Skip to content

Update dependency commons-beanutils:commons-beanutils to v1.11.0#35

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/commons-beanutils-commons-beanutils-1.x
Open

Update dependency commons-beanutils:commons-beanutils to v1.11.0#35
dev-mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/commons-beanutils-commons-beanutils-1.x

Update dependency commons-beanutils:commons-beanutils to v1.11.0

34596cd
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Jun 30, 2025 in 14m 46s

Security Report

You have successfully remediated 6 vulnerabilities, but introduced 12 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-8309

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/langchain-0.0.331.dist-info

Dependency Hierarchy:

-> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library)

Critical 9.8 langchain-0.0.331-py3-none-any.whl Upgrade to version: langchain-community - 0.2.19 None
CVE-2025-48988

Path to dependency file: /nifi-registry/nifi-registry-core/nifi-registry-web-api/pom.xml

Path to vulnerable library: /nifi-registry/nifi-registry-core/nifi-registry-web-api/pom.xml

Dependency Hierarchy:

-> spring-boot-starter-web-3.2.0.jar (Root Library)

   -> spring-boot-starter-tomcat-3.2.0.jar

     -> ❌ tomcat-embed-core-10.1.16.jar (Vulnerable Library)

High 7.5 tomcat-embed-core-10.1.16.jar None
CVE-2025-49125

Path to dependency file: /nifi-registry/nifi-registry-core/nifi-registry-web-api/pom.xml

Path to vulnerable library: /nifi-registry/nifi-registry-core/nifi-registry-web-api/pom.xml

Dependency Hierarchy:

-> spring-boot-starter-web-3.2.0.jar (Root Library)

   -> spring-boot-starter-tomcat-3.2.0.jar

     -> ❌ tomcat-embed-core-10.1.16.jar (Vulnerable Library)

Medium 6.5 tomcat-embed-core-10.1.16.jar None
CVE-2021-41496

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> langchain-0.0.331-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.5 numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl None
CVE-2021-41496

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> chromadb-0.4.14-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.5 numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl None
CVE-2021-41496

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.5 numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl None
CVE-2021-41495

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> langchain-0.0.331-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl None
CVE-2021-41495

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> chromadb-0.4.14-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl None
CVE-2021-41495

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl None
CVE-2021-33430

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> langchain-0.0.331-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: numpy - 1.21.0 None
CVE-2021-33430

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> chromadb-0.4.14-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: numpy - 1.21.0 None
CVE-2021-33430

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250630145555_GGIPXP/python_TMOFVL/202506301455561/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: numpy - 1.21.0 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2021-41496 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2021-41495 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2025-50181 urllib3-2.0.7-py3-none-any.whl
CVE-2025-50182 urllib3-2.0.7-py3-none-any.whl
CVE-2021-33430 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2025-4565 protobuf-4.24.4-cp37-abi3-manylinux2014_x86_64.whl

Base branch total remaining vulnerabilities: 73
Base branch commit: null


Total libraries scanned: 1974

Scan token: d07c98fa5dcf4abca2f64f4df3bffb38

View more details on Dev - Mend for GitHub.com