[Snyk] Upgrade: com.thoughtworks.xstream:xstream, log4j:log4j, net.sf.saxon:saxon, org.codehaus.jackson:jackson-mapper-asl, org.slf4j:slf4j-api, org.hibernate:hibernate-validator, org.slf4j:jcl-over-slf4j, org.slf4j:slf4j-log4j12, org.springframework:spring-beans, org.springframework:spring-aop, org.springframework:spring-expression, org.springframework:spring-context, org.springframework:spring-oxm, org.springframework:spring-web, org.springframework:spring-webmvc

[eoftedal]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together. :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

com.thoughtworks.xstream:xstreamfrom 1.4.4 to 1.4.20 | 23 versions ahead of your current version | 2 years agoon 2022-12-23 log4j:log4jfrom 1.2.16 to 1.2.17 | 1 version ahead of your current version | 12 years agoon 2012-05-26 net.sf.saxon:saxonfrom 8.5.1 to 8.7 | 1 version ahead of your current version | 18 years agoon 2006-04-05 org.codehaus.jackson:jackson-mapper-aslfrom 1.7.1 to 1.9.13 | 34 versions ahead of your current version | 11 years agoon 2013-07-15 org.slf4j:slf4j-apifrom 1.6.1 to 1.7.36 | 41 versions ahead of your current version | 3 years agoon 2022-02-08 org.hibernate:hibernate-validatorfrom 4.2.0.Final to 4.3.2.Final | 6 versions ahead of your current version | 10 years agoon 2014-07-25 org.slf4j:jcl-over-slf4jfrom 1.6.1 to 1.7.36 | 41 versions ahead of your current version | 3 years agoon 2022-02-08 org.slf4j:slf4j-log4j12from 1.6.1 to 1.7.36 | 41 versions ahead of your current version | 3 years agoon 2022-02-08 org.springframework:spring-beansfrom 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years agoon 2020-12-09 org.springframework:spring-aopfrom 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years agoon 2020-12-09 org.springframework:spring-expressionfrom 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years agoon 2020-12-09 org.springframework:spring-contextfrom 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years agoon 2020-12-09 org.springframework:spring-oxmfrom 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years agoon 2020-12-09 org.springframework:spring-webfrom 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years agoon 2020-12-09 org.springframework:spring-webmvcfrom 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years agoon 2020-12-09

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30159	479	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181	479	Proof of Concept
	XML External Entity (XXE) Injection SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394	479	No Known Exploit
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182	479	Proof of Concept
	Remote Code Execution (RCE) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183	479	Mature
	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832	479	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30163	479	No Known Exploit
	Reflected File Download SNYK-JAVA-ORGSPRINGFRAMEWORK-30165	479	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180	479	Proof of Concept
	Authentication Bypass SNYK-JAVA-ORGSPRINGFRAMEWORK-536316	479	No Known Exploit
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190	479	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191	479	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977	479	No Known Exploit
	JSM bypass via ReflectionHelper SNYK-JAVA-ORGHIBERNATE-30098	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-31328	479	No Known Exploit
	Arbitrary File Deletion SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966	479	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967	479	Mature
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331	479	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180	479	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336	479	Proof of Concept
	XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30160	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-30164	479	No Known Exploit
	Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGSPRINGFRAMEWORK-31331	479	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540	479	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JAVA-ORGSPRINGFRAMEWORK-30167	479	No Known Exploit
	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-30169	479	No Known Exploit
	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-32202	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334	479	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189	479	Proof of Concept
	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-31325	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897	479	Proof of Concept
	Insecure XML deserialization SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764	479	Mature
	XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30158	479	No Known Exploit

---

[!IMPORTANT]

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"com.thoughtworks.xstream:xstream","from":"1.4.4","to":"1.4.20"},{"name":"log4j:log4j","from":"1.2.16","to":"1.2.17"},{"name":"net.sf.saxon:saxon","from":"8.5.1","to":"8.7"},{"name":"org.codehaus.jackson:jackson-mapper-asl","from":"1.7.1","to":"1.9.13"},{"name":"org.slf4j:slf4j-api","from":"1.6.1","to":"1.7.36"},{"name":"org.hibernate:hibernate-validator","from":"4.2.0.Final","to":"4.3.2.Final"},{"name":"org.slf4j:jcl-over-slf4j","from":"1.6.1","to":"1.7.36"},{"name":"org.slf4j:slf4j-log4j12","from":"1.6.1","to":"1.7.36"},{"name":"org.springframework:spring-beans","from":"4.0.0.RELEASE","to":"4.3.30.RELEASE"},{"name":"org.springframework:spring-aop","from":"4.0.0.RELEASE","to":"4.3.30.RELEASE"},{"name":"org.springframework:spring-expression","from":"4.0.0.RELEASE","to":"4.3.30.RELEASE"},{"name":"org.springframework:spring-context","from":"4.0.0.RELEASE","to":"4.3.30.RELEASE"},{"name":"org.springframework:spring-oxm","from":"4.0.0.RELEASE","to":"4.3.30.RELEASE"},{"name":"org.springframework:spring-web","from":"4.0.0.RELEASE","to":"4.3.30.RELEASE"},{"name":"org.springframework:spring-webmvc","from":"4.0.0.RELEASE","to":"4.3.30.RELEASE"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30159","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30159","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"mature","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183","priority_score":854,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Reflected File Download"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-536316","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-536316","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Authentication Bypass"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191","priority_score":746,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-Side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGHIBERNATE-30098","issue_id":"SNYK-JAVA-ORGHIBERNATE-30098","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"JSM bypass via ReflectionHelper"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31328","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31328","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Deletion"},{"exploit_maturity":"mature","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967","priority_score":711,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-Side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328","priority_score":611,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.8","score":290},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331","priority_score":591,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336","priority_score":626,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30160","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30160","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30167","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30167","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30169","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30169","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Directory Traversal"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-32202","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-32202","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Directory Traversal"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332","priority_score":626,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334","priority_score":626,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Directory Traversal"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"mature","id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764","issue_id":"SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764","priority_score":626,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insecure XML deserialization"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30158","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30158","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"XML External Entity (XXE) Injection"}],"prId":"0de25222-803d-4268-9724-013c7b78c3a0","prPublicId":"0de25222-803d-4268-9724-013c7b78c3a0","packageManager":"maven","priorityScoreList":[654,751,746,589,589,746,854,644,654,644,696,746,746,746,746,746,589,746,746,746,746,746,589,479,489,586,711,611,586,586,591,479,586,626,529,489,529,586,631,429,479,616,626,586,626,646,479,616,626,529],"projectPublicId":"13c08cb8-bfda-431d-af1d-8fd8974e912b","projectUrl":"https://app.snyk.io/org/eoftedal/project/13c08cb8-bfda-431d-af1d-8fd8974e912b?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-ORGSPRINGFRAMEWORK-30159","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183","SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180","SNYK-JAVA-ORGSPRINGFRAMEWORK-536316","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977","SNYK-JAVA-ORGHIBERNATE-30098","SNYK-JAVA-ORGSPRINGFRAMEWORK-31328","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336","SNYK-JAVA-ORGSPRINGFRAMEWORK-30160","SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540","SNYK-JAVA-ORGSPRINGFRAMEWORK-30167","SNYK-JAVA-ORGSPRINGFRAMEWORK-30169","SNYK-JAVA-ORGSPRINGFRAMEWORK-32202","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189","SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764","SNYK-JAVA-ORGSPRINGFRAMEWORK-30158"],"upgradeInfo":{"versionsDiff":23,"publishedDate":"2022-12-23T23:23:05.000Z"},"vulns":["SNYK-JAVA-ORGSPRINGFRAMEWORK-30159","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183","SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180","SNYK-JAVA-ORGSPRINGFRAMEWORK-536316","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977","SNYK-JAVA-ORGHIBERNATE-30098","SNYK-JAVA-ORGSPRINGFRAMEWORK-31328","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336","SNYK-JAVA-ORGSPRINGFRAMEWORK-30160","SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540","SNYK-JAVA-ORGSPRINGFRAMEWORK-30167","SNYK-JAVA-ORGSPRINGFRAMEWORK-30169","SNYK-JAVA-ORGSPRINGFRAMEWORK-32202","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189","SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764","SNYK-JAVA-ORGSPRINGFRAMEWORK-30158"]}'