[Snyk] Fix for 76 vulnerabilities #40
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 - https://snyk.io/vuln/SNYK-JAVA-ORGTHYMELEAF-5811866 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5953331 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-2833359 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-6457293 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6092281 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-450242 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-537645 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6435948 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6435950 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-6056527 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-5950401 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094942 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094943 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097492 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097493 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-569100 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5862028 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-570204 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31689 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-451604 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-467268 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980 - https://snyk.io/vuln/SNYK-JAVA-OGNL-30474 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5959654 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5959972 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6183062 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-568162 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-6226862 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-474641 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-474642 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-1078232 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-72470 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-174111 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-1290497
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix 76 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
Major version upgradeMatureSNYK-JAVA-ORGTHYMELEAF-5811866
Major version upgradeProof of ConceptSNYK-JAVA-ORGAPACHETOMCATEMBED-5953331
Major version upgradeMatureSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-2833359
Major version upgradeProof of ConceptSNYK-JAVA-CHQOSLOGBACK-31407
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-1728268
Major version upgradeProof of ConceptSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-6457293
Major version upgradeNo Known ExploitSNYK-JAVA-ORGYAML-3152153
Major version upgradeProof of ConceptSNYK-JAVA-ORGAPACHETOMCATEMBED-6092281
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-1009832
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-6261586
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-6444790
Major version upgradeNo Known ExploitSNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302
Major version upgradeNo Known ExploitSNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424
Major version upgradeProof of ConceptSNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426
Major version upgradeProof of ConceptSNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-450242
No Known ExploitSNYK-JAVA-ORGYAML-537645
Major version upgradeProof of ConceptSNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-1728264
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-6435948
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-6435950
Major version upgradeNo Known ExploitSNYK-JAVA-ORGCODEHAUSGROOVY-1048694
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390
Major version upgradeNo Known ExploitSNYK-JAVA-ORGYAML-2806360
Major version upgradeNo Known ExploitSNYK-JAVA-ORGYAML-6056527
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-1048292
Major version upgradeProof of ConceptSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-5950401
Major version upgradeProof of ConceptSNYK-JAVA-CHQOSLOGBACK-6094942
Major version upgradeNo Known ExploitSNYK-JAVA-CHQOSLOGBACK-6094943
Major version upgradeNo Known ExploitSNYK-JAVA-CHQOSLOGBACK-6097492
Major version upgradeNo Known ExploitSNYK-JAVA-CHQOSLOGBACK-6097493
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-1080637
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-2414084
Major version upgradeNo Known ExploitSNYK-JAVA-ORGHIBERNATE-569100
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-3326459
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-5862028
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-5422217
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-570204
Major version upgradeNo Known ExploitSNYK-JAVA-ORGYAML-3016891
Major version upgradeProof of ConceptSNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-1080638
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-31689
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-451604
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-467268
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2689634
Major version upgradeProof of ConceptSNYK-JAVA-ORGYAML-3016888
Major version upgradeProof of ConceptSNYK-JAVA-ORGAPACHETOMCATEMBED-1017119
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-6597980
Major version upgradeNo Known ExploitSNYK-JAVA-OGNL-30474
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058
4.5.3->4.5.13No Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-1061939
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-1728266
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-3369687
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-584427
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-5959654
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-5959972
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-6183062
Major version upgradeNo Known ExploitSNYK-JAVA-ORGHIBERNATE-568162
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2434828
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2823313
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-3369749
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-6226862
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-474641
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-474642
No Known ExploitSNYK-JAVA-CHQOSLOGBACK-1726923
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-1728265
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-1078232
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-3035793
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-72470
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-174111
No Known ExploitSNYK-JAVA-ORGYAML-3016889
Major version upgradeNo Known ExploitSNYK-JAVA-ORGYAML-3113851
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-1290497
Major version upgradeNo Known ExploitVulnerabilities that could not be fixed
org.springframework.boot:spring-boot-starter-actuator@1.5.9.RELEASEtoorg.springframework.boot:spring-boot-starter-actuator@3.2.0; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.9.RELEASE/spring-boot-dependencies-1.5.9.RELEASE.pomorg.springframework.boot:spring-boot-starter-security@1.5.9.RELEASEtoorg.springframework.boot:spring-boot-starter-security@3.1.11; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.9.RELEASE/spring-boot-dependencies-1.5.9.RELEASE.pomorg.springframework.boot:spring-boot-starter-thymeleaf@1.5.9.RELEASEtoorg.springframework.boot:spring-boot-starter-thymeleaf@2.0.0.RELEASE; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.9.RELEASE/spring-boot-dependencies-1.5.9.RELEASE.pomorg.springframework.boot:spring-boot-starter-web@1.5.9.RELEASEtoorg.springframework.boot:spring-boot-starter-web@3.1.11; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.9.RELEASE/spring-boot-dependencies-1.5.9.RELEASE.pomImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Insufficient Hostname Verification
🦉 Denial of Service (DoS)
🦉 Arbitrary Code Execution
🦉 More lessons are available in Snyk Learn
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.apache.httpcomponents:httpclient","from":"4.5.3","to":"4.5.13"},{"name":"org.springframework.boot:spring-boot-starter-actuator","from":"1.5.9.RELEASE","to":"3.2.0"},{"name":"org.springframework.boot:spring-boot-starter-security","from":"1.5.9.RELEASE","to":"3.1.11"},{"name":"org.springframework.boot:spring-boot-starter-thymeleaf","from":"1.5.9.RELEASE","to":"2.0.0.RELEASE"},{"name":"org.springframework.boot:spring-boot-starter-web","from":"1.5.9.RELEASE","to":"3.1.11"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-1726923","priority_score":454,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insufficient Hostname Verification"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6094943","priority_score":569,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6097493","priority_score":569,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-31407","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6094942","priority_score":569,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6097492","priority_score":569,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-OGNL-30474","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119","priority_score":494,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.6","score":280},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"HTTP Request Smuggling"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Disclosure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637","priority_score":564,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7","score":350},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"HTTP Request Smuggling"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265","priority_score":454,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"HTTP Request Smuggling"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084","priority_score":564,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7","score":350},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Privilege Escalation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Unprotected Transport of Credentials"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-584427","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-5862028","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Access Restriction Bypass"},{"exploit_maturity":"Mature","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-5953331","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-5959654","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-5959972","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Incomplete Cleanup"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-6092281","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-6183062","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-6435948","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119","priority_score":494,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.6","score":280},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"HTTP Request Smuggling"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Disclosure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637","priority_score":564,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7","score":350},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"HTTP Request Smuggling"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265","priority_score":454,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"HTTP Request Smuggling"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084","priority_score":564,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7","score":350},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Privilege Escalation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Unprotected Transport of Credentials"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-584427","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-5862028","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Access Restriction Bypass"},{"exploit_maturity":"Mature","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-5953331","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-5959654","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-5959972","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Incomplete Cleanup"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-6092281","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-6183062","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-6435948","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHETOMCATEMBED-6435950","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGCODEHAUSGROOVY-1048694","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Disclosure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGHIBERNATE-568162","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGHIBERNATE-569100","priority_score":550,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31689","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-451604","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-Site Tracing (XST)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586","priority_score":633,"priority_score_factors":[{"type":"socialTrends","label":true,"score":111},{"type":"fixability","label":true,"score":167},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790","priority_score":633,"priority_score_factors":[{"type":"socialTrends","label":true,"score":111},{"type":"fixability","label":true,"score":167},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980","priority_score":484,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-72470","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31689","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-451604","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-Site Tracing (XST)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586","priority_score":633,"priority_score_factors":[{"type":"socialTrends","label":true,"score":111},{"type":"fixability","label":true,"score":167},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790","priority_score":633,"priority_score_factors":[{"type":"socialTrends","label":true,"score":111},{"type":"fixability","label":true,"score":167},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980","priority_score":484,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-72470","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31689","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-451604","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-Site Tracing (XST)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586","priority_score":633,"priority_score_factors":[{"type":"socialTrends","label":true,"score":111},{"type":"fixability","label":true,"score":167},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790","priority_score":633,"priority_score_factors":[{"type":"socialTrends","label":true,"score":111},{"type":"fixability","label":true,"score":167},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980","priority_score":484,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-72470","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","...