[Snyk] Security upgrade org.springframework.cloud:spring-cloud-starter-netflix-eureka-client from 1.4.0.RELEASE to 4.2.1 #38

franksec42 · 2025-03-20T01:04:58Z

Snyk has created this PR to fix 72 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue	Score	Upgrade
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917	670	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Mature`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-31507	439	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111	340	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015	337	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Mature`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043	289	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451	240	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588	239	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420	239	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094	239	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664	239	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416	238	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418	238	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421	238	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426	238	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427	238	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736	238	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106	238	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762	238	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585	238	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-31573	207	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72446	204	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448	194	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044	187	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314	172	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450	170	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887	169	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888	169	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-8352924	169	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300	168	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625	167	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316	167	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324	166	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617	166	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016	166	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980	166	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445	166	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451	166	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882	166	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883	166	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884	166	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449	165	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931	164	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407	164	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207	150	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	146	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	146	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538	125	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLECODEGSON-1730327	119	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	114	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLEGUAVA-32236	104	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`
Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058	75	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `Reachable` `No Known Exploit`
Information Disclosure SNYK-JAVA-COMGOOGLEGUAVA-1015415	47	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `Proof of Concept`
Creation of Temporary File in Directory with Insecure Permissions SNYK-JAVA-COMGOOGLEGUAVA-5710356	30	org.springframework.cloud:spring-cloud-starter-netflix-eureka-client: `1.4.0.RELEASE` -> `4.2.1` `Major version upgrade` `No Path Found` `No Known Exploit`

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data
🦉 Denial of Service (DoS)
🦉 Creation of Temporary File in Directory with Insecure Permissions
🦉 More lessons are available in Snyk Learn

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Security upgrade org.springframework.cloud:spring-cloud-starter-netflix-eureka-client from 1.4.0.RELEASE to 4.2.1 #38

[Snyk] Security upgrade org.springframework.cloud:spring-cloud-starter-netflix-eureka-client from 1.4.0.RELEASE to 4.2.1 #38

Uh oh!

franksec42 commented Mar 20, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Security upgrade org.springframework.cloud:spring-cloud-starter-netflix-eureka-client from 1.4.0.RELEASE to 4.2.1 #38

Are you sure you want to change the base?

[Snyk] Security upgrade org.springframework.cloud:spring-cloud-starter-netflix-eureka-client from 1.4.0.RELEASE to 4.2.1 #38

Uh oh!

Conversation

franksec42 commented Mar 20, 2025

Snyk has created this PR to fix 72 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants