[Snyk] Fix for 5 vulnerabilities #28

tyleragypt · 2024-11-22T05:28:49Z

Snyk has created this PR to fix 5 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue	Score	Upgrade
Path Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373	585	org.springframework:spring-webmvc: `4.3.30.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364	265	org.springframework:spring-context: `4.3.30.RELEASE` -> `6.1.14` org.springframework:spring-web: `4.3.30.RELEASE` -> `6.1.14` org.springframework:spring-webmvc: `4.3.30.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365	265	org.springframework:spring-context: `4.3.30.RELEASE` -> `6.1.14` org.springframework:spring-jdbc: `4.3.30.RELEASE` -> `6.1.14` org.springframework:spring-tx: `4.3.30.RELEASE` -> `6.1.14` org.springframework:spring-web: `4.3.30.RELEASE` -> `6.1.14` org.springframework:spring-webmvc: `4.3.30.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366	265	org.springframework:spring-web: `4.3.30.RELEASE` -> `6.1.14` org.springframework:spring-webmvc: `4.3.30.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368	265	org.springframework:spring-webmvc: `4.3.30.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Path Traversal

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368

tyleragypt · 2024-11-22T05:40:15Z

Checkmarx One – Scan Summary & Details – ad6e7859-6d17-4df9-ae54-29f583f9e392

Policy Management Violations

Policy Name	Rule(s)	Break Build
No highs or mediums	No Highs or Mediums	false

New Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2022-41853	Maven-org.hsqldb:hsqldb-2.3.6	Vulnerable Package
CVE-2016-10707	Npm-jquery-2.1.4	Vulnerable Package
CVE-2023-24998	Maven-commons-fileupload:commons-fileupload-1.3.3	Vulnerable Package
CVE-2023-26464	Maven-log4j:log4j-1.2.17	Vulnerable Package
CVE-2024-47554	Maven-commons-io:commons-io-2.6	Vulnerable Package
Prototype_Pollution	/src/main/webapp/js/js.cookie.js: 36	Attack Vector
CVE-2015-9251	Npm-jquery-2.1.4	Vulnerable Package
CVE-2019-11358	Npm-jquery-2.1.4	Vulnerable Package
CVE-2020-11022	Npm-jquery-2.1.4	Vulnerable Package
CVE-2020-11023	Npm-jquery-2.1.4	Vulnerable Package
CVE-2023-33201	Maven-org.bouncycastle:bcprov-jdk15on-1.70	Vulnerable Package
CVE-2023-33202	Maven-org.bouncycastle:bcprov-jdk15on-1.70	Vulnerable Package
CVE-2023-43643	Maven-org.owasp.antisamy:antisamy-1.6.3	Vulnerable Package
CVE-2024-23635	Maven-org.owasp.antisamy:antisamy-1.6.3	Vulnerable Package
CVE-2024-29857	Maven-org.bouncycastle:bcprov-jdk15on-1.70	Vulnerable Package
CVE-2024-30171	Maven-org.bouncycastle:bcprov-jdk15on-1.70	Vulnerable Package
CVE-2024-30172	Maven-org.bouncycastle:bcprov-jdk15on-1.70	Vulnerable Package
CVE-2024-6484	Npm-bootstrap-3.3.4	Vulnerable Package
CVE-2024-6485	Npm-bootstrap-3.3.4	Vulnerable Package
Cx5b5cdd9c-b61e	Maven-org.owasp.esapi:esapi-2.2.3.1	Vulnerable Package
Cxf0b588a3-5c6f	Npm-jquery-2.1.4	Vulnerable Package
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01409.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01118.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02570.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01156.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01161.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01986.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01329.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01036.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01908.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01113.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02559.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01646.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01331.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01408.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01158.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02026.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00957.java: 59	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00958.java: 59	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01028.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02304.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01988.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01116.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01984.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02204.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01029.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01906.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01403.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01642.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02207.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02197.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01033.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00265.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01157.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01117.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02565.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01573.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01574.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01836.java: 59	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00137.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01031.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01905.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01034.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00528.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02033.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01987.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01110.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00786.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01643.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00457.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01572.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01235.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01236.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01238.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01240.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02110.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02108.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01025.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01405.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02303.java: 45	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01990.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01989.java: 44	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00785.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00783.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00788.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02560.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01647.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02564.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02568.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02569.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02567.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00453.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02201.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01330.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02205.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02469.java: 43	Attack Vector
Relative_Path_Traversal	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02468.java: 43	Attack Vector

More results are available on AST platform

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 5 vulnerabilities #28

[Snyk] Fix for 5 vulnerabilities #28

Uh oh!

tyleragypt commented Nov 22, 2024

Uh oh!

tyleragypt commented Nov 22, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Fix for 5 vulnerabilities #28

Are you sure you want to change the base?

[Snyk] Fix for 5 vulnerabilities #28

Uh oh!

Conversation

tyleragypt commented Nov 22, 2024

Snyk has created this PR to fix 5 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

tyleragypt commented Nov 22, 2024

Policy Management Violations

New Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants