Skip to content

[Snyk] Fix for 37 vulnerabilities #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 37 vulnerabilities #42

wants to merge 1 commit into from

Conversation

@sanghal
Copy link
Owner

@sanghal sanghal commented Jul 15, 2025

snyk-top-banner

Snyk has created this PR to fix 37 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458		   805   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade Reachable Proof of Concept
critical severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-456705		   790   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade Reachable No Known Exploit
medium severity Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967		   745   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade Reachable Mature
high severity Remote Code Execution (RCE)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183		   725   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Mature
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540		   685   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade Reachable Proof of Concept
high severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977		   675   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade Reachable No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897		   670   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade Reachable Proof of Concept
medium severity Insecure XML deserialization
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764		   660   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade Reachable Mature
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-8352924		   660   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191		   650   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
high severity Uncontrolled Recursion
SNYK-JAVA-COMMONSLANG-10734077		   640   org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found No Known Exploit
medium severity Arbitrary File Deletion
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966		   640   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade Reachable Proof of Concept
high severity Stack-based Buffer Overflow
SNYK-JAVA-COMFASTERXMLJACKSONCORE-10500754		   635   org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337		   600   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189		   550   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332		   530   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334		   530   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336		   530   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328		   515   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331		   495   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329		   490   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330		   490   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333		   490   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335		   490   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338		   490   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180		   415   com.thoughtworks.xstream:xstream:
1.4.10 -> 1.4.21
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:
1.4.0.RELEASE -> 4.1.3
Major version upgrade No Path Found No Known Exploit

Vulnerabilities that could not be fixed

  • Upgrade:
    • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.1.RELEASE/spring-boot-dependencies-1.5.1.RELEASE.pom

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data
🦉 Arbitrary File Deletion
🦉 Server-Side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: pom.xml to reduce vulnerabilities
858c31b 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-456705
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-8352924
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191
- https://snyk.io/vuln/SNYK-JAVA-COMMONSLANG-10734077
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-10500754
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sanghal @snyk-bot