Fix CVE #2602
Merged
Fix CVE #2602
Commits on Oct 6, 2022
-
Upgrade com.amazonaws:aws-java-sdk-s3@1.11.1034 to com.amazonaws:aws-java-sdk-s3@1.12.317 to fix ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMAMAZONAWS-2952700] in com.amazonaws:aws-java-sdk-s3@1.11.1034 introduced by com.amazonaws:aws-java-sdk-s3@1.11.1034 ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) Upgrade com.puppycrawl.tools:checkstyle@7.8.2 to com.puppycrawl.tools:checkstyle@8.29 to fix ✗ XML External Entity (XXE) Injection [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266] in com.puppycrawl.tools:checkstyle@7.8.2 introduced by com.puppycrawl.tools:checkstyle@7.8.2 ✗ XML External Entity (XXE) Injection [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-173770] in com.puppycrawl.tools:checkstyle@7.8.2 introduced by com.puppycrawl.tools:checkstyle@7.8.2 ✗ Deserialization of Untrusted Data [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236] in com.google.guava:guava@21.0 introduced by com.puppycrawl.tools:checkstyle@7.8.2 > com.google.guava:guava@21.0 ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-460111] in commons-beanutils:commons-beanutils@1.9.3 introduced by com.puppycrawl.tools:checkstyle@7.8.2 > commons-beanutils:commons-beanutils@1.9.3 Upgrade com.vladmihalcea:hibernate-types-52@2.10.4 to com.vladmihalcea:hibernate-types-52@2.17.1 to fix ✗ Denial of Service (DoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) Upgrade io.dropwizard.metrics:metrics-servlets@4.1.33 to io.dropwizard.metrics:metrics-servlets@4.2.10 to fix ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) Upgrade io.sentry:sentry-logback@4.1.0 to io.sentry:sentry-logback@6.0.0 to fix ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327] in com.google.code.gson:gson@2.8.5 introduced by io.sentry:sentry-logback@4.1.0 > io.sentry:sentry@4.1.0 > com.google.code.gson:gson@2.8.5 Upgrade net.logstash.logback:logstash-logback-encoder@6.6 to net.logstash.logback:logstash-logback-encoder@7.1 to fix ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) Upgrade net.sf.jasperreports:jasperreports@6.16.0 to net.sf.jasperreports:jasperreports@6.20.0 to fix ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.12.0 introduced by net.logstash.logback:logstash-logback-encoder@6.6 > com.fasterxml.jackson.core:jackson-databind@2.12.0 and 7 other path(s) Upgrade org.apache.xmlgraphics:batik-bridge@1.14 to org.apache.xmlgraphics:batik-bridge@1.15 to fix ✗ Server-side Request Forgery (SSRF) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730] in org.apache.xmlgraphics:batik-bridge@1.14 introduced by org.apache.xmlgraphics:batik-bridge@1.14 and 2 other path(s) ✗ Server-side Request Forgery (SSRF) (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728] in org.apache.xmlgraphics:batik-bridge@1.14 introduced by org.apache.xmlgraphics:batik-bridge@1.14 and 2 other path(s) ✗ Server-side Request Forgery (SSRF) (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729] in org.apache.xmlgraphics:batik-bridge@1.14 introduced by org.apache.xmlgraphics:batik-bridge@1.14 and 2 other path(s) Upgrade org.apache.xmlgraphics:batik-codec@1.14 to org.apache.xmlgraphics:batik-codec@1.15 to fix ✗ Server-side Request Forgery (SSRF) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730] in org.apache.xmlgraphics:batik-bridge@1.14 introduced by org.apache.xmlgraphics:batik-bridge@1.14 and 2 other path(s) ✗ Server-side Request Forgery (SSRF) (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728] in org.apache.xmlgraphics:batik-bridge@1.14 introduced by org.apache.xmlgraphics:batik-bridge@1.14 and 2 other path(s) ✗ Server-side Request Forgery (SSRF) (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729] in org.apache.xmlgraphics:batik-bridge@1.14 introduced by org.apache.xmlgraphics:batik-bridge@1.14 and 2 other path(s) Upgrade org.apache.xmlgraphics:batik-transcoder@1.14 to org.apache.xmlgraphics:batik-transcoder@1.15 to fix ✗ Server-side Request Forgery (SSRF) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730] in org.apache.xmlgraphics:batik-bridge@1.14 introduced by org.apache.xmlgraphics:batik-bridge@1.14 and 2 other path(s) ✗ Server-side Request Forgery (SSRF) (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728] in org.apache.xmlgraphics:batik-bridge@1.14 introduced by org.apache.xmlgraphics:batik-bridge@1.14 and 2 other path(s) ✗ Server-side Request Forgery (SSRF) (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729] in org.apache.xmlgraphics:batik-bridge@1.14 introduced by org.apache.xmlgraphics:batik-bridge@1.14 and 2 other path(s) Upgrade org.postgresql:postgresql@42.2.26 to org.postgresql:postgresql@42.3.3 to fix ✗ Arbitrary Code Injection [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGPOSTGRESQL-2401816] in org.postgresql:postgresql@42.2.26 introduced by org.postgresql:postgresql@42.2.26 Upgrade org.yaml:snakeyaml@1.27 to org.yaml:snakeyaml@1.31 to fix ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.27 introduced by org.yaml:snakeyaml@1.27 ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.27 introduced by org.yaml:snakeyaml@1.27
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.