traefik-forward-auth0
traefik-forward-auth0 copied to clipboard
dniel
[Snyk] Fix for 77 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity |
|---|---|---|---|---|---|
 |
454/1000 Why? Has a fix available, CVSS 4.8 |
Insufficient Hostname Verification SNYK-JAVA-CHQOSLOGBACK-1726923 |
ch.qos.logback:logback-classic: 1.2.3 -> 1.2.7 |
No | No Known Exploit |
 |
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
XML External Entity (XXE) Injection SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Mature |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
630/1000 Why? Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | No Known Exploit |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.fasterxml.jackson.core:jackson-databind: 2.9.9.2 -> 2.12.6.1 |
No | Proof of Concept |
 |
486/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.3 |
Information Disclosure SNYK-JAVA-COMGOOGLEGUAVA-1015415 |
com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 com.google.guava:guava: 27.0.1-jre -> 30.0-jre |
No | Proof of Concept |
|
399/1000 Why? Has a fix available, CVSS 3.7 |
Information Exposure SNYK-JAVA-COMMONSCODEC-561518 |
com.auth0:java-jwt: 3.8.1 -> 3.19.1 com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 |
No | No Known Exploit |
|
651/1000 Why? Mature exploit, Has a fix available, CVSS 5.3 |
Directory Traversal SNYK-JAVA-COMMONSIO-1277109 |
com.auth0:jwks-rsa: 0.8.2 -> 0.21.1 |
No | Mature |
|
494/1000 Why? Has a fix available, CVSS 5.6 |
HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119 |
No | No Known Exploit | |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Information Exposure SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292 |
No | Proof of Concept | |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Information Disclosure SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939 |
No | No Known Exploit | |
|
564/1000 Why? Has a fix available, CVSS 7 |
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637 |
No | No Known Exploit | |
|
509/1000 Why? Has a fix available, CVSS 5.9 |
HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638 |
No | No Known Exploit | |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264 |
No | No Known Exploit | |
|
454/1000 Why? Has a fix available, CVSS 4.8 |
Improper Input Validation SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265 |
No | No Known Exploit | |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266 |
No | No Known Exploit | |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268 |
No | Proof of Concept | |
|
564/1000 Why? Has a fix available, CVSS 7 |
Privilege Escalation SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084 |
No | No Known Exploit | |
|
369/1000 Why? Has a fix available, CVSS 3.1 |
Session Fixation SNYK-JAVA-ORGAPACHETOMCATEMBED-538488 |
No | No Known Exploit | |
|
604/1000 Why? Has a fix available, CVSS 7.8 |
Privilege Escalation SNYK-JAVA-ORGAPACHETOMCATEMBED-538490 |
No | No Known Exploit | |
|
791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1 |
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHETOMCATEMBED-570072 |
No | Mature | |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-584427 |
No | No Known Exploit | |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
XML Entity Expansion SNYK-JAVA-ORGGLASSFISHJERSEYMEDIA-595972 |
No | No Known Exploit | |
|
550/1000 Why? Has a fix available, CVSS 6.5 |
Cross-site Scripting (XSS) SNYK-JAVA-ORGHIBERNATEVALIDATOR-541187 |
No | No Known Exploit | |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Input Validation SNYK-JAVA-ORGHIBERNATEVALIDATOR-568163 |
No | No Known Exploit | |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Locking SNYK-JAVA-ORGJETBRAINSKOTLIN-2628385 |
org.jetbrains.kotlin:kotlin-stdlib-jdk8: 1.3.41 -> 1.6.0 |
No | No Known Exploit |
|
644/1000 Why? Has a fix available, CVSS 8.6 |
Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832 |
No | No Known Exploit | |
|
434/1000 Why? Has a fix available, CVSS 4.4 |
Privilege Escalation SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829 |
No | No Known Exploit | |
|
429/1000 Why? Has a fix available, CVSS 4.3 |
Improper Output Neutralization for Logs SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097 |
No | No Known Exploit | |
|
429/1000 Why? Has a fix available, CVSS 4.3 |
Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878 |
No | No Known Exploit | |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828 |
No | No Known Exploit | |
 |
919/1000 Why? Mature exploit, Has a fix available, CVSS 9.8 |
Remote Code Execution SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 |
No | Mature | |
|
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634 |
No | Proof of Concept | |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313 |
No | No Known Exploit | |
|
721/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8 |
Reflected File Download (RFD) SNYK-JAVA-ORGSPRINGFRAMEWORK-559346 |
No | Proof of Concept | |
|
604/1000 Why? Has a fix available, CVSS 7.8 |
Insecure Temporary File SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287 |
No | No Known Exploit | |
|
591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4 |
Denial of Service (DoS) SNYK-JAVA-ORGYAML-537645 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Vulnerabilities that could not be fixed
- Upgrade:
- Could not upgrade
org.jetbrains.kotlin:[email protected]toorg.jetbrains.kotlin:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.1.6.RELEASE/spring-boot-dependencies-2.1.6.RELEASE.pom - Could not upgrade
org.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.1.6.RELEASE/spring-boot-dependencies-2.1.6.RELEASE.pom - Could not upgrade
org.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.1.6.RELEASE/spring-boot-dependencies-2.1.6.RELEASE.pom
- Could not upgrade
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
[//]: # (snyk:metadata:{"prId":"89ca532f-30fe-45d4-8e41-31ceb25c06b4","prPublicId":"89ca532f-30fe-45d4-8e41-31ceb25c06b4","dependencies":[{"name":"ch.qos.logback:logback-classic","from":"1.2.3","to":"1.2.7"},{"name":"com.auth0:java-jwt","from":"3.8.1","to":"3.19.1"},{"name":"com.auth0:jwks-rsa","from":"0.8.2","to":"0.21.1"},{"name":"com.fasterxml.jackson.core:jackson-databind","from":"2.9.9.2","to":"2.12.6.1"},{"name":"com.google.guava:guava","from":"27.0.1-jre","to":"30.0-jre"},{"name":"org.jetbrains.kotlin:kotlin-reflect","from":"1.2.71","to":"1.6.0"},{"name":"org.jetbrains.kotlin:kotlin-stdlib-jdk8","from":"1.3.41","to":"1.6.0"},{"name":"org.springframework.boot:spring-boot-starter-actuator","from":"2.1.6.RELEASE","to":"2.6.8"},{"name":"org.springframework.boot:spring-boot-starter-jersey","from":"2.1.6.RELEASE","to":"2.6.8"}],"packageManager":"maven","projectPublicId":"77d199c0-94f8-44aa-880a-cf5bf928b5b7","projectUrl":"https://app.snyk.io/org/dniel/project/77d199c0-94f8-44aa-880a-cf5bf928b5b7?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-CHQOSLOGBACK-1726923","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014","SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015","SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016","SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674","SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676","SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451","SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094","SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106","SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762","SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587","SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887","SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888","SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316","SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664","SNYK-JAVA-COMGOOGLEGUAVA-1015415","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119","SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292","SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939","SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637","SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638","SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264","SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265","SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266","SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268","SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084","SNYK-JAVA-ORGAPACHETOMCATEMBED-538488","SNYK-JAVA-ORGAPACHETOMCATEMBED-538490","SNYK-JAVA-ORGAPACHETOMCATEMBED-570072","SNYK-JAVA-ORGAPACHETOMCATEMBED-584427","SNYK-JAVA-ORGGLASSFISHJERSEYMEDIA-595972","SNYK-JAVA-ORGHIBERNATEVALIDATOR-541187","SNYK-JAVA-ORGHIBERNATEVALIDATOR-568163","SNYK-JAVA-ORGJETBRAINSKOTLIN-2628385","SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829","SNYK-JAVA-ORGSPRINGFRAMEWORK-559346","SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828","SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751","SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313","SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634","SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287","SNYK-JAVA-ORGYAML-537645"],"upgrade":["SNYK-JAVA-CHQOSLOGBACK-1726923","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014","SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015","SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016","SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674","SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676","SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451","SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094","SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106","SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762","SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587","SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887","SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888","SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316","SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664","SNYK-JAVA-COMGOOGLEGUAVA-1015415","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119","SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292","SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939","SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637","SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638","SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264","SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265","SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266","SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268","SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084","SNYK-JAVA-ORGAPACHETOMCATEMBED-538488","SNYK-JAVA-ORGAPACHETOMCATEMBED-538490","SNYK-JAVA-ORGAPACHETOMCATEMBED-570072","SNYK-JAVA-ORGAPACHETOMCATEMBED-584427","SNYK-JAVA-ORGGLASSFISHJERSEYMEDIA-595972","SNYK-JAVA-ORGHIBERNATEVALIDATOR-541187","SNYK-JAVA-ORGHIBERNATEVALIDATOR-568163","SNYK-JAVA-ORGJETBRAINSKOTLIN-2628385","SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829","SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828","SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751","SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634","SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313","SNYK-JAVA-ORGSPRINGFRAMEWORK-559346","SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287","SNYK-JAVA-ORGYAML-537645"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[454,630,630,624,619,619,726,630,726,630,726,630,726,726,630,630,726,726,619,589,619,791,630,619,619,619,619,619,726,726,726,726,630,630,630,726,630,630,630,630,630,630,630,630,726,486,399,651,494,586,479,564,509,589,454,479,696,564,369,604,791,479,589,550,479,479,644,434,721,429,429,479,919,479,506,604,591]})
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Deserialization of Untrusted Data 🦉 Deserialization of Untrusted Data 🦉 XML External Entity (XXE) Injection 🦉 More lessons are available in Snyk Learn
