kafka-webview icon indicating copy to clipboard operation
kafka-webview copied to clipboard

Published 20 hours ago verified publisher icon SourceLabOrg

[Snyk] Fix for 14 vulnerabilities

Open Crim opened this issue 11 months ago • 0 comments

snyk-top-banner

Snyk has created this PR to fix 14 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • kafka-webview-ui/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
critical severity Uncaught Exception
SNYK-JAVA-ORGAPACHETOMCATEMBED-8383920		   746   Major version upgrade No Known Exploit
high severity Path Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373		   649   Major version upgrade No Known Exploit
medium severity Information Exposure
SNYK-JAVA-ORGSPRINGFRAMEWORKLDAP-8398312		   601   No Known Exploit
medium severity Authorization Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8399269		   601   Major version upgrade No Known Exploit
medium severity Authorization Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8399272		   601   Major version upgrade No Known Exploit
medium severity Authorization Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8399273		   601   No Known Exploit
medium severity Authorization Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8399274		   601   No Known Exploit
medium severity Authorization Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8399278		   601   Major version upgrade No Known Exploit
medium severity Files or Directories Accessible to External Parties
SNYK-JAVA-ORGAPACHEKAFKA-8384362		   586   org.apache.kafka:kafka-clients:
2.8.2 -> 3.8.0
Major version upgrade No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364		   329   Major version upgrade No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365		   329   Major version upgrade No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366		   329   Major version upgrade No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368		   329   Major version upgrade No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230369		   329   Major version upgrade No Known Exploit

Vulnerabilities that could not be fixed

  • Upgrade:
    • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.13/spring-boot-dependencies-2.6.13.pom
  • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.13/spring-boot-dependencies-2.6.13.pom
  • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.13/spring-boot-dependencies-2.6.13.pom
  • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.13/spring-boot-dependencies-2.6.13.pom
  • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.13/spring-boot-dependencies-2.6.13.pom
  • Could not upgrade org.springframework.ldap:[email protected] to org.springframework.ldap:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.6.13/spring-boot-dependencies-2.6.13.pom
  • Could not upgrade org.springframework.security:[email protected] to org.springframework.security:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/security/spring-security-bom/5.6.8/spring-security-bom-5.6.8.pom

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncaught Exception 🦉 Path Traversal

Crim avatar Nov 21 '24 07:11 Crim