[Snyk] Fix for 84 vulnerabilities #7

p0mel0 · 2023-10-04T05:10:54Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
520/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
520/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
520/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Mature	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
675/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Mature	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	Proof of Concept	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884	`io.jsonwebtoken:jjwt:` `0.9.1 -> 0.12.0`	No	No Known Exploit	No Path Found
390/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.3	Information Disclosure SNYK-JAVA-COMGOOGLEGUAVA-1015415	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	Proof of Concept	No Path Found
445/1000 Why? Has a fix available, CVSS 5.9	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLEGUAVA-32236	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
315/1000 Why? Has a fix available, CVSS 3.3	Creation of Temporary File in Directory with Insecure Permissions SNYK-JAVA-COMGOOGLEGUAVA-5710356	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
600/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	XML External Entity (XXE) Injection SNYK-JAVA-DOM4J-174153	`org.apache.poi:poi-ooxml:` `3.9 -> 3.11`	No	Proof of Concept	No Path Found
520/1000 Why? Has a fix available, CVSS 7.4	XML External Entity (XXE) Injection SNYK-JAVA-DOM4J-2812975	`org.apache.poi:poi-ooxml:` `3.9 -> 3.11`	No	No Known Exploit	No Path Found
475/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-IONETTY-1020439	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
460/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1070799	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
460/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1082234	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
460/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1082235	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
460/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1082236	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
460/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1082238	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
595/1000 Why? Mature exploit, Has a fix available, CVSS 5.9	HTTP Request Smuggling SNYK-JAVA-IONETTY-1317097	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	Mature	No Path Found
525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-IONETTY-1584063	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-IONETTY-1584064	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
475/1000 Why? Has a fix available, CVSS 6.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-2314893	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-IONETTY-2342128	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
425/1000 Why? Has a fix available, CVSS 5.5	Information Exposure SNYK-JAVA-IONETTY-2812456	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-IONETTY-30433	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
475/1000 Why? Has a fix available, CVSS 6.5	Insecure Defaults SNYK-JAVA-IONETTY-31515	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
550/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-469234	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	Proof of Concept	No Path Found
600/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-543490	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	Proof of Concept	No Path Found
600/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-543669	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	Proof of Concept	No Path Found
475/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-IONETTY-5725787	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
525/1000 Why? Has a fix available, CVSS 7.5	Information Exposure SNYK-JAVA-IONETTY-575112	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
565/1000 Why? Is reachable, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	Reachable
385/1000 Why? Has a fix available, CVSS 4.7	Information Exposure SNYK-JAVA-ORGBOUNCYCASTLE-5771339	`org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:` `1.4.0.RELEASE -> 4.0.3`	Yes	No Known Exploit	No Path Found
410/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634		Yes	Proof of Concept	No Path Found
715/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Sandbox Bypass SNYK-JAVA-ORGTHYMELEAF-5811866		Yes	Proof of Concept	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Vulnerabilities that could not be fixed

Upgrade:
- Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.1.RELEASE/spring-boot-dependencies-1.5.1.RELEASE.pom
- Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.1.RELEASE/spring-boot-dependencies-1.5.1.RELEASE.pom

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data
🦉 Denial of Service (DoS)
🦉 Creation of Temporary File in Directory with Insecure Permissions
🦉 More lessons are available in Snyk Learn

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 84 vulnerabilities #7

[Snyk] Fix for 84 vulnerabilities #7

Uh oh!

p0mel0 commented Oct 4, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Fix for 84 vulnerabilities #7

Are you sure you want to change the base?

[Snyk] Fix for 84 vulnerabilities #7

Uh oh!

Conversation

p0mel0 commented Oct 4, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Vulnerabilities that could not be fixed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants