Skip to content

Update dependency org.springframework:spring-web to v5.3.38 #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency org.springframework:spring-web to v5.3.38

38aee29
Select commit
Loading
Failed to load commit list.
Open

Update dependency org.springframework:spring-web to v5.3.38 #17

Update dependency org.springframework:spring-web to v5.3.38
38aee29
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Feb 25, 2026 in 52m 57s

Security Report

You have successfully remediated 22 vulnerabilities, but introduced 19 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2025-41249

Path to dependency file: /plugins/portlet-junit/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar

Dependency Hierarchy:

-> ❌ spring-core-5.3.38.jar (Vulnerable Library)

High 7.5 Direct spring-core-5.3.38.jar spring-core-5.3.38.jar https://github.com/spring-projects/spring-framework.git - v6.2.11,org.springframework:spring-core:6.2.11 None
CVE-2020-11023

Dependency Hierarchy:

-> ❌ jquery-1.12.4.min.js (Vulnerable Library)

Medium 6.9 Direct jquery-1.12.4.min.js jquery-1.12.4.min.js org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jQuery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,org.webjars.npm:jquery:3.5.0,jQuery - 3.5.0 #8
CVE-2020-11022

Dependency Hierarchy:

-> ❌ jquery-1.12.4.min.js (Vulnerable Library)

Medium 6.9 Direct jquery-1.12.4.min.js jquery-1.12.4.min.js org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0 #8
CVE-2018-1257

Path to dependency file: /plugins/portlet-junit/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar

Dependency Hierarchy:

-> ❌ spring-core-5.3.38.jar (Vulnerable Library)

Medium 6.5 Direct spring-core-5.3.38.jar spring-core-5.3.38.jar 5.0.6,4.3.17 None
CVE-2019-11358

Dependency Hierarchy:

-> ❌ jquery-1.12.4.min.js (Vulnerable Library)

Medium 6.1 Direct jquery-1.12.4.min.js jquery-1.12.4.min.js org.webjars.npm:jquery:3.4.0,django - 2.2.2,jquery - 3.4.0,jquery-rails - 4.3.4,django - 2.1.9,jQuery - 3.4.0,jquery-rails - 4.3.4,django - 2.2.2,django - 2.1.9,org.webjars.npm:jquery:3.4.0,jQuery - 3.4.0,jquery - 3.4.0 #8
CVE-2018-20677

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Medium 6.1 Direct bootstrap-3.3.4.min.js bootstrap-3.3.4.min.js bootstrap - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap-sass - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 3.4.0 #5
CVE-2018-20676

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Medium 6.1 Direct bootstrap-3.3.4.min.js bootstrap-3.3.4.min.js bootstrap - 3.4.0,bootstrap-sass - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0 #5
CVE-2018-14040

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Medium 6.1 Direct bootstrap-3.3.4.min.js bootstrap-3.3.4.min.js org.webjars:bootstrap:4.1.2,https://github.com/twbs/bootstrap.git - v4.1.2,bootstrap - 4.1.2,bootstrap-sass - 3.4.0,bootstrap - 3.4.0,bootstrap - 4.1.2,bootstrap - 4.1.2,org.webjars:bootstrap:3.4.0,bootstrap.sass - 4.1.2,bootstrap - 3.4.0 #5
CVE-2016-10735

Dependency Hierarchy:

-> ❌ bootstrap-3.3.4.min.js (Vulnerable Library)

Medium 6.1 Direct bootstrap-3.3.4.min.js bootstrap-3.3.4.min.js bootstrap - 3.4.0,bootstrap-sass - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 4.0.0-beta.2,org.webjars:bootstrap:4.0.0-beta.2 #5
CVE-2015-9251

Dependency Hierarchy:

-> ❌ jquery-1.12.4.min.js (Vulnerable Library)

Medium 6.1 Direct jquery-1.12.4.min.js jquery-1.12.4.min.js jquery - 3.0.0,org.webjars.npm:jquery:1.12.2,jQuery - 3.0.0,jquery-rails - 4.2.0,jquery - 1.12.2,org.webjars.npm:jquery:3.0.0,jQuery - 1.12.2,jQuery - 3.0.0,org.webjars.npm:jquery:1.12.2,org.webjars.npm:jquery:3.0.0,jquery - 3.0.0,jquery - 1.12.2,jQuery - 1.12.2,jquery-rails - 4.2.0 #8
CVE-2018-1271

Path to dependency file: /plugins/portlet-junit/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar

Dependency Hierarchy:

-> ❌ spring-core-5.3.38.jar (Vulnerable Library)

Medium 5.9 Direct spring-core-5.3.38.jar spring-core-5.3.38.jar org.springframework:spring-webflux:5.0.5.RELEASE,org.springframework:spring-webmvc:4.3.15.RELEASE,5.0.5.RELEASE None
CVE-2024-38828

Path to dependency file: /plugins/spring/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar

Dependency Hierarchy:

-> ❌ spring-web-5.3.38.jar (Vulnerable Library)

Medium 5.3 Direct spring-web-5.3.38.jar spring-web-5.3.38.jar None
CVE-2024-38828

Path to dependency file: /plugins/portlet-junit/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar

Dependency Hierarchy:

-> ❌ spring-core-5.3.38.jar (Vulnerable Library)

Medium 5.3 Direct spring-core-5.3.38.jar spring-core-5.3.38.jar None
CVE-2024-38808

Path to dependency file: /plugins/portlet-junit/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar

Dependency Hierarchy:

-> struts2-junit-plugin-6.4.0-SNAPSHOT.jar (Root Library)

   -> spring-context-5.3.38.jar

     -> ❌ spring-expression-5.3.38.jar (Vulnerable Library)

Medium 4.3 Transitive spring-expression-5.3.38.jar struts2-junit-plugin-6.4.0-SNAPSHOT.jar Transitive org.springframework:spring-expression:5.3.39 None
CVE-2024-38808

Path to dependency file: /plugins/portlet-junit/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar

Dependency Hierarchy:

-> struts2-spring-plugin-6.4.0-SNAPSHOT.jar (Root Library)

   -> spring-context-5.3.38.jar

     -> ❌ spring-expression-5.3.38.jar (Vulnerable Library)

Medium 4.3 Transitive spring-expression-5.3.38.jar struts2-spring-plugin-6.4.0-SNAPSHOT.jar Transitive org.springframework:spring-expression:5.3.39 None
CVE-2024-38808

Path to dependency file: /plugins/portlet-junit/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.38/spring-expression-5.3.38.jar

Dependency Hierarchy:

-> spring-context-5.3.38.jar (Root Library)

   -> ❌ spring-expression-5.3.38.jar (Vulnerable Library)

Medium 4.3 Transitive spring-expression-5.3.38.jar spring-context-5.3.38.jar Transitive org.springframework:spring-expression:5.3.39 None
CVE-2025-22233

Path to dependency file: /apps/showcase/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/5.3.38/spring-context-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/5.3.38/spring-context-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/5.3.38/spring-context-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-context/5.3.38/spring-context-5.3.38.jar

Dependency Hierarchy:

-> ❌ spring-context-5.3.38.jar (Vulnerable Library)

Low 3.1 Direct spring-context-5.3.38.jar spring-context-5.3.38.jar https://github.com/spring-projects/spring-framework.git - v6.1.20 ,org.springframework:spring-context:6.1.20,org.springframework:spring-context:6.2.7,https://github.com/spring-projects/spring-framework.git - v6.2.7 None
CVE-2024-38820

Path to dependency file: /plugins/spring/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.38/spring-web-5.3.38.jar

Dependency Hierarchy:

-> ❌ spring-web-5.3.38.jar (Vulnerable Library)

Low 3.1 Direct spring-web-5.3.38.jar spring-web-5.3.38.jar org.springframework:spring-context:6.1.14 None
CVE-2024-38820

Path to dependency file: /plugins/portlet-junit/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.38/spring-core-5.3.38.jar

Dependency Hierarchy:

-> ❌ spring-core-5.3.38.jar (Vulnerable Library)

Low 3.1 Direct spring-core-5.3.38.jar spring-core-5.3.38.jar org.springframework:spring-context:6.1.14 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2019-11358 jquery-1.9.2.js
CVE-2024-38820 spring-core-5.3.31.jar
CVE-2025-41249 spring-core-5.3.31.jar
CVE-2020-11023 jquery-2.1.4.min.js
CVE-2018-1271 spring-core-5.3.31.jar
CVE-2020-11023 jquery-1.9.2.js
CVE-2018-1257 spring-core-5.3.31.jar
CVE-2024-22259 spring-web-5.3.31.jar
CVE-2024-22243 spring-web-5.3.31.jar
CVE-2024-38828 spring-core-5.3.31.jar
CVE-2024-38809 spring-web-5.3.31.jar
CVE-2024-38820 spring-web-5.3.31.jar
CVE-2020-11022 jquery-1.9.2.js
CVE-2018-20677 struts-STRUTS_2_5_33
CVE-2015-9251 jquery-2.1.4.min.js
CVE-2015-9251 jquery-1.9.2.js
CVE-2024-38828 spring-web-5.3.31.jar
CVE-2019-11358 jquery-2.1.4.min.js
CVE-2025-22233 spring-context-5.3.31.jar
CVE-2020-11022 jquery-2.1.4.min.js
CVE-2024-38808 spring-expression-5.3.31.jar
CVE-2018-14040 struts-STRUTS_2_5_33

Base branch total remaining vulnerabilities: 43
Base branch commit: 6b1fdbf919ae4458f9791f009eaad0db6d84381a


Total libraries scanned: 101

Scan token: 65fddb49ca82445594891024a0aa1f5f

View more details on Dev - Mend for GitHub.com