thunder
thunder copied to clipboard
Published
20 hours ago •
blockchain
blockchain
[Snyk] Fix for 37 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- thunder-core/pom.xml
- pom.xml
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity |
|---|---|---|---|---|---|
 |
599/1000 Why? Has a fix available, CVSS 7.7 |
Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLECODEGSON-1730327 |
com.google.code.gson:gson: 2.5 -> 2.8.9 |
No | No Known Exploit |
 |
596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5 |
Information Disclosure SNYK-JAVA-COMGOOGLEGUAVA-1015415 |
org.bitcoinj:bitcoinj-core: 0.13.1 -> 0.16 |
No | Proof of Concept |
|
509/1000 Why? Has a fix available, CVSS 5.9 |
Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLEGUAVA-32236 |
org.bitcoinj:bitcoinj-core: 0.13.1 -> 0.16 |
No | No Known Exploit |
|
654/1000 Why? Has a fix available, CVSS 8.8 |
Integer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-173761 |
org.bitcoinj:bitcoinj-core: 0.13.1 -> 0.16 |
No | No Known Exploit |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
XML External Entity (XXE) Injection SNYK-JAVA-COMH2DATABASE-1769238 |
com.h2database:h2: 1.3.176 -> 2.0.202 |
Yes | Proof of Concept |
|
826/1000 Why? Mature exploit, Has a fix available, CVSS 8.8 |
Remote Code Execution (RCE) SNYK-JAVA-COMH2DATABASE-31685 |
com.h2database:h2: 1.3.176 -> 2.0.202 |
No | Mature |
|
509/1000 Why? Has a fix available, CVSS 5.9 |
SSL Certificate Bypass SNYK-JAVA-COMSQUAREUPOKHTTP-30380 |
org.bitcoinj:bitcoinj-core: 0.13.1 -> 0.16 com.squareup.okhttp:okhttp: 2.6.0 -> 2.7.4 |
No | No Known Exploit |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
HTTP Request Smuggling SNYK-JAVA-IONETTY-473214 |
io.netty:netty-all: 4.0.33.Final -> 4.1.44.Final |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
HTTP Request Smuggling SNYK-JAVA-IONETTY-559515 |
io.netty:netty-all: 4.0.33.Final -> 4.1.44.Final |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
HTTP Request Smuggling SNYK-JAVA-IONETTY-559516 |
io.netty:netty-all: 4.0.33.Final -> 4.1.44.Final |
No | Proof of Concept |
 |
466/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.9 |
Information Exposure SNYK-JAVA-JUNIT-1017047 |
junit:junit: 4.12 -> 4.13.1 |
No | Proof of Concept |
|
529/1000 Why? Has a fix available, CVSS 6.3 |
Privilege Escalation SNYK-JAVA-MYSQL-174574 |
mysql:mysql-connector-java: 5.1.36 -> 8.0.27 |
Yes | No Known Exploit |
|
616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9 |
XML External Entity (XXE) Injection SNYK-JAVA-MYSQL-1766958 |
mysql:mysql-connector-java: 5.1.36 -> 8.0.27 |
Yes | Proof of Concept |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Improper Access Control SNYK-JAVA-MYSQL-31399 |
mysql:mysql-connector-java: 5.1.36 -> 8.0.27 |
No | No Known Exploit |
|
379/1000 Why? Has a fix available, CVSS 3.3 |
Improper Access Control SNYK-JAVA-MYSQL-31449 |
mysql:mysql-connector-java: 5.1.36 -> 8.0.27 |
No | No Known Exploit |
|
534/1000 Why? Has a fix available, CVSS 6.4 |
Arbitrary Code Execution SNYK-JAVA-MYSQL-31580 |
mysql:mysql-connector-java: 5.1.36 -> 8.0.27 |
No | No Known Exploit |
|
654/1000 Why? Has a fix available, CVSS 8.8 |
Access Control Bypass SNYK-JAVA-MYSQL-451464 |
mysql:mysql-connector-java: 5.1.36 -> 8.0.27 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058 |
org.apache.httpcomponents:httpclient: 4.5 -> 4.5.13 |
No | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Directory Traversal SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517 |
org.apache.httpcomponents:httpclient: 4.5 -> 4.5.13 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Information Exposure SNYK-JAVA-ORGBOUNCYCASTLE-1035561 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Timing Attack SNYK-JAVA-ORGBOUNCYCASTLE-1296075 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
399/1000 Why? Has a fix available, CVSS 3.7 |
Information Exposure SNYK-JAVA-ORGBOUNCYCASTLE-173771 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Insufficient Validation SNYK-JAVA-ORGBOUNCYCASTLE-32340 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32361 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32362 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
509/1000 Why? Has a fix available, CVSS 5.9 |
Timing Attack SNYK-JAVA-ORGBOUNCYCASTLE-32363 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Signature Validation Bypass SNYK-JAVA-ORGBOUNCYCASTLE-32364 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
399/1000 Why? Has a fix available, CVSS 3.7 |
Insufficient Validation SNYK-JAVA-ORGBOUNCYCASTLE-32365 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
584/1000 Why? Has a fix available, CVSS 7.4 |
Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32366 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
509/1000 Why? Has a fix available, CVSS 5.9 |
Cryptographic Issues SNYK-JAVA-ORGBOUNCYCASTLE-32367 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
584/1000 Why? Has a fix available, CVSS 7.4 |
Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32368 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32369 |
org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66 |
No | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JAVA-ORGECLIPSEJETTY-1090340 |
org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325 |
No | Proof of Concept |
|
621/1000 Why? Mature exploit, Has a fix available, CVSS 4.7 |
Cross-site Scripting (XSS) SNYK-JAVA-ORGECLIPSEJETTY-174479 |
org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325 |
No | Mature |
 |
704/1000 Why? Has a fix available, CVSS 9.8 |
Information Exposure SNYK-JAVA-ORGECLIPSEJETTY-31117 |
org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Timing Attack SNYK-JAVA-ORGECLIPSEJETTY-32151 |
org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325 |
No | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Information Exposure SNYK-JAVA-ORGECLIPSEJETTY-461008 |
org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
