Skip to content

Wiz: Upgrade multiple dependencies (resolves 134 findings)#4

Open
wiz-eada2dc3a8[bot] wants to merge 1 commit into
masterfrom
wiz-auto-remediation-006d272563c5aec2
Open

Wiz: Upgrade multiple dependencies (resolves 134 findings)#4
wiz-eada2dc3a8[bot] wants to merge 1 commit into
masterfrom
wiz-auto-remediation-006d272563c5aec2

Conversation

@wiz-eada2dc3a8

@wiz-eada2dc3a8 wiz-eada2dc3a8 Bot commented Jun 17, 2026

Copy link
Copy Markdown

Wiz Remediation Pull Request Banner

Wiz has created this PR to fix 134 findings detected in this project

Changes were made to the following file(s):

  • pom.xml

Vulnerabilities:

Component Findings Locations
cn.hutool:hutool-all
5.8.10 → 5.8.21		 Critical CVE-2023-24163 /pom.xml
com.alibaba:fastjson
1.2.24 → 1.2.48		 Critical CVE-2025-70974
Critical CVE-2017-18349		 /pom.xml
com.fasterxml.jackson.core:jackson-core
2.9.8 → 2.18.6		 High CVE-2025-52999
Medium CVE-2025-49128
Medium GHSA-72hv-8253-57qq		 /pom.xml
com.fasterxml.jackson.core:jackson-datab-
ind
2.9.8 → 2.9.10		 Critical CVE-2020-9548
Critical CVE-2019-16942
Critical CVE-2019-16943
Critical CVE-2019-14893
Critical CVE-2019-17267
Critical CVE-2019-17531
Critical CVE-2019-14379
Critical CVE-2019-14540
Critical CVE-2020-9546
Critical CVE-2019-14892
Critical CVE-2019-20330
Critical CVE-2020-8840
Critical CVE-2019-16335
Critical CVE-2020-9547
High CVE-2020-36188
High CVE-2020-11111
High CVE-2020-11620
High CVE-2020-11619
High CVE-2020-35491
High CVE-2020-11112
High CVE-2020-14060
High CVE-2019-12086
High CVE-2020-11113
High CVE-2020-25649
High CVE-2020-10968
High CVE-2020-36518
High CVE-2020-36184
High CVE-2020-35490
High CVE-2020-36180
High CVE-2020-10650
High CVE-2022-42004
High CVE-2020-24616
High CVE-2020-10672
High CVE-2020-36182
High CVE-2020-36187
High CVE-2020-36181
High CVE-2020-14195
High CVE-2020-10673
High CVE-2019-14439
High CVE-2020-36189
High CVE-2020-24750
High CVE-2020-14061
High CVE-2020-35728
High CVE-2020-10969
High CVE-2020-36185
High CVE-2020-36179
High CVE-2020-36183
High CVE-2020-14062
High CVE-2021-20190
High CVE-2020-36186
High CVE-2022-42003
Medium CVE-2019-12384
Medium CVE-2019-12814		 /pom.xml
com.google.guava:guava
23.0 → 32.0.0-android		 High CVE-2023-2976
Medium CVE-2018-10237
Low CVE-2020-8908		 /pom.xml
com.h2database:h2
1.4.199 → 2.2.220		 Critical CVE-2021-42392
Critical CVE-2022-23221
Critical CVE-2021-23463
High CVE-2022-45868		 /pom.xml
com.monitorjbl:xlsx-streamer
2.0.0 → 2.1.0		 Critical CVE-2022-23640 /pom.xml
com.thoughtworks.xstream:xstream
1.4.20 → 1.4.21		 High CVE-2024-47072 /pom.xml
commons-beanutils:commons-beanutils
1.9.4 → 1.11.0		 High CVE-2025-48734 /pom.xml
commons-collections:commons-collections
3.1 → 3.2.2		 Critical CVE-2015-6420
Critical CVE-2015-7501		 /pom.xml
commons-io:commons-io
2.5 → 2.14.0		 Medium CVE-2021-29425
Medium CVE-2024-47554		 /pom.xml
commons-net:commons-net
3.6 → 3.9.0		 Medium CVE-2021-37533 /pom.xml
io.springfox:springfox-swagger-ui
2.9.2 → 2.10.0		 Critical CVE-2019-17495 /pom.xml
mysql:mysql-connector-java
8.0.12 → 8.0.28		 High CVE-2018-3258
Medium CVE-2019-2692
Medium CVE-2022-21363
Medium CVE-2021-2471		 /pom.xml
org.apache.httpcomponents:httpclient
4.5.12 → 4.5.13		 Medium CVE-2020-13956 /pom.xml
org.apache.logging.log4j:log4j-core
2.9.1 → 2.25.4		 Critical CVE-2021-44228
Critical CVE-2021-45046
Medium CVE-2025-68161
Medium CVE-2021-44832
Medium CVE-2026-34480
Medium CVE-2021-45105
Low CVE-2020-9488		 /pom.xml
org.apache.poi:poi
3.10-FINAL → 4.1.1		 High CVE-2017-12626
Medium CVE-2014-9527
Medium CVE-2014-3574
Medium CVE-2017-5644
Medium CVE-2014-3529
Medium CVE-2019-12415		 /pom.xml
org.apache.poi:poi-ooxml
3.9 → 5.4.0		 Medium CVE-2025-31672 /pom.xml

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@wiz-eada2dc3a8

wiz-eada2dc3a8 Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Author

Wiz Scan Summary

⚠️ Many findings detected
Many findings were detected, but only a subset of the findings are displayed inline due to API constraints. To view all findings inline, please click here.
Scanner Findings
Vulnerability Finding Vulnerabilities 8 Critical 41 High 5 Medium
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total 8 Critical 41 High 5 Medium

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@wiz-eada2dc3a8

wiz-eada2dc3a8 Bot commented Jun 17, 2026

Copy link
Copy Markdown
Author

Wiz Scan Summary

⚠️ Many findings detected
Many findings were detected, but only a subset of the findings are displayed inline due to API constraints. To view all findings inline, please click here.
Scanner Findings
Vulnerability Finding Vulnerabilities 8 Critical 41 High 5 Medium
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total 8 Critical 41 High 5 Medium

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@wiz-eada2dc3a8

wiz-eada2dc3a8 Bot commented Jun 17, 2026

Copy link
Copy Markdown
Author

Wiz Scan Summary

⚠️ Many findings detected
Many findings were detected, but only a subset of the findings are displayed inline due to API constraints. To view all findings inline, please click here.
Scanner Findings
Vulnerability Finding Vulnerabilities 8 Critical 41 High 5 Medium
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total 8 Critical 41 High 5 Medium

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@wiz-eada2dc3a8

wiz-eada2dc3a8 Bot commented Jun 17, 2026

Copy link
Copy Markdown
Author

Wiz Scan Summary

⚠️ Many findings detected
Many findings were detected, but only a subset of the findings are displayed inline due to API constraints. To view all findings inline, please click here.
Scanner Findings
Vulnerability Finding Vulnerabilities 8 Critical 41 High 5 Medium
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total 8 Critical 41 High 5 Medium

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

wiz-eada2dc3a8[bot]
wiz-eada2dc3a8 Bot commented Jun 17, 2026
View reviewed changes
Comment thread pom.xml
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.24</version>
<version>1.2.48</version>

@wiz-eada2dc3a8 wiz-eada2dc3a8 Bot Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High Vulnerability Finding

The following vulnerability impacts com.alibaba:fastjson versions <1.2.83: CVE-2022-25845.

It can be remediated by updating to version 1.2.83 or higher.

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

Suggested change
<version>1.2.48</version>
<version>1.2.83</version>

Comment thread pom.xml
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.8</version>
<version>2.9.10</version>

@wiz-eada2dc3a8 wiz-eada2dc3a8 Bot Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding

The following vulnerabilities impact com.fasterxml.jackson.core:jackson-databind versions <2.12.7.1: CVE-2019-16942, CVE-2019-16943, CVE-2019-17531, CVE-2019-20330, CVE-2020-10650, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-24616, CVE-2020-24750, CVE-2020-25649, CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-36518, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2021-20190, CVE-2022-42003, CVE-2022-42004.

These can be remediated by updating to version 2.12.7.1 or higher.

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

Suggested change
<version>2.9.10</version>
<version>2.12.7.1</version>

wiz-eada2dc3a8[bot]
wiz-eada2dc3a8 Bot commented Jun 17, 2026
View reviewed changes
Comment thread pom.xml
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.8</version>
<version>2.9.10</version>

@wiz-eada2dc3a8 wiz-eada2dc3a8 Bot Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding

The following vulnerabilities impact com.fasterxml.jackson.core:jackson-databind versions <2.12.7.1: CVE-2019-16942, CVE-2019-16943, CVE-2019-17531, CVE-2019-20330, CVE-2020-10650, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-24616, CVE-2020-24750, CVE-2020-25649, CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-36518, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2021-20190, CVE-2022-42003, CVE-2022-42004.

These can be remediated by updating to version 2.12.7.1 or higher.

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

Suggested change
<version>2.9.10</version>
<version>2.12.7.1</version>

Comment thread pom.xml
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.24</version>
<version>1.2.48</version>

@wiz-eada2dc3a8 wiz-eada2dc3a8 Bot Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High Vulnerability Finding

The following vulnerability impacts com.alibaba:fastjson versions <1.2.83: CVE-2022-25845.

It can be remediated by updating to version 1.2.83 or higher.

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

Suggested change
<version>1.2.48</version>
<version>1.2.83</version>

wiz-eada2dc3a8[bot]
wiz-eada2dc3a8 Bot commented Jun 17, 2026
View reviewed changes
Comment thread pom.xml
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.24</version>
<version>1.2.48</version>

@wiz-eada2dc3a8 wiz-eada2dc3a8 Bot Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High Vulnerability Finding

The following vulnerability impacts com.alibaba:fastjson versions <1.2.83: CVE-2022-25845.

It can be remediated by updating to version 1.2.83 or higher.

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

Suggested change
<version>1.2.48</version>
<version>1.2.83</version>

Comment thread pom.xml
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.8</version>
<version>2.9.10</version>

@wiz-eada2dc3a8 wiz-eada2dc3a8 Bot Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding

The following vulnerabilities impact com.fasterxml.jackson.core:jackson-databind versions <2.12.7.1: CVE-2019-16942, CVE-2019-16943, CVE-2019-17531, CVE-2019-20330, CVE-2020-10650, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-24616, CVE-2020-24750, CVE-2020-25649, CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-36518, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2021-20190, CVE-2022-42003, CVE-2022-42004.

These can be remediated by updating to version 2.12.7.1 or higher.

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

Suggested change
<version>2.9.10</version>
<version>2.12.7.1</version>

wiz-eada2dc3a8[bot]
wiz-eada2dc3a8 Bot commented Jun 17, 2026
View reviewed changes
Comment thread pom.xml
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.24</version>
<version>1.2.48</version>

@wiz-eada2dc3a8 wiz-eada2dc3a8 Bot Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High Vulnerability Finding

The following vulnerability impacts com.alibaba:fastjson versions <1.2.83: CVE-2022-25845.

It can be remediated by updating to version 1.2.83 or higher.

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

Suggested change
<version>1.2.48</version>
<version>1.2.83</version>

Comment thread pom.xml
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.8</version>
<version>2.9.10</version>

@wiz-eada2dc3a8 wiz-eada2dc3a8 Bot Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding

The following vulnerabilities impact com.fasterxml.jackson.core:jackson-databind versions <2.12.7.1: CVE-2019-16942, CVE-2019-16943, CVE-2019-17531, CVE-2019-20330, CVE-2020-10650, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-24616, CVE-2020-24750, CVE-2020-25649, CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-36518, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2021-20190, CVE-2022-42003, CVE-2022-42004.

These can be remediated by updating to version 2.12.7.1 or higher.

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

Suggested change
<version>2.9.10</version>
<version>2.12.7.1</version>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Wiz-auto-remediation Wiz-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants