Bump org.apache.maven:maven-core from 3.0.5 to 3.8.1 in /sandbox/fabric8-maven-plugin by dependabot[bot] · Pull Request #1 · eroad/fabric8

dependabot · 2025-07-31T04:46:55Z

Bumps org.apache.maven:maven-core from 3.0.5 to 3.8.1.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps org.apache.maven:maven-core from 3.0.5 to 3.8.1. --- updated-dependencies: - dependency-name: org.apache.maven:maven-core dependency-version: 3.8.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

jpeaks-eroad · 2025-07-31T09:49:09Z

Checkmarx One – Scan Summary & Details – 444ace99-5b38-43e2-b136-6379b9267846

New Issues (118)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2014-9390	Maven-org.eclipse.jgit:org.eclipse.jgit-2.2.0.201212191850-r	details Recommended version: 5.13.4.202507202350-r Description: Git prior to 1.8.5.6, 1.9.x prior to 1.9.5, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 on Windows and OS X, Mercurial pri... Attack Vector: NETWORK Attack Complexity: LOW `ID: 2hd4ZWmIb%2FoT9dPkGJm0FtpF3O%2BLeNbBrfLVPGp8ZzU%3D` Vulnerable Package
CVE-2015-5211	Maven-org.springframework:spring-test-3.2.9.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Refle... Attack Vector: NETWORK Attack Complexity: LOW `ID: al2lETSBvxVYI0xjOpVcKa6owe2GEkr7LK4HCbH3Pco%3D` Vulnerable Package
CVE-2021-26291	Maven-org.apache.maven:maven-core-3.0.4	details Recommended version: 3.8.1 Description: Apache Maven will follow repositories that are defined in a dependency's Project Object Model (pom) which may be surprising to some users, resultin... Attack Vector: NETWORK Attack Complexity: LOW `ID: CqeTQaA%2B8u0FYE2MGqtvHU85XcUd%2BXT4aCcdYNeD1ns%3D` Vulnerable Package
CVE-2021-26291	Maven-org.apache.maven:maven-compat-3.0.5	details Recommended version: 3.8.1 Description: Apache Maven will follow repositories that are defined in a dependency's Project Object Model (pom) which may be surprising to some users, resultin... Attack Vector: NETWORK Attack Complexity: LOW `ID: PDd2lcwhWbO96geNrVzHylIstXBfxMzgyulpcUj2i3A%3D` Vulnerable Package
CVE-2021-26291	Maven-org.apache.maven:maven-core-3.0.5	details Recommended version: 3.8.1 Description: Apache Maven will follow repositories that are defined in a dependency's Project Object Model (pom) which may be surprising to some users, resultin... Attack Vector: NETWORK Attack Complexity: LOW `ID: upZUtHHEb%2BO2CP2jeMy5ICe%2FikFUgQPq1POsQSetM%2FI%3D` Vulnerable Package
CVE-2021-26291	Maven-org.apache.maven:maven-compat-3.0.4	details Recommended version: 3.8.1 Description: Apache Maven will follow repositories that are defined in a dependency's Project Object Model (pom) which may be surprising to some users, resultin... Attack Vector: NETWORK Attack Complexity: LOW `ID: V%2BVfB3Evmvpb4LP9lW6%2F8VNEZhg0w952bGS7oCJOYV8%3D` Vulnerable Package
CVE-2023-37460	Maven-org.codehaus.plexus:plexus-archiver-2.2	details Recommended version: 4.8.0 Description: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` A... Attack Vector: NETWORK Attack Complexity: LOW `ID: I1nhsbXsO8cvDcsQ9Eq7HytuXwaOSnJuT4U6ZOCQkik%3D` Vulnerable Package
CVE-2023-44981	Maven-org.apache.zookeeper:zookeeper-3.4.6	details Recommended version: 3.7.2 Description: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper "(qu... Attack Vector: NETWORK Attack Complexity: LOW `ID: Z4eOMEP%2F1XmIOpS3Sq3S9GbMgrEnXGfmvla7XKzKL24%3D` Vulnerable Package
CVE-2023-46604	Maven-org.apache.activemq:activemq-openwire-legacy-5.10.0	details Recommended version: 5.16.8 Description: Apache ActiveMQ is vulnerable to Remote Code Execution in activemq-client in versions through 5.15.15, 5.16.0 through 5.16.6, 5.17.0 through 5.17.5... Attack Vector: NETWORK Attack Complexity: LOW `ID: nT9hXX%2FKrekUj3OqQTm5AhNeByj2qt889va7JzLut4k%3D` Vulnerable Package
CVE-2023-46604	Maven-org.apache.activemq:activemq-client-5.10.0	details Recommended version: 5.16.8 Description: Apache ActiveMQ is vulnerable to Remote Code Execution in activemq-client in versions through 5.15.15, 5.16.0 through 5.16.6, 5.17.0 through 5.17.5... Attack Vector: NETWORK Attack Complexity: LOW `ID: %2FRAOdmmCzkcnx0NjCVKmaQPWp2qV5X95Gbe2PBAQ8UM%3D` Vulnerable Package
CVE-2024-1597	Maven-org.postgresql:postgresql-9.2-1003-jdbc4	details Recommended version: 42.2.29 Description: The pgjdbc, the PostgreSQL JDBC Driver, allows an attacker to inject SQL if using "PreferQueryMode=SIMPLE". Note this is not the default. In the de... Attack Vector: NETWORK Attack Complexity: LOW `ID: Eo1Cr4pEBBz6vaWdSz635Wcka745E5%2FFT3ytVaAiH4M%3D` Vulnerable Package
CVE-2024-28752	Maven-org.apache.cxf:cxf-core-3.0.2	details Recommended version: 3.5.10.redhat-00001 Description: A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF versions prior to 3.5.8, 3.6.x prior 3.6.3, 4.0.x prior to 4.0.4, allows... Attack Vector: NETWORK Attack Complexity: LOW `ID: DoQ9ZIg1hSacuGjq1VBJCOoWUnjDuwWax6Cmk02iI1U%3D` Vulnerable Package
CVE-2024-28752	Maven-org.apache.cxf:cxf-core-3.0.1	details Recommended version: 3.5.10.redhat-00001 Description: A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF versions prior to 3.5.8, 3.6.x prior 3.6.3, 4.0.x prior to 4.0.4, allows... Attack Vector: NETWORK Attack Complexity: LOW `ID: ngPvsvq4dgR%2F3e8oviUEncixdDC5E3eKenZf1MEg5iQ%3D` Vulnerable Package
CVE-2024-29736	Maven-org.apache.cxf:cxf-rt-rs-service-description-3.0.2	details Recommended version: 3.5.5.redhat-00065 Description: A Server-Side Request Forgery (SSRF) vulnerability in "WADL" service description in org.apache.cxf:cxf-rt-rs-service-description package versions p... Attack Vector: NETWORK Attack Complexity: LOW `ID: %2BYduARn6RK8XGrGJ8dRJhzfAUXUiABTZuK18qZPX%2B5o%3D` Vulnerable Package
CVE-2015-2080	Maven-org.eclipse.jetty:jetty-server-8.1.14.v20131031	details Recommended version: 9.4.57.v20241219 Description: The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via... Attack Vector: NETWORK Attack Complexity: LOW `ID: gy%2BkY8MfNtGMjgweJML3A138klAdFuJrqS8ZYlQETFA%3D` Vulnerable Package
CVE-2016-5007	Maven-org.springframework:spring-core-3.2.9.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: Both Spring Security Core prior to 4.1.1 and Spring Core prior to 4.3.1, rely on URL pattern mappings for authorization and for mapping requests to... Attack Vector: NETWORK Attack Complexity: LOW `ID: e4Tu25IC69N4gei3nAzs1%2BKHISGTAAdQ9HUtiYh3V5g%3D` Vulnerable Package
CVE-2016-5007	Maven-org.springframework:spring-core-2.5.6	details Recommended version: 4.3.30-atlassian-fecru-1 Description: Both Spring Security Core prior to 4.1.1 and Spring Core prior to 4.3.1, rely on URL pattern mappings for authorization and for mapping requests to... Attack Vector: NETWORK Attack Complexity: LOW `ID: r5l0zoCZB8AVNIohkbKuBrROcjStq3D9mXkSgzFIcpc%3D` Vulnerable Package
CVE-2016-7051	Maven-com.fasterxml.jackson.core:jackson-core-2.4.1	details Recommended version: 2.15.0 Description: XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to condu... Attack Vector: NETWORK Attack Complexity: LOW `ID: 6h5Eb9Dwxknp%2Fvbgjgpx4RvzlpezLB4d1U35isDyZIM%3D` Vulnerable Package
CVE-2019-9512	Maven-io.netty:netty-all-4.0.21.Final	details Recommended version: 4.1.108.Final-redhat-00002 Description: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a Denial of Service. The attacker sends continuous pings to an HT... Attack Vector: NETWORK Attack Complexity: LOW `ID: ppTAul9IHy7gpE4JtvncdaSUaGPYDSR4H5Svj8rVRKo%3D` Vulnerable Package
CVE-2019-9514	Maven-io.netty:netty-all-4.0.21.Final	details Recommended version: 4.1.108.Final-redhat-00002 Description: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and... Attack Vector: NETWORK Attack Complexity: LOW `ID: AuuwcopFPr7JJftFxLbTMp7%2Fesnfyi6fHFqs3aSNBuc%3D` Vulnerable Package
CVE-2019-9515	Maven-io.netty:netty-all-4.0.21.Final	details Recommended version: 4.1.108.Final-redhat-00002 Description: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of "SETTING... Attack Vector: NETWORK Attack Complexity: LOW `ID: GZwsDttdMPNR1yg7hirxKwf3anh0e6MTh8rcovldf%2FE%3D` Vulnerable Package
CVE-2022-4244	Maven-org.codehaus.plexus:plexus-utils-3.0.1	details Recommended version: 3.0.24 Description: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outs... Attack Vector: NETWORK Attack Complexity: LOW `ID: MhcaQ%2BpK5SDYI2z%2Fx5rz%2B2RQj9tIiVGgDElWw1zgHrw%3D` Vulnerable Package
CVE-2022-4244	Maven-org.codehaus.plexus:plexus-utils-1.5.6	details Recommended version: 3.0.24 Description: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outs... Attack Vector: NETWORK Attack Complexity: LOW `ID: R%2BY0w%2FSJodRNp2AKw9JW2r0B6dYkHYzl3ST9s2erNv0%3D` Vulnerable Package
CVE-2022-4244	Maven-org.codehaus.plexus:plexus-utils-2.1	details Recommended version: 3.0.24 Description: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outs... Attack Vector: NETWORK Attack Complexity: LOW `ID: u29YFrGzLgFJafZFmRFDpd6QM0LJkPRdbd9vqoPkHLU%3D` Vulnerable Package
CVE-2023-22102	Maven-mysql:mysql-connector-java-5.1.25	details Description: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). The affected versions are through 8.1.0. The difficult-to-e... Attack Vector: NETWORK Attack Complexity: HIGH `ID: WKKU5el9X1YaP1%2BVhpGQj3JSny5mt0ZeKanyY753qqQ%3D` Vulnerable Package
CVE-2023-24998	Maven-commons-fileupload:commons-fileupload-1.3	details Recommended version: 1.6.0 Description: Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed, resulting in the possibility of an attacker trig... Attack Vector: NETWORK Attack Complexity: LOW `ID: OSpEXnPY4xrpXQkyXNcygwlPjMx8jHJDtudaud%2FAj9M%3D` Vulnerable Package
CVE-2023-24998	Maven-commons-fileupload:commons-fileupload-1.3.1	details Recommended version: 1.6.0 Description: Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed, resulting in the possibility of an attacker trig... Attack Vector: NETWORK Attack Complexity: LOW `ID: SAV%2F1AcNH%2F0eSDXUwqvJw6GpEy%2FTPRH9ppYuOAKjKaw%3D` Vulnerable Package
CVE-2023-26464	Maven-log4j:log4j-1.2.16	details Recommended version: 1.2.17.redhat-00008 Description: When using the Chainsaw or SocketAppender components with Log4j versions 1.0.4 prior to 2.0, an attacker that manages to cause a logging entry invo... Attack Vector: NETWORK Attack Complexity: LOW `ID: 7zqZphb9pBLP6jMz36dUbff%2BrRToMi7Ch7t4fxmqnAk%3D` Vulnerable Package
CVE-2023-26464	Maven-log4j:log4j-1.2.14	details Recommended version: 1.2.17.redhat-00008 Description: When using the Chainsaw or SocketAppender components with Log4j versions 1.0.4 prior to 2.0, an attacker that manages to cause a logging entry invo... Attack Vector: NETWORK Attack Complexity: LOW `ID: DWKVVJ5%2BChiHJn%2FWgOdFMIwEQZsfbnJ6xaZ7rULoJFY%3D` Vulnerable Package
CVE-2023-26464	Maven-log4j:log4j-1.2.17	details Description: When using the Chainsaw or SocketAppender components with Log4j versions 1.0.4 prior to 2.0, an attacker that manages to cause a logging entry invo... Attack Vector: NETWORK Attack Complexity: LOW `ID: OyzpZdik0smxcl%2F7d%2FT02SEwx46x5J%2BZWYzm2Wd0EgM%3D` Vulnerable Package
CVE-2023-2976	Maven-com.google.guava:guava-18.0	details Recommended version: 32.0.0.jre-redhat-00001 Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 through 31.1-jre on Unix syste... Attack Vector: LOCAL Attack Complexity: LOW `ID: MClY9neWbc8xDW%2FtQtfh0SBZPf0oCsOzCB7Ev9iZfIs%3D` Vulnerable Package
CVE-2023-44487	Maven-io.netty:netty-all-4.0.21.Final	details Recommended version: 4.1.108.Final-redhat-00002 Description: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploi... Attack Vector: NETWORK Attack Complexity: LOW `ID: OrZQgcB%2Fflh3Zbd3%2FYqr%2FG4fGWT8sxgr3zFrVl1fUo4%3D` Vulnerable Package
CVE-2023-4759	Maven-org.eclipse.jgit:org.eclipse.jgit-2.2.0.201212191850-r	details Recommended version: 5.13.4.202507202350-r Description: Arbitrary File Overwrite vulnerability in org.eclipse.jgit:org.eclipse.jgit versions prior to 6.6.1.202309021850-r and 6.7.x prior to 6.7.0.2023090... Attack Vector: NETWORK Attack Complexity: LOW `ID: FoHeXmN9pu88O9FzQJ4JGbXl5Mw5as7m%2FRWvdHtnqMY%3D` Vulnerable Package
CVE-2023-6378	Maven-ch.qos.logback:logback-classic-1.1.2	details Recommended version: 1.3.15 Description: A serialization vulnerability in logback receiver component part of logback versions prior to 1.2.13, 1.3.x prior to 1.3.12, and 1.4.x prior to 1.4... Attack Vector: NETWORK Attack Complexity: LOW `ID: t%2FCOpfgJLtRKxjULfClNutKkUtAD5dVYYmrbl%2Bj8i9M%3D` Vulnerable Package
CVE-2023-6378	Maven-ch.qos.logback:logback-core-1.1.2	details Recommended version: 1.3.15 Description: A serialization vulnerability in logback receiver component part of logback versions prior to 1.2.13, 1.3.x prior to 1.3.12, and 1.4.x prior to 1.4... Attack Vector: NETWORK Attack Complexity: LOW `ID: Z%2BvqcqZ30rXSBN7wQmM%2FBWJL80TYcQ9BenDRd00CHRc%3D` Vulnerable Package
CVE-2023-6481	Maven-ch.qos.logback:logback-core-1.1.2	details Recommended version: 1.3.15 Description: A serialization vulnerability in logback receiver component part of logback versions through 1.2.12, 1.3.x through 1.3.13, and 1.4.x through 1.4.13... Attack Vector: NETWORK Attack Complexity: LOW `ID: 8tOOL4OF4YBLbIg5ESQTApAEp%2Ff%2BnNmf%2BUuWjQUZGtQ%3D` Vulnerable Package
CVE-2024-47554	Maven-commons-io:commons-io-2.4	details Recommended version: 2.11.0.redhat-00004 Description: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The "org.apache.commons.io.input.XmlStreamReader" class may excessively consu... Attack Vector: NETWORK Attack Complexity: LOW `ID: 07WVEntPomY%2FPAdwjcRCeLElaW0ly3fhrxlhtKhWYRw%3D` Vulnerable Package

More results are available on the CxOne platform

Fixed Issues (16)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CVE-2016-10707~~	Npm-jquery-1.8.0
	~~CVE-2018-1272~~	Maven-org.springframework:spring-core-3.2.9.RELEASE
	~~CVE-2021-23358~~	Npm-underscore-1.4.4
	~~CVE-2022-45868~~	Maven-com.h2database:h2-2.1.214
	~~CVE-2007-2379~~	Npm-jquery-1.8.0
	~~CVE-2012-6708~~	Npm-jquery-1.8.0
	~~CVE-2014-6071~~	Npm-jquery-1.8.0
	~~CVE-2015-9251~~	Npm-jquery-1.8.0
	~~CVE-2018-12537~~	Maven-io.vertx:vertx-core-2.1.4
	~~CVE-2019-11358~~	Npm-jquery-1.8.0
	~~CVE-2020-11022~~	Npm-jquery-1.8.0
	~~CVE-2020-11023~~	Npm-jquery-1.8.0
	~~CVE-2020-7656~~	Npm-jquery-1.8.0
	~~CVE-2022-22971~~	Maven-org.springframework:spring-core-3.2.9.RELEASE
	~~CVE-2022-41915~~	Maven-io.netty:netty-all-4.0.21.Final
	~~Cxf0b588a3-5c6f~~	Npm-jquery-1.8.0

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jul 31, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.apache.maven:maven-core from 3.0.5 to 3.8.1 in /sandbox/fabric8-maven-plugin#1

Bump org.apache.maven:maven-core from 3.0.5 to 3.8.1 in /sandbox/fabric8-maven-plugin#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/sandbox/fabric8-maven-plugin/org.apache.maven-maven-core-3.8.1

dependabot bot commented on behalf of github Jul 31, 2025

Uh oh!

jpeaks-eroad commented Jul 31, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

Conversation

dependabot bot commented on behalf of github Jul 31, 2025

Uh oh!

jpeaks-eroad commented Jul 31, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments