Skip to content

Update pom.xml#9

Open
JDGologic wants to merge 1 commit intomainfrom
JDGologic-patch-1
Open

Update pom.xml#9
JDGologic wants to merge 1 commit intomainfrom
JDGologic-patch-1

Conversation

@JDGologic
Copy link
Copy Markdown
Owner

@JDGologic JDGologic commented Oct 10, 2025

Thank you for submitting a pull request to the WebGoat!

@github-actions
Copy link
Copy Markdown

github-actions bot commented Oct 10, 2025

Dependency Review

The following issues were found:
  • ❌ 1 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
See the Details below.

Vulnerabilities

pom.xml

NameVersionVulnerabilitySeverity
org.apache.logging.log4j:log4j-core2.13.1Incomplete fix for Apache Log4j vulnerabilitycritical
Remote code injection in Log4jcritical
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursionhigh
Improper Input Validation and Injection in Apache Log4j2moderate
Only included vulnerabilities with severity moderate or higher.

OpenSSF Scorecard

PackageVersionScoreDetails
maven/org.apache.logging.log4j:log4j-core 2.13.1 🟢 8.3
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 44 out of 9 merged PRs checked by a CI test -- score normalized to 4
CII-Best-Practices⚠️ 2badge detected: in_progress
Code-Review⚠️ 1found 20 unreviewed changesets out of 23 -- score normalized to 1
Contributors🟢 1046 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 17 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 10no vulnerabilities detected

Scanned Files

  • pom.xml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JDGologic