pinterest
[Snyk] Security upgrade org.apache.hbase:hbase-client from 1.2.1 to 2.5.11-hadoop3
Snyk has created this PR to fix 44 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
orion-server/pom.xml
Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | Upgrade | |
|---|---|---|---|
 |
Arbitrary Code Execution SNYK-JAVA-LOG4J-2316893 |
392 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade Proof of Concept |
 |
Deserialization of Untrusted Data SNYK-JAVA-LOG4J-572732 |
390 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade Proof of Concept |
 |
SQL Injection SNYK-JAVA-LOG4J-2342645 |
273 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade Proof of Concept |
|
Directory Traversal SNYK-JAVA-COMJCRAFT-30302 |
254 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Mature |
|
Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEAVRO-8161188 |
204 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Arbitrary Code Execution SNYK-JAVA-ORGAPACHEHADOOP-2975400 |
192 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Improper Input Validation SNYK-JAVA-ORGCODEHAUSJACKSON-3326362 |
190 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-30627 |
187 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') SNYK-JAVA-COMMONSBEANUTILS-10259368 |
186 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JAVA-ORGAPACHEHADOOP-2443177 |
186 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Integer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-173761 |
171 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342646 |
166 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342647 |
165 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Authorization Bypass Through User-Controlled Key SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102 |
164 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Denial of Service (DoS) SNYK-JAVA-ORGXERIALSNAPPY-5710960 |
159 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Proof of Concept |
|
Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGXERIALSNAPPY-5918282 |
159 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Proof of Concept |
|
Integer Overflow or Wraparound SNYK-JAVA-ORGXERIALSNAPPY-5710959 |
147 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Proof of Concept |
|
Integer Overflow or Wraparound SNYK-JAVA-ORGXERIALSNAPPY-5710961 |
146 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Proof of Concept |
|
Uncontrolled Recursion SNYK-JAVA-COMMONSLANG-10734077 |
145 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Stack-based Buffer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-8055227 |
124 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Infinite loop SNYK-JAVA-ORGAPACHECOMMONS-6254296 |
120 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Information Exposure SNYK-JAVA-IONETTY-30430 |
117 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
XML External Entity (XXE) Injection SNYK-JAVA-ORGCODEHAUSJACKSON-534878 |
115 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-2331703 |
114 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3167772 |
114 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316641 |
114 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
HTTP Request Smuggling SNYK-JAVA-IONETTY-473694 |
113 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade Proof of Concept |
|
Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-461004 |
105 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Denial of Service (DoS) SNYK-JAVA-LOG4J-3358774 |
101 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316640 |
88 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Directory Traversal SNYK-JAVA-COMMONSIO-1277109 |
86 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Mature |
|
Creation of Temporary File in Directory with Insecure Permissions SNYK-JAVA-ORGAPACHEHADOOP-8089372 |
85 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Cryptographic Issues SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040 |
81 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3040284 |
66 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Improper Certificate Validation SNYK-JAVA-COMMONSHTTPCLIENT-30083 |
62 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-32473 |
60 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMMONSCONFIGURATION-10116124 |
49 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Uncontrolled Resource Consumption SNYK-JAVA-COMMONSIO-8161190 |
49 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058 |
45 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
 |
Information Exposure SNYK-JAVA-COMMONSCODEC-561518 |
40 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Information Exposure SNYK-JAVA-COMMONSNET-3153503 |
40 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
|
Man-in-the-Middle (MitM) SNYK-JAVA-LOG4J-1300176 |
40 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Improper Input Validation SNYK-JAVA-ORGAPACHEAVRO-5926693 |
40 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 Major version upgrade No Known Exploit |
|
Man-in-the-Middle (MitM) SNYK-JAVA-COMMONSHTTPCLIENT-31660 |
36 | org.apache.hbase:hbase-client: 1.2.1 -> 2.5.11-hadoop3 No Known Exploit |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Denial of Service (DoS) 🦉 Directory Traversal 🦉 Allocation of Resources Without Limits or Throttling 🦉 More lessons are available in Snyk Learn
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.apache.hbase:hbase-client","from":"1.2.1","to":"2.5.11-hadoop3"}],"env":"prod","issuesToFix":["SNYK-JAVA-COMGOOGLEPROTOBUF-173761","SNYK-JAVA-COMGOOGLEPROTOBUF-2331703","SNYK-JAVA-COMGOOGLEPROTOBUF-3040284","SNYK-JAVA-COMGOOGLEPROTOBUF-3167772","SNYK-JAVA-COMGOOGLEPROTOBUF-8055227","SNYK-JAVA-COMJCRAFT-30302","SNYK-JAVA-COMMONSBEANUTILS-10259368","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-COMMONSCONFIGURATION-10116124","SNYK-JAVA-COMMONSHTTPCLIENT-30083","SNYK-JAVA-COMMONSHTTPCLIENT-31660","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-COMMONSIO-8161190","SNYK-JAVA-COMMONSLANG-10734077","SNYK-JAVA-COMMONSLANG-10734077","SNYK-JAVA-COMMONSNET-3153503","SNYK-JAVA-IONETTY-30430","SNYK-JAVA-IONETTY-473694","SNYK-JAVA-LOG4J-1300176","SNYK-JAVA-LOG4J-2316893","SNYK-JAVA-LOG4J-2342645","SNYK-JAVA-LOG4J-2342646","SNYK-JAVA-LOG4J-2342647","SNYK-JAVA-LOG4J-3358774","SNYK-JAVA-LOG4J-572732","SNYK-JAVA-LOG4J-1300176","SNYK-JAVA-LOG4J-2316893","SNYK-JAVA-LOG4J-2342645","SNYK-JAVA-LOG4J-2342646","SNYK-JAVA-LOG4J-2342647","SNYK-JAVA-LOG4J-3358774","SNYK-JAVA-LOG4J-572732","SNYK-JAVA-LOG4J-1300176","SNYK-JAVA-LOG4J-2316893","SNYK-JAVA-LOG4J-2342645","SNYK-JAVA-LOG4J-2342646","SNYK-JAVA-LOG4J-2342647","SNYK-JAVA-LOG4J-3358774","SNYK-JAVA-LOG4J-572732","SNYK-JAVA-ORGAPACHEAVRO-5926693","SNYK-JAVA-ORGAPACHEAVRO-8161188","SNYK-JAVA-ORGAPACHECOMMONS-1316640","SNYK-JAVA-ORGAPACHECOMMONS-1316641","SNYK-JAVA-ORGAPACHECOMMONS-32473","SNYK-JAVA-ORGAPACHECOMMONS-6254296","SNYK-JAVA-ORGAPACHECOMMONS-32473","SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040","SNYK-JAVA-ORGAPACHEHADOOP-2443177","SNYK-JAVA-ORGAPACHEHADOOP-2975400","SNYK-JAVA-ORGAPACHEHADOOP-30627","SNYK-JAVA-ORGAPACHEHADOOP-461004","SNYK-JAVA-ORGAPACHEHADOOP-8089372","SNYK-JAVA-ORGAPACHEHADOOP-2443177","SNYK-JAVA-ORGAPACHEHADOOP-2975400","SNYK-JAVA-ORGAPACHEHADOOP-30627","SNYK-JAVA-ORGAPACHEHADOOP-461004","SNYK-JAVA-ORGAPACHEHADOOP-8089372","SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058","SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102","SNYK-JAVA-ORGCODEHAUSJACKSON-3326362","SNYK-JAVA-ORGCODEHAUSJACKSON-534878","SNYK-JAVA-ORGCODEHAUSJACKSON-3326362","SNYK-JAVA-ORGCODEHAUSJACKSON-534878","SNYK-JAVA-ORGXERIALSNAPPY-5710959","SNYK-JAVA-ORGXERIALSNAPPY-5710960","SNYK-JAVA-ORGXERIALSNAPPY-5710961","SNYK-JAVA-ORGXERIALSNAPPY-5918282"],"prId":"3df52a11-2d11-4bd2-99e3-ee2eb166618c","prPublicId":"3df52a11-2d11-4bd2-99e3-ee2eb166618c","packageManager":"maven","priorityScoreList":[171,114,66,114,124,254,186,40,49,62,36,86,49,145,40,117,113,40,392,273,166,165,101,390,40,204,88,114,60,120,81,186,192,187,105,85,45,164,190,115,147,159,146,159],"projectPublicId":"4592f51a-c73f-49da-a2d0-d16a3aa9922c","projectUrl":"https://app.snyk.io/org/pinterest-open-source-repos/project/4592f51a-c73f-49da-a2d0-d16a3aa9922c?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-COMGOOGLEPROTOBUF-173761","SNYK-JAVA-COMGOOGLEPROTOBUF-2331703","SNYK-JAVA-COMGOOGLEPROTOBUF-3040284","SNYK-JAVA-COMGOOGLEPROTOBUF-3167772","SNYK-JAVA-COMGOOGLEPROTOBUF-8055227","SNYK-JAVA-COMJCRAFT-30302","SNYK-JAVA-COMMONSBEANUTILS-10259368","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-COMMONSCONFIGURATION-10116124","SNYK-JAVA-COMMONSHTTPCLIENT-30083","SNYK-JAVA-COMMONSHTTPCLIENT-31660","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-COMMONSIO-8161190","SNYK-JAVA-COMMONSLANG-10734077","SNYK-JAVA-COMMONSNET-3153503","SNYK-JAVA-IONETTY-30430","SNYK-JAVA-IONETTY-473694","SNYK-JAVA-LOG4J-1300176","SNYK-JAVA-LOG4J-2316893","SNYK-JAVA-LOG4J-2342645","SNYK-JAVA-LOG4J-2342646","SNYK-JAVA-LOG4J-2342647","SNYK-JAVA-LOG4J-3358774","SNYK-JAVA-LOG4J-572732","SNYK-JAVA-ORGAPACHEAVRO-5926693","SNYK-JAVA-ORGAPACHEAVRO-8161188","SNYK-JAVA-ORGAPACHECOMMONS-1316640","SNYK-JAVA-ORGAPACHECOMMONS-1316641","SNYK-JAVA-ORGAPACHECOMMONS-32473","SNYK-JAVA-ORGAPACHECOMMONS-6254296","SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040","SNYK-JAVA-ORGAPACHEHADOOP-2443177","SNYK-JAVA-ORGAPACHEHADOOP-2975400","SNYK-JAVA-ORGAPACHEHADOOP-30627","SNYK-JAVA-ORGAPACHEHADOOP-461004","SNYK-JAVA-ORGAPACHEHADOOP-8089372","SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058","SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102","SNYK-JAVA-ORGCODEHAUSJACKSON-3326362","SNYK-JAVA-ORGCODEHAUSJACKSON-534878","SNYK-JAVA-ORGXERIALSNAPPY-5710959","SNYK-JAVA-ORGXERIALSNAPPY-5710960","SNYK-JAVA-ORGXERIALSNAPPY-5710961","SNYK-JAVA-ORGXERIALSNAPPY-5918282"],"vulns":["SNYK-JAVA-COMGOOGLEPROTOBUF-173761","SNYK-JAVA-COMGOOGLEPROTOBUF-2331703","SNYK-JAVA-COMGOOGLEPROTOBUF-3040284","SNYK-JAVA-COMGOOGLEPROTOBUF-3167772","SNYK-JAVA-COMGOOGLEPROTOBUF-8055227","SNYK-JAVA-COMJCRAFT-30302","SNYK-JAVA-COMMONSBEANUTILS-10259368","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-COMMONSCONFIGURATION-10116124","SNYK-JAVA-COMMONSHTTPCLIENT-30083","SNYK-JAVA-COMMONSHTTPCLIENT-31660","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-COMMONSIO-8161190","SNYK-JAVA-COMMONSLANG-10734077","SNYK-JAVA-COMMONSNET-3153503","SNYK-JAVA-IONETTY-30430","SNYK-JAVA-IONETTY-473694","SNYK-JAVA-LOG4J-1300176","SNYK-JAVA-LOG4J-2316893","SNYK-JAVA-LOG4J-2342645","SNYK-JAVA-LOG4J-2342646","SNYK-JAVA-LOG4J-2342647","SNYK-JAVA-LOG4J-3358774","SNYK-JAVA-LOG4J-572732","SNYK-JAVA-ORGAPACHEAVRO-5926693","SNYK-JAVA-ORGAPACHEAVRO-8161188","SNYK-JAVA-ORGAPACHECOMMONS-1316640","SNYK-JAVA-ORGAPACHECOMMONS-1316641","SNYK-JAVA-ORGAPACHECOMMONS-32473","SNYK-JAVA-ORGAPACHECOMMONS-6254296","SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040","SNYK-JAVA-ORGAPACHEHADOOP-2443177","SNYK-JAVA-ORGAPACHEHADOOP-2975400","SNYK-JAVA-ORGAPACHEHADOOP-30627","SNYK-JAVA-ORGAPACHEHADOOP-461004","SNYK-JAVA-ORGAPACHEHADOOP-8089372","SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058","SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102","SNYK-JAVA-ORGCODEHAUSJACKSON-3326362","SNYK-JAVA-ORGCODEHAUSJACKSON-534878","SNYK-JAVA-ORGXERIALSNAPPY-5710959","SNYK-JAVA-ORGXERIALSNAPPY-5710960","SNYK-JAVA-ORGXERIALSNAPPY-5710961","SNYK-JAVA-ORGXERIALSNAPPY-5918282"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
