roda [Snyk] Fix for 5 vulnerabilities

[Snyk] Fix for 5 vulnerabilities

Open luis100 opened this issue 4 months ago • 0 comments

snyk-top-banner

Snyk has created this PR to fix 5 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue	Score	Upgrade
Path Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373	721	org.springframework.boot:spring-boot-starter-web: `3.3.0` -> `3.3.5` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364	401	org.springframework.boot:spring-boot-starter: `3.3.0` -> `3.3.5` org.springframework.boot:spring-boot-starter-web: `3.3.0` -> `3.3.5` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365	401	org.springframework.boot:spring-boot-starter: `3.3.0` -> `3.3.5` org.springframework.boot:spring-boot-starter-web: `3.3.0` -> `3.3.5` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366	401	org.springframework.boot:spring-boot-starter-web: `3.3.0` -> `3.3.5` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368	401	org.springframework.boot:spring-boot-starter-web: `3.3.0` -> `3.3.5` `No Known Exploit`

Vulnerabilities that could not be fixed

Upgrade:
- Could not upgrade org.springframework:[email protected] to org.springframework:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/spring-framework-bom/6.1.8/spring-framework-bom-6.1.8.pom

[!IMPORTANT]

Check the changes in this PR to ensure they won't cause issues with your project.

Max score is 1000. Note that the real score may have changed since the PR was raised.

This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Path Traversal

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.springframework.boot:spring-boot-starter","from":"3.3.0","to":"3.3.5"},{"name":"org.springframework.boot:spring-boot-starter-web","from":"3.3.0","to":"3.3.5"},{"name":"org.springframework:spring-web","from":"6.1.8","to":"6.1.14"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373","priority_score":721,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.7","score":435},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Path Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365","priority_score":401,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.3","score":115},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"}],"prId":"d0ac8594-1a80-46f8-ba9e-863b5a001935","prPublicId":"d0ac8594-1a80-46f8-ba9e-863b5a001935","packageManager":"maven","priorityScoreList":[401,401,721,401,401],"projectPublicId":"4b5443af-2212-4a11-9910-1ef16f10c5ac","projectUrl":"https://app.snyk.io/org/luis100/project/4b5443af-2212-4a11-9910-1ef16f10c5ac?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364","SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365","SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366","SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368","SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373"],"vulns":["SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366","SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368","SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373","SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364","SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

Oct 25 '24 06:10 luis100

roda roda copied to clipboard

[Snyk] Fix for 5 vulnerabilities

Snyk has created this PR to fix 5 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Vulnerabilities that could not be fixed

roda
roda copied to clipboard