Skip to content

Update dependency org.glassfish.jersey.inject:jersey-hk2 to v2.34 - autoclosed #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
mend-for-github-com wants to merge 1 commit into from

Update dependency org.glassfish.jersey.inject:jersey-hk2 to v2.34

72d0652
Select commit
Loading
Failed to load commit list.
Closed

Update dependency org.glassfish.jersey.inject:jersey-hk2 to v2.34 - autoclosed #73

Update dependency org.glassfish.jersey.inject:jersey-hk2 to v2.34
72d0652
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Apr 29, 2025 in 4h 39m 49s

Security Report

You have successfully remediated 25 vulnerabilities, but introduced 53 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2019-17638

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.28.v20200408/9c2cbd96426be38b1273ec87ae21e2696688a737/jetty-server-9.4.28.v20200408.jar

Dependency Hierarchy:

-> ❌ jetty-server-9.4.28.v20200408.jar (Vulnerable Library)

Critical 9.4 jetty-server-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-server:9.4.30.v20200611;org.eclipse.jetty:jetty-runner:9.4.30.v20200611 None
WS-2022-0468

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.12.2/8df50138521d05561a308ec2799cc8dda20c06df/jackson-core-2.12.2.jar

Dependency Hierarchy:

-> jackson-databind-2.12.2.jar (Root Library)

   -> ❌ jackson-core-2.12.2.jar (Vulnerable Library)

High 7.5 jackson-core-2.12.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-core:2.15.0 None
WS-2022-0468

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.12.2/8df50138521d05561a308ec2799cc8dda20c06df/jackson-core-2.12.2.jar

Dependency Hierarchy:

-> jersey-media-json-jackson-2.34.jar (Root Library)

   -> jackson-module-jaxb-annotations-2.12.2.jar

     -> ❌ jackson-core-2.12.2.jar (Vulnerable Library)

High 7.5 jackson-core-2.12.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-core:2.15.0 None
CVE-2023-36478

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> websocket-server-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty.http2:http2-hpack:9.4.53.v20231009,10.0.16,11.0.16;org.eclipse.jetty.http3:http3-qpack:10.0.16,11.0.16;org.eclipse.jetty:jetty-http:9.4.53.v20231009,10.0.16,11.0.16 #23
CVE-2023-36478

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> http2-server-9.4.26.v20200117.jar (Root Library)

   -> http2-common-9.4.26.v20200117.jar

     -> http2-hpack-9.4.26.v20200117.jar

       -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty.http2:http2-hpack:9.4.53.v20231009,10.0.16,11.0.16;org.eclipse.jetty.http3:http3-qpack:10.0.16,11.0.16;org.eclipse.jetty:jetty-http:9.4.53.v20231009,10.0.16,11.0.16 #9
CVE-2023-36478

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-client-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty.http2:http2-hpack:9.4.53.v20231009,10.0.16,11.0.16;org.eclipse.jetty.http3:http3-qpack:10.0.16,11.0.16;org.eclipse.jetty:jetty-http:9.4.53.v20231009,10.0.16,11.0.16 #8
CVE-2023-36478

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-server-9.4.28.v20200408.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty.http2:http2-hpack:9.4.53.v20231009,10.0.16,11.0.16;org.eclipse.jetty.http3:http3-qpack:10.0.16,11.0.16;org.eclipse.jetty:jetty-http:9.4.53.v20231009,10.0.16,11.0.16 None
CVE-2022-42004

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.12.2/5f9d79e09ebf5d54a46e9f4543924cf7ae7654e0/jackson-databind-2.12.2.jar

Dependency Hierarchy:

-> ❌ jackson-databind-2.12.2.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 None
CVE-2022-42003

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.12.2/5f9d79e09ebf5d54a46e9f4543924cf7ae7654e0/jackson-databind-2.12.2.jar

Dependency Hierarchy:

-> ❌ jackson-databind-2.12.2.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.2 None
CVE-2021-46877

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.12.2/5f9d79e09ebf5d54a46e9f4543924cf7ae7654e0/jackson-databind-2.12.2.jar

Dependency Hierarchy:

-> ❌ jackson-databind-2.12.2.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1 None
CVE-2021-28165

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.4.28.v20200408/adda6786588a922f834e9c33c7db5f1484310f44/jetty-io-9.4.28.v20200408.jar

Dependency Hierarchy:

-> websocket-server-9.4.26.v20200117.jar (Root Library)

   -> websocket-common-9.4.26.v20200117.jar

     -> ❌ jetty-io-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-io-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-io:9.4.39, org.eclipse.jetty:jetty-io:10.0.2, org.eclipse.jetty:jetty-io:11.0.2 #23
CVE-2021-28165

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.4.28.v20200408/adda6786588a922f834e9c33c7db5f1484310f44/jetty-io-9.4.28.v20200408.jar

Dependency Hierarchy:

-> http2-server-9.4.26.v20200117.jar (Root Library)

   -> http2-common-9.4.26.v20200117.jar

     -> http2-hpack-9.4.26.v20200117.jar

       -> ❌ jetty-io-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-io-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-io:9.4.39, org.eclipse.jetty:jetty-io:10.0.2, org.eclipse.jetty:jetty-io:11.0.2 #9
CVE-2021-28165

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.4.28.v20200408/adda6786588a922f834e9c33c7db5f1484310f44/jetty-io-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-client-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-io-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-io-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-io:9.4.39, org.eclipse.jetty:jetty-io:10.0.2, org.eclipse.jetty:jetty-io:11.0.2 #8
CVE-2021-28165

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.4.28.v20200408/adda6786588a922f834e9c33c7db5f1484310f44/jetty-io-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-alpn-java-server-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-io-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-io-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-io:9.4.39, org.eclipse.jetty:jetty-io:10.0.2, org.eclipse.jetty:jetty-io:11.0.2 #45
CVE-2021-28165

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.4.28.v20200408/adda6786588a922f834e9c33c7db5f1484310f44/jetty-io-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-server-9.4.28.v20200408.jar (Root Library)

   -> ❌ jetty-io-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-io-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-io:9.4.39, org.eclipse.jetty:jetty-io:10.0.2, org.eclipse.jetty:jetty-io:11.0.2 None
CVE-2021-28165

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.4.28.v20200408/adda6786588a922f834e9c33c7db5f1484310f44/jetty-io-9.4.28.v20200408.jar

Dependency Hierarchy:

-> websocket-client-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-io-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-io-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-io:9.4.39, org.eclipse.jetty:jetty-io:10.0.2, org.eclipse.jetty:jetty-io:11.0.2 #53
CVE-2021-28165

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.4.28.v20200408/adda6786588a922f834e9c33c7db5f1484310f44/jetty-io-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-alpn-java-client-9.4.26.v20200117.jar (Root Library)

   -> jetty-alpn-client-9.4.26.v20200117.jar

     -> ❌ jetty-io-9.4.28.v20200408.jar (Vulnerable Library)

High 7.5 jetty-io-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-io:9.4.39, org.eclipse.jetty:jetty-io:10.0.2, org.eclipse.jetty:jetty-io:11.0.2 #6
CVE-2020-36518

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.12.2/5f9d79e09ebf5d54a46e9f4543924cf7ae7654e0/jackson-databind-2.12.2.jar

Dependency Hierarchy:

-> ❌ jackson-databind-2.12.2.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 None
WS-2021-0616

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.12.2/5f9d79e09ebf5d54a46e9f4543924cf7ae7654e0/jackson-databind-2.12.2.jar

Dependency Hierarchy:

-> ❌ jackson-databind-2.12.2.jar (Vulnerable Library)

Medium 5.9 jackson-databind-2.12.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 None
WS-2021-0616

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.12.2/8df50138521d05561a308ec2799cc8dda20c06df/jackson-core-2.12.2.jar

Dependency Hierarchy:

-> jackson-databind-2.12.2.jar (Root Library)

   -> ❌ jackson-core-2.12.2.jar (Vulnerable Library)

Medium 5.9 jackson-core-2.12.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 None
WS-2021-0616

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.12.2/8df50138521d05561a308ec2799cc8dda20c06df/jackson-core-2.12.2.jar

Dependency Hierarchy:

-> jersey-media-json-jackson-2.34.jar (Root Library)

   -> jackson-module-jaxb-annotations-2.12.2.jar

     -> ❌ jackson-core-2.12.2.jar (Vulnerable Library)

Medium 5.9 jackson-core-2.12.2.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 None
CVE-2024-8184

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.28.v20200408/9c2cbd96426be38b1273ec87ae21e2696688a737/jetty-server-9.4.28.v20200408.jar

Dependency Hierarchy:

-> ❌ jetty-server-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.9 jetty-server-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-server:9.4.56,10.0.24,11.0.24,12.0.9, org.eclipse.jetty.ee9:jetty-ee9-nested:9.4.56,10.0.24,11.0.24,12.0.9 None
CVE-2023-40167

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> websocket-server-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.52.v20230823,10.0.16,11.0.16,12.0.1 #23
CVE-2023-40167

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> http2-server-9.4.26.v20200117.jar (Root Library)

   -> http2-common-9.4.26.v20200117.jar

     -> http2-hpack-9.4.26.v20200117.jar

       -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.52.v20230823,10.0.16,11.0.16,12.0.1 #9
CVE-2023-40167

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-client-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.52.v20230823,10.0.16,11.0.16,12.0.1 #8
CVE-2023-40167

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-server-9.4.28.v20200408.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.52.v20230823,10.0.16,11.0.16,12.0.1 None
CVE-2023-26048

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.28.v20200408/9c2cbd96426be38b1273ec87ae21e2696688a737/jetty-server-9.4.28.v20200408.jar

Dependency Hierarchy:

-> ❌ jetty-server-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-server-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-server:9.4.51.v20230217,10.0.14,11.0.14;org.eclipse.jetty:jetty-runner:9.4.51.v20230217,10.0.14,11.0.14 None
CVE-2021-28169

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> websocket-server-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-runner:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-http:9.4.41.v20210516, 10.0.3, 11.0.3,org.eclipse.jetty:jetty-servlets:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-server:9.4.41.v20210516, 10.0.3, 11.0.3 #23
CVE-2021-28169

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> http2-server-9.4.26.v20200117.jar (Root Library)

   -> http2-common-9.4.26.v20200117.jar

     -> http2-hpack-9.4.26.v20200117.jar

       -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-runner:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-http:9.4.41.v20210516, 10.0.3, 11.0.3,org.eclipse.jetty:jetty-servlets:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-server:9.4.41.v20210516, 10.0.3, 11.0.3 #9
CVE-2021-28169

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-client-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-runner:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-http:9.4.41.v20210516, 10.0.3, 11.0.3,org.eclipse.jetty:jetty-servlets:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-server:9.4.41.v20210516, 10.0.3, 11.0.3 #8
CVE-2021-28169

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-server-9.4.28.v20200408.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-runner:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-http:9.4.41.v20210516, 10.0.3, 11.0.3,org.eclipse.jetty:jetty-servlets:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-server:9.4.41.v20210516, 10.0.3, 11.0.3 None
CVE-2021-28169

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.28.v20200408/9c2cbd96426be38b1273ec87ae21e2696688a737/jetty-server-9.4.28.v20200408.jar

Dependency Hierarchy:

-> ❌ jetty-server-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-server-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-runner:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-http:9.4.41.v20210516, 10.0.3, 11.0.3,org.eclipse.jetty:jetty-servlets:9.4.41.v20210516, 10.0.3, 11.0.3, org.eclipse.jetty:jetty-server:9.4.41.v20210516, 10.0.3, 11.0.3 None
CVE-2020-27223

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> websocket-server-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.37.v20210219, org.eclipse.jetty:jetty-http:10.0.1, org.eclipse.jetty:jetty-http:11.0.1 #23
CVE-2020-27223

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> http2-server-9.4.26.v20200117.jar (Root Library)

   -> http2-common-9.4.26.v20200117.jar

     -> http2-hpack-9.4.26.v20200117.jar

       -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.37.v20210219, org.eclipse.jetty:jetty-http:10.0.1, org.eclipse.jetty:jetty-http:11.0.1 #9
CVE-2020-27223

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-client-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.37.v20210219, org.eclipse.jetty:jetty-http:10.0.1, org.eclipse.jetty:jetty-http:11.0.1 #8
CVE-2020-27223

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-server-9.4.28.v20200408.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Medium 5.3 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.37.v20210219, org.eclipse.jetty:jetty-http:10.0.1, org.eclipse.jetty:jetty-http:11.0.1 None
CVE-2020-27218

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.28.v20200408/9c2cbd96426be38b1273ec87ae21e2696688a737/jetty-server-9.4.28.v20200408.jar

Dependency Hierarchy:

-> ❌ jetty-server-9.4.28.v20200408.jar (Vulnerable Library)

Medium 4.8 jetty-server-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-server:9.4.35.v20201120, 10.0.0.beta3, 11.0.0.beta3 None
CVE-2024-6763

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> websocket-server-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 3.7 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 #23
CVE-2024-6763

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> http2-server-9.4.26.v20200117.jar (Root Library)

   -> http2-common-9.4.26.v20200117.jar

     -> http2-hpack-9.4.26.v20200117.jar

       -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 3.7 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 #9
CVE-2024-6763

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-client-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 3.7 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 #8
CVE-2024-6763

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-server-9.4.28.v20200408.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 3.7 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 None
CVE-2024-6763

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.28.v20200408/9c2cbd96426be38b1273ec87ae21e2696688a737/jetty-server-9.4.28.v20200408.jar

Dependency Hierarchy:

-> ❌ jetty-server-9.4.28.v20200408.jar (Vulnerable Library)

Low 3.7 jetty-server-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 None
CVE-2021-34428

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.28.v20200408/9c2cbd96426be38b1273ec87ae21e2696688a737/jetty-server-9.4.28.v20200408.jar

Dependency Hierarchy:

-> ❌ jetty-server-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.9 jetty-server-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-server:9.4.41.v20210516,10.0.3,11.0.3 None
CVE-2022-2047

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> websocket-server-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.7 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:10.0.10,11.0.10;org.eclipse.jetty:jetty-runner:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-client:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-server;9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-proxy:9.4.47,10.10,11.0.10 #23
CVE-2022-2047

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> http2-server-9.4.26.v20200117.jar (Root Library)

   -> http2-common-9.4.26.v20200117.jar

     -> http2-hpack-9.4.26.v20200117.jar

       -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.7 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:10.0.10,11.0.10;org.eclipse.jetty:jetty-runner:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-client:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-server;9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-proxy:9.4.47,10.10,11.0.10 #9
CVE-2022-2047

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-client-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.7 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:10.0.10,11.0.10;org.eclipse.jetty:jetty-runner:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-client:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-server;9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-proxy:9.4.47,10.10,11.0.10 #8
CVE-2022-2047

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-server-9.4.28.v20200408.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.7 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:10.0.10,11.0.10;org.eclipse.jetty:jetty-runner:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-client:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-server;9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-proxy:9.4.47,10.10,11.0.10 None
CVE-2022-2047

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.28.v20200408/9c2cbd96426be38b1273ec87ae21e2696688a737/jetty-server-9.4.28.v20200408.jar

Dependency Hierarchy:

-> ❌ jetty-server-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.7 jetty-server-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:10.0.10,11.0.10;org.eclipse.jetty:jetty-runner:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-client:9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-server;9.4.47,10.10,11.0.10;org.eclipse.jetty:jetty-proxy:9.4.47,10.10,11.0.10 None
CVE-2023-26049

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> websocket-server-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.4 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-runner:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-server:9.4.51.v20230217,10.0.14,11.0.14 #23
CVE-2023-26049

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> http2-server-9.4.26.v20200117.jar (Root Library)

   -> http2-common-9.4.26.v20200117.jar

     -> http2-hpack-9.4.26.v20200117.jar

       -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.4 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-runner:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-server:9.4.51.v20230217,10.0.14,11.0.14 #9
CVE-2023-26049

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-client-9.4.26.v20200117.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.4 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-runner:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-server:9.4.51.v20230217,10.0.14,11.0.14 #8
CVE-2023-26049

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.28.v20200408/9c2cbd96426be38b1273ec87ae21e2696688a737/jetty-server-9.4.28.v20200408.jar

Dependency Hierarchy:

-> ❌ jetty-server-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.4 jetty-server-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-runner:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-server:9.4.51.v20230217,10.0.14,11.0.14 None
CVE-2023-26049

Path to dependency file: /jetty-servlet4-http2/build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-http/9.4.28.v20200408/dd56750ea7410c925f1fbae973c0a19cce5a0a68/jetty-http-9.4.28.v20200408.jar

Dependency Hierarchy:

-> jetty-server-9.4.28.v20200408.jar (Root Library)

   -> ❌ jetty-http-9.4.28.v20200408.jar (Vulnerable Library)

Low 2.4 jetty-http-9.4.28.v20200408.jar Upgrade to version: org.eclipse.jetty:jetty-http:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-runner:9.4.51.v20230217,10.0.14,11.0.14, org.eclipse.jetty:jetty-server:9.4.51.v20230217,10.0.14,11.0.14 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2020-27218 jetty-server-9.4.26.v20200117.jar
CVE-2020-25649 jackson-databind-2.10.1.jar
CVE-2023-26049 jetty-server-9.4.26.v20200117.jar
CVE-2021-46877 jackson-databind-2.10.1.jar
CVE-2021-28165 jetty-io-9.4.26.v20200117.jar
CVE-2022-2047 jetty-http-9.4.26.v20200117.jar
WS-2021-0616 jackson-databind-2.10.1.jar
CVE-2023-36478 jetty-http-9.4.26.v20200117.jar
CVE-2020-27223 jetty-http-9.4.26.v20200117.jar
WS-2022-0468 jackson-core-2.10.1.jar
CVE-2024-8184 jetty-server-9.4.26.v20200117.jar
CVE-2024-6763 jetty-server-9.4.26.v20200117.jar
CVE-2020-36518 jackson-databind-2.10.1.jar
CVE-2021-28168 jersey-common-2.30.jar
CVE-2021-28169 jetty-http-9.4.26.v20200117.jar
CVE-2022-2047 jetty-server-9.4.26.v20200117.jar
CVE-2024-6763 jetty-http-9.4.26.v20200117.jar
CVE-2021-34428 jetty-server-9.4.26.v20200117.jar
WS-2021-0616 jackson-core-2.10.1.jar
CVE-2022-42004 jackson-databind-2.10.1.jar
CVE-2021-28169 jetty-server-9.4.26.v20200117.jar
CVE-2022-42003 jackson-databind-2.10.1.jar
CVE-2023-26049 jetty-http-9.4.26.v20200117.jar
CVE-2023-40167 jetty-http-9.4.26.v20200117.jar
CVE-2023-26048 jetty-server-9.4.26.v20200117.jar

Base branch total remaining vulnerabilities: 239
Base branch commit: 532fc0bba1f937b4f09687c40b2d831d386eec6b


Total libraries scanned: 360

Scan token: d7940c6b235245f18cc6791879ec2c56

View more details on Mend for GitHub.com