This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • todolist-goof/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02707, Social Trends: No, Days since published: 2375, Reachable: No, Transitive dependency: Yes, Is Malicious: No	Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-30082	org.apache.struts:struts2-core: 2.3.20 -> 6.1.2	No	No Known Exploit	No Path Found
	190/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.04227, Social Trends: No, Days since published: 2435, Reachable: No, Transitive dependency: Yes, Is Malicious: No	Arbitrary Code Execution SNYK-JAVA-COMMONSFILEUPLOAD-30401	org.apache.struts:struts2-core: 2.3.20 -> 6.1.2	No	No Known Exploit	No Path Found
	78/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 2321, Reachable: No, Transitive dependency: Yes, Is Malicious: No	Information Exposure SNYK-JAVA-COMMONSFILEUPLOAD-31540	org.apache.struts:struts2-core: 2.3.20 -> 6.1.2	No	No Known Exploit	No Path Found
	111/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00408, Social Trends: No, Days since published: 126, Reachable: No, Transitive dependency: Yes, Is Malicious: No	Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-3326457	org.apache.struts:struts2-core: 2.3.20 -> 6.1.2	Yes	No Known Exploit	No Path Found
	85/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0021, Social Trends: No, Days since published: 791, Reachable: No, Transitive dependency: Yes, Is Malicious: No	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	org.apache.struts:struts2-core: 2.3.20 -> 6.1.2	Yes	Mature	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Execution
🦉 Denial of Service (DoS)
🦉 Directory Traversal