snowflake-jdbc
snowflake-jdbc copied to clipboard
snowflakedb
[Snyk] Fix for 9 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity |
|---|---|---|---|---|---|
 |
611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 |
Directory Traversal SNYK-JAVA-COMAMAZONAWS-2952700 |
No | No Known Exploit | |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316640 |
org.codehaus.plexus:plexus-archiver: 2.4.4 -> 4.3.0 |
No | No Known Exploit |
 |
589/1000 Why? Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316641 |
org.codehaus.plexus:plexus-archiver: 2.4.4 -> 4.3.0 |
No | No Known Exploit |
|
489/1000 Why? Has a fix available, CVSS 5.5 |
Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-32473 |
org.codehaus.plexus:plexus-archiver: 2.4.4 -> 4.3.0 |
No | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058 |
org.apache.httpcomponents:httpclient: 4.5.11 -> 4.5.13 |
No | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Directory Traversal SNYK-JAVA-ORGCODEHAUSPLEXUS-31521 |
org.codehaus.plexus:plexus-archiver: 2.4.4 -> 4.3.0 |
Yes | No Known Exploit |
 |
704/1000 Why? Has a fix available, CVSS 9.8 |
Shell Command Injection SNYK-JAVA-ORGCODEHAUSPLEXUS-31522 |
org.codehaus.plexus:plexus-archiver: 2.4.4 -> 4.3.0 |
Yes | No Known Exploit |
|
489/1000 Why? Has a fix available, CVSS 5.5 |
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JAVA-ORGCODEHAUSPLEXUS-31680 |
org.codehaus.plexus:plexus-archiver: 2.4.4 -> 4.3.0 |
Yes | No Known Exploit |
 |
380/1000 Why? Has a fix available, CVSS 3.1 |
XML External Entity (XXE) Injection SNYK-JAVA-ORGCODEHAUSPLEXUS-461102 |
org.codehaus.plexus:plexus-archiver: 2.4.4 -> 4.3.0 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Vulnerabilities that could not be fixed
- Upgrade:
- Could not upgrade
com.amazonaws:[email protected]tocom.amazonaws:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/com/amazonaws/aws-java-sdk-pom/1.11.394/aws-java-sdk-pom-1.11.394.pom
- Could not upgrade
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Directory Traversal 🦉 Directory Traversal 🦉 XML External Entity (XXE) Injection
SonarQube Quality Gate
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
![sonarqubemergegate[bot] avatar](https://avatars.githubusercontent.com/u/58576687?v=4 "Published by a pub.dev verified publisher"){kind=small}
This PR already fix all of them: https://github.com/snowflakedb/snowflake-jdbc/pull/1140. So closing this old one.
