Skip to content

[Snyk] Security upgrade org.json:json from 20131018 to 20230227#136

Open
tyleragypt wants to merge 1 commit intomasterfrom
snyk-fix-321bbf87008258c4f6bec3ce0511691a
Open

[Snyk] Security upgrade org.json:json from 20131018 to 20230227#136
tyleragypt wants to merge 1 commit intomasterfrom
snyk-fix-321bbf87008258c4f6bec3ce0511691a

Conversation

@tyleragypt
Copy link
Copy Markdown
Owner

@tyleragypt tyleragypt commented Apr 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity Reachability
high severity 600/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JAVA-ORGJSON-5488379		 org.json:json:
20131018 -> 20230227
Yes Proof of Concept No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

@snyk-bot
fix: pom.xml to reduce vulnerabilities
ae86304 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379
@tyleragypt
Copy link
Copy Markdown
Owner Author

tyleragypt commented Apr 28, 2023

Logo
Checkmarx One – Scan Summary & Details3995abaa-3857-425f-9d2f-71de96f60fc4

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH ALB Listening on HTTP /infrostructure.tf: 21 AWS Application Load Balancer (alb) should not listen on HTTP
HIGH CVE-2015-4852 Maven-commons-collections:commons-collections-3.2.1 Vulnerable Package
HIGH CVE-2015-7501 Maven-commons-collections:commons-collections-3.2.1 Vulnerable Package
HIGH CVE-2020-27782 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
HIGH CVE-2022-0084 Maven-org.jboss.xnio:xnio-api-3.3.8.Final Vulnerable Package
HIGH CVE-2022-1319 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
HIGH CVE-2022-2053 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
HIGH CVE-2022-42252 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
HIGH CVE-2022-4492 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
MEDIUM CVE-2022-2764 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
LOW CVE-2021-43980 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
LOW Heap_Inspection /src/main/webapp/vulnerability/Injection/orm.jsp: 31 Attack Vector
LOW Heap_Inspection /src/main/webapp/vulnerability/csrf/changepassword.jsp: 34 Attack Vector
LOW Heap_Inspection /src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java: 28 Attack Vector
LOW Heap_Inspection /src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 33 Attack Vector
LOW Lambda Functions Without X-Ray Tracing /lambda.tf: 12 AWS Lambda functions should have TracingConfig enabled. For this, property 'tracing_Config.mode' should have the value 'Active'
LOW Use_Of_Hardcoded_Password_In_Config /src/main/webapp/WEB-INF/config.properties: 6 Attack Vector

Fixed Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH ALB Listening on HTTP /infrostructure.tf: 21 AWS Application Load Balancer (alb) should not listen on HTTP
HIGH ALB Listening on HTTP /infrostructure.tf: 27 AWS Application Load Balancer (alb) should not listen on HTTP
HIGH Cx08fcacc9-cb99 Maven-org.json:json-20131018 Vulnerable Package
HIGH Cx2906ba70-607a Maven-org.json:json-20131018 Vulnerable Package
HIGH Cxdb5a1032-eda2 Maven-org.json:json-20131018 Vulnerable Package
HIGH S3 Bucket Allows All Actions From All Principals /s3_with_all_permissions.tf: 5 S3 Buckets must not allow All Actions (wildcard) From All Principals, as to prevent leaking private information to the entire internet or allow una...
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44 Attack Vector
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44 Attack Vector
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44 Attack Vector
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44 Attack Vector
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43 Attack Vector
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43 Attack Vector
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43 Attack Vector
HIGH SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43 Attack Vector
HIGH SQL_Injection /src/main/webapp/vulnerability/Injection/orm.jsp: 50 Attack Vector
HIGH SQL_Injection /src/main/webapp/admin/adminlogin.jsp: 11 Attack Vector
HIGH SQL_Injection /src/main/webapp/admin/adminlogin.jsp: 11 Attack Vector
HIGH SQL_Injection /src/main/webapp/admin/adminlogin.jsp: 11 Attack Vector
HIGH SQL_Injection /src/main/webapp/admin/adminlogin.jsp: 11 Attack Vector
MEDIUM Privacy_Violation /src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 64 Attack Vector
LOW EC2 Instance Using API Keys /infrostructure.tf: 34 EC2 instances should use roles to be granted access to other AWS services
LOW Lambda Functions Without X-Ray Tracing /lambda.tf: 12 AWS Lambda functions should have TracingConfig enabled. For this, property 'tracing_Config.mode' should have the value 'Active'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tyleragypt @snyk-bot