Skip to content

[Snyk] Security upgrade io.undertow:undertow-core from 2.0.9.Final to 2.3.21.Final#158

Open
tyleragypt wants to merge 1 commit intomasterfrom
snyk-fix-b5b9cacaebc78c60f2ba0eec682706f7
Open

[Snyk] Security upgrade io.undertow:undertow-core from 2.0.9.Final to 2.3.21.Final#158
tyleragypt wants to merge 1 commit intomasterfrom
snyk-fix-b5b9cacaebc78c60f2ba0eec682706f7

Conversation

@tyleragypt
Copy link
Copy Markdown
Owner

@tyleragypt tyleragypt commented Feb 5, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-IOUNDERTOW-15166617		   635   io.undertow:undertow-core:
2.0.9.Final -> 2.3.21.Final
No Path Found No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

@snyk-bot
fix: pom.xml to reduce vulnerabilities
ba699e9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-15166617
@tyleragypt
Copy link
Copy Markdown
Owner Author

tyleragypt commented Feb 5, 2026

Logo
Checkmarx One – Scan Summary & Detailsc49e98f2-ccbe-4575-981a-e6292d2cbbd7

More results are available on the CxOne platform

Fixed Issues (97)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
CRITICAL CVE-2016-1000027 Maven-org.springframework:spring-webmvc-5.3.19
CRITICAL CVE-2016-1000027 Maven-org.springframework:spring-web-5.3.19
CRITICAL CVE-2021-28235 Go-go.etcd.io/etcd/server/v3-v3.5.0
CRITICAL CVE-2022-1471 Maven-org.yaml:snakeyaml-1.29
CRITICAL CVE-2022-1996 Go-github.com/emicklei/go-restful-v2.9.5
CRITICAL CVE-2024-31573 Maven-org.xmlunit:xmlunit-core-2.8.4
CRITICAL Cx0b915a4a-2d97 Npm-scs-0.0.1
CRITICAL Cx18e041aa-8a63 Npm-node-ipc-9.2.2
CRITICAL Cx4ca27ec0-0c96 Npm-scs-0.0.1
CRITICAL Cx6bee2138-4df0 Npm-flow-dev-tools-99.10.9
CRITICAL Cx8147ddef-ae09 Python-azure-powerbiembedded-6969.99.99
CRITICAL Cx86e7ca06-a018 Python-not-particularly-2.5.0
CRITICAL Cxae9d1b09-2adb Npm-scs-0.0.1
CRITICAL Cxbec87a55-fe55 Npm-node-ipc-9.2.2
CRITICAL Cxccd8b30c-808c Npm-scs-0.0.1
CRITICAL Cxd55dbf56-4d06 Npm-scs-0.0.1
HIGH CVE-2016-10707 Npm-jquery-1.6.4
HIGH CVE-2017-1000048 Npm-qs-6.0.0
HIGH CVE-2020-7212 Python-urllib3-1.25.7
HIGH CVE-2021-33503 Python-urllib3-1.25.7
HIGH CVE-2022-21698 Go-github.com/prometheus/client_golang-v1.11.0
HIGH CVE-2022-24999 Npm-qs-6.0.0
HIGH CVE-2022-25857 Maven-org.yaml:snakeyaml-1.29
HIGH CVE-2022-27191 Go-golang.org/x/crypto-v0.0.0-20211202192323-5770296d904e
HIGH CVE-2022-28948 Go-gopkg.in/yaml.v3-v3.0.0-20210107192922-496545a6307b
HIGH CVE-2022-32149 Go-golang.org/x/text-v0.3.7
HIGH CVE-2022-3248 Go-github.com/openshift/api-v0.0.0-20220315184754-d7c10d0b647e
HIGH CVE-2022-41723 Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f
HIGH CVE-2022-42003 Maven-com.fasterxml.jackson.core:jackson-databind-2.13.2.1
HIGH CVE-2022-42004 Maven-com.fasterxml.jackson.core:jackson-databind-2.13.2.1
HIGH CVE-2022-45143 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.62
HIGH CVE-2023-1370 Maven-net.minidev:json-smart-2.4.8
HIGH CVE-2023-20860 Maven-org.springframework:spring-webmvc-5.3.19
HIGH CVE-2023-20883 Maven-org.springframework.boot:spring-boot-autoconfigure-2.6.7
HIGH CVE-2023-37788 Go-github.com/elazarl/goproxy-v0.0.0-20180725130230-947c36da3153
HIGH CVE-2023-39325 Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f
HIGH CVE-2023-43804 Python-urllib3-1.25.7
HIGH CVE-2023-45142 Go-go.opentelemetry.io/contrib-v0.20.0
HIGH CVE-2023-45142 Go-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp-v0.20.0
HIGH CVE-2023-45288 Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f
HIGH CVE-2023-46589 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.62
HIGH CVE-2023-47108 Go-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc-v0.20.0
HIGH CVE-2023-47108 Go-go.opentelemetry.io/contrib-v0.20.0
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-core-1.2.11
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-classic-1.2.11
HIGH CVE-2023-6481 Maven-ch.qos.logback:logback-core-1.2.11
HIGH CVE-2024-22243 Maven-org.springframework:spring-web-5.3.19
HIGH CVE-2024-22259 Maven-org.springframework:spring-web-5.3.19
HIGH CVE-2024-22262 Maven-org.springframework:spring-web-5.3.19
HIGH CVE-2024-23672 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.62
HIGH CVE-2024-23672 Maven-org.apache.tomcat.embed:tomcat-embed-websocket-9.0.62
HIGH CVE-2024-24786 Go-google.golang.org/protobuf-v1.27.1
HIGH CVE-2024-38809 Maven-org.springframework:spring-web-5.3.19
HIGH Cx0a21eeca-49b1 Npm-scs-0.0.1
HIGH Cx0eb7d3da-c52e Python-azure-powerbiembedded-6969.99.99
HIGH Cx4d89cd75-1e27 Python-azure-powerbiembedded-6969.99.99
HIGH Cx6eb8ff4e-c9cf Npm-flow-dev-tools-99.10.9
HIGH Cx9f739bef-35bb Npm-flow-dev-tools-99.10.9
HIGH Cxb52dba53-66d2 Python-not-particularly-2.5.0
HIGH Cxb667b900-bec1 Python-azure-powerbiembedded-6969.99.99
HIGH Cxb6dee8d5-b814 Go-gopkg.in/square/go-jose.v2-v2.2.2
HIGH Cxdca8e59f-8bfe Npm-inflight-1.0.6
MEDIUM CVE-2020-11022 Npm-jquery-1.6.4
MEDIUM CVE-2020-26137 Python-urllib3-1.25.7

More results are available on the CxOne platform

Policy Management Violations (2)
Policy Name: Default policy This is the default policy that applies to all projects in your account.
  • Rule Name: New vulnerabilities of Critical and High severity levels detected
    Scanner: SAST,SCA,IaC-Security
Policy Name: No highs or mediums

More results are available on the CxOne platform

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tyleragypt @snyk-bot