Update dependency org.jetbrains.kotlin:kotlin-stdlib to v1.6.0-M1 - autoclosed #56
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2022-2421Path to dependency file: /phone-to-app-js/package.json Path to vulnerable library: /phone-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/app-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ socket.io-parser-3.4.1.tgz (Vulnerable Library) |
 Critical |
10.0 | socket.io-parser-3.4.1.tgz | Upgrade to version: socket.io-parser - 3.3.3,3.4.2,4.0.5,4.2.1;org.webjars.npm:socket.io-parser:4.0.5,4.2.1 | #31 |
CVE-2022-2421Path to dependency file: /phone-to-app-js/package.json Path to vulnerable library: /phone-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/app-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-8.0.4.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ socket.io-parser-3.4.1.tgz (Vulnerable Library) |
Critical |
10.0 | socket.io-parser-3.4.1.tgz | Upgrade to version: socket.io-parser - 3.3.3,3.4.2,4.0.5,4.2.1;org.webjars.npm:socket.io-parser:4.0.5,4.2.1 | #24 |
CVE-2021-31597Path to dependency file: /app-to-phone-js/package.json Path to vulnerable library: /app-to-phone-js/package.json,/app-to-app-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-client-2.4.0.tgz -> engine.io-client-3.5.1.tgz -> ❌ xmlhttprequest-ssl-1.5.5.tgz (Vulnerable Library) |
Critical |
9.4 | xmlhttprequest-ssl-1.5.5.tgz | Upgrade to version: xmlhttprequest-ssl - 1.6.1 | #31 |
CVE-2020-28502Path to dependency file: /app-to-phone-js/package.json Path to vulnerable library: /app-to-phone-js/package.json,/app-to-app-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-client-2.4.0.tgz -> engine.io-client-3.5.1.tgz -> ❌ xmlhttprequest-ssl-1.5.5.tgz (Vulnerable Library) |
 High |
8.1 | xmlhttprequest-ssl-1.5.5.tgz | Upgrade to version: xmlhttprequest - 1.7.0,xmlhttprequest-ssl - 1.6.2 | #31 |
CVE-2024-37890Path to dependency file: /app-to-phone-js/package.json Path to vulnerable library: /app-to-phone-js/package.json,/phone-to-app-js/package.json,/app-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-2.4.1.tgz -> engine.io-3.5.0.tgz -> ❌ ws-7.4.4.tgz (Vulnerable Library) |
High |
7.5 | ws-7.4.4.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | #31 |
CVE-2020-36048Path to dependency file: /app-to-app-js/package.json Path to vulnerable library: /app-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ engine.io-3.5.0.tgz (Vulnerable Library) |
High |
7.5 | engine.io-3.5.0.tgz | Upgrade to version: engine.io - 4.0.0 | #31 |
CVE-2020-36048Path to dependency file: /app-to-app-js/package.json Path to vulnerable library: /app-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-8.0.4.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ engine.io-3.5.0.tgz (Vulnerable Library) |
High |
7.5 | engine.io-3.5.0.tgz | Upgrade to version: engine.io - 4.0.0 | #24 |
CVE-2024-38355Path to dependency file: /app-to-phone-js/package.json Path to vulnerable library: /app-to-phone-js/package.json,/app-to-app-js/package.json,/in-app-messaging-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> ❌ socket.io-2.4.1.tgz (Vulnerable Library) |
High |
7.3 | socket.io-2.4.1.tgz | Upgrade to version: socket.io - 2.5.1,4.6.2 | #31 |
CVE-2024-38355Path to dependency file: /app-to-phone-js/package.json Path to vulnerable library: /app-to-phone-js/package.json,/app-to-app-js/package.json,/in-app-messaging-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-8.0.4.tgz (Root Library) -> ❌ socket.io-2.4.1.tgz (Vulnerable Library) |
High |
7.3 | socket.io-2.4.1.tgz | Upgrade to version: socket.io - 2.5.1,4.6.2 | #24 |
CVE-2023-32695Path to dependency file: /phone-to-app-js/package.json Path to vulnerable library: /phone-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/app-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ socket.io-parser-3.4.1.tgz (Vulnerable Library) |
High |
7.3 | socket.io-parser-3.4.1.tgz | Upgrade to version: socket.io-parser - 3.4.3,4.2.3 | #31 |
CVE-2023-32695Path to dependency file: /phone-to-app-js/package.json Path to vulnerable library: /phone-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/app-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-8.0.4.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ socket.io-parser-3.4.1.tgz (Vulnerable Library) |
High |
7.3 | socket.io-parser-3.4.1.tgz | Upgrade to version: socket.io-parser - 3.4.3,4.2.3 | #24 |
CVE-2022-41940Path to dependency file: /app-to-app-js/package.json Path to vulnerable library: /app-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ engine.io-3.5.0.tgz (Vulnerable Library) |
High |
7.1 | engine.io-3.5.0.tgz | Upgrade to version: engine.io - 3.6.1,6.2.1 | #31 |
CVE-2022-41940Path to dependency file: /app-to-app-js/package.json Path to vulnerable library: /app-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-8.0.4.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ engine.io-3.5.0.tgz (Vulnerable Library) |
High |
7.1 | engine.io-3.5.0.tgz | Upgrade to version: engine.io - 3.6.1,6.2.1 | #24 |
CVE-2024-47764Path to dependency file: /phone-to-app-js/package.json Path to vulnerable library: /phone-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/app-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-2.4.1.tgz -> engine.io-3.5.0.tgz -> ❌ cookie-0.4.1.tgz (Vulnerable Library) |
 Medium |
5.3 | cookie-0.4.1.tgz | Upgrade to version: cookie - 0.7.0 | #31 |
CVE-2024-47764Path to dependency file: /phone-to-app-js/package.json Path to vulnerable library: /phone-to-app-js/package.json,/in-app-messaging-js/package.json,/app-to-phone-js/package.json,/app-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-8.0.4.tgz (Root Library) -> socket.io-2.4.1.tgz -> engine.io-3.5.0.tgz -> ❌ cookie-0.4.1.tgz (Vulnerable Library) |
Medium |
5.3 | cookie-0.4.1.tgz | Upgrade to version: cookie - 0.7.0 | #24 |
CVE-2021-32640Path to dependency file: /app-to-phone-js/package.json Path to vulnerable library: /app-to-phone-js/package.json,/phone-to-app-js/package.json,/app-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-2.4.1.tgz -> engine.io-3.5.0.tgz -> ❌ ws-7.4.4.tgz (Vulnerable Library) |
Medium |
5.3 | ws-7.4.4.tgz | Upgrade to version: 5.2.3,6.2.2,7.4.6 | #31 |
CVE-2024-43800Path to dependency file: /app-to-app-objc/package.json Path to vulnerable library: /app-to-app-objc/package.json,/app-to-phone-swift/package.json,/app-to-phone-java/package.json,/app-to-app-java/package.json,/phone-to-app-js/package.json,/app-to-phone-js/package.json,/app-to-phone-kotlin/package.json,/app-to-app-js/package.json,/phone-to-app-java/package.json,/app-to-app-kotlin/package.json,/phone-to-app-swift/package.json,/phone-to-app-kotlin/package.json,/phone-to-app-objc/package.json,/app-to-phone-objc/package.json,/app-to-app-swift/package.json Dependency Hierarchy: -> express-4.17.1.tgz (Root Library) -> ❌ serve-static-1.14.1.tgz (Vulnerable Library) |
Medium |
5.0 | serve-static-1.14.1.tgz | Upgrade to version: serve-static - 1.16.0,2.1.0 | #42 |
CVE-2024-43799Path to dependency file: /phone-to-app-java/package.json Path to vulnerable library: /phone-to-app-java/package.json,/phone-to-app-js/package.json,/phone-to-app-swift/package.json,/app-to-phone-java/package.json,/app-to-phone-js/package.json,/app-to-app-objc/package.json,/app-to-app-swift/package.json,/phone-to-app-kotlin/package.json,/app-to-phone-swift/package.json,/app-to-app-java/package.json,/app-to-phone-objc/package.json,/phone-to-app-objc/package.json,/app-to-phone-kotlin/package.json,/app-to-app-kotlin/package.json,/app-to-app-js/package.json Dependency Hierarchy: -> express-4.17.1.tgz (Root Library) -> ❌ send-0.17.1.tgz (Vulnerable Library) |
Medium |
5.0 | send-0.17.1.tgz | Upgrade to version: send - 0.19.0 | #42 |
CVE-2024-43796Path to dependency file: /phone-to-app-objc/package.json Path to vulnerable library: /phone-to-app-objc/package.json,/app-to-app-swift/package.json,/phone-to-app-kotlin/package.json,/app-to-phone-objc/package.json,/phone-to-app-js/package.json,/app-to-app-objc/package.json,/app-to-phone-js/package.json,/app-to-app-java/package.json,/app-to-app-js/package.json,/app-to-phone-swift/package.json,/app-to-phone-kotlin/package.json,/app-to-phone-java/package.json,/phone-to-app-java/package.json,/phone-to-app-swift/package.json,/app-to-app-kotlin/package.json Dependency Hierarchy: -> ❌ express-4.17.1.tgz (Vulnerable Library) |
Medium |
5.0 | express-4.17.1.tgz | Upgrade to version: express - 4.20.0,5.0.0 | #42 |
CVE-2017-16137Path to dependency file: /app-to-app-js/package.json Path to vulnerable library: /app-to-app-js/package.json,/app-to-phone-js/package.json,/in-app-messaging-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-7.0.1.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ debug-4.1.1.tgz (Vulnerable Library) |
 Low |
3.7 | debug-4.1.1.tgz | Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 | #31 |
CVE-2017-16137Path to dependency file: /app-to-app-js/package.json Path to vulnerable library: /app-to-app-js/package.json,/app-to-phone-js/package.json,/in-app-messaging-js/package.json,/phone-to-app-js/package.json Dependency Hierarchy: -> nexmo-client-8.0.4.tgz (Root Library) -> socket.io-2.4.1.tgz -> ❌ debug-4.1.1.tgz (Vulnerable Library) |
Low |
3.7 | debug-4.1.1.tgz | Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 | #24 |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2020-29582 | kotlin-stdlib-1.3.72.jar |
| CVE-2020-15250 | junit-4.12.jar |
| CVE-2021-36090 | commons-compress-1.12.jar |
| CVE-2021-22569 | protobuf-java-3.10.0.jar |
| CVE-2022-3171 | protobuf-java-3.10.0.jar |
| CVE-2024-7254 | protobuf-java-3.10.0.jar |
| CVE-2024-30172 | bcprov-jdk15on-1.56.jar |
| CVE-2019-17359 | bcprov-jdk15on-1.56.jar |
| CVE-2020-13956 | httpclient-4.5.6.jar |
| CVE-2022-24329 | kotlin-stdlib-1.3.72.jar |
| CVE-2022-24329 | kotlin-stdlib-1.5.20.jar |
| WS-2021-0419 | gson-2.8.6.jar |
| CVE-2023-33201 | bcprov-jdk15on-1.56.jar |
| WS-2019-0379 | commons-codec-1.10.jar |
| CVE-2024-25710 | commons-compress-1.12.jar |
| CVE-2021-35517 | commons-compress-1.12.jar |
| CVE-2022-24329 | kotlin-stdlib-1.5.0.jar |
| CVE-2021-35516 | commons-compress-1.12.jar |
| CVE-2023-3635 | okio-2.7.0.jar |
| CVE-2024-29857 | bcprov-jdk15on-1.56.jar |
| CVE-2023-0833 | okhttp-4.8.1.jar |
| CVE-2021-35515 | commons-compress-1.12.jar |
| CVE-2020-26939 | bcprov-jdk15on-1.56.jar |
| CVE-2022-3510 | protobuf-java-3.10.0.jar |
| CVE-2023-33202 | bcprov-jdk15on-1.56.jar |
| CVE-2022-25867 | socket.io-client-1.0.0.jar |
| CVE-2020-17521 | groovy-all-2.4.15.jar |
| CVE-2023-2976 | guava-28.1-jre.jar |
| CVE-2022-3509 | protobuf-java-3.10.0.jar |
| CVE-2022-23437 | xercesImpl-2.12.0.jar |
| CVE-2022-25647 | gson-2.8.6.jar |
| CVE-2018-1000180 | bcprov-jdk15on-1.56.jar |
| CVE-2020-8908 | guava-28.1-jre.jar |
| CVE-2020-15522 | bcprov-jdk15on-1.56.jar |
| CVE-2022-24329 | kotlin-stdlib-1.4.31.jar |
Base branch total remaining vulnerabilities: 54
Base branch commit: null
Total libraries scanned: 149
Scan token: d24ce9a953554d34bfdeb2c00154996c