orion icon indicating copy to clipboard operation
orion copied to clipboard
verified publisher icon pinterest

[Snyk] Security upgrade io.dropwizard:dropwizard-core from 1.3.17 to 3.0.9

Open devinlundberg opened this issue 1 year ago • 0 comments

snyk-top-banner

Snyk has created this PR to fix 4 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • orion-server/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Denial of Service (DoS)
SNYK-JAVA-ORGECLIPSEJETTY-8186142		   112   io.dropwizard:dropwizard-core:
1.3.17 -> 3.0.9
Major version upgrade No Known Exploit
medium severity Improper Validation of Syntactic Correctness of Input
SNYK-JAVA-ORGECLIPSEJETTY-8186141		   62   io.dropwizard:dropwizard-core:
1.3.17 -> 3.0.9
Major version upgrade Proof of Concept
medium severity Improper Validation of Syntactic Correctness of Input
SNYK-JAVA-ORGECLIPSEJETTY-8186158		   62   io.dropwizard:dropwizard-core:
1.3.17 -> 3.0.9
Major version upgrade Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGECLIPSEJETTY-8186168		   50   io.dropwizard:dropwizard-core:
1.3.17 -> 3.0.9
Major version upgrade No Known Exploit

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"io.dropwizard:dropwizard-core","from":"1.3.17","to":"3.0.9"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGECLIPSEJETTY-8186142","priority_score":112,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Oct 15 2024 14:33:21 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.86},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGECLIPSEJETTY-8186158","priority_score":62,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Oct 15 2024 07:31:03 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.61},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Improper Validation of Syntactic Correctness of Input"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGECLIPSEJETTY-8186142","priority_score":112,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Oct 15 2024 14:33:21 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.86},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGECLIPSEJETTY-8186142","priority_score":112,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Oct 15 2024 14:33:21 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.86},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGECLIPSEJETTY-8186142","priority_score":112,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Oct 15 2024 14:33:21 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.86},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGECLIPSEJETTY-8186168","priority_score":50,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Oct 15 2024 14:34:09 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.08},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGECLIPSEJETTY-8186141","priority_score":62,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Oct 15 2024 07:31:03 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.61},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Improper Validation of Syntactic Correctness of Input"}],"prId":"719df079-8709-4472-b757-84edee306c08","prPublicId":"719df079-8709-4472-b757-84edee306c08","packageManager":"maven","priorityScoreList":[112,62,50,62],"projectPublicId":"4592f51a-c73f-49da-a2d0-d16a3aa9922c","projectUrl":"https://app.snyk.io/org/pinterest-open-source-repos/project/4592f51a-c73f-49da-a2d0-d16a3aa9922c?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-ORGECLIPSEJETTY-8186141","SNYK-JAVA-ORGECLIPSEJETTY-8186142","SNYK-JAVA-ORGECLIPSEJETTY-8186158","SNYK-JAVA-ORGECLIPSEJETTY-8186168"],"vulns":["SNYK-JAVA-ORGECLIPSEJETTY-8186142","SNYK-JAVA-ORGECLIPSEJETTY-8186158","SNYK-JAVA-ORGECLIPSEJETTY-8186168","SNYK-JAVA-ORGECLIPSEJETTY-8186141"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

devinlundberg avatar Oct 16 '24 02:10 devinlundberg