pom.xml - Trivy Report - 2025-08-27 15:51:35.256798364 +0000 UTC m=+96.330581796

pom
Package Vulnerability ID Severity Installed Version Fixed Version Links
com.google.protobuf:protobuf-java CVE-2024-7254 HIGH 3.22.3 3.25.5, 4.27.5, 4.28.2 https://access.redhat.com/security/cve/CVE-2024-7254 https://github.com/advisories/GHSA-735f-pc8j-v9w8 https://github.com/protocolbuffers/protobuf https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b https://github.com/protocolbuffers/protobuf/commit/9a5f5fe752a20cbac2e722b06949ac985abdd534 https://github.com/protocolbuffers/protobuf/commit/ac9fb5b4c71b0dd80985b27684e265d1f03abf46 https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa https://github.com/protocolbuffers/protobuf/commit/d6c82fc55a76481c676f541a255571e8950bb8c3 https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google-protobuf/CVE-2024-7254.yml https://nvd.nist.gov/vuln/detail/CVE-2024-7254 https://security.netapp.com/advisory/ntap-20241213-0010 https://security.netapp.com/advisory/ntap-20241213-0010/ https://security.netapp.com/advisory/ntap-20250418-0006 https://security.netapp.com/advisory/ntap-20250418-0006/ https://ubuntu.com/security/notices/USN-7435-1 https://ubuntu.com/security/notices/USN-7629-1 https://www.cve.org/CVERecord?id=CVE-2024-7254
io.netty:netty-codec-http2 CVE-2025-55163 HIGH 4.1.119.Final 4.2.4.Final, 4.1.124.Final https://access.redhat.com/security/cve/CVE-2025-55163 https://github.com/netty/netty https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4 https://kb.cert.org/vuls/id/767506 https://nvd.nist.gov/vuln/detail/CVE-2025-55163 https://www.cve.org/CVERecord?id=CVE-2025-55163
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48988 HIGH 10.1.40 11.0.8, 10.1.42, 9.0.106 http://www.openwall.com/lists/oss-security/2025/06/16/1 https://access.redhat.com/errata/RHSA-2025:14181 https://access.redhat.com/security/cve/CVE-2025-48988 https://bugzilla.redhat.com/2373015 https://bugzilla.redhat.com/2373018 https://bugzilla.redhat.com/2373020 https://bugzilla.redhat.com/2373309 https://bugzilla.redhat.com/2379374 https://bugzilla.redhat.com/2379382 https://bugzilla.redhat.com/2379386 https://errata.almalinux.org/9/ALSA-2025-14181.html https://github.com/apache/tomcat https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e (11.0.8) https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 (10.1.42) https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 (9.0.106) https://linux.oracle.com/cve/CVE-2025-48988.html https://linux.oracle.com/errata/ELSA-2025-14181.html https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18 https://nvd.nist.gov/vuln/detail/CVE-2025-48988 https://tomcat.apache.org/security-10.html https://tomcat.apache.org/security-11.html https://tomcat.apache.org/security-9.html https://www.cve.org/CVERecord?id=CVE-2025-48988
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48989 HIGH 10.1.40 11.0.10, 10.1.44, 9.0.108 https://access.redhat.com/errata/RHSA-2025:14181 https://access.redhat.com/security/cve/CVE-2025-48989 https://bugzilla.redhat.com/2373015 https://bugzilla.redhat.com/2373018 https://bugzilla.redhat.com/2373020 https://bugzilla.redhat.com/2373309 https://bugzilla.redhat.com/2379374 https://bugzilla.redhat.com/2379382 https://bugzilla.redhat.com/2379386 https://errata.almalinux.org/9/ALSA-2025-14181.html https://github.com/apache/tomcat https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255 https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255 (10.1.44) https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06 https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06 (11.0.10) https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf (9.0.108) https://kb.cert.org/vuls/id/767506 https://linux.oracle.com/cve/CVE-2025-48989.html https://linux.oracle.com/errata/ELSA-2025-14181.html https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf https://nvd.nist.gov/vuln/detail/CVE-2025-48989 https://tomcat.apache.org/security-10.html https://tomcat.apache.org/security-11.html https://tomcat.apache.org/security-9.html https://www.cve.org/CVERecord?id=CVE-2025-48989
org.postgresql:postgresql CVE-2025-49146 HIGH 42.7.5 42.7.7 https://access.redhat.com/security/cve/CVE-2025-49146 https://datatracker.ietf.org/doc/html/rfc5802 https://datatracker.ietf.org/doc/html/rfc7677 https://github.com/pgjdbc/pgjdbc https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54 https://nvd.nist.gov/vuln/detail/CVE-2025-49146 https://www.cve.org/CVERecord?id=CVE-2025-49146 https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256
No Misconfigurations found