libs/avenirs-portfolio-common/pom.xml - Trivy Report - 2025-10-22 09:31:52.705818467 +0000 UTC m=+41.789965127

pom
Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
org.springframework.security:spring-security-core	CVE-2025-41232	CRITICAL	6.4.5	6.4.6	http://spring.io/security/cve-2025-41232 https://access.redhat.com/security/cve/CVE-2025-41232 https://github.com/spring-projects/spring-security https://github.com/spring-projects/spring-security/commit/bf2aaa1b1830e534ba651d422545ac08a115151b https://github.com/spring-projects/spring-security/commit/c972de5369a1261ab674a3f5e3a80e8ce3e8cdfb https://github.com/spring-projects/spring-security/releases/tag/6.4.6 https://nvd.nist.gov/vuln/detail/CVE-2025-41232 https://www.cve.org/CVERecord?id=CVE-2025-41232
org.springframework.security:spring-security-core	CVE-2025-41248	HIGH	6.4.5	6.4.10, 6.5.4	https://access.redhat.com/security/cve/CVE-2025-41248 https://github.com/spring-projects/spring-security https://github.com/spring-projects/spring-security/commit/d0f93fa6d8338149943ae640c53db07de827867f https://github.com/spring-projects/spring-security/commit/e5694ac7b5e4394b920c6cab48b7bfbd871f84bd https://github.com/spring-projects/spring-security/issues/17898 https://github.com/spring-projects/spring-security/issues/17899 https://github.com/spring-projects/spring-security/releases/tag/6.4.10 https://github.com/spring-projects/spring-security/releases/tag/6.5.4 https://nvd.nist.gov/vuln/detail/CVE-2025-41248 https://spring.io/security/cve-2025-41248 https://www.cve.org/CVERecord?id=CVE-2025-41248
org.springframework:spring-core	CVE-2025-41249	HIGH	6.2.6	6.2.11	https://access.redhat.com/security/cve/CVE-2025-41249 https://github.com/spring-projects/spring-framework https://github.com/spring-projects/spring-framework/commit/6d710d482a6785b069e35022e81758953afc21ff https://github.com/spring-projects/spring-framework/issues/35342 https://github.com/spring-projects/spring-framework/releases/tag/v6.2.11 https://nvd.nist.gov/vuln/detail/CVE-2025-41249 https://spring.io/security/cve-2025-41249 https://www.cve.org/CVERecord?id=CVE-2025-41249
No Misconfigurations found
pom
Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
com.google.protobuf:protobuf-java	CVE-2024-7254	HIGH	3.22.3	3.25.5, 4.27.5, 4.28.2	https://access.redhat.com/security/cve/CVE-2024-7254 https://github.com/advisories/GHSA-735f-pc8j-v9w8 https://github.com/protocolbuffers/protobuf https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b https://github.com/protocolbuffers/protobuf/commit/9a5f5fe752a20cbac2e722b06949ac985abdd534 https://github.com/protocolbuffers/protobuf/commit/ac9fb5b4c71b0dd80985b27684e265d1f03abf46 https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa https://github.com/protocolbuffers/protobuf/commit/d6c82fc55a76481c676f541a255571e8950bb8c3 https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google-protobuf/CVE-2024-7254.yml https://nvd.nist.gov/vuln/detail/CVE-2024-7254 https://security.netapp.com/advisory/ntap-20241213-0010 https://security.netapp.com/advisory/ntap-20241213-0010/ https://security.netapp.com/advisory/ntap-20250418-0006 https://security.netapp.com/advisory/ntap-20250418-0006/ https://ubuntu.com/security/notices/USN-7435-1 https://ubuntu.com/security/notices/USN-7629-1 https://ubuntu.com/security/notices/USN-7629-2 https://www.cve.org/CVERecord?id=CVE-2024-7254
io.netty:netty-codec-http2	CVE-2025-55163	HIGH	4.1.119.Final	4.2.4.Final, 4.1.124.Final	https://access.redhat.com/security/cve/CVE-2025-55163 https://github.com/grpc/grpc-java/commit/6462ef9a11980e168c21d90bbc7245c728fd1a7a https://github.com/netty/netty https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1 https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4 https://kb.cert.org/vuls/id/767506 https://nvd.nist.gov/vuln/detail/CVE-2025-55163 https://www.cve.org/CVERecord?id=CVE-2025-55163
org.apache.tomcat.embed:tomcat-embed-core	CVE-2025-48988	HIGH	10.1.40	11.0.8, 10.1.42, 9.0.106	http://www.openwall.com/lists/oss-security/2025/06/16/1 https://access.redhat.com/errata/RHSA-2025:14178 https://access.redhat.com/security/cve/CVE-2025-48988 https://bugzilla.redhat.com/2373015 https://bugzilla.redhat.com/2373018 https://bugzilla.redhat.com/2373020 https://bugzilla.redhat.com/2373309 https://bugzilla.redhat.com/2379374 https://bugzilla.redhat.com/2379382 https://bugzilla.redhat.com/2379386 https://bugzilla.redhat.com/show_bug.cgi?id=2373015 https://bugzilla.redhat.com/show_bug.cgi?id=2373018 https://bugzilla.redhat.com/show_bug.cgi?id=2373020 https://bugzilla.redhat.com/show_bug.cgi?id=2373309 https://bugzilla.redhat.com/show_bug.cgi?id=2379374 https://bugzilla.redhat.com/show_bug.cgi?id=2379382 https://bugzilla.redhat.com/show_bug.cgi?id=2379386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506 https://errata.almalinux.org/10/ALSA-2025-14178.html https://errata.rockylinux.org/RLSA-2025:14177 https://github.com/apache/tomcat https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e (11.0.8) https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 (10.1.42) https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 (9.0.106) https://linux.oracle.com/cve/CVE-2025-48988.html https://linux.oracle.com/errata/ELSA-2025-14181.html https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18 https://nvd.nist.gov/vuln/detail/CVE-2025-48988 https://tomcat.apache.org/security-10.html https://tomcat.apache.org/security-11.html https://tomcat.apache.org/security-9.html https://www.cve.org/CVERecord?id=CVE-2025-48988
org.apache.tomcat.embed:tomcat-embed-core	CVE-2025-48989	HIGH	10.1.40	11.0.10, 10.1.44, 9.0.108	https://access.redhat.com/errata/RHSA-2025:14178 https://access.redhat.com/security/cve/CVE-2025-48989 https://bugzilla.redhat.com/2373015 https://bugzilla.redhat.com/2373018 https://bugzilla.redhat.com/2373020 https://bugzilla.redhat.com/2373309 https://bugzilla.redhat.com/2379374 https://bugzilla.redhat.com/2379382 https://bugzilla.redhat.com/2379386 https://bugzilla.redhat.com/show_bug.cgi?id=2373015 https://bugzilla.redhat.com/show_bug.cgi?id=2373018 https://bugzilla.redhat.com/show_bug.cgi?id=2373020 https://bugzilla.redhat.com/show_bug.cgi?id=2373309 https://bugzilla.redhat.com/show_bug.cgi?id=2379374 https://bugzilla.redhat.com/show_bug.cgi?id=2379382 https://bugzilla.redhat.com/show_bug.cgi?id=2379386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506 https://errata.almalinux.org/10/ALSA-2025-14178.html https://errata.rockylinux.org/RLSA-2025:14177 https://github.com/apache/tomcat https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255 https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255 (10.1.44) https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06 https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06 (11.0.10) https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf (9.0.108) https://kb.cert.org/vuls/id/767506 https://linux.oracle.com/cve/CVE-2025-48989.html https://linux.oracle.com/errata/ELSA-2025-14181.html https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf https://nvd.nist.gov/vuln/detail/CVE-2025-48989 https://tomcat.apache.org/security-10.html https://tomcat.apache.org/security-11.html https://tomcat.apache.org/security-9.html https://www.cve.org/CVERecord?id=CVE-2025-48989
org.postgresql:postgresql	CVE-2025-49146	HIGH	42.7.5	42.7.7	https://access.redhat.com/security/cve/CVE-2025-49146 https://datatracker.ietf.org/doc/html/rfc5802 https://datatracker.ietf.org/doc/html/rfc7677 https://github.com/pgjdbc/pgjdbc https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54 https://nvd.nist.gov/vuln/detail/CVE-2025-49146 https://www.cve.org/CVERecord?id=CVE-2025-49146 https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256
org.springframework.security:spring-security-core	CVE-2025-41232	CRITICAL	6.4.5	6.4.6	http://spring.io/security/cve-2025-41232 https://access.redhat.com/security/cve/CVE-2025-41232 https://github.com/spring-projects/spring-security https://github.com/spring-projects/spring-security/commit/bf2aaa1b1830e534ba651d422545ac08a115151b https://github.com/spring-projects/spring-security/commit/c972de5369a1261ab674a3f5e3a80e8ce3e8cdfb https://github.com/spring-projects/spring-security/releases/tag/6.4.6 https://nvd.nist.gov/vuln/detail/CVE-2025-41232 https://www.cve.org/CVERecord?id=CVE-2025-41232
org.springframework.security:spring-security-core	CVE-2025-41248	HIGH	6.4.5	6.4.10, 6.5.4	https://access.redhat.com/security/cve/CVE-2025-41248 https://github.com/spring-projects/spring-security https://github.com/spring-projects/spring-security/commit/d0f93fa6d8338149943ae640c53db07de827867f https://github.com/spring-projects/spring-security/commit/e5694ac7b5e4394b920c6cab48b7bfbd871f84bd https://github.com/spring-projects/spring-security/issues/17898 https://github.com/spring-projects/spring-security/issues/17899 https://github.com/spring-projects/spring-security/releases/tag/6.4.10 https://github.com/spring-projects/spring-security/releases/tag/6.5.4 https://nvd.nist.gov/vuln/detail/CVE-2025-41248 https://spring.io/security/cve-2025-41248 https://www.cve.org/CVERecord?id=CVE-2025-41248
org.springframework:spring-core	CVE-2025-41249	HIGH	6.2.6	6.2.11	https://access.redhat.com/security/cve/CVE-2025-41249 https://github.com/spring-projects/spring-framework https://github.com/spring-projects/spring-framework/commit/6d710d482a6785b069e35022e81758953afc21ff https://github.com/spring-projects/spring-framework/issues/35342 https://github.com/spring-projects/spring-framework/releases/tag/v6.2.11 https://nvd.nist.gov/vuln/detail/CVE-2025-41249 https://spring.io/security/cve-2025-41249 https://www.cve.org/CVERecord?id=CVE-2025-41249
No Misconfigurations found