[Snyk] Security upgrade org.apache.tomcat:tomcat-coyote from 9.0.22 to 9.0.86 by tyleragypt · Pull Request #141 · tyleragypt/JavaVulnerableLab

tyleragypt · 2024-03-15T00:55:20Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
	575/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCAT-6435949	`org.apache.tomcat:tomcat-coyote:` `9.0.22 -> 9.0.86`	No	No Known Exploit	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-6435949

tyleragypt · 2024-03-15T00:57:34Z

Checkmarx One – Scan Summary & Details – 660e07e2-582c-4f12-af98-582bdf968bec

New Issues

Issue	Source File / Package	Checkmarx Insight
ALB Listening on HTTP	/infrostructure.tf: 21	AWS Application Load Balancer (alb) should not listen on HTTP
Unpinned Actions Full Length Commit SHA	/cx.yml: 13	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Lambda Functions Without X-Ray Tracing	/lambda.tf: 12	AWS Lambda functions should have TracingConfig enabled. For this, property 'tracing_Config.mode' should have the value 'Active'

Fixed Issues

Severity	Issue	Source File / Package
	ALB Listening on HTTP	/infrostructure.tf: 21
	ALB Listening on HTTP	/infrostructure.tf: 27
	Passwords And Secrets - Generic Password	/docker-compose.yml: 11
	S3 Bucket Allows All Actions From All Principals	/s3_with_all_permissions.tf: 5
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/webapp/vulnerability/Injection/orm.jsp: 50
	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11
	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11
	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11
	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11
	Absolute_Path_Traversal	/src/main/webapp/vulnerability/idor/download.jsp: 11
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 45
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 43
	CSRF	/src/main/webapp/changeCardDetails.jsp: 37
	CSRF	/src/main/webapp/vulnerability/csrf/changepassword.jsp: 33
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 60
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 46
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 44
	CSRF	/src/main/webapp/changeCardDetails.jsp: 38
	CSRF	/src/main/webapp/vulnerability/forum.jsp: 41
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 47
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 45
	CSRF	/src/main/webapp/vulnerability/idor/change-email.jsp: 27
	CSRF	/src/main/webapp/changeCardDetails.jsp: 39
	CSRF	/src/main/webapp/admin/manageusers.jsp: 13
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 61
	CSRF	/src/main/webapp/vulnerability/forum.jsp: 42
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	CSRF	/src/main/webapp/vulnerability/idor/change-email.jsp: 28
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 12
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 12
	CSRF	/src/main/webapp/vulnerability/csrf/change-info.jsp: 26
	CSRF	/src/main/webapp/vulnerability/forum.jsp: 43
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 44
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java: 42
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 11
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 11
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 11
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 56
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	HttpOnlyCookies	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 59
	HttpOnlyCookies	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 59
	HttpOnlyCookies	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 63
	HttpOnlyCookies	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 59
	HttpOnlyCookies	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 63
	HttpOnlyCookies	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 64
	HttpOnlyCookies

More results are available on AST platform

fix: pom.xml to reduce vulnerabilities

544725b

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-6435949

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade org.apache.tomcat:tomcat-coyote from 9.0.22 to 9.0.86#141

[Snyk] Security upgrade org.apache.tomcat:tomcat-coyote from 9.0.22 to 9.0.86#141
tyleragypt wants to merge 1 commit intomasterfrom
snyk-fix-ffc360b1fb939c0f3a40abe0b308698c

tyleragypt commented Mar 15, 2024

Uh oh!

tyleragypt commented Mar 15, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

tyleragypt commented Mar 15, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

tyleragypt commented Mar 15, 2024

New Issues

Fixed Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants