Skip to content

[Snyk] Fix for 14 vulnerabilities#18

Open
cfereday wants to merge 1 commit into
masterfrom
snyk-fix-73ddb334b05c94f493fd8df7065683ad
Open

[Snyk] Fix for 14 vulnerabilities#18
cfereday wants to merge 1 commit into
masterfrom
snyk-fix-73ddb334b05c94f493fd8df7065683ad

Conversation

@cfereday

@cfereday cfereday commented Jul 6, 2024

Copy link
Copy Markdown
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 14 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Denial of Service (DoS)
SNYK-JAVA-IONETTY-5953332		   423   Major version upgrade No Path Found Mature
medium severity Arbitrary Code Execution
SNYK-JAVA-ORGYAML-3152153		   221   Major version upgrade No Path Found Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407		   164   com.fasterxml.jackson.core:jackson-databind:
2.9.0 -> 2.9.9.2
No Path Found No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-CHQOSLOGBACK-6094942		   140   ch.qos.logback:logback-classic:
1.2.3 -> 1.2.13
No Path Found No Known Exploit
high severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JAVA-CHQOSLOGBACK-6097492		   140   ch.qos.logback:logback-classic:
1.2.3 -> 1.2.13
No Path Found No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGYAML-6056527		   114   Major version upgrade No Path Found No Known Exploit
medium severity External Control of System or Configuration Setting
SNYK-JAVA-IOMICRONAUT-6239521		   106   Major version upgrade No Path Found No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-CHQOSLOGBACK-6094943		   105   ch.qos.logback:logback-classic:
1.2.3 -> 1.2.13
No Path Found No Known Exploit
high severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JAVA-CHQOSLOGBACK-6097493		   105   ch.qos.logback:logback-classic:
1.2.3 -> 1.2.13
No Path Found No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-IONETTY-5725787		   104   Major version upgrade No Path Found No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217		   104   org.springframework:spring-context:
5.2.8.RELEASE -> 5.2.24.RELEASE
No Path Found No Known Exploit
medium severity External Control of System or Configuration Setting
SNYK-JAVA-IOMICRONAUT-6239523		   80   Major version upgrade No Path Found No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-IONETTY-6483812		   67   Major version upgrade No Path Found Proof of Concept
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749		   45   org.springframework:spring-context:
5.2.8.RELEASE -> 5.2.24.RELEASE
No Path Found No Known Exploit

Vulnerabilities that could not be fixed

  • Upgrade:
    • Could not upgrade io.micronaut:micronaut-http-server-netty@2.2.0 to io.micronaut:micronaut-http-server-netty@3.10.4; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/io/micronaut/micronaut-bom/2.2.0/micronaut-bom-2.2.0.pom
  • Could not upgrade io.micronaut:micronaut-runtime@2.2.0 to io.micronaut:micronaut-runtime@3.8.7; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/io/micronaut/micronaut-bom/2.2.0/micronaut-bom-2.2.0.pom

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Deserialization of Untrusted Data
🦉 Allocation of Resources Without Limits or Throttling
🦉 More lessons are available in Snyk Learn

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"ch.qos.logback:logback-classic","from":"1.2.3","to":"1.2.13"},{"name":"com.fasterxml.jackson.core:jackson-databind","from":"2.9.0","to":"2.9.9.2"},{"name":"io.micronaut:micronaut-http-server-netty","from":"2.2.0","to":"3.10.4"},{"name":"io.micronaut:micronaut-runtime","from":"2.2.0","to":"3.8.7"},{"name":"org.springframework:spring-context","from":"5.2.8.RELEASE","to":"5.2.24.RELEASE"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6094943","priority_score":105,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00046},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Nov 29 2023 14:25:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.65},{"name":"likelihood","value":1.58},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6097493","priority_score":105,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00046},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Dec 04 2023 15:19:16 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.65},{"name":"likelihood","value":1.58},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6094942","priority_score":140,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00046},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Nov 29 2023 14:25:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.65},{"name":"likelihood","value":2.1},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6097492","priority_score":140,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00046},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Dec 04 2023 15:19:15 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.65},{"name":"likelihood","value":2.1},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","priority_score":164,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00116},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jul 29 2019 12:40:42 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-IOMICRONAUT-6239523","priority_score":80,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00043},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Feb 09 2024 08:42:57 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.41},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"External Control of System or Configuration Setting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-IOMICRONAUT-6239521","priority_score":106,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00043},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Feb 09 2024 08:42:56 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.88},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"External Control of System or Configuration Setting"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-IONETTY-6483812","priority_score":67,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 26 2024 07:23:20 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-IONETTY-6483812","priority_score":67,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 26 2024 07:23:20 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-IONETTY-6483812","priority_score":67,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 26 2024 07:23:20 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-IONETTY-5725787","priority_score":104,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00116},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jun 21 2023 12:34:19 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.73},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-IONETTY-5725787","priority_score":104,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00116},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jun 21 2023 12:34:19 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.73},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-IONETTY-5725787","priority_score":104,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00116},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jun 21 2023 12:34:19 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.73},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-JAVA-IONETTY-5953332","priority_score":423,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.73185},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Oct 11 2023 06:03:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":7.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749","priority_score":45,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00133},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Mar 23 2023 12:37:13 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":1.89},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217","priority_score":104,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00306},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Apr 14 2023 06:33:21 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.73},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGYAML-3152153","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"high"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02152},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Dec 08 2022 18:58:07 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.25},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Arbitrary Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGYAML-6056527","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00123},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Aug 29 2022 15:10:51 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.89},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"}],"prId":"cf9a86ca-c9a7-4860-9eec-f0a73fd0429a","prPublicId":"cf9a86ca-c9a7-4860-9eec-f0a73fd0429a","packageManager":"maven","priorityScoreList":[105,105,140,140,164,80,106,67,104,423,45,104,221,114],"projectPublicId":"1e7d99ce-c946-4dec-893f-f713785a0b54","projectUrl":"https://app.snyk.io/org/testing-re/project/1e7d99ce-c946-4dec-893f-f713785a0b54?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-CHQOSLOGBACK-6094942","SNYK-JAVA-CHQOSLOGBACK-6094943","SNYK-JAVA-CHQOSLOGBACK-6097492","SNYK-JAVA-CHQOSLOGBACK-6097493","SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","SNYK-JAVA-IOMICRONAUT-6239521","SNYK-JAVA-IOMICRONAUT-6239523","SNYK-JAVA-IONETTY-5725787","SNYK-JAVA-IONETTY-5953332","SNYK-JAVA-IONETTY-6483812","SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749","SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217","SNYK-JAVA-ORGYAML-3152153","SNYK-JAVA-ORGYAML-6056527"],"vulns":["SNYK-JAVA-CHQOSLOGBACK-6094943","SNYK-JAVA-CHQOSLOGBACK-6097493","SNYK-JAVA-CHQOSLOGBACK-6094942","SNYK-JAVA-CHQOSLOGBACK-6097492","SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","SNYK-JAVA-IOMICRONAUT-6239523","SNYK-JAVA-IOMICRONAUT-6239521","SNYK-JAVA-IONETTY-6483812","SNYK-JAVA-IONETTY-5725787","SNYK-JAVA-IONETTY-5953332","SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749","SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217","SNYK-JAVA-ORGYAML-3152153","SNYK-JAVA-ORGYAML-6056527"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

@snyk-bot
fix: pom.xml to reduce vulnerabilities
6ade4ed 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-5953332
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094942
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097492
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-6056527
- https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-6239521
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094943
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097493
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-5725787
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217
- https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-6239523
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cfereday @snyk-bot