fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v2.3.12.release (wip) #9
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|---|
CVE-2022-22965Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.3.12.RELEASE/spring-boot-starter-web-2.3.12.RELEASE.jar Dependency Hierarchy: -> ❌ spring-boot-starter-web-2.3.12.RELEASE.jar (Vulnerable Library) |
 Critical |
9.8 | High | 94.428% | Direct spring-boot-starter-web-2.3.12.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | 5.2.20.RELEASE | None |
|
CVE-2022-22965Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.15.RELEASE/spring-webmvc-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> ❌ spring-webmvc-5.2.15.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | High | 94.428% | Transitive spring-webmvc-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.20.RELEASE |
None |
|
CVE-2022-22965Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.15.RELEASE/spring-beans-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> spring-context-5.2.15.RELEASE.jar -> spring-aop-5.2.15.RELEASE.jar -> ❌ spring-beans-5.2.15.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | High | 94.428% | Transitive spring-beans-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.20.RELEASE |
None |
|
CVE-2024-22262Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.15.RELEASE/spring-web-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ spring-web-5.2.15.RELEASE.jar (Vulnerable Library) |
 High |
8.1 | Not Defined | 12.634% | Transitive spring-web-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.3.34 |
None |
|
CVE-2024-22259Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.15.RELEASE/spring-web-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ spring-web-5.2.15.RELEASE.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 56.395% | Transitive spring-web-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.3.33 |
None |
|
CVE-2024-22243Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.15.RELEASE/spring-web-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ spring-web-5.2.15.RELEASE.jar (Vulnerable Library) |
High |
8.1 | Not Defined | 59.593% | Transitive spring-web-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.3.32 |
None |
|
WS-2026-0003Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.11.4/jackson-core-2.11.4.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> jackson-databind-2.11.4.jar -> ❌ jackson-core-2.11.4.jar (Vulnerable Library) |
High |
7.5 | Not Defined | Transitive jackson-core-2.11.4.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 2.18.6 |
None |
|
|
WS-2022-0468Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.11.4/jackson-core-2.11.4.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> jackson-databind-2.11.4.jar -> ❌ jackson-core-2.11.4.jar (Vulnerable Library) |
High |
7.5 | Not Defined | Transitive jackson-core-2.11.4.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 2.15.0-rc1 |
None |
|
|
CVE-2025-52999Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.11.4/jackson-core-2.11.4.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> jackson-databind-2.11.4.jar -> ❌ jackson-core-2.11.4.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.252% | Transitive jackson-core-2.11.4.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 2.15.0 |
None |
|
CVE-2025-41249Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.2.15.RELEASE/spring-core-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> ❌ spring-core-5.2.15.RELEASE.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.069% | Transitive spring-core-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive https://github.com/spring-projects/spring-framework.git - v6.2.11,org.springframework:spring-core:6.2.11 |
None |
|
CVE-2022-42004Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.11.4/jackson-databind-2.11.4.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ jackson-databind-2.11.4.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.298% | Transitive jackson-databind-2.11.4.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 2.12.7.1 |
None |
|
CVE-2022-42003Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.11.4/jackson-databind-2.11.4.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ jackson-databind-2.11.4.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.377% | Transitive jackson-databind-2.11.4.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 2.12.7.1 |
None |
|
CVE-2021-46877Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.11.4/jackson-databind-2.11.4.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ jackson-databind-2.11.4.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.293% | Transitive jackson-databind-2.11.4.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 2.12.6 |
None |
|
CVE-2025-22235Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.3.12.RELEASE/spring-boot-2.3.12.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> ❌ spring-boot-2.3.12.RELEASE.jar (Vulnerable Library) |
High |
7.3 | Functional | 0.39% | Transitive spring-boot-2.3.12.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive https://github.com/spring-projects/spring-boot.git - v3.4.5,https://github.com/spring-projects/spring-boot.git - v3.3.11,org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.5,org.springframework.boot:spring-boot-actuator-autoconfigure:3.3.11 |
None |
|
CVE-2023-20863Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.15.RELEASE/spring-expression-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> spring-context-5.2.15.RELEASE.jar -> ❌ spring-expression-5.2.15.RELEASE.jar (Vulnerable Library) |
 Medium |
6.5 | Not Defined | 1.02% | Transitive spring-expression-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.24.RELEASE |
None |
|
CVE-2023-20861Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.15.RELEASE/spring-expression-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> spring-context-5.2.15.RELEASE.jar -> ❌ spring-expression-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.409% | Transitive spring-expression-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.23.RELEASE |
None |
|
CVE-2022-22950Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.15.RELEASE/spring-expression-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> spring-context-5.2.15.RELEASE.jar -> ❌ spring-expression-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
6.5 | Not Defined | 4.122% | Transitive spring-expression-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.20.RELEASE |
None |
|
WS-2021-0616Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.11.4/jackson-databind-2.11.4.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ jackson-databind-2.11.4.jar (Vulnerable Library) |
Medium |
5.9 | Not Defined | Transitive jackson-databind-2.11.4.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 2.12.6 |
None |
|
|
WS-2021-0616Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.11.4/jackson-core-2.11.4.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> jackson-databind-2.11.4.jar -> ❌ jackson-core-2.11.4.jar (Vulnerable Library) |
Medium |
5.9 | Not Defined | Transitive jackson-core-2.11.4.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 2.12.6 |
None |
|
|
CVE-2025-41242Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.15.RELEASE/spring-beans-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> spring-context-5.2.15.RELEASE.jar -> spring-aop-5.2.15.RELEASE.jar -> ❌ spring-beans-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
5.9 | Not Defined | 0.087% | Transitive spring-beans-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive https://github.com/spring-projects/spring-framework.git - v6.2.10,org.springframework:spring-beans:6.2.10 |
None |
|
CVE-2024-38828Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.15.RELEASE/spring-webmvc-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> ❌ spring-webmvc-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.076% | Transitive spring-webmvc-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 6.0.0 |
None |
|
CVE-2024-38809Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.15.RELEASE/spring-web-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ spring-web-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.14% | Transitive spring-web-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.3.38 |
None |
|
CVE-2022-22970Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.2.15.RELEASE/spring-core-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> ❌ spring-core-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.164% | Transitive spring-core-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.22.RELEASE |
None |
|
CVE-2022-22970Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.15.RELEASE/spring-beans-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> spring-context-5.2.15.RELEASE.jar -> spring-aop-5.2.15.RELEASE.jar -> ❌ spring-beans-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.164% | Transitive spring-beans-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.22.RELEASE |
None |
|
CVE-2022-22968Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/5.2.15.RELEASE/spring-context-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> ❌ spring-context-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
5.3 | Not Defined | 20.519% | Transitive spring-context-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.21.RELEASE |
None |
|
CVE-2024-38808Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.15.RELEASE/spring-expression-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> spring-context-5.2.15.RELEASE.jar -> ❌ spring-expression-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | Not Defined | 0.809% | Transitive spring-expression-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.3.39 |
None |
|
CVE-2021-22060Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.15.RELEASE/spring-web-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ spring-web-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | Not Defined | 0.168% | Transitive spring-web-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.19.RELEASE |
None |
|
CVE-2025-49128Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.11.4/jackson-core-2.11.4.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> jackson-databind-2.11.4.jar -> ❌ jackson-core-2.11.4.jar (Vulnerable Library) |
Medium |
4.0 | Not Defined | 0.027% | Transitive jackson-core-2.11.4.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive https://github.com/FasterXML/jackson-core.git - jackson-core-2.13.0-rc1 |
None |
|
CVE-2025-22233Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/5.2.15.RELEASE/spring-context-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> ❌ spring-context-5.2.15.RELEASE.jar (Vulnerable Library) |
 Low |
3.1 | Not Defined | 0.083% | Transitive spring-context-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive https://github.com/spring-projects/spring-framework.git - v6.1.20 ,org.springframework:spring-context:6.1.20,org.springframework:spring-context:6.2.7,https://github.com/spring-projects/spring-framework.git - v6.2.7 |
None |
|
CVE-2024-38820Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.15.RELEASE/spring-web-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ spring-web-5.2.15.RELEASE.jar (Vulnerable Library) |
Low |
3.1 | Not Defined | 1.514% | Transitive spring-web-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 6.1.14 |
None |
|
CVE-2024-38820Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/5.2.15.RELEASE/spring-context-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> spring-boot-2.3.12.RELEASE.jar -> ❌ spring-context-5.2.15.RELEASE.jar (Vulnerable Library) |
Low |
3.1 | Not Defined | 1.514% | Transitive spring-context-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 6.1.14 |
None |
|
CVE-2026-22735Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.15.RELEASE/spring-web-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ spring-web-5.2.15.RELEASE.jar (Vulnerable Library) |
Low |
2.6 | Not Defined | 0.092% | Transitive spring-web-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive org.springframework:spring-webmvc:7.0.6,https://github.com/spring-projects/spring-framework.git - v7.0.6,https://github.com/spring-projects/spring-framework.git - v6.1.21,org.springframework:spring-web:7.0.6,org.springframework:spring-web:6.2.17,org.springframework:spring-webmvc:6.2.17,https://github.com/spring-projects/spring-framework.git - v6.2.17 |
None |
|
CVE-2026-22735Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.15.RELEASE/spring-webmvc-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> ❌ spring-webmvc-5.2.15.RELEASE.jar (Vulnerable Library) |
Low |
2.6 | Not Defined | 0.092% | Transitive spring-webmvc-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive org.springframework:spring-webmvc:7.0.6,https://github.com/spring-projects/spring-framework.git - v7.0.6,https://github.com/spring-projects/spring-framework.git - v6.1.21,org.springframework:spring-web:7.0.6,org.springframework:spring-web:6.2.17,org.springframework:spring-webmvc:6.2.17,https://github.com/spring-projects/spring-framework.git - v6.2.17 |
None |
|
CVE-2021-43466Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf-spring5/3.0.12.RELEASE/thymeleaf-spring5-3.0.12.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar (Root Library) -> ❌ thymeleaf-spring5-3.0.12.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 4.592% | Transitive thymeleaf-spring5-3.0.12.RELEASE.jar |
spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar | Transitive org.thymeleaf:thymeleaf-spring5:3.0.13.RELEASE |
None |
|
CVE-2016-1000027Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.15.RELEASE/spring-web-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ spring-web-5.2.15.RELEASE.jar (Vulnerable Library) |
Critical |
9.8 | Not Defined | 60.417% | Transitive spring-web-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.23.RELEASE |
None |
|
CVE-2026-40478Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf-spring5/3.0.12.RELEASE/thymeleaf-spring5-3.0.12.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar (Root Library) -> ❌ thymeleaf-spring5-3.0.12.RELEASE.jar (Vulnerable Library) |
Critical |
9.0 | Not Defined | 0.051% | Transitive thymeleaf-spring5-3.0.12.RELEASE.jar |
spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar | Transitive 3.1.4.RELEASE |
None |
|
CVE-2026-40478Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.12.RELEASE/thymeleaf-3.0.12.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar (Root Library) -> thymeleaf-spring5-3.0.12.RELEASE.jar -> ❌ thymeleaf-3.0.12.RELEASE.jar (Vulnerable Library) |
Critical |
9.0 | Not Defined | 0.051% | Transitive thymeleaf-3.0.12.RELEASE.jar |
spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar | Transitive 3.1.4.RELEASE |
None |
|
CVE-2026-40477Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.12.RELEASE/thymeleaf-3.0.12.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar (Root Library) -> thymeleaf-spring5-3.0.12.RELEASE.jar -> ❌ thymeleaf-3.0.12.RELEASE.jar (Vulnerable Library) |
Critical |
9.0 | Not Defined | 0.051% | Transitive thymeleaf-3.0.12.RELEASE.jar |
spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar | Transitive 3.1.4.RELEASE |
None |
|
CVE-2026-40477Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf-spring5/3.0.12.RELEASE/thymeleaf-spring5-3.0.12.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar (Root Library) -> ❌ thymeleaf-spring5-3.0.12.RELEASE.jar (Vulnerable Library) |
Critical |
9.0 | Not Defined | 0.051% | Transitive thymeleaf-spring5-3.0.12.RELEASE.jar |
spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar | Transitive 3.1.4.RELEASE |
None |
|
CVE-2024-38819Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.15.RELEASE/spring-webmvc-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> ❌ spring-webmvc-5.2.15.RELEASE.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 92.565% | Transitive spring-webmvc-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 6.1.14 |
None |
|
CVE-2024-38816Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.15.RELEASE/spring-webmvc-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> ❌ spring-webmvc-5.2.15.RELEASE.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 93.877% | Transitive spring-webmvc-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 6.1.13 |
None |
|
CVE-2023-38286Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.12.RELEASE/thymeleaf-3.0.12.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar (Root Library) -> thymeleaf-spring5-3.0.12.RELEASE.jar -> ❌ thymeleaf-3.0.12.RELEASE.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.145% | Transitive thymeleaf-3.0.12.RELEASE.jar |
spring-boot-starter-thymeleaf-2.3.12.RELEASE.jar | Transitive 3.1.2.RELEASE |
None |
|
CVE-2023-20883Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.3.12.RELEASE/spring-boot-autoconfigure-2.3.12.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-2.3.12.RELEASE.jar -> ❌ spring-boot-autoconfigure-2.3.12.RELEASE.jar (Vulnerable Library) |
High |
7.5 | Not Defined | 0.69% | Transitive spring-boot-autoconfigure-2.3.12.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 2.5.15 |
None |
|
CVE-2021-22096Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.15.RELEASE/spring-web-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> spring-boot-starter-json-2.3.12.RELEASE.jar -> ❌ spring-web-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | Not Defined | 0.227% | Transitive spring-web-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.18.RELEASE |
None |
|
CVE-2021-22096Path to dependency file: /test-app/pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.15.RELEASE/spring-webmvc-5.2.15.RELEASE.jar Dependency Hierarchy: -> spring-boot-starter-web-2.3.12.RELEASE.jar (Root Library) -> ❌ spring-webmvc-5.2.15.RELEASE.jar (Vulnerable Library) |
Medium |
4.3 | Not Defined | 0.227% | Transitive spring-webmvc-5.2.15.RELEASE.jar |
spring-boot-starter-web-2.3.12.RELEASE.jar | Transitive 5.2.18.RELEASE |
None |
|
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2023-20861 | spring-expression-5.2.10.RELEASE.jar |
| CVE-2022-22950 | spring-expression-5.2.10.RELEASE.jar |
| CVE-2020-36518 | jackson-databind-2.11.3.jar |
| CVE-2026-40477 | thymeleaf-spring5-3.0.11.RELEASE.jar |
| CVE-2025-22235 | spring-boot-2.3.5.RELEASE.jar |
| CVE-2024-22259 | spring-web-5.2.10.RELEASE.jar |
| CVE-2022-22970 | spring-beans-5.2.10.RELEASE.jar |
| CVE-2021-22096 | spring-webmvc-5.2.10.RELEASE.jar |
| CVE-2022-22965 | spring-webmvc-5.2.10.RELEASE.jar |
| CVE-2021-46877 | jackson-databind-2.11.3.jar |
| CVE-2024-38820 | spring-context-5.2.10.RELEASE.jar |
| CVE-2025-52999 | jackson-core-2.11.3.jar |
| CVE-2026-22735 | spring-webmvc-5.2.10.RELEASE.jar |
| CVE-2026-40477 | thymeleaf-3.0.11.RELEASE.jar |
| WS-2022-0468 | jackson-core-2.11.3.jar |
| CVE-2025-49128 | jackson-core-2.11.3.jar |
| CVE-2026-40478 | thymeleaf-spring5-3.0.11.RELEASE.jar |
| CVE-2016-1000027 | spring-web-5.2.10.RELEASE.jar |
| CVE-2024-38808 | spring-expression-5.2.10.RELEASE.jar |
| CVE-2024-38809 | spring-web-5.2.10.RELEASE.jar |
| CVE-2023-20863 | spring-expression-5.2.10.RELEASE.jar |
| CVE-2024-38820 | spring-web-5.2.10.RELEASE.jar |
| CVE-2021-22060 | spring-web-5.2.10.RELEASE.jar |
| CVE-2024-38828 | spring-webmvc-5.2.10.RELEASE.jar |
| CVE-2022-22965 | spring-beans-5.2.10.RELEASE.jar |
| CVE-2025-41249 | spring-core-5.2.10.RELEASE.jar |
| WS-2021-0616 | jackson-core-2.11.3.jar |
| CVE-2026-22735 | spring-web-5.2.10.RELEASE.jar |
| CVE-2025-41242 | spring-beans-5.2.10.RELEASE.jar |
| CVE-2024-22262 | spring-web-5.2.10.RELEASE.jar |
| WS-2026-0003 | jackson-core-2.11.3.jar |
| CVE-2022-22968 | spring-context-5.2.10.RELEASE.jar |
| CVE-2024-38819 | spring-webmvc-5.2.10.RELEASE.jar |
| CVE-2024-38816 | spring-webmvc-5.2.10.RELEASE.jar |
| CVE-2024-22243 | spring-web-5.2.10.RELEASE.jar |
| CVE-2022-42004 | jackson-databind-2.11.3.jar |
| CVE-2021-43466 | thymeleaf-spring5-3.0.11.RELEASE.jar |
| CVE-2021-22096 | spring-web-5.2.10.RELEASE.jar |
| CVE-2023-38286 | thymeleaf-3.0.11.RELEASE.jar |
| CVE-2022-22970 | spring-core-5.2.10.RELEASE.jar |
| CVE-2026-40478 | thymeleaf-3.0.11.RELEASE.jar |
| CVE-2022-42003 | jackson-databind-2.11.3.jar |
| WS-2021-0616 | jackson-databind-2.11.3.jar |
| CVE-2023-20883 | spring-boot-autoconfigure-2.3.5.RELEASE.jar |
| CVE-2025-22233 | spring-context-5.2.10.RELEASE.jar |
| CVE-2022-22965 | spring-boot-starter-web-2.3.5.RELEASE.jar |
Base branch total remaining vulnerabilities: 63
Base branch commit: 302c67d57ff33993b59b4e4a0302421181d2e09c
Total libraries scanned: 34
Scan token: f83c8cc9a1444974a63389c892af9411