[Snyk] Security upgrade org.json:json from 20131018 to 20231013 by tyleragypt · Pull Request #139 · tyleragypt/JavaVulnerableLab

tyleragypt · 2023-10-15T20:24:12Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
	575/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGJSON-5962464	`org.json:json:` `20131018 -> 20231013`	Yes	No Known Exploit	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJSON-5962464

tyleragypt · 2023-10-15T20:26:43Z

Checkmarx One – Scan Summary & Details – 72769312-45f1-4ca2-8fe4-3184be6992d6

New Issues

Issue	Source File / Package	Checkmarx Insight
ALB Listening on HTTP	/infrostructure.tf: 21	AWS Application Load Balancer (alb) should not listen on HTTP
CVE-2015-4852	Maven-commons-collections:commons-collections-3.2.1	Vulnerable Package
CVE-2015-7501	Maven-commons-collections:commons-collections-3.2.1	Vulnerable Package
CVE-2016-10707	Npm-jquery-1.6.4	Vulnerable Package
CVE-2020-27782	Maven-io.undertow:undertow-core-2.0.9.Final	Vulnerable Package
CVE-2022-0084	Maven-org.jboss.xnio:xnio-api-3.3.8.Final	Vulnerable Package
CVE-2022-1319	Maven-io.undertow:undertow-core-2.0.9.Final	Vulnerable Package
CVE-2022-2053	Maven-io.undertow:undertow-core-2.0.9.Final	Vulnerable Package
CVE-2022-42252	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	Vulnerable Package
CVE-2022-4492	Maven-io.undertow:undertow-core-2.0.9.Final	Vulnerable Package
CVE-2023-1108	Maven-io.undertow:undertow-core-2.0.9.Final	Vulnerable Package
CVE-2007-2379	Npm-jquery-1.6.4	Vulnerable Package
CVE-2012-6708	Npm-jquery-1.6.4	Vulnerable Package
CVE-2014-6071	Npm-jquery-1.6.4	Vulnerable Package
CVE-2015-9251	Npm-jquery-1.6.4	Vulnerable Package
CVE-2019-11358	Npm-jquery-1.6.4	Vulnerable Package
CVE-2020-11022	Npm-jquery-1.6.4	Vulnerable Package
CVE-2020-11023	Npm-jquery-1.6.4	Vulnerable Package
CVE-2020-7656	Npm-jquery-1.6.4	Vulnerable Package
CVE-2022-2764	Maven-io.undertow:undertow-core-2.0.9.Final	Vulnerable Package
CVE-2023-45648	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	Vulnerable Package
Cxf0b588a3-5c6f	Npm-jquery-1.6.4	Vulnerable Package
CVE-2021-43980	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	Vulnerable Package
Lambda Functions Without X-Ray Tracing	/lambda.tf: 12	AWS Lambda functions should have TracingConfig enabled. For this, property 'tracing_Config.mode' should have the value 'Active'

Fixed Issues

Severity	Issue	Source File / Package
	ALB Listening on HTTP	/infrostructure.tf: 21
	ALB Listening on HTTP	/infrostructure.tf: 27
	Cx08fcacc9-cb99	Maven-org.json:json-20131018
	Cx2906ba70-607a	Maven-org.json:json-20131018
	Cxdb5a1032-eda2	Maven-org.json:json-20131018
	S3 Bucket Allows All Actions From All Principals	/s3_with_all_permissions.tf: 5
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/webapp/vulnerability/Injection/orm.jsp: 50
	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11
	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11
	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11
	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11
	Absolute_Path_Traversal	/src/main/webapp/vulnerability/idor/download.jsp: 11
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 45
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 43
	CSRF	/src/main/webapp/changeCardDetails.jsp: 37
	CSRF	/src/main/webapp/vulnerability/csrf/changepassword.jsp: 33
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 60
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 46
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 44
	CSRF	/src/main/webapp/changeCardDetails.jsp: 38
	CSRF	/src/main/webapp/vulnerability/forum.jsp: 41
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 47
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 45
	CSRF	/src/main/webapp/vulnerability/idor/change-email.jsp: 27
	CSRF	/src/main/webapp/changeCardDetails.jsp: 39
	CSRF	/src/main/webapp/admin/manageusers.jsp: 13
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 61
	CSRF	/src/main/webapp/vulnerability/forum.jsp: 42
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	CSRF	/src/main/webapp/vulnerability/idor/change-email.jsp: 28
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 12
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 12
	CSRF	/src/main/webapp/vulnerability/csrf/change-info.jsp: 26
	CSRF	/src/main/webapp/vulnerability/forum.jsp: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 44
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 42
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 11
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 11
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 11
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56

More results are available on AST platform

fix: pom.xml to reduce vulnerabilities

982767f

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJSON-5962464

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade org.json:json from 20131018 to 20231013#139

[Snyk] Security upgrade org.json:json from 20131018 to 20231013#139
tyleragypt wants to merge 1 commit intomasterfrom
snyk-fix-da77d85d72248b8613f62d759729be2f

tyleragypt commented Oct 15, 2023

Uh oh!

tyleragypt commented Oct 15, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

tyleragypt commented Oct 15, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

tyleragypt commented Oct 15, 2023

New Issues

Fixed Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants