cassandra-data-migrator icon indicating copy to clipboard operation
cassandra-data-migrator copied to clipboard
verified publisher icon datastax

[Snyk] Fix for 18 vulnerabilities

Open msmygit opened this issue 6 months ago • 1 comments

snyk-top-banner

Snyk has created this PR to fix 18 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Denial of Service (DoS)
SNYK-JAVA-IONETTY-5953332		   864   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade Mature
medium severity Denial of Service (DoS)
SNYK-JAVA-IONETTY-8367012		   661   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade Proof of Concept
medium severity Improper Validation of Specified Quantity in Input
SNYK-JAVA-IONETTY-8707740		   661   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade Proof of Concept
high severity Stack-based Buffer Overflow
SNYK-JAVA-COMGOOGLEPROTOBUF-8055227		   649   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
org.apache.spark:spark-sql_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
high severity Improper Validation of Specified Quantity in Input
SNYK-JAVA-IONETTY-8707739		   649   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
medium severity Improper Validation of Syntactic Correctness of Input
SNYK-JAVA-ORGECLIPSEJETTY-8186141		   636   org.apache.spark:spark-sql_2.13:
3.5.5 -> 4.0.0
Major version upgrade Proof of Concept
medium severity Improper Validation of Syntactic Correctness of Input
SNYK-JAVA-ORGECLIPSEJETTY-8186158		   636   org.apache.spark:spark-sql_2.13:
3.5.5 -> 4.0.0
Major version upgrade Proof of Concept
medium severity Improper Resource Shutdown or Release
SNYK-JAVA-ORGECLIPSEJETTY-10079022		   631   org.apache.spark:spark-sql_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
high severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGAPACHEIVY-5847858		   624   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
high severity Infinite loop
SNYK-JAVA-ORGAPACHECOMMONS-6254296		   619   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
high severity Authorization Bypass Through User-Controlled Key
SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102		   619   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-IONETTY-6483812		   586   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade Proof of Concept
medium severity Information Exposure
SNYK-JAVA-ORGAPACHEZOOKEEPER-6447882		   539   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMGOOGLEGUAVA-32236		   509   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
medium severity Improper Input Validation
SNYK-JAVA-ORGAPACHECOMMONS-5901530		   509   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
low severity Information Disclosure
SNYK-JAVA-COMGOOGLEGUAVA-1015415		   486   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade Proof of Concept
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGAPACHECOMMONS-6254297		   429   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit
low severity Creation of Temporary File in Directory with Insecure Permissions
SNYK-JAVA-COMGOOGLEGUAVA-5710356		   379   org.apache.spark:spark-core_2.13:
3.5.5 -> 4.0.0
Major version upgrade No Known Exploit

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Creation of Temporary File in Directory with Insecure Permissions 🦉 Denial of Service (DoS) 🦉 Allocation of Resources Without Limits or Throttling 🦉 More lessons are available in Snyk Learn

msmygit avatar May 29 '25 08:05 msmygit

[!IMPORTANT] other related changes that need to happen along with this change are,

  • [SPARK-45314] Drop Scala 2.12 and make Scala 2.13 the default
  • [SPARK-45315] Drop JDK 8/11 and make JDK 17 the default See https://spark.apache.org/releases/spark-release-4-0-0.html

msmygit avatar Jun 03 '25 05:06 msmygit