[AUTO] Increment version to 2.17.2-SNAPSHOT #3056
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-7254Path to dependency file: /common/build.gradle Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar Dependency Hierarchy: -> opensearch-2.17.2-SNAPSHOT.jar (Root Library) -> ❌ protobuf-java-3.22.3.jar (Vulnerable Library) |
 High |
7.5 | protobuf-java-3.22.3.jar | Upgrade to version: com.google.protobuf:protobuf-javalite - 3.25.5,4.28.2,4.27.5;com.google.protobuf:protobuf-java - 4.27.5,3.25.5,4.28.2 | None |
CVE-2024-47535Path to dependency file: /plugin/build.gradle Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.netty/netty-common/4.1.108.Final/30617b39cc6f850ca3807459fe726fbcd63989f2/netty-common-4.1.108.Final.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.netty/netty-common/4.1.108.Final/30617b39cc6f850ca3807459fe726fbcd63989f2/netty-common-4.1.108.Final.jar Dependency Hierarchy: -> opensearch-ml-algorithms-2.17.2.0-SNAPSHOT (Root Library) -> netty-nio-client-2.25.40.jar -> ❌ netty-common-4.1.108.Final.jar (Vulnerable Library) |
 Medium |
5.5 | netty-common-4.1.108.Final.jar | Upgrade to version: io.netty:netty-common:4.1.115.Final | None |
CVE-2023-4218Path to dependency file: /plugin/build.gradle Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.26.100/83c77ee0cfc948ea33f5054dda3f5c39250a7ed5/org.eclipse.core.runtime-3.26.100.jar Dependency Hierarchy: -> ❌ org.eclipse.core.runtime-3.26.100.jar (Vulnerable Library) |
Medium |
5.0 | org.eclipse.core.runtime-3.26.100.jar | Upgrade to version: org.eclipse.core.runtime:3.29.0 | #1863 |
Base branch total remaining vulnerabilities: 0
Base branch commit: 3ea1497328b11a7f910e8dd9efc48c61d8db6e04
Total libraries scanned: 249
Scan token: a7bfb1cd0c424e5f9609bdc8e680acd7