Skip to content

fix(security): update 6 vulnerable dependencies#85

Open
cx-amol-mane wants to merge 1 commit intomasterfrom
security-fixes/ecfefb9c
Open

fix(security): update 6 vulnerable dependencies#85
cx-amol-mane wants to merge 1 commit intomasterfrom
security-fixes/ecfefb9c

Conversation

@cx-amol-mane
Copy link
Copy Markdown

@cx-amol-mane cx-amol-mane commented Jan 3, 2026

Security Dependency Updates

This PR updates vulnerable dependencies identified by automated security scanning.

Updated Packages

Files Modified

  • C:\Users\AmolM\AppData\Local\Temp\deep_agent_scan_p0bpsstf\pom.xml

Automated by Deep Agent

@cx-amol-mane
fix(security): update vulnerable dependencies
af47492 
## Security Dependency Updates

This PR updates vulnerable dependencies identified by automated security scanning.

### Updated Packages

- struts2-core: 6.6.0-atlassian-1 → 6.8.0 (fixes GHSA-rg58-xhh7-mqjw)
- struts2-core: 6.6.0-atlassian-1 → 6.8.0 (fixes GHSA-xx7v-hqxh-cjr9)
- vertx-web: 4.3.8 → 4.5.22 (fixes GHSA-h5fg-jpgr-rv9c)
- netty-codec-http: 4.1.125.Final → 4.1.129.Final (fixes GHSA-84h7-rjj3-6jx4)
- vertx-web: 4.3.8 → 4.5.22 (fixes GHSA-45p5-v273-3qqr)
- rhino: 1.7.14 → 1.7.14.1 (fixes GHSA-3w8q-xq97-5j7x)

### Files Modified

- C:\Users\AmolM\AppData\Local\Temp\deep_agent_scan_p0bpsstf\pom.xml

---
*Automated by Deep Agent*


---
Automated security update by Deep Agent
@cx-andre-macedo
Copy link
Copy Markdown

cx-andre-macedo commented Jan 3, 2026
edited by cx-amol-mane
Loading

Logo
Checkmarx One – Scan Summary & Detailsf9d510b1-a70b-479b-a96a-b66e7e35c428

New Issues (3)

Checkmarx found the following issues in this Pull Request

# Severity Issue Source File / Package Checkmarx Insight
1 HIGH CVE-2025-12183 Maven-org.lz4:lz4-java-1.4.1
detailsRecommended version: 1.8.1
Description: Out-of-Bounds memory operations in org.lz4:lz4-java through 1.8.0 allow remote attackers to cause denial of service and read adjacent memory via un...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
2 HIGH CVE-2025-66566 Maven-org.lz4:lz4-java-1.4.1
detailsRecommended version: 1.5.0.redhat-00001
Description: yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-jav...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
3 MEDIUM CVE-2025-68161 Maven-org.apache.logging.log4j:log4j-core-2.23.1
detailsRecommended version: 2.25.3
Description: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cx-amol-mane @cx-andre-macedo