X Tutup
Skip to content

[Snyk-dev] Fix for 21 vulnerabilities#239

Open
gjvis wants to merge 1 commit intomasterfrom
snyk-fix-b2b1abefa2f05d6eb93a5ef3fb3b8a49
Open

[Snyk-dev] Fix for 21 vulnerabilities#239
gjvis wants to merge 1 commit intomasterfrom
snyk-fix-b2b1abefa2f05d6eb93a5ef3fb3b8a49

Conversation

@gjvis
Copy link
Owner

@gjvis gjvis commented Sep 22, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity
medium severity 454/1000
Why? Has a fix available, CVSS 4.8		 Insufficient Hostname Verification
SNYK-JAVA-CHQOSLOGBACK-1726923		 ch.qos.logback:logback-classic:
1.1.7 -> 1.2.7
ch.qos.logback:logback-core:
1.1.7 -> 1.2.7
No No Known Exploit
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Arbitrary Code Execution
SNYK-JAVA-CHQOSLOGBACK-30208		 ch.qos.logback:logback-classic:
1.1.7 -> 1.2.7
ch.qos.logback:logback-core:
1.1.7 -> 1.2.7
No No Known Exploit
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Arbitrary Code Execution
SNYK-JAVA-CHQOSLOGBACK-31407		 ch.qos.logback:logback-classic:
1.1.7 -> 1.2.7
No No Known Exploit
low severity 486/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.3		 Information Disclosure
SNYK-JAVA-COMGOOGLEGUAVA-1015415		 com.google.guava:guava:
19.0 -> 30.0-android
No Proof of Concept
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Deserialization of Untrusted Data
SNYK-JAVA-COMGOOGLEGUAVA-32236		 com.google.guava:guava:
19.0 -> 30.0-android
No No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Remote Code Execution (RCE)
SNYK-JAVA-COMH2DATABASE-2331071		 com.h2database:h2:
1.4.190 -> 2.1.210
Yes Proof of Concept
critical severity 811/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.8		 Remote Code Execution (RCE)
SNYK-JAVA-COMH2DATABASE-2348247		 com.h2database:h2:
1.4.190 -> 2.1.210
Yes Proof of Concept
low severity 396/1000
Why? Recently disclosed, Has a fix available, CVSS 2.2		 Insecure Permissions
SNYK-JAVA-COMH2DATABASE-3009896		 com.h2database:h2:
1.4.190 -> 2.1.210
No No Known Exploit
high severity 635/1000
Why? Has a fix available, CVSS 8.2		 SQL Injection
SNYK-JAVA-ORGHIBERNATE-1041788		 org.hibernate:hibernate-entitymanager:
5.0.1.Final -> 5.4.24.Final
No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 SQL Injection
SNYK-JAVA-ORGHIBERNATE-584563		 org.hibernate:hibernate-entitymanager:
5.0.1.Final -> 5.4.24.Final
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Improper Output Neutralization for Logs
SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
org.springframework:spring-test:
4.2.4.RELEASE -> 5.2.19.RELEASE
Yes No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Improper Input Validation
SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
org.springframework:spring-test:
4.2.4.RELEASE -> 5.2.19.RELEASE
Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
Yes No Known Exploit
critical severity 919/1000
Why? Mature exploit, Has a fix available, CVSS 9.8		 Remote Code Execution
SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
Yes Mature
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
Yes No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Information Exposure
SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-174140		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
No No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6		 SQL Injection
SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-31335		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
No No Known Exploit
critical severity 919/1000
Why? Mature exploit, Has a fix available, CVSS 9.8		 Arbitrary Code Execution
SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-32219		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
No Mature
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-32231		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Information Exposure
SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-451633		 org.springframework.data:spring-data-jpa:
1.9.2.RELEASE -> 2.6.5
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Execution
🦉 Arbitrary Code Execution
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: pom.xml to reduce vulnerabilities
b158be3 
The following vulnerabilities are fixed with an upgrade:
- https://dev.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923
- https://dev.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-30208
- https://dev.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407
- https://dev.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
- https://dev.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236
- https://dev.snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-2331071
- https://dev.snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-2348247
- https://dev.snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-3009896
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-1041788
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-584563
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-174140
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-31335
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-32219
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-32231
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-451633
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gjvis @snyk-bot
X Tutup