[Snyk] Security upgrade tomcat from latest to 11.0.6-jdk21-temurin-noble #9

Dobridp · 2025-04-10T16:15:11Z

Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

Dockerfile

We recommend upgrading to tomcat:11.0.6-jdk21-temurin-noble, as this image has only 13 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improper Validation of Integrity Check Value SNYK-UBUNTU2404-KRB5-8348482	267
	Improper Validation of Integrity Check Value SNYK-UBUNTU2404-KRB5-8348482	267
	Improper Validation of Integrity Check Value SNYK-UBUNTU2404-KRB5-8348482	267
	Improper Validation of Integrity Check Value SNYK-UBUNTU2404-KRB5-8348482	267
	Improper Authentication SNYK-UBUNTU2404-PAM-8352843	235

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Authentication

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-UBUNTU2404-KRB5-8348482 - https://snyk.io/vuln/SNYK-UBUNTU2404-KRB5-8348482 - https://snyk.io/vuln/SNYK-UBUNTU2404-KRB5-8348482 - https://snyk.io/vuln/SNYK-UBUNTU2404-KRB5-8348482 - https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843

msant262 · 2025-04-10T16:17:31Z

Checkmarx One – Scan Summary & Details – afb1ee8b-cb96-439d-88ff-3c2da4f1f8ad

New Issues (277)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
SQL_Injection	/src/main/webapp/myprofile.jsp: 16	details The application's method executes an SQL query with executeQuery, at line 21 of /src/main/webapp/myprofile.jsp. The application constructs this SQ... `ID: Fwvdblh3mTMGfE9Vws4IdfYNJyc%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/UserDetails.jsp: 8	details The application's method executes an SQL query with executeQuery, at line 13 of /src/main/webapp/vulnerability/UserDetails.jsp. The application co... `ID: 73VT%2BFrVbew4DzSiViR0RNvs9Cg%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 43	details The application's method executes an SQL query with executeUpdate, at line 48 of /src/main/webapp/vulnerability/forum.jsp. The application constru... `ID: XVM%2BE%2FSJV6wd%2Fr10IOcwFvfCRyI%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 42	details The application's method executes an SQL query with executeUpdate, at line 48 of /src/main/webapp/vulnerability/forum.jsp. The application constru... `ID: 9cLWBUzt6LZRzqERVRjthgkL3o8%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 41	details The application's method executes an SQL query with executeUpdate, at line 48 of /src/main/webapp/vulnerability/forum.jsp. The application constru... `ID: 8rAPymuk%2BcnO78V6PH%2FxDYrBHuw%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/idor/change-email.jsp: 28	details The application's method executes an SQL query with executeUpdate, at line 32 of /src/main/webapp/vulnerability/idor/change-email.jsp. The applica... `ID: 26Z3AWYaEB%2BumUXkqyJ454ySp48%3D` Attack Vector
SQL_Injection	/src/main/webapp/admin/manageusers.jsp: 13	details The application's method executes an SQL query with executeUpdate, at line 14 of /src/main/webapp/admin/manageusers.jsp. The application construct... `ID: qYZn7%2Bh3UBrUX0JFoBhRC5TjWrw%3D` Attack Vector
SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11	details The application's method executes an SQL query with executeQuery, at line 19 of /src/main/webapp/admin/adminlogin.jsp. The application constructs ... `ID: 034FFGSSbqlZqo7KUHBuDs9IMJ8%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/forumposts.jsp: 9	details The application's method executes an SQL query with executeQuery, at line 14 of /src/main/webapp/vulnerability/forumposts.jsp. The application con... `ID: %2FzXp8L6TOg9jMLQMqX3Ptn3fOuU%3D` Attack Vector
SQL_Injection	/src/main/webapp/ForgotPassword.jsp: 42	details The application's method executes an SQL query with executeQuery, at line 42 of /src/main/webapp/ForgotPassword.jsp. The application constructs th... `ID: L2vgNjKwIlpCwV80tPGjznOhELg%3D` Attack Vector
SQL_Injection	/src/main/webapp/ForgotPassword.jsp: 42	details The application's method executes an SQL query with executeQuery, at line 42 of /src/main/webapp/ForgotPassword.jsp. The application constructs th... `ID: iyX2UXxON8q8gUYN%2Byn8X8U8NFo%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/DisplayMessage.jsp: 16	details The application's method executes an SQL query with executeQuery, at line 16 of /src/main/webapp/vulnerability/DisplayMessage.jsp. The application... `ID: hpL3V2d%2FuktSki6kIGm3G0N0SWI%3D` Attack Vector
SQL_Injection	/src/main/webapp/myprofile.jsp: 16	details The application's method executes an SQL query with executeQuery, at line 29 of /src/main/webapp/myprofile.jsp. The application constructs this SQ... `ID: bUnw22dFMaXc92nqmYb3L8Ni0tA%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/sqli/download_id.jsp: 18	details The application's method executes an SQL query with executeQuery, at line 24 of /src/main/webapp/vulnerability/sqli/download_id.jsp. The applicati... `ID: %2BoW8nW3BOeM5V%2BvA9veYTtSO2EM%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18	details The application's method executes an SQL query with executeQuery, at line 24 of /src/main/webapp/vulnerability/sqli/download_id_union.jsp. The app... `ID: OTWTDkRlF4KGxEy0f20hF5BhvOI%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/csrf/change-info.jsp: 26	details The application's method executes an SQL query with executeUpdate, at line 31 of /src/main/webapp/vulnerability/csrf/change-info.jsp. The applicat... `ID: wHQXx7ykYgS1EHCrbdgIKyMszLA%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/idor/change-email.jsp: 27	details The application's method executes an SQL query with executeUpdate, at line 32 of /src/main/webapp/vulnerability/idor/change-email.jsp. The applica... `ID: Fdf1eqGVWChuRuGQULwXmkWMUZQ%3D` Attack Vector
SQL_Injection	/src/main/webapp/changeCardDetails.jsp: 37	details The application's method executes an SQL query with executeUpdate, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application construct... `ID: kqZCyJgeFLrEeDa3MLiKfB4j1FU%3D` Attack Vector
SQL_Injection	/src/main/webapp/changeCardDetails.jsp: 38	details The application's method executes an SQL query with executeUpdate, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application construct... `ID: 97DdzO2cqr7cMff19zK%2FdmzT3OM%3D` Attack Vector
SQL_Injection	/src/main/webapp/changeCardDetails.jsp: 39	details The application's method executes an SQL query with executeUpdate, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application construct... `ID: %2BWGQsuulmTDC9aLnBh96vp95VQI%3D` Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/csrf/changepassword.jsp: 33	details The application's method executes an SQL query with executeUpdate, at line 40 of /src/main/webapp/vulnerability/csrf/changepassword.jsp. The appli... `ID: kLszGQ9WgddX1pzS3ajD1jWOdiM%3D` Attack Vector
SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35	details The application's method executes an SQL query with executeQuery, at line 14 of /src/main/webapp/vulnerability/Messages.jsp. The application const... `ID: epQYvHbDpidWN%2Bu1vD3y4T5Q%2FXM%3D` Attack Vector
SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36	details The application's method executes an SQL query with executeQuery, at line 14 of /src/main/webapp/vulnerability/Messages.jsp. The application const... `ID: jDhDJM0rBdMLeQEKC3S3ZwAR1sQ%3D` Attack Vector
Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52	details The application's method executes an SQL query with BinaryExpr, at line 40 of /src/main/webapp/vulnerability/csrf/changepassword.jsp. The applicat... `ID: 8h2S1sxLwULRwlp3qj9KBUbPrgk%3D` Attack Vector
Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52	details The application's method executes an SQL query with BinaryExpr, at line 31 of /src/main/webapp/vulnerability/csrf/change-info.jsp. The application... `ID: glbV0AwFtDu0UVwCDArmnjSK%2BDw%3D` Attack Vector
Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52	details The application's method executes an SQL query with BinaryExpr, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application constructs t... `ID: rSrv42nxi%2BuyrIpraUpFeSJ%2BLC8%3D` Attack Vector
Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 19	details The application's method executes an SQL query with BinaryExpr, at line 40 of /src/main/webapp/vulnerability/csrf/changepassword.jsp. The applicat... `ID: YuMPeQYNiKH8hJUzAPhlQ90lRV8%3D` Attack Vector
Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 19	details The application's method executes an SQL query with BinaryExpr, at line 31 of /src/main/webapp/vulnerability/csrf/change-info.jsp. The application... `ID: LfzQKYxg7ue6FMe%2BCDLTo7Lw7yU%3D` Attack Vector
Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 19	details The application's method executes an SQL query with BinaryExpr, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application constructs t... `ID: M6t4VnVaIjByZJz9le6dasoqbT0%3D` Attack Vector
Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52	details The application's method executes an SQL query with BinaryExpr, at line 14 of /src/main/webapp/vulnerability/Messages.jsp. The application constru... `ID: lN3vudPBMISIxViRJMC%2B4B7j%2BuA%3D` Attack Vector
Stored_XSS	/src/main/webapp/vulnerability/forumUsersList.jsp: 12	details The method embeds untrusted data in generated output with print, at line 18 of /src/main/webapp/vulnerability/forumUsersList.jsp. This untrusted d... `ID: ukLX4p%2BtZX1CE4B0%2FNRNm1Eh%2FXs%3D` Attack Vector
Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp: 14	details The method embeds untrusted data in generated output with print, at line 17 of /src/main/webapp/vulnerability/forumposts.jsp. This untrusted data ... `ID: p%2BX9D4%2F61t1ljD0xrP1M9LWUr%2FU%3D` Attack Vector
Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp: 14	details The method embeds untrusted data in generated output with print, at line 18 of /src/main/webapp/vulnerability/forumposts.jsp. This untrusted data ... `ID: kIrjnZKSPU6blH8j0WD7GIm%2FcQA%3D` Attack Vector

More results are available on the CxOne platform

Fixed Issues (18)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/analitc.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/xss.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/policy.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/test2.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/xss.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/PocXSS.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/policy2.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/xss.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/PocXSS.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/policy2.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/analitc.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/xss.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/policy.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/test2.js: 9
	~~Missing_HSTS_Header~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/analitc.js: 19
	~~Missing_HSTS_Header~~	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 55
	~~Heap_Inspection~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 33
	~~Missing_CSP_Header~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/analitc.js: 19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Security upgrade tomcat from latest to 11.0.6-jdk21-temurin-noble #9

[Snyk] Security upgrade tomcat from latest to 11.0.6-jdk21-temurin-noble #9

Uh oh!

Dobridp commented Apr 10, 2025

Uh oh!

msant262 commented Apr 10, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

[Snyk] Security upgrade tomcat from latest to 11.0.6-jdk21-temurin-noble #9

Are you sure you want to change the base?

[Snyk] Security upgrade tomcat from latest to 11.0.6-jdk21-temurin-noble #9

Uh oh!

Conversation

Dobridp commented Apr 10, 2025

Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

msant262 commented Apr 10, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants