnerable To Insertion Of Sensitive Information Into Log File tomcat-embed-core 9.0.14 CVE-2019-10072 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2020-13934 High Risk Denial Of Service (DoS) tomcat-embed-core 9.0.14 CVE-2020-10673 High Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2020-11111 High Risk Remote Code Execution jackson-databind 2.9.8 CVE-2020-36518 High Risk Denial Of Service (DoS) jackson-databind 2.9.8 CVE-2020-35490 High Risk Deserialization Of Untrusted Object jackson-databind 2.9.8 CVE-2020-11113 High Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2020-11112 High Risk Remote Code Execution jackson-databind 2.9.8 CVE-2020-24616 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36187 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36186 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36184 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36185 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2022-42004 High Risk Denial Of Service (DoS) jackson-databind 2.9.8 CVE-2020-36182 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36179 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36189 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36188 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36183 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36181 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-36180 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2022-42003 High Risk Denial Of Service (DoS) jackson-databind 2.9.8 CVE-2020-10969 High Risk Deserialization Of Untrusted Object jackson-databind 2.9.8 CVE-2021-20190 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-24750 High Risk Arbitrary Code Execution jackson-databind 2.9.8 CVE-2020-35728 High Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2020-10968 High Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2020-10650 High Risk Deserialization Of Untrusted Data jackson-databind 2.9.8 CVE-2020-25649 High Risk XML External Entity (XXE) jackson-databind 2.9.8 CVE-2020-11619 High Risk Deserialization Of Untrusted Object jackson-databind 2.9.8 CVE-2020-11620 High Risk Deserialization Of Untrusted Object jackson-databind 2.9.8 CVE-2019-14439 High Risk Deserialization Of Untrusted Data jackson-databind 2.9.8 CVE-2019-12086 High Risk Remote Code Execution (RCE) Through Deserialization jackson-databind 2.9.8 CVE-2020-14062 High Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2020-14061 High Risk Remote Code Execution (RCE) jackson-databind 2.9.8 CVE-2020-14060 High Risk Remote Code Execution jackson-databind 2.9.8 CVE-2020-35491 High Risk Deserialization Of Untrusted Object jackson-databind 2.9.8 CVE-2020-10672 High Risk Remote Code Execution jackson-databind 2.9.8 CVE-2020-14195 High Risk Remote Code Execution jackson-databind 2.9.8 CVE-2021-37714 High Risk Denial Of Service jsoup Java HTML Parser 1.8.3 CVE-2025-52999 High Risk Denial Of Service (DoS) Jackson-core 2.9.8 CVE-2023-6378 High Risk Denial Of Service (DoS) Logback Classic Module 1.2.3 CVE-2026-22740 Medium Risk Denial Of Service (DoS) Spring Web 5.1.4.RELEASE CVE-2024-38809 Medium Risk Denial Of Service (DoS) Spring Web 5.1.4.RELEASE CVE-2020-5421 Medium Risk Reflected File Download (RFD) Attack Spring Web 5.1.4.RELEASE CVE-2026-22745 Medium Risk Denial Of Service (DoS) Spring Web MVC 5.1.4.RELEASE CVE-2022-22970 Medium Risk Denial Of Service (DoS) Spring Beans 5.1.4.RELEASE CVE-2022-22968 Medium Risk Binding Rules Bypass Spring Context 5.1.4.RELEASE CVE-2024-38820 Medium Risk Case Insensitive Input Validation Spring Context 5.1.4.RELEASE CVE-2020-10693 Medium Risk EL Expression Injection org.hibernate.validator:hibernate-validator 6.0.14.Final CVE-2023-1932 Medium Risk HTML Injection org.hibernate.validator:hibernate-validator 6.0.14.Final CVE-2019-10219 Medium Risk Cross-site Scripting (XSS) org.hibernate.validator:hibernate-validator 6.0.14.Final CVE-2022-41946 Medium Risk Information Disclosure PostgreSQL JDBC Driver 42.2.5 CVE-2026-40974 Medium Risk Improper SSL Hostname Verification spring-boot-autoconfigure 2.1.2.RELEASE CVE-2026-40971 Medium Risk Improper Hostname Verification spring-boot-autoconfigure 2.1.2.RELEASE CVE-2021-42550 Medium Risk Remote Code Execution (RCE) Logback Core Module 1.2.3 CVE-2024-12801 Medium Risk Server-Side Request Forgery (SSRF) Logback Core Module 1.2.3 CVE-2025-11226 Medium Risk Arbitrary Code Execution Logback Core Module 1.2.3 CVE-2026-40977 Medium Risk Arbitrary File Overwrite spring-boot 2.1.2.RELEASE CVE-2026-22745 Medium Risk Denial Of Service (DoS) Spring Core 5.1.4.RELEASE CVE-2021-22096 Medium Risk Log Injection Spring Core 5.1.4.RELEASE CVE-2020-13943 Medium Risk HTTP/2 Request Mix-up tomcat-embed-core 9.0.14 CVE-2024-21733 Medium Risk Sensitive Information Disclosure tomcat-embed-core 9.0.14 CVE-2021-33037 Medium Risk Request Smuggling tomcat-embed-core 9.0.14 CVE-2026-25854 Medium Risk Apache Tomcat Has An Open Redirect Vulnerability tomcat-embed-core 9.0.14 CVE-2021-30640 Medium Risk Access Restriction Bypass tomcat-embed-core 9.0.14 CVE-2025-61795 Medium Risk Improper Resource Shutdown Or Release tomcat-embed-core 9.0.14 CVE-2021-24122 Medium Risk Information Disclosure tomcat-embed-core 9.0.14 CVE-2023-20863 Medium Risk Denial Of Service (DoS) Spring Expression Language (SpEL) 5.1.4.RELEASE CVE-2022-22950 Medium Risk Denial Of Service (DoS) Spring Expression Language (SpEL) 5.1.4.RELEASE CVE-2019-12384 Medium Risk Unsafe Deserialization jackson-databind 2.9.8 CVE-2019-12814 Medium Risk Deserialization Of Untrusted Object jackson-databind 2.9.8 CVE-2022-36033 Medium Risk Cross-site Scripting (XSS) jsoup Java HTML Parser 1.8.3 CVE-2025-49128 Medium Risk Information Disclosure Jackson-core 2.9.8 CVE-2021-42550 Medium Risk Remote Code Execution (RCE) Logback Classic Module 1.2.3 CVE-2026-22741 Low Risk Cache Poisoning Spring Web MVC 5.1.4.RELEASE CVE-2026-1225 Low Risk Arbitrary Code Execution Logback Core Module 1.2.3 Vulnerabilities - Premium Data NO-CVE Critical Risk Remote Code Execution (RCE) jackson-databind 2.9.8 NO-CVE Critical Risk Remote Code Execution (RCE) jackson-databind 2.9.8 NO-CVE High Risk Deserialization Of Untrusted Data jackson-databind 2.9.8 NO-CVE Medium Risk Denial Of Service (DoS) Infinite Loop jsoup Java HTML Parser 1.8.3 Licenses Unique Library Licenses 8 Unique Libraries Using GPL 1 Unique Libraries With High Risk License 3 Unique Libraries With Medium Risk License 3 Unique Libraries With Low Risk License 36 Unique Libraries With Multiple Licenses 3 Unique Libraries With Unassessable License 0 Unique Libraries With Unrecognizable License 0 Issues Issue ID Issue Type Severity Description Library Name & Version In Use 532076554 Vulnerability 3.9 CVE-2026-1225: Arbitrary Code Execution Logback Core Module 1.2.3 532076555 Vulnerability 3.1 CVE-2026-22741: Cache Poisoning Spring Web MVC 5.1.4.RELEASE 532076556 Vulnerability 5.3 NO-CVE: Denial of Service (DoS) Infinite Loop jsoup Java HTML Parser 1.8.3 532076557 Vulnerability 5.9 CVE-2019-12384: Unsafe Deserialization jackson-databind 2.9.8 532076558 Vulnerability 5.9 CVE-2019-12814: Deserialization Of Untrusted Object jackson-databind 2.9.8 532076559 Vulnerability 6.1 CVE-2019-10219: Cross-site Scripting (XSS) org.hibernate.validator:hibernate-validator 6.0.14.Final 532076560 Vulnerability 5.3 CVE-2020-10693: EL Expression Injection org.hibernate.validator:hibernate-validator 6.0.14.Final 532076561 Vulnerability 6.5 CVE-2020-5421: Reflected File Download (RFD) Attack Spring Web 5.1.4.RELEASE 532076562 Vulnerability 4.3 CVE-2020-13943: HTTP/2 Request Mix-up tomcat-embed-core 9.0.14 532076563 Vulnerability 5.9 CVE-2021-24122: Information Disclosure tomcat-embed-core 9.0.14 532076564 Vulnerability 6.5 CVE-2021-30640: Access Restriction Bypass tomcat-embed-core 9.0.14 532076565 Vulnerability 5.3 CVE-2021-33037: Request Smuggling tomcat-embed-core 9.0.14 532076566 Vulnerability 4.3 CVE-2021-22096: Log Injection Spring Core 5.1.4.RELEASE 532076567 Vulnerability 6.6 CVE-2021-42550: Remote Code Execution (RCE) Logback Classic Module 1.2.3 532076568 Vulnerability 6.6 CVE-2021-42550: Remote Code Execution (RCE) Logback Core Module 1.2.3 532076569 Vulnerability 6.5 CVE-2022-22950: Denial Of Service (DoS) Spring Expression Language (SpEL) 5.1.4.RELEASE 532076570 Vulnerability 5.3 CVE-2022-22968: Binding Rules Bypass Spring Context 5.1.4.RELEASE 532076571 Vulnerability 5.3 CVE-2022-22970: Denial Of Service (DoS) Spring Beans 5.1.4.RELEASE 532076572 Vulnerability 6.1 CVE-2022-36033: Cross-site Scripting (XSS) jsoup Java HTML Parser 1.8.3 532076573 Vulnerability 5.5 CVE-2022-41946: Information Disclosure PostgreSQL JDBC Driver 42.2.5 532076574 Vulnerability 6.5 CVE-2023-20863: Denial Of Service (DoS) Spring Expression Language (SpEL) 5.1.4.RELEASE 532076575 Vulnerability 5.3 CVE-2024-21733: Sensitive Information Disclosure tomcat-embed-core 9.0.14 532076576 Vulnerability 5.3 CVE-2024-38809: Denial Of Service (DoS) Spring Web 5.1.4.RELEASE 532076577 Vulnerability 5.3 CVE-2024-38820: Case Insensitive Input Validation Spring Context 5.1.4.RELEASE 532076578 Vulnerability 6.1 CVE-2023-1932: HTML Injection org.hibernate.validator:hibernate-validator 6.0.14.Final 532076579 Vulnerability 4.4 CVE-2024-12801: Server-Side Request Forgery (SSRF) Logback Core Module 1.2.3 532076580 Vulnerability 4.0 CVE-2025-49128: Information Disclosure Jackson-core 2.9.8 532076581 Vulnerability 5.3 CVE-2025-61795: Improper Resource Shutdown Or Release tomcat-embed-core 9.0.14 532076582 Vulnerability 5.3 CVE-2025-11226: Arbitrary Code Execution Logback Core Module 1.2.3 532076583 Vulnerability 5.0 CVE-2026-40974: Improper SSL Hostname Verification spring-boot-autoconfigure 2.1.2.RELEASE 532076584 Vulnerability 6.1 CVE-2026-25854: Apache Tomcat has an Open Redirect vulnerability tomcat-embed-core 9.0.14 532077335 Vulnerability 6.5 CVE-2026-22740: Denial Of Service (DoS) Spring Web 5.1.4.RELEASE 532077336 Vulnerability 5.3 CVE-2026-22745: Denial Of Service (DoS) Spring Web MVC 5.1.4.RELEASE 532077337 Vulnerability 5.3 CVE-2026-22745: Denial Of Service (DoS) Spring Core 5.1.4.RELEASE 532077338 Vulnerability 5.0 CVE-2026-40971: Improper Hostname Verification spring-boot-autoconfigure 2.1.2.RELEASE 532077339 Vulnerability 6.7 CVE-2026-40977: Arbitrary File Overwrite spring-boot 2.1.2.RELEASE 532077340 Vulnerability 7.5 CVE-2019-0199: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077341 Vulnerability 7.5 CVE-2019-12086: Remote Code Execution (RCE) Through Deserialization jackson-databind 2.9.8 532077342 Vulnerability 7.5 CVE-2019-10072: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077343 Vulnerability 7.5 CVE-2019-14439: Deserialization Of Untrusted Data jackson-databind 2.9.8 532077344 Vulnerability 7.3 NO-CVE: Deserialization Of Untrusted Data jackson-databind 2.9.8 532077345 Vulnerability 7.5 CVE-2020-5398: Reflected File Download Spring Web 5.1.4.RELEASE 532077346 Vulnerability 7.5 CVE-2020-5398: Reflected File Download Spring Web MVC 5.1.4.RELEASE 532077347 Vulnerability 8.8 CVE-2020-10672: Remote Code Execution jackson-databind 2.9.8 532077348 Vulnerability 8.8 CVE-2020-10673: Remote Code Execution (RCE) jackson-databind 2.9.8 532077349 Vulnerability 8.8 CVE-2020-10969: Deserialization Of Untrusted Object jackson-databind 2.9.8 532077350 Vulnerability 8.8 CVE-2020-10968: Remote Code Execution (RCE) jackson-databind 2.9.8 532077351 Vulnerability 8.8 CVE-2020-11113: Remote Code Execution (RCE) jackson-databind 2.9.8 532077352 Vulnerability 8.8 CVE-2020-11112: Remote Code Execution jackson-databind 2.9.8 532077353 Vulnerability 8.1 CVE-2020-11619: Deserialization Of Untrusted Object jackson-databind 2.9.8 532077354 Vulnerability 8.1 CVE-2020-11620: Deserialization Of Untrusted Object jackson-databind 2.9.8 532077355 Vulnerability 8.8 CVE-2020-11111: Remote Code Execution jackson-databind 2.9.8 532077356 Vulnerability 7.7 CVE-2020-13692: XML External Entity (XXE) PostgreSQL JDBC Driver 42.2.5 532077357 Vulnerability 8.1 CVE-2020-14062: Remote Code Execution (RCE) jackson-databind 2.9.8 532077358 Vulnerability 8.1 CVE-2020-14061: Remote Code Execution (RCE) jackson-databind 2.9.8 532077359 Vulnerability 8.1 CVE-2020-14060: Remote Code Execution jackson-databind 2.9.8 532077360 Vulnerability 8.1 CVE-2020-14195: Remote Code Execution jackson-databind 2.9.8 532077361 Vulnerability 7.5 CVE-2020-13934: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077362 Vulnerability 7.5 CVE-2020-13935: Denial Of Service (DoS) tomcat-embed-websocket 9.0.14 532077363 Vulnerability 8.1 CVE-2020-24616: Arbitrary Code Execution jackson-databind 2.9.8 532077364 Vulnerability 8.1 CVE-2020-24750: Arbitrary Code Execution jackson-databind 2.9.8 532077365 Vulnerability 7.5 CVE-2020-25649: XML External Entity (XXE) jackson-databind 2.9.8 532077366 Vulnerability 7.5 CVE-2020-17527: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077367 Vulnerability 8.1 CVE-2020-35491: Deserialization Of Untrusted Object jackson-databind 2.9.8 532077368 Vulnerability 8.1 CVE-2020-35728: Remote Code Execution (RCE) jackson-databind 2.9.8 532077369 Vulnerability 8.1 CVE-2020-35490: Deserialization Of Untrusted Object jackson-databind 2.9.8 532077370 Vulnerability 8.1 CVE-2020-36187: Arbitrary Code Execution jackson-databind 2.9.8 532077371 Vulnerability 8.1 CVE-2020-36186: Arbitrary Code Execution jackson-databind 2.9.8 532077372 Vulnerability 8.1 CVE-2020-36184: Arbitrary Code Execution jackson-databind 2.9.8 532077373 Vulnerability 8.1 CVE-2020-36185: Arbitrary Code Execution jackson-databind 2.9.8 532077374 Vulnerability 8.1 CVE-2020-36182: Arbitrary Code Execution jackson-databind 2.9.8 532077375 Vulnerability 8.1 CVE-2020-36179: Arbitrary Code Execution jackson-databind 2.9.8 532077376 Vulnerability 8.1 CVE-2020-36189: Arbitrary Code Execution jackson-databind 2.9.8 532077377 Vulnerability 8.1 CVE-2020-36188: Arbitrary Code Execution jackson-databind 2.9.8 532077378 Vulnerability 8.1 CVE-2020-36183: Arbitrary Code Execution jackson-databind 2.9.8 532077379 Vulnerability 8.1 CVE-2020-36181: Arbitrary Code Execution jackson-databind 2.9.8 532077380 Vulnerability 8.1 CVE-2020-36180: Arbitrary Code Execution jackson-databind 2.9.8 532077381 Vulnerability 8.1 CVE-2021-20190: Arbitrary Code Execution jackson-databind 2.9.8 532077382 Vulnerability 7.5 CVE-2021-25122: Information Disclosure tomcat-embed-core 9.0.14 532077383 Vulnerability 7.0 CVE-2021-25329: Remote Code Execution tomcat-embed-core 9.0.14 532077384 Vulnerability 7.8 CVE-2021-22118: Privilege Escalation Spring Web 5.1.4.RELEASE 532077385 Vulnerability 7.5 CVE-2021-37714: Denial Of Service jsoup Java HTML Parser 1.8.3 532077386 Vulnerability 7.0 CVE-2022-23181: Time Of Check To Time Of Use (TOCTOU) tomcat-embed-core 9.0.14 532077387 Vulnerability 7.5 CVE-2020-36518: Denial Of Service (DoS) jackson-databind 2.9.8 532077388 Vulnerability 7.8 CVE-2022-27772: Directory Traversal spring-boot 2.1.2.RELEASE 532077389 Vulnerability 8.1 CVE-2020-10650: Deserialization Of Untrusted Data jackson-databind 2.9.8 532077390 Vulnerability 8.0 CVE-2022-31197: SQL Injection PostgreSQL JDBC Driver 42.2.5 532077391 Vulnerability 7.5 CVE-2022-42004: Denial Of Service (DoS) jackson-databind 2.9.8 532077392 Vulnerability 7.5 CVE-2022-42003: Denial Of Service (DoS) jackson-databind 2.9.8 532077393 Vulnerability 7.5 CVE-2023-24998: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077394 Vulnerability 7.5 CVE-2023-28709: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077395 Vulnerability 7.5 CVE-2023-20883: Denial Of Service (DoS) spring-boot-autoconfigure 2.1.2.RELEASE 532077396 Vulnerability 7.5 CVE-2023-44487: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077397 Vulnerability 7.5 CVE-2023-46589: Request Smuggling tomcat-embed-core 9.0.14 532077398 Vulnerability 7.5 CVE-2023-6378: Denial Of Service (DoS) Logback Classic Module 1.2.3 532077399 Vulnerability 7.5 CVE-2023-6378: Denial Of Service (DoS) Logback Core Module 1.2.3 532077400 Vulnerability 8.1 CVE-2024-22243: Server Side Request Forgery (SSRF) Spring Web 5.1.4.RELEASE 532077401 Vulnerability 7.5 CVE-2024-23672: Denial Of Service (DoS) tomcat-embed-websocket 9.0.14 532077402 Vulnerability 7.5 CVE-2024-24549: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077403 Vulnerability 8.1 CVE-2024-22259: Server Side Request Forgery (SSRF) Spring Web 5.1.4.RELEASE 532077404 Vulnerability 8.1 CVE-2024-22262: Open Redirect Spring Web 5.1.4.RELEASE 532077405 Vulnerability 7.5 CVE-2024-34750: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077406 Vulnerability 7.5 CVE-2024-38819: Path Traversal Spring Web MVC 5.1.4.RELEASE 532077407 Vulnerability 7.3 CVE-2024-12798: Arbitrary Code Execution Logback Core Module 1.2.3 532077408 Vulnerability 7.3 CVE-2025-46701: Improper Handling Of Case Sensitivity tomcat-embed-core 9.0.14 532077409 Vulnerability 7.3 CVE-2025-35036: Arbitrary Code Injection org.hibernate.validator:hibernate-validator 6.0.14.Final 532077410 Vulnerability 7.5 CVE-2025-49125: Authentication Bypass tomcat-embed-core 9.0.14 532077411 Vulnerability 7.5 CVE-2025-48988: Denial Of Service (DoS) tomcat-embed-core 9.0.14 532077412 Vulnerability 7.5 CVE-2025-52999: Denial Of Service (DoS) Jackson-core 2.9.8 532077413 Vulnerability 7.5 CVE-2025-48989: Improper Resource Shutdown Or Release tomcat-embed-core 9.0.14 532077414 Vulnerability 7.5 CVE-2025-55752: Relative Path Traversal tomcat-embed-core 9.0.14 532077415 Vulnerability 7.5 CVE-2026-34487: Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File tomcat-embed-core 9.0.14 532077416 Vulnerability 7.5 CVE-2026-40975: Weak Random Value Generation For Secrets (weak PRNG) spring-boot 2.1.2.RELEASE 532077417 Vulnerability 7.0 CVE-2026-40973: Improper Control Of Temporary Directory Access spring-boot 2.1.2.RELEASE 532077418 Vulnerability 7.5 CVE-2026-42198: pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS PostgreSQL JDBC Driver 42.2.5 532077419 Vulnerability 9.8 CVE-2019-14379: Remote Code Execution (RCE) jackson-databind 2.9.8 532077420 Vulnerability 9.8 CVE-2019-14540: Deserialization Of Untrusted Data jackson-databind 2.9.8 532077421 Vulnerability 9.8 CVE-2019-16335: Deserialization Of Untrusted Data jackson-databind 2.9.8 532077422 Vulnerability 9.8 CVE-2019-16942: Remote Code Execution (RCE) jackson-databind 2.9.8 532077423 Vulnerability 9.8 CVE-2019-16943: Remote Code Execution (RCE) jackson-databind 2.9.8 532077424 Vulnerability 9.8 CVE-2019-17267: Remote Code Execution jackson-databind 2.9.8 532077425 Vulnerability 9.8 CVE-2019-17531: Remote Code Execution (RCE) jackson-databind 2.9.8 532077426 Vulnerability 9.8 CVE-2019-14892: Remote Code Execution jackson-databind 2.9.8 532077427 Vulnerability 9.8 CVE-2019-14893: Remote Code Execution jackson-databind 2.9.8 532077428 Vulnerability 9.8 CVE-2019-20330: Remote Code Execution (RCE) jackson-databind 2.9.8 532077429 Vulnerability 9.8 CVE-2016-1000027: Remote Code Execution (RCE) Spring Web 5.1.4.RELEASE 532077430 Vulnerability 9.8 CVE-2020-8840: Remote Code Execution jackson-databind 2.9.8 532077431 Vulnerability 9.8 CVE-2020-1938: Authentication Bypass tomcat-embed-core 9.0.14 532077432 Vulnerability 9.8 CVE-2020-9546: Deserialization Of Untrusted Object jackson-databind 2.9.8 532077433 Vulnerability 9.8 CVE-2020-9547: Remote Code Execution (RCE) jackson-databind 2.9.8 532077434 Vulnerability 9.8 CVE-2020-9548: Remote Code Execution (RCE) jackson-databind 2.9.8 532077435 Vulnerability 9.8 NO-CVE: Remote Code Execution (RCE) jackson-databind 2.9.8 532077436 Vulnerability 9.8 NO-CVE: Remote Code Execution (RCE) jackson-databind 2.9.8 532077437 Vulnerability 9.8 CVE-2022-21724: Remote Code Execution (RCE) PostgreSQL JDBC Driver 42.2.5 532077438 Vulnerability 9.8 CVE-2022-22965: Remote Code Execution (RCE) spring-boot-starter-web 2.1.2.RELEASE 532077439 Vulnerability 9.8 CVE-2022-22965: Remote Code Execution (RCE) Spring Web MVC 5.1.4.RELEASE 532077440 Vulnerability 9.8 CVE-2022-22965: Remote Code Execution (RCE) Spring Beans 5.1.4.RELEASE 532077441 Vulnerability 9.8 CVE-2022-26520: Arbitrary File Write PostgreSQL JDBC Driver 42.2.5 532077442 Vulnerability 9.8 CVE-2024-1597: Sql Injection PostgreSQL JDBC Driver 42.2.5 532077443 Vulnerability 9.8 CVE-2024-52316: Authentication Bypass tomcat-embed-core 9.0.14 532077444 Vulnerability 9.8 CVE-2024-50379: Time-of-check Time-of-use (TOCTOU) Race Condition tomcat-embed-core 9.0.14 532077445 Vulnerability 9.8 CVE-2024-56337: Time-of-Check Time-of-Use (TOCTOU) tomcat-embed-core 9.0.14 532077446 Vulnerability 9.8 CVE-2025-24813: Path Equivalence tomcat-embed-core 9.0.14 532077447 Vulnerability 9.8 CVE-2025-31651: Improper Neutralization Of Escape, Meta, Or Control Sequences tomcat-embed-core 9.0.14 532077448 Vulnerability 9.1 CVE-2025-66614: Authentication Bypass tomcat-embed-core 9.0.14 532077449 Outdated Library 3.0 Latest version at scan: 0.13.0 JJWT :: API 0.10.5 532077450 Outdated Library 3.0 Latest version at scan: 0.5.6 Maven Wrapper 0.4.2 532077451 Outdated Library 3.0 Latest version at scan: 1.22.2 jsoup Java HTML Parser 1.8.3 532077452 Outdated Library 3.0 Latest version at scan: 42.7.11 PostgreSQL JDBC Driver 42.2.5 532077453 Outdated Library 3.0 Latest version at scan: 4.1.0-RC1 spring-boot-starter-web 2.1.2.RELEASE 532077454 Outdated Library 3.0 Latest version at scan: 4.1.0-RC1 spring-boot-starter 2.1.2.RELEASE Full Report Details https://sca.analysiscenter.veracode.com/teams/bvvFQZZz/scans/117081619
Loading