[Snyk] Fix for 63 vulnerabilities by code8buster · Pull Request #1 · code8buster/java-goof

code8buster · 2025-01-21T08:42:48Z

Snyk has created this PR to fix 63 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

todolist-goof/todolist-web-struts/pom.xml
todolist-goof/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue	Score	Upgrade
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720	800	org.apache.logging.log4j:log4j-core: `2.7` -> `2.13.2` `No Path Found` `Mature`
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30207	800	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-1049003	790	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-30772	790	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-6102825	790	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHELOGGINGLOG4J-31409	760	org.apache.logging.log4j:log4j-core: `2.7` -> `2.13.2` `No Path Found` `Mature`
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-31503	760	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-608097	760	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014	750	org.apache.logging.log4j:log4j-core: `2.7` -> `2.13.2` `No Path Found` `Mature`
Command Injection SNYK-JAVA-ORGAPACHESTRUTS-30770	705	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-31495	705	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Remote Code Execution SNYK-JAVA-ORGAPACHESTRUTS-32477	705	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Command Injection SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611	705	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `Mature`
Arbitrary Code Execution SNYK-JAVA-COMMONSFILEUPLOAD-30401	640	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30771	640	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Directory Traversal SNYK-JAVA-ORGAPACHESTRUTS-30778	640	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Improper Action Name Cleanup SNYK-JAVA-ORGAPACHESTRUTS-451610	640	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-2635340	630	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Proof of Concept`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524	600	org.apache.logging.log4j:log4j-core: `2.7` -> `2.13.2` `No Path Found` `Proof of Concept`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-608098	600	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Proof of Concept`
Server-side Template Injection (SSTI) SNYK-JAVA-ORGFREEMARKER-1076795	600	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `Proof of Concept`
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGAPACHESTRUTS-30774	590	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Unrestricted Upload of File with Dangerous Type SNYK-JAVA-ORGAPACHESTRUTS-609765	590	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799	590	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803	590	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864	590	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30163	590	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `No Path Found` `No Known Exploit`
Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832	580	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Reflected File Download SNYK-JAVA-ORGSPRINGFRAMEWORK-30165	580	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `No Path Found` `No Known Exploit`
Open Redirect SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586	580	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `Proof of Concept`
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JAVA-ORGZEROTURNAROUND-31681	575	org.zeroturnaround:zt-zip: `1.12` -> `1.13` `Reachable` `No Known Exploit`
Arbitrary Code Execution SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339	555	org.apache.logging.log4j:log4j-core: `2.7` -> `2.13.2` `No Path Found` `Proof of Concept`
Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-3326457	550	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `Major version upgrade` `No Path Found` `Proof of Concept`
Directory Traversal SNYK-JAVA-COMMONSIO-1277109	535	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `Major version upgrade` `No Path Found` `Mature`
Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-30082	525	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Manipulation of Struts' internals SNYK-JAVA-ORGAPACHESTRUTS-30060	525	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30775	525	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30776	525	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31500	525	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31501	525	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31502	525	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Parameter Alteration SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798	525	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802	525	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Insecure Defaults SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418	515	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Open Redirect SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790	505	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-7687447	495	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Information Exposure SNYK-JAVA-COMMONSFILEUPLOAD-31540	475	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217	475	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGSPRINGFRAMEWORK-31331	465	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `No Path Found` `No Known Exploit`
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTS-30773	455	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800	455	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-30164	425	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `No Path Found` `No Known Exploit`
Open Redirect SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980	420	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-OGNL-30474	415	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTS-460223	415	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Denial of Service SNYK-JAVA-ORGAPACHESTRUTS-6100744	415	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801	415	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804	415	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828	415	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749	415	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGAPACHESTRUTS-5707101	365	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Man-in-the-Middle (MitM) SNYK-JAVA-ORGAPACHELOGGINGLOG4J-567761	335	org.apache.logging.log4j:log4j-core: `2.7` -> `2.13.2` `No Path Found` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366	265	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Arbitrary Code Execution
🦉 Denial of Service (DoS)
🦉 More lessons are available in Snyk Learn

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 63 vulnerabilities#1

[Snyk] Fix for 63 vulnerabilities#1
code8buster wants to merge 1 commit intomainfrom
snyk-fix-346e8d7b38a6a34083f1faea53e33c21

code8buster commented Jan 21, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

code8buster commented Jan 21, 2025

Snyk has created this PR to fix 63 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants