Skip to content

[Snyk] Fix for 16 vulnerabilities #452

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 16 vulnerabilities #452

wants to merge 1 commit into from

Conversation

skjolber
Copy link
Owner

snyk-top-banner

Snyk has created this PR to fix 16 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • examples/cxf/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Path Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-7945490		   756   Major version upgrade Proof of Concept
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHECXF-8648831		   696   org.apache.cxf:cxf-rt-frontend-jaxws:
3.5.4 -> 3.5.10
org.apache.cxf:cxf-rt-transports-http:
3.5.4 -> 3.5.10
No Known Exploit
high severity Open Redirect
SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586		   676   Major version upgrade Proof of Concept
critical severity Time-of-check Time-of-use (TOCTOU) Race Condition
SNYK-JAVA-ORGAPACHETOMCATEMBED-8523186		   674   Major version upgrade No Known Exploit
critical severity Time-of-check Time-of-use (TOCTOU) Race Condition
SNYK-JAVA-ORGAPACHETOMCATEMBED-8547999		   674   Major version upgrade No Known Exploit
high severity Path Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373		   649   Major version upgrade No Known Exploit
high severity Open Redirect
SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790		   569   Major version upgrade No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-7687447		   559   Major version upgrade No Known Exploit
medium severity Improper Neutralization of Special Elements
SNYK-JAVA-CHQOSLOGBACK-8539866		   509   Major version upgrade No Known Exploit
medium severity Improper Neutralization of Special Elements
SNYK-JAVA-CHQOSLOGBACK-8539867		   509   Major version upgrade No Known Exploit
medium severity Open Redirect
SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980		   484   Major version upgrade No Known Exploit
low severity Server-side Request Forgery (SSRF)
SNYK-JAVA-CHQOSLOGBACK-8539865		   334   Major version upgrade No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364		   329   Major version upgrade No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365		   329   Major version upgrade No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366		   329   Major version upgrade No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368		   329   Major version upgrade No Known Exploit

Vulnerabilities that could not be fixed

  • Upgrade:
    • Could not upgrade org.springframework.boot:spring-boot-starter-web@2.7.5 to org.springframework.boot:spring-boot-starter-web@3.3.7; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.7.5/spring-boot-dependencies-2.7.5.pom
  • Could not upgrade org.springframework.boot:spring-boot-starter-web-services@2.7.5 to org.springframework.boot:spring-boot-starter-web-services@3.3.7; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.7.5/spring-boot-dependencies-2.7.5.pom

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Denial of Service (DoS)
🦉 Path Traversal
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: examples/cxf/pom.xml to reduce vulnerabilities
f5ac02e 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-7945490
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECXF-8648831
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-8523186
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-8547999
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-7687447
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-8539866
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-8539867
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-8539865
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@skjolber @snyk-bot