Our security experts have flagged our usage of QuickBuild for having several Critical and High security alerts and are urging them to be fixed or stop using QuickBuild.
Could you take a look and fix them if possible, please?
Doing a simple scan with the grype tool (
https://github.com/anchore/grype) of the quickbuild install directory yields the following security alerts for version 14.0.7:
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
ant 1.9.3 1.10.9 java-archive GHSA-f62v-xpxf-3v68 High
ant 1.9.3 1.9.16 java-archive GHSA-q5r4-cfpx-h6fh Medium
ant 1.9.3 1.9.16 java-archive GHSA-5v34-g2px-j4fw Medium
ant 1.9.3 1.9.15 java-archive GHSA-4p6w-m9wc-c9c9 Medium
aws-java-sdk-s3 1.11.1034 1.12.261 java-archive GHSA-c28r-hw5m-5gv3 High
axis 1.4 java-archive GHSA-rmqp-9w4c-gc7w Critical
axis 1.4 java-archive GHSA-h9gj-rqrw-x4fq High
axis 1.4 java-archive GHSA-r53v-vm87-f72c Medium
axis 1.4 java-archive GHSA-96jq-75wh-2658 Medium
axis 1.4 java-archive GHSA-55w9-c3g2-4rrh Medium
c3p0 0.9.2.1 0.9.5.3 java-archive GHSA-q485-j897-qc27 Critical
c3p0 0.9.2.1 0.9.5.4 java-archive GHSA-84p2-vf58-xhxv High
commons-beanutils 1.8.2 1.9.2 java-archive GHSA-p66x-2cv9-qq3v High
commons-beanutils 1.8.2 1.9.4 java-archive GHSA-6phf-73q6-gh87 High
commons-compress 1.4.1 1.21 java-archive GHSA-xqfj-vm6h-2x34 High
commons-compress 1.4.1 1.21 java-archive GHSA-mc84-pj99-q6hh High
commons-compress 1.4.1 1.21 java-archive GHSA-crv7-7245-f45f High
commons-compress 1.4.1 1.21 java-archive GHSA-7hfm-57qf-j43q High
commons-compress 1.4.1 1.26.0 java-archive GHSA-4g9r-vxhx-9pgx High
commons-compress 1.4.1 1.18 java-archive GHSA-hrmr-f5m6-m9pq Medium
commons-email 1.3.3 1.5 java-archive GHSA-v7cm-w955-pj6g High
commons-email 1.3.3 1.5 java-archive GHSA-p7vm-phxx-g722 High
commons-io 1.4 2.7 java-archive GHSA-gwrp-pvrq-jmwv Medium
commons-net 3.2 3.9.0 java-archive GHSA-cgp8-4m63-fhh5 Medium
google-oauth-client 1.31.5 1.33.3 java-archive GHSA-xh97-72ww-2w58 High
gson 2.8.0 2.8.9 java-archive GHSA-4jrv-ppp4-jm57 High
guava 13.0.1 24.1.1-android java-archive GHSA-mvr2-9pj6-7w5j Medium
guava 13.0.1 32.0.0-android java-archive GHSA-7g45-4rm6-3mm3 Medium
guava 13.0.1 32.0.0-android java-archive GHSA-5mg8-w23w-74h3 Low
guava 20.0 24.1.1-android java-archive GHSA-mvr2-9pj6-7w5j Medium
guava 20.0 32.0.0-android java-archive GHSA-7g45-4rm6-3mm3 Medium
guava 20.0 32.0.0-android java-archive GHSA-5mg8-w23w-74h3 Low
hibernate-core 4.3.11.Final 5.3.20.Final java-archive GHSA-j8jw-g6fq-mp7h High
hibernate-validator 5.2.2.Final 5.2.5.Final java-archive GHSA-xxgp-pcfc-3vgc High
jackson-databind 2.10.2 2.12.7.1 java-archive GHSA-rgv9-q543-rqg4 High
jackson-databind 2.10.2 2.12.7.1 java-archive GHSA-jjjh-jjxp-wpff High
jackson-databind 2.10.2 2.12.6.1 java-archive GHSA-57j2-w4cx-62h2 High
jackson-databind 2.10.2 2.12.6 java-archive GHSA-3x8x-79m2-3w2w High
jackson-databind 2.10.2 2.10.5.1 java-archive GHSA-288c-cq4h-88gq High
jdom 1.1 java-archive GHSA-2363-cqg2-863c High
jettison 1.1 1.5.2 java-archive GHSA-x27m-9w8j-5vcw High
jettison 1.1 1.5.4 java-archive GHSA-q6g2-g7f3-rr83 High
jettison 1.1 1.5.2 java-archive GHSA-grr4-wv38-f68w High
jettison 1.1 1.5.2 java-archive GHSA-7rf3-mqpx-h7xg High
jettison 1.1 1.5.1 java-archive GHSA-56h3-78gp-v83r Medium
jetty-http 9.4.46.v20220331 9.4.52 java-archive GHSA-hmr7-m48g-48f6 Medium
jetty-http 9.4.46.v20220331 9.4.47 java-archive GHSA-cj7v-27pg-wf7q Low
jetty-server 9.4.46.v20220331 9.4.51.v20230217 java-archive GHSA-qw69-rqj8-6qw8 Medium
jetty-server 9.4.46.v20220331 9.4.51.v20230217 java-archive GHSA-p26g-97m4-6q7c Low
jetty-servlets 9.4.46.v20220331 9.4.52 java-archive GHSA-3gh6-v5v9-6v9j Low
jetty-xml 9.4.46.v20220331 9.4.52 java-archive GHSA-58qw-p7qm-5rvh Low
json-smart 1.3.1 1.3.3 java-archive GHSA-fg2v-w576-w4v3 High
json-smart 1.3.1 2.4.9 java-archive GHSA-493p-pfq6-5258 High
json-smart 1.3.1 1.3.2 java-archive GHSA-v528-7hrm-frqp Medium
json-smart 2.3 2.4.9 java-archive GHSA-493p-pfq6-5258 High
json-smart 2.3 2.3.1 java-archive GHSA-v528-7hrm-frqp Medium
junit 4.10 4.13.1 java-archive GHSA-269g-pwp5-87pp Medium
log4j 1.2.15 java-archive GHSA-f7vh-qwp3-x37m Critical
log4j 1.2.15 java-archive GHSA-65fg-84f6-3jq3 Critical
log4j 1.2.15 java-archive GHSA-2qrg-x229-3v8q Critical
log4j 1.2.15 java-archive GHSA-w9p3-5cr8-m3jj High
log4j 1.2.15 java-archive GHSA-fp5r-v3w9-4333 High
nimbus-jose-jwt 9.5 9.37.2 java-archive GHSA-gvpg-vgmx-xg6w Medium
ognl 2.6.7 3.0.12 java-archive GHSA-383p-xqxx-rrmp Medium
okio 1.15.0 1.17.6 java-archive GHSA-w33c-445m-f8w7 Medium
quartz 1.8.3 2.3.2 java-archive GHSA-9qcf-c26r-x5rf Critical
snakeyaml 1.23 1.26 java-archive GHSA-rvwf-54qp-4r6v High
snakeyaml 1.23 2.0 java-archive GHSA-mjmj-j48q-9wg2 High
snakeyaml 1.23 1.31 java-archive GHSA-3mc7-4q67-w48m High
snakeyaml 1.23 1.32 java-archive GHSA-w37g-rhq8-7m4j Medium
snakeyaml 1.23 1.31 java-archive GHSA-hhhw-99gj-p3c3 Medium
snakeyaml 1.23 1.31 java-archive GHSA-c4r9-r8fh-9vj2 Medium
snakeyaml 1.23 1.32 java-archive GHSA-9w3m-gqgf-c4p9 Medium
snakeyaml 1.23 1.31 java-archive GHSA-98wm-3w3q-mw94 Medium
spring-beans 2.5.6 5.2.20.RELEASE java-archive GHSA-36p3-wjmg-h94x Critical
spring-beans 2.5.6 5.2.22.RELEASE java-archive GHSA-hh26-6xwr-ggv7 High
spring-context 2.5.6 5.2.21 java-archive GHSA-g5mm-vmx4-3rg7 High
spring-core 2.5.6.SEC01 4.3.16 java-archive GHSA-p5hg-3xm3-gcjg Critical
spring-core 2.5.6.SEC01 4.3.16 java-archive GHSA-3rmv-2pg5-xvqj Critical
spring-core 2.5.6.SEC01 2.5.6.SEC03 java-archive GHSA-wv88-pf73-x22p High
spring-core 2.5.6.SEC01 3.2.15 java-archive GHSA-pgf9-h69p-pcgf High
spring-core 2.5.6.SEC01 4.3.20 java-archive GHSA-ffvq-7w96-97p7 High
spring-core 2.5.6.SEC01 4.3.1 java-archive GHSA-8crv-49fr-2h6j High
spring-core 2.5.6.SEC01 4.3.15 java-archive GHSA-4487-x383-qpph High
spring-core 2.5.6.SEC01 4.3.17 java-archive GHSA-rcpf-vj53-7h2m Medium
spring-core 2.5.6.SEC01 4.3.15 java-archive GHSA-g8hw-794c-4j9g Medium
velocity 1.7 java-archive GHSA-59j4-wjwp-mw9m High
velocity-tools 2.0 java-archive GHSA-fh63-4r66-jc7v Medium
wicket-core 1.5.0 1.5.12 java-archive GHSA-q7wx-mhx4-jr8q High
wicket-core 1.5.0 7.18.0 java-archive GHSA-hmhg-95wh-r699 High
wicket-core 1.5.0 7.17.0 java-archive GHSA-64gv-3pqv-299h High
xmlrpc-common 3.1.3 java-archive GHSA-r2pg-w96p-pcpj Medium
xmlsec 2.1.4 2.1.7 java-archive GHSA-j8wc-gxx9-82hx High
xmlsec 2.1.4 2.2.6 java-archive GHSA-xfrj-6vvc-3xm2 Medium
xstream 1.3.1 1.4.11 java-archive GHSA-hf23-9pf7-388p Critical
xstream 1.3.1 1.4.7 java-archive GHSA-f554-x222-wgf7 Critical
xstream 1.3.1 1.4.18 java-archive GHSA-xw4p-crpj-vjx2 High
xstream 1.3.1 1.4.19 java-archive GHSA-rmr5-cpv2-vgjf High
xstream 1.3.1 1.4.9 java-archive GHSA-rgh3-987h-wpmw High
xstream 1.3.1 1.4.18 java-archive GHSA-qrx8-8545-4wg2 High
xstream 1.3.1 1.4.18 java-archive GHSA-p8pq-r894-fm8f High
xstream 1.3.1 1.4.14-jdk7 java-archive GHSA-mw36-7c6c-q4q2 High
xstream 1.3.1 1.4.18 java-archive GHSA-j9h8-phrw-h4fh High
xstream 1.3.1 1.4.20 java-archive GHSA-j563-grx4-pjpv High
xstream 1.3.1 1.4.18 java-archive GHSA-hph2-m3g5-xxv4 High
xstream 1.3.1 1.4.18 java-archive GHSA-h7v4-7xg3-hxcc High
xstream 1.3.1 1.4.18 java-archive GHSA-g5w6-mrj7-75h2 High
xstream 1.3.1 1.4.20 java-archive GHSA-f8cc-g7j8-xxpm High
xstream 1.3.1 1.4.18 java-archive GHSA-cxfm-5m4g-x7xp High
xstream 1.3.1 1.4.18 java-archive GHSA-8jrj-525p-826v High
xstream 1.3.1 1.4.10 java-archive GHSA-7hwc-46rm-65jh High
xstream 1.3.1 1.4.17 java-archive GHSA-7chv-rrw6-w6fc High
xstream 1.3.1 1.4.18 java-archive GHSA-6w62-hx7r-mw68 High
xstream 1.3.1 1.4.18 java-archive GHSA-64xx-cq4q-mf44 High
xstream 1.3.1 1.4.15 java-archive GHSA-4cch-wxpw-8p28 High
xstream 1.3.1 1.4.18 java-archive GHSA-3ccq-5vw3-2p6x High
xstream 1.3.1 1.4.18 java-archive GHSA-2q8x-2p7f-574v High
xstream 1.3.1 1.4.16 java-archive GHSA-2p3x-qw9c-25hh High
xstream 1.3.1 1.4.16 java-archive GHSA-qpfq-ph7r-qv6f Medium
xstream 1.3.1 1.4.15 java-archive GHSA-jfvx-7wrx-43fh Medium
xstream 1.3.1 1.4.16 java-archive GHSA-hwpc-8xqv-jvj4 Medium
xstream 1.3.1 1.4.16 java-archive GHSA-hvv8-336g-rx3m Medium
xstream 1.3.1 1.4.16 java-archive GHSA-hrcp-8f3q-4w2c Medium
xstream 1.3.1 1.4.16 java-archive GHSA-f6hm-88x3-mfjv Medium
xstream 1.3.1 1.4.16 java-archive GHSA-74cv-f58x-f9wf Medium
xstream 1.3.1 1.4.18 java-archive GHSA-6wf9-jmg9-vxcc Medium
xstream 1.3.1 1.4.16 java-archive GHSA-59jw-jqf4-3wq3 Medium
xstream 1.3.1 1.4.16 java-archive GHSA-56p8-3fh9-4cvq Medium
xstream 1.3.1 1.4.16 java-archive GHSA-4hrm-m67v-5cxr Medium
xstream 1.3.1 1.4.16 java-archive GHSA-43gc-mjxg-gvrq Medium
Bug
Closed
Critical
Upgrade 3rdparty libraries to reduce CVE/GHSA vulnerability alerts