Skip to content

[Snyk] Security upgrade io.undertow:undertow-core from 2.0.9.Final to 2.2.37.Final#151

Open
tyleragypt wants to merge 1 commit intomasterfrom
snyk-fix-a95d4fd546e29fc1f2d36899636cb447
Open

[Snyk] Security upgrade io.undertow:undertow-core from 2.0.9.Final to 2.2.37.Final#151
tyleragypt wants to merge 1 commit intomasterfrom
snyk-fix-a95d4fd546e29fc1f2d36899636cb447

Conversation

@tyleragypt
Copy link
Copy Markdown
Owner

@tyleragypt tyleragypt commented Oct 23, 2024

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
low severity Memory Leak
SNYK-JAVA-IOUNDERTOW-7433721		   265   io.undertow:undertow-core:
2.0.9.Final -> 2.2.37.Final
No Path Found No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Memory Leak

@snyk-bot
fix: pom.xml to reduce vulnerabilities
8433bc8 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7433721
@tyleragypt
Copy link
Copy Markdown
Owner Author

tyleragypt commented Oct 23, 2024

Logo
Checkmarx One – Scan Summary & Details2ec12ca4-3c1e-4eaf-9369-ef07adbca231

Policy Management Violations

Policy Name Rule(s) Break Build
No highs or mediums No Highs or Mediums false

New Issues

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2015-2575 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
CRITICAL CVE-2015-4852 Maven-commons-collections:commons-collections-3.2.1 Vulnerable Package
CRITICAL CVE-2015-7501 Maven-commons-collections:commons-collections-3.2.1 Vulnerable Package
CRITICAL CVE-2016-2170 Maven-commons-collections:commons-collections-3.2.1 Vulnerable Package
CRITICAL CVE-2020-10683 Maven-dom4j:dom4j-1.6.1 Vulnerable Package
CRITICAL CVE-2020-1938 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
CRITICAL S3 Bucket ACL Allows Read Or Write to All Users /Unsecure_Storage_of_Encryption_Key.tf: 3 S3 Buckets should not be readable and writable to all users
CRITICAL S3 Bucket ACL Allows Read Or Write to All Users /s3.tf: 3 S3 Buckets should not be readable and writable to all users
CRITICAL S3 Bucket Access to Any Principal /s3_with_all_permissions.tf: 5 S3 Buckets must not allow Actions From All Principals, as to prevent leaking private information to the entire internet or allow unauthorized data ...
CRITICAL S3 Bucket With All Permissions /s3_with_all_permissions.tf: 5 S3 Buckets should not have all permissions, as to prevent leaking private information to the entire internet or allow unauthorized data tampering /...
CRITICAL SQL_Injection /src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java: 25 Attack Vector
CRITICAL SQL_Injection /src/main/webapp/ForgotPassword.jsp: 42 Attack Vector
CRITICAL SQL_Injection /src/main/webapp/ForgotPassword.jsp: 42 Attack Vector
CRITICAL Stored_XSS /src/main/webapp/ForgotPassword.jsp: 42 Attack Vector
HIGH CVE-2015-6420 Maven-commons-collections:commons-collections-3.2.1 Vulnerable Package
HIGH CVE-2017-3523 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
HIGH CVE-2018-1000632 Maven-dom4j:dom4j-1.6.1 Vulnerable Package
HIGH CVE-2018-3258 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
HIGH CVE-2020-11996 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
HIGH CVE-2020-13934 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
HIGH CVE-2020-17527 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
HIGH CVE-2020-25638 Maven-org.hibernate:hibernate-core-4.0.1.Final Vulnerable Package
HIGH CVE-2021-25122 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
HIGH CVE-2021-30639 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
HIGH CVE-2021-41079 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
HIGH CVE-2022-45688 Maven-org.json:json-20131018 Vulnerable Package
HIGH CVE-2022-45689 Maven-org.json:json-20131018 Vulnerable Package
HIGH CVE-2022-45690 Maven-org.json:json-20131018 Vulnerable Package
HIGH CVE-2023-5072 Maven-org.json:json-20131018 Vulnerable Package
HIGH Cx039cb67c-ead3 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
HIGH Cx08fcacc9-cb99 Maven-org.json:json-20131018 Vulnerable Package
HIGH Cx2906ba70-607a Maven-org.json:json-20131018 Vulnerable Package
HIGH Cx6f651376-312a Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
HIGH Cx78f40514-81ff Maven-commons-collections:commons-collections-3.2.1 Vulnerable Package
HIGH Cx7ef609d2-efb5 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
HIGH Cxdb5a1032-eda2 Maven-org.json:json-20131018 Vulnerable Package
HIGH DB Instance Storage Not Encrypted /rds.tf: 1 AWS DB Instance should have its storage encrypted by setting the parameter to 'true'. The storage_encrypted default value is 'false'.
HIGH Hardcoded AWS Access Key /infrostructure.tf: 44 AWS Access Key should not be hardcoded
HIGH Missing User Instruction /Dockerfile: 7 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Passwords And Secrets - Generic Password /rds.tf: 9 Query to find passwords and secrets in infrastructure code.
HIGH Remote Desktop Port Open To Internet /AJP_Open_Port.tf: 1 The Remote Desktop port is open to the internet in a Security Group
HIGH SQS Policy Allows All Actions /sqs.tf: 8 SQS policy allows ALL (*) actions
HIGH SQS Policy Allows All Actions /Unsecure_Sensitive_data.tf: 8 SQS policy allows ALL (*) actions
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /AJP_Open_Port.tf: 6 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Unknown Port Exposed To Internet /AJP_Open_Port.tf: 11 AWS Security Group should not have an unknown port exposed to the entire Internet
HIGH Unrestricted Security Group Ingress /AJP_Open_Port.tf: 11 Security groups allow ingress from 0.0.0.0:0
MEDIUM ALB Deletion Protection Disabled /infrostructure.tf: 3 Application Load Balancer should have deletion protection enabled
MEDIUM ALB Is Not Integrated With WAF /infrostructure.tf: 3 All Application Load Balancers (ALB) must be protected with Web Application Firewall (WAF) service
MEDIUM ALB Listening on HTTP /infrostructure.tf: 21 AWS Application Load Balancer (alb) should not listen on HTTP
MEDIUM ALB Not Dropping Invalid Headers /infrostructure.tf: 3 It's considered a best practice when using Application Load Balancers to drop invalid header fields
MEDIUM Add Instead of Copy /Dockerfile: 11 Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
MEDIUM CVE-2017-3586 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
MEDIUM CVE-2019-14900 Maven-org.hibernate:hibernate-core-4.0.1.Final Vulnerable Package
MEDIUM CVE-2019-17569 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
MEDIUM CVE-2019-2692 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
MEDIUM CVE-2020-13943 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
MEDIUM CVE-2020-1935 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
MEDIUM CVE-2020-2875 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
MEDIUM CVE-2020-2934 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
MEDIUM CVE-2021-2471 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
MEDIUM CVE-2021-33037 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
MEDIUM CVE-2022-21363 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
MEDIUM CVE-2024-21733 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
MEDIUM EC2 Instance Has Public IP /infrostructure.tf: 34 EC2 Instance should not have a public IP address.
MEDIUM EC2 Instance Monitoring Disabled /infrostructure.tf: 34 EC2 Instance should have detailed monitoring enabled. With detailed monitoring enabled data is available in 1-minute periods
MEDIUM HTTP Port Open To Internet /AJP_Open_Port.tf: 1 The HTTP port is open to the internet in a Security Group
MEDIUM IAM Database Auth Not Enabled /rds.tf: 1 IAM Database Auth Enabled should be configured to true when using compatible engine and version
MEDIUM Public Lambda via API Gateway /lambda.tf: 9 Allowing to run lambda function using public API Gateway
MEDIUM RDS With Backup Disabled /rds.tf: 1 Make sure the AWS RDS configuration has automatic backup configured. If the retention period is equal to 0 there is no backup
MEDIUM RDS Without Logging /rds.tf: 1 RDS does not have any kind of logger
MEDIUM S3 Bucket Logging Disabled /Unsecure_Storage_of_Encryption_Key.tf: 1 Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
MEDIUM S3 Bucket Logging Disabled /s3_with_all_permissions.tf: 1 Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
MEDIUM S3 Bucket Logging Disabled /s3.tf: 1 Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
MEDIUM S3 Bucket Policy Accepts HTTP Requests /s3_with_all_permissions.tf: 5 S3 Bucket policy should not accept HTTP Requests
MEDIUM S3 Bucket Without Versioning /Unsecure_Storage_of_Encryption_Key.tf: 1 S3 bucket should have versioning enabled
MEDIUM S3 Bucket Without Versioning /s3.tf: 1 S3 bucket should have versioning enabled
MEDIUM S3 Bucket Without Versioning /s3_with_all_permissions.tf: 1 S3 bucket should have versioning enabled
MEDIUM SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible /AJP_Open_Port.tf: 6 Check if port 2383 on TCP is publicly accessible by checking the CIDR block range that can access it.
MEDIUM SQS Policy With Public Access /sqs.tf: 8 Checks for dangerous permissions in Action statements in an SQS Queue Policy. This is deemed a potential security risk as it would allow various at...
MEDIUM SQS Policy With Public Access /Unsecure_Sensitive_data.tf: 8 Checks for dangerous permissions in Action statements in an SQS Queue Policy. This is deemed a potential security risk as it would allow various at...
MEDIUM SQS With SSE Disabled /Unsecure_Sensitive_data.tf: 1 Amazon Simple Queue Service (SQS) queue should protect the contents of their messages using Server-Side Encryption (SSE)
MEDIUM SQS With SSE Disabled /sqs.tf: 1 Amazon Simple Queue Service (SQS) queue should protect the contents of their messages using Server-Side Encryption (SSE)
MEDIUM Security Group With Unrestricted Access To SSH /AJP_Open_Port.tf: 11 'SSH' (TCP:22) should not be public in AWS Security Group
LOW CVE-2017-3589 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
LOW CVE-2020-2933 Maven-mysql:mysql-connector-java-5.1.26 Vulnerable Package
LOW CVE-2021-43980 Maven-org.apache.tomcat:tomcat-coyote-9.0.22 Vulnerable Package
LOW Chown Flag Exists /Dockerfile: 13 It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only e...
LOW Exposing Port 22 (SSH) /Dockerfile: 15 Expose only the ports that your application needs and avoid exposing ports like SSH (22)
LOW Healthcheck Instruction Missing /Dockerfile: 7 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW IAM Access Analyzer Not Enabled /rds.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /AJP_Open_Port.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /sqs.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /infrostructure.tf: 3 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /s3.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /lambda.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /Unsecure_Sensitive_data.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /s3_with_all_permissions.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /Unsecure_Storage_of_Encryption_Key.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW Lambda Functions Without X-Ray Tracing /lambda.tf: 12 AWS Lambda functions should have TracingConfig enabled. For this, property 'tracing_Config.mode' should have the value 'Active'
LOW Shield Advanced Not In Use /infrostructure.tf: 3 AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
LOW Shield Advanced Not In Use /infrostructure.tf: 51 AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
LOW Unpinned Actions Full Length Commit SHA /cx.yml: 13 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
CRITICAL CVE-2016-1000027 Maven-org.springframework:spring-webmvc-5.3.19
CRITICAL CVE-2016-1000027 Maven-org.springframework:spring-web-5.3.19
CRITICAL CVE-2021-28235 Go-go.etcd.io/etcd/server/v3-v3.5.0
CRITICAL CVE-2022-1471 Maven-org.yaml:snakeyaml-1.29
CRITICAL CVE-2022-1996 Go-github.com/emicklei/go-restful-v2.9.5
CRITICAL CVE-2024-31573 Maven-org.xmlunit:xmlunit-core-2.8.4
CRITICAL Command_Injection /src/main/java/com/rest/controller/test/controller/UtilController.java: 12
CRITICAL Cx0b915a4a-2d97 Npm-scs-0.0.1
CRITICAL Cx18e041aa-8a63 Npm-node-ipc-9.2.2
CRITICAL Cx4ca27ec0-0c96 Npm-scs-0.0.1
CRITICAL Cx6bee2138-4df0 Npm-flow-dev-tools-99.10.9
CRITICAL Cx8147ddef-ae09 Python-azure-powerbiembedded-6969.99.99
CRITICAL Cx86e7ca06-a018 Python-not-particularly-2.5.0
CRITICAL Cxae9d1b09-2adb Npm-scs-0.0.1
CRITICAL Cxbec87a55-fe55 Npm-node-ipc-9.2.2
CRITICAL Cxccd8b30c-808c Npm-scs-0.0.1
CRITICAL Cxd55dbf56-4d06 Npm-scs-0.0.1
CRITICAL Stored_XSS /src/main/java/com/rest/controller/test/controller/UtilController.java: 14
HIGH CVE-2017-1000048 Npm-qs-6.0.0
HIGH CVE-2020-7212 Python-urllib3-1.25.7
HIGH CVE-2021-33503 Python-urllib3-1.25.7
HIGH CVE-2022-21698 Go-github.com/prometheus/client_golang-v1.11.0
HIGH CVE-2022-24999 Npm-qs-6.0.0
HIGH CVE-2022-25857 Maven-org.yaml:snakeyaml-1.29
HIGH CVE-2022-27191 Go-golang.org/x/crypto-v0.0.0-20211202192323-5770296d904e
HIGH CVE-2022-28948 Go-gopkg.in/yaml.v3-v3.0.0-20210107192922-496545a6307b
HIGH CVE-2022-32149 Go-golang.org/x/text-v0.3.7
HIGH CVE-2022-3248 Go-github.com/openshift/api-v0.0.0-20220315184754-d7c10d0b647e
HIGH CVE-2022-41723 Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f
HIGH CVE-2022-42003 Maven-com.fasterxml.jackson.core:jackson-databind-2.13.2.1
HIGH CVE-2022-42004 Maven-com.fasterxml.jackson.core:jackson-databind-2.13.2.1
HIGH CVE-2022-45143 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.62
HIGH CVE-2023-1370 Maven-net.minidev:json-smart-2.4.8
HIGH CVE-2023-20860 Maven-org.springframework:spring-webmvc-5.3.19
HIGH CVE-2023-20883 Maven-org.springframework.boot:spring-boot-autoconfigure-2.6.7
HIGH CVE-2023-37788 Go-github.com/elazarl/goproxy-v0.0.0-20180725130230-947c36da3153
HIGH CVE-2023-39325 Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f
HIGH CVE-2023-43804 Python-urllib3-1.25.7
HIGH CVE-2023-45142 Go-go.opentelemetry.io/contrib-v0.20.0
HIGH CVE-2023-45142 Go-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp-v0.20.0
HIGH CVE-2023-45288 Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f
HIGH CVE-2023-46589 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.62
HIGH CVE-2023-47108 Go-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc-v0.20.0
HIGH CVE-2023-47108 Go-go.opentelemetry.io/contrib-v0.20.0
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-core-1.2.11
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-classic-1.2.11
HIGH CVE-2023-6481 Maven-ch.qos.logback:logback-core-1.2.11
HIGH CVE-2024-22243

More results are available on AST platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tyleragypt @snyk-bot