Skip to content

[Snyk] Fix for 38 vulnerabilities #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 38 vulnerabilities #13

wants to merge 1 commit into from

Conversation

@lcrowther-snyk
Copy link
Owner

@lcrowther-snyk lcrowther-snyk commented Feb 17, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity
medium severity 101/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00046, Social Trends: No, Days since published: 783, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.67, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698		 No No Known Exploit
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00218, Social Trends: No, Days since published: 708, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244		 No No Known Exploit
medium severity 146/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00181, Social Trends: No, Days since published: 503, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.42, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424		 No Proof of Concept
medium severity 146/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00173, Social Trends: No, Days since published: 503, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.42, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426		 No Proof of Concept
high severity 286/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00473, Social Trends: No, Days since published: 839, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.63, Likelihood: 3.31, Score Version: V5		 XML External Entity (XXE) Injection
SNYK-JAVA-COMH2DATABASE-1769238		 Yes Proof of Concept
medium severity 222/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.02767, Social Trends: No, Days since published: 780, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.27, Score Version: V5		 Arbitrary Code Execution
SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339		 No Proof of Concept
high severity 101/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Local, EPSS: 0.00043, Social Trends: No, Days since published: 750, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.02, Score Version: V5		 Privilege Escalation
SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084		 No No Known Exploit
low severity 40/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00409, Social Trends: No, Days since published: 506, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.68, Score Version: V5		 Information Exposure
SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793		 No No Known Exploit
low severity 40/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00347, Social Trends: No, Days since published: 472, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.68, Score Version: V5		 HTTP Request Smuggling
SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829		 No No Known Exploit
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00254, Social Trends: No, Days since published: 408, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Improper Input Validation
SNYK-JAVA-ORGAPACHETOMCATEMBED-3225086		 No No Known Exploit
medium severity 115/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00769, Social Trends: No, Days since published: 361, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.91, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459		 No No Known Exploit
medium severity 49/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00089, Social Trends: No, Days since published: 331, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.06, Score Version: V5		 Unprotected Transport of Credentials
SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687		 No No Known Exploit
medium severity 87/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00244, Social Trends: No, Days since published: 175, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.06, Score Version: V5		 Access Restriction Bypass
SNYK-JAVA-ORGAPACHETOMCATEMBED-5862028		 No No Known Exploit
medium severity 49/1000
Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00222, Social Trends: No, Days since published: 129, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.06, Score Version: V5		 Improper Input Validation
SNYK-JAVA-ORGAPACHETOMCATEMBED-5959654		 No No Known Exploit
medium severity 49/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00974, Social Trends: No, Days since published: 129, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.08, Score Version: V5		 Incomplete Cleanup
SNYK-JAVA-ORGAPACHETOMCATEMBED-5959972		 No No Known Exploit
high severity 163/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00484, Social Trends: No, Days since published: 80, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.07, Score Version: V5		 Improper Input Validation
SNYK-JAVA-ORGAPACHETOMCATEMBED-6092281		 No No Known Exploit
medium severity 41/1000
Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00054, Social Trends: No, Days since published: 771, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.73, Score Version: V5		 Improper Input Validation
SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878		 No No Known Exploit
medium severity 45/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00081, Social Trends: No, Days since published: 690, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828		 No No Known Exploit
low severity 57/1000
Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00065, Social Trends: No, Days since published: 674, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.42, Score Version: V5		 Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634		 No Proof of Concept
medium severity 91/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00157, Social Trends: No, Days since published: 646, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.51, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313		 No No Known Exploit
medium severity 49/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00062, Social Trends: No, Days since published: 331, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.06, Score Version: V5		 Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749		 No No Known Exploit
critical severity 243/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0007, Social Trends: No, Days since published: 331, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 8.63, Likelihood: 2.81, Score Version: V5		 Improper Access Control
SNYK-JAVA-ORGSPRINGFRAMEWORK-3369852		 No Proof of Concept
medium severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00248, Social Trends: No, Days since published: 309, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217		 No No Known Exploit
high severity 124/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00072, Social Trends: No, Days since published: 274, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390		 No No Known Exploit
high severity 188/1000
Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00854, Social Trends: No, Days since published: 640, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.66, Score Version: V5		 Authorization Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-2833359		 No Proof of Concept
medium severity 115/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Local, EPSS: 0.00153, Social Trends: No, Days since published: 640, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 6.65, Likelihood: 1.72, Score Version: V5		 Integer Overflow or Wraparound
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-2833360		 No Proof of Concept
high severity 147/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01277, Social Trends: No, Days since published: 473, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.63, Likelihood: 1.7, Score Version: V5		 Authorization Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-3092126		 No No Known Exploit
critical severity 243/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00205, Social Trends: No, Days since published: 214, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 8.63, Likelihood: 2.81, Score Version: V5		 Access Control Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-5777893		 No Proof of Concept
high severity 173/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.03739, Social Trends: No, Days since published: 827, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.76, Score Version: V5		 Remote Code Execution
SNYK-JAVA-ORGTHYMELEAF-1915389		 No No Known Exploit
critical severity 275/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00055, Social Trends: No, Days since published: 218, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.81, Score Version: V5		 Sandbox Bypass
SNYK-JAVA-ORGTHYMELEAF-5811866		 Yes Proof of Concept
medium severity 118/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1284, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.96, Score Version: V5		 Cross-site Scripting (XSS)
SNYK-JAVA-ORGTHYMELEAFEXTRAS-572299		 No No Known Exploit
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00081, Social Trends: No, Days since published: 537, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-ORGYAML-2806360		 Yes No Known Exploit
low severity 58/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00125, Social Trends: No, Days since published: 530, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.42, Score Version: V5		 Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3016888		 Yes Proof of Concept
low severity 40/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00048, Social Trends: No, Days since published: 530, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.67, Score Version: V5		 Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3016889		 Yes No Known Exploit
medium severity 59/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00098, Social Trends: No, Days since published: 530, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.48, Score Version: V5		 Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3016891		 Yes Proof of Concept
low severity 40/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00102, Social Trends: No, Days since published: 461, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.67, Score Version: V5		 Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3113851		 Yes No Known Exploit
medium severity 217/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00577, Social Trends: No, Days since published: 435, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.21, Score Version: V5		 Arbitrary Code Execution
SNYK-JAVA-ORGYAML-3152153		 net.datafaker:datafaker:
1.7.0 -> 1.9.0
Yes Proof of Concept
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00098, Social Trends: No, Days since published: 537, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-ORGYAML-6056527		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Vulnerabilities that could not be fixed

  • Upgrade:
    • Could not upgrade com.h2database:[email protected] to com.h2database:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.0/spring-boot-dependencies-2.6.0.pom
    • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.0/spring-boot-dependencies-2.6.0.pom
    • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.0/spring-boot-dependencies-2.6.0.pom
    • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.0/spring-boot-dependencies-2.6.0.pom
    • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.0/spring-boot-dependencies-2.6.0.pom
    • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.0/spring-boot-dependencies-2.6.0.pom
    • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.0/spring-boot-dependencies-2.6.0.pom
    • Could not upgrade org.thymeleaf.extras:[email protected] to org.thymeleaf.extras:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.0/spring-boot-dependencies-2.6.0.pom

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 XML External Entity (XXE) Injection
🦉 Arbitrary Code Execution
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: pom.xml to reduce vulnerabilities
0df90e9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426
- https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3225086
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5862028
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5959654
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5959972
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6092281
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369852
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-2833359
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-2833360
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-3092126
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-5777893
- https://snyk.io/vuln/SNYK-JAVA-ORGTHYMELEAF-1915389
- https://snyk.io/vuln/SNYK-JAVA-ORGTHYMELEAF-5811866
- https://snyk.io/vuln/SNYK-JAVA-ORGTHYMELEAFEXTRAS-572299
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-6056527
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lcrowther-snyk @snyk-bot