[Snyk] Upgrade: com.sun.xml.bind:jaxb-core, com.sun.xml.bind:jaxb-impl, javax.xml.bind:jaxb-api, org.apache.struts:struts2-core, org.apache.struts:struts2-spring-plugin, org.springframework:spring-web, org.zeroturnaround:zt-zip by BrunoCosta82-zz · Pull Request #97 · BrunoCosta82-zz/java-goof

BrunoCosta82-zz · 2024-09-10T09:50:41Z

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

com.sun.xml.bind:jaxb-core
from 2.3.0 to 2.3.0.1 | 1 version ahead of your current version | 6 years ago
on 2018-05-18
com.sun.xml.bind:jaxb-impl
from 2.3.0 to 2.3.9 | 12 versions ahead of your current version | a year ago
on 2023-10-13
javax.xml.bind:jaxb-api
from 2.3.0 to 2.3.1 | 1 version ahead of your current version | 6 years ago
on 2018-09-12
org.apache.struts:struts2-core
from 2.3.20 to 2.5.33 | 47 versions ahead of your current version | 9 months ago
on 2023-12-05
org.apache.struts:struts2-spring-plugin
from 2.3.20 to 2.5.33 | 47 versions ahead of your current version | 9 months ago
on 2023-12-05
org.springframework:spring-web
from 3.2.6.RELEASE to 3.2.18.RELEASE | 12 versions ahead of your current version | 8 years ago
on 2016-12-21
org.zeroturnaround:zt-zip
from 1.12 to 1.17 | 5 versions ahead of your current version | 7 months ago
on 2024-01-28

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30775	479	No Known Exploit
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802	479	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803	479	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-30082	479	No Known Exploit
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-2635340	479	Proof of Concept
Manipulation of Struts' internals SNYK-JAVA-ORGAPACHESTRUTS-30060	479	No Known Exploit
Command Injection SNYK-JAVA-ORGAPACHESTRUTS-30770	479	Mature
Command Injection SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611	479	Mature
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864	479	No Known Exploit
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30776	479	No Known Exploit
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-31495	479	Mature
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31501	479	No Known Exploit
XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30163	479	No Known Exploit
Reflected File Download SNYK-JAVA-ORGSPRINGFRAMEWORK-30165	479	No Known Exploit
Remote Code Execution SNYK-JAVA-ORGAPACHESTRUTS-32477	479	Mature
Unrestricted Upload of File with Dangerous Type SNYK-JAVA-ORGAPACHESTRUTS-609765	479	No Known Exploit
Parameter Alteration SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798	479	No Known Exploit
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799	479	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTS-460223	479	No Known Exploit
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801	479	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-COMMONSFILEUPLOAD-30401	479	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-608098	479	Proof of Concept
Information Exposure SNYK-JAVA-COMMONSFILEUPLOAD-31540	479	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-OGNL-30474	479	No Known Exploit
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-1049003	479	Mature
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JAVA-ORGZEROTURNAROUND-31681	479	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30207	479	Mature
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30771	479	No Known Exploit
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-30772	479	Mature
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGAPACHESTRUTS-30774	479	No Known Exploit
Insecure Defaults SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418	479	No Known Exploit
Server-side Template Injection (SSTI) SNYK-JAVA-ORGFREEMARKER-1076795	479	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31500	479	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31502	479	No Known Exploit
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTS-30773	479	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804	479	No Known Exploit
Directory Traversal SNYK-JAVA-ORGAPACHESTRUTS-30778	479	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-31503	479	Mature
Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-30164	479	No Known Exploit
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGSPRINGFRAMEWORK-31331	479	No Known Exploit
Improper Action Name Cleanup SNYK-JAVA-ORGAPACHESTRUTS-451610	479	No Known Exploit
Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGAPACHESTRUTS-5707101	479	No Known Exploit
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-608097	479	Mature
Denial of Service SNYK-JAVA-ORGAPACHESTRUTS-6100744	479	No Known Exploit
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-6102825	479	Mature
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800	479	No Known Exploit
Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-31325	479	No Known Exploit

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"com.sun.xml.bind:jaxb-core","from":"2.3.0","to":"2.3.0.1"},{"name":"com.sun.xml.bind:jaxb-impl","from":"2.3.0","to":"2.3.9"},{"name":"javax.xml.bind:jaxb-api","from":"2.3.0","to":"2.3.1"},{"name":"org.apache.struts:struts2-core","from":"2.3.20","to":"2.5.33"},{"name":"org.apache.struts:struts2-spring-plugin","from":"2.3.20","to":"2.5.33"},{"name":"org.springframework:spring-web","from":"3.2.6.RELEASE","to":"3.2.18.RELEASE"},{"name":"org.zeroturnaround:zt-zip","from":"1.12","to":"1.17"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30775","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30775","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Access Restriction Bypass"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Access Restriction Bypass"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMMONSFILEUPLOAD-30082","issue_id":"SNYK-JAVA-COMMONSFILEUPLOAD-30082","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGAPACHESTRUTS-2635340","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-2635340","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30060","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30060","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Manipulation of Struts' internals"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-30770","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30770","priority_score":834,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Command Injection"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","priority_score":834,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Command Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30776","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30776","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Access Restriction Bypass"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-31495","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31495","priority_score":834,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Command Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-31501","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31501","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Reflected File Download"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-32477","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-32477","priority_score":834,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-609765","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-609765","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Unrestricted Upload of File with Dangerous Type"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Parameter Alteration"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-460223","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-460223","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMMONSFILEUPLOAD-30401","issue_id":"SNYK-JAVA-COMMONSFILEUPLOAD-30401","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGAPACHESTRUTS-608098","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-608098","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMMONSFILEUPLOAD-31540","issue_id":"SNYK-JAVA-COMMONSFILEUPLOAD-31540","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-OGNL-30474","issue_id":"SNYK-JAVA-OGNL-30474","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-1049003","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-1049003","priority_score":919,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGZEROTURNAROUND-31681","issue_id":"SNYK-JAVA-ORGZEROTURNAROUND-31681","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Write via Archive Extraction (Zip Slip)"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-30207","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30207","priority_score":929,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"10","score":500},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30771","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30771","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-30772","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30772","priority_score":919,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Command Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30774","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30774","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Insecure Defaults"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGFREEMARKER-1076795","issue_id":"SNYK-JAVA-ORGFREEMARKER-1076795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Template Injection (SSTI)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-31500","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31500","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-31502","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31502","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30773","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30773","priority_score":519,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30778","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30778","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Directory Traversal"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-31503","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31503","priority_score":876,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-451610","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-451610","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Action Name Cleanup"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-5707101","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-5707101","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-608097","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-608097","priority_score":876,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-6100744","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-6100744","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-6102825","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-6102825","priority_score":919,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","priority_score":519,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Directory Traversal"}],"prId":"94efad45-d936-40b6-8978-c29212f84053","prPublicId":"94efad45-d936-40b6-8978-c29212f84053","packageManager":"maven","priorityScoreList":[589,589,654,589,726,589,834,834,654,589,834,589,654,644,834,654,589,654,479,479,704,696,539,479,919,489,929,704,919,654,579,696,589,589,519,479,704,876,489,529,704,429,876,479,919,519,479],"projectPublicId":"6a27d71a-d1d4-4f15-a3ac-dd7fb29a9f21","projectUrl":"https://app.snyk.io/org/brunocosta82/project/6a27d71a-d1d4-4f15-a3ac-dd7fb29a9f21?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-ORGAPACHESTRUTS-30775","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","SNYK-JAVA-COMMONSFILEUPLOAD-30082","SNYK-JAVA-ORGAPACHESTRUTS-2635340","SNYK-JAVA-ORGAPACHESTRUTS-30060","SNYK-JAVA-ORGAPACHESTRUTS-30770","SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864","SNYK-JAVA-ORGAPACHESTRUTS-30776","SNYK-JAVA-ORGAPACHESTRUTS-31495","SNYK-JAVA-ORGAPACHESTRUTS-31501","SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","SNYK-JAVA-ORGAPACHESTRUTS-32477","SNYK-JAVA-ORGAPACHESTRUTS-609765","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","SNYK-JAVA-ORGAPACHESTRUTS-460223","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","SNYK-JAVA-COMMONSFILEUPLOAD-30401","SNYK-JAVA-ORGAPACHESTRUTS-608098","SNYK-JAVA-COMMONSFILEUPLOAD-31540","SNYK-JAVA-OGNL-30474","SNYK-JAVA-ORGAPACHESTRUTS-1049003","SNYK-JAVA-ORGZEROTURNAROUND-31681","SNYK-JAVA-ORGAPACHESTRUTS-30207","SNYK-JAVA-ORGAPACHESTRUTS-30771","SNYK-JAVA-ORGAPACHESTRUTS-30772","SNYK-JAVA-ORGAPACHESTRUTS-30774","SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","SNYK-JAVA-ORGFREEMARKER-1076795","SNYK-JAVA-ORGAPACHESTRUTS-31500","SNYK-JAVA-ORGAPACHESTRUTS-31502","SNYK-JAVA-ORGAPACHESTRUTS-30773","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","SNYK-JAVA-ORGAPACHESTRUTS-30778","SNYK-JAVA-ORGAPACHESTRUTS-31503","SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","SNYK-JAVA-ORGAPACHESTRUTS-451610","SNYK-JAVA-ORGAPACHESTRUTS-5707101","SNYK-JAVA-ORGAPACHESTRUTS-608097","SNYK-JAVA-ORGAPACHESTRUTS-6100744","SNYK-JAVA-ORGAPACHESTRUTS-6102825","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","SNYK-JAVA-ORGSPRINGFRAMEWORK-31325"],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2018-05-18T11:44:24.000Z"},"vulns":["SNYK-JAVA-ORGAPACHESTRUTS-30775","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","SNYK-JAVA-COMMONSFILEUPLOAD-30082","SNYK-JAVA-ORGAPACHESTRUTS-2635340","SNYK-JAVA-ORGAPACHESTRUTS-30060","SNYK-JAVA-ORGAPACHESTRUTS-30770","SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864","SNYK-JAVA-ORGAPACHESTRUTS-30776","SNYK-JAVA-ORGAPACHESTRUTS-31495","SNYK-JAVA-ORGAPACHESTRUTS-31501","SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","SNYK-JAVA-ORGAPACHESTRUTS-32477","SNYK-JAVA-ORGAPACHESTRUTS-609765","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","SNYK-JAVA-ORGAPACHESTRUTS-460223","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","SNYK-JAVA-COMMONSFILEUPLOAD-30401","SNYK-JAVA-ORGAPACHESTRUTS-608098","SNYK-JAVA-COMMONSFILEUPLOAD-31540","SNYK-JAVA-OGNL-30474","SNYK-JAVA-ORGAPACHESTRUTS-1049003","SNYK-JAVA-ORGZEROTURNAROUND-31681","SNYK-JAVA-ORGAPACHESTRUTS-30207","SNYK-JAVA-ORGAPACHESTRUTS-30771","SNYK-JAVA-ORGAPACHESTRUTS-30772","SNYK-JAVA-ORGAPACHESTRUTS-30774","SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","SNYK-JAVA-ORGFREEMARKER-1076795","SNYK-JAVA-ORGAPACHESTRUTS-31500","SNYK-JAVA-ORGAPACHESTRUTS-31502","SNYK-JAVA-ORGAPACHESTRUTS-30773","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","SNYK-JAVA-ORGAPACHESTRUTS-30778","SNYK-JAVA-ORGAPACHESTRUTS-31503","SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","SNYK-JAVA-ORGAPACHESTRUTS-451610","SNYK-JAVA-ORGAPACHESTRUTS-5707101","SNYK-JAVA-ORGAPACHESTRUTS-608097","SNYK-JAVA-ORGAPACHESTRUTS-6100744","SNYK-JAVA-ORGAPACHESTRUTS-6102825","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","SNYK-JAVA-ORGSPRINGFRAMEWORK-31325"]}'

Snyk has created this PR to upgrade: - com.sun.xml.bind:jaxb-core from 2.3.0 to 2.3.0.1. See this package in maven: https://mvnrepository.com/artifact/com.sun.xml.bind/jaxb-core/ - com.sun.xml.bind:jaxb-impl from 2.3.0 to 2.3.9. See this package in maven: https://mvnrepository.com/artifact/com.sun.xml.bind/jaxb-impl/ - javax.xml.bind:jaxb-api from 2.3.0 to 2.3.1. See this package in maven: https://mvnrepository.com/artifact/javax.xml.bind/jaxb-api/ - org.apache.struts:struts2-core from 2.3.20 to 2.5.33. See this package in maven: https://mvnrepository.com/artifact/org.apache.struts/struts2-core/ - org.apache.struts:struts2-spring-plugin from 2.3.20 to 2.5.33. See this package in maven: https://mvnrepository.com/artifact/org.apache.struts/struts2-spring-plugin/ - org.springframework:spring-web from 3.2.6.RELEASE to 3.2.18.RELEASE. See this package in maven: https://mvnrepository.com/artifact/org.springframework/spring-web/ - org.zeroturnaround:zt-zip from 1.12 to 1.17. See this package in maven: https://mvnrepository.com/artifact/org.zeroturnaround/zt-zip/ See this project in Snyk: https://app.snyk.io/org/brunocosta82/project/6a27d71a-d1d4-4f15-a3ac-dd7fb29a9f21?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade: com.sun.xml.bind:jaxb-core, com.sun.xml.bind:jaxb-impl, javax.xml.bind:jaxb-api, org.apache.struts:struts2-core, org.apache.struts:struts2-spring-plugin, org.springframework:spring-web, org.zeroturnaround:zt-zip#97

BrunoCosta82-zz commented Sep 10, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

BrunoCosta82-zz commented Sep 10, 2024

Snyk has created this PR to upgrade multiple dependencies.

Issues fixed by the recommended upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants