forked from openmrs/openmrs-core
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Fix for 91 vulnerabilities #64
Open
mgupta007
wants to merge
1
commit into
master
Choose a base branch
from
snyk-fix-5b9ee264216f66a5c8f7e8e666bf3928
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664 - https://snyk.io/vuln/SNYK-JAVA-COMMCHANGE-174481 - https://snyk.io/vuln/SNYK-JAVA-COMMCHANGE-451675 - https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-460111 - https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191 - https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-31510 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-1041788 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-568162 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-569100 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-584563 - https://snyk.io/vuln/SNYK-JAVA-ORGLIQUIBASE-2419059 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31326 - https://snyk.io/vuln/SNYK-JAVA-XERCES-2359991 - https://snyk.io/vuln/SNYK-JAVA-XERCES-30183 - https://snyk.io/vuln/SNYK-JAVA-XERCES-31497 - https://snyk.io/vuln/SNYK-JAVA-XERCES-31585 - https://snyk.io/vuln/SNYK-JAVA-XERCES-32014 - https://snyk.io/vuln/SNYK-JAVA-XERCES-608891
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.2
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 7.5
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.9
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664
com.fasterxml.jackson.core:jackson-databind:
2.9.10.1 -> 2.13.4
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JAVA-COMMCHANGE-174481
org.hibernate:hibernate-c3p0:
4.3.10.Final -> 5.4.24.Final
Why? Has a fix available, CVSS 9.8
SNYK-JAVA-COMMCHANGE-451675
org.hibernate:hibernate-c3p0:
4.3.10.Final -> 5.4.24.Final
Why? Has a fix available, CVSS 7
SNYK-JAVA-COMMONSBEANUTILS-460111
commons-beanutils:commons-beanutils:
1.9.3 -> 1.9.4
commons-validator:commons-validator:
1.6 -> 1.7
Why? Mature exploit, Has a fix available, CVSS 5.3
SNYK-JAVA-COMMONSIO-1277109
commons-io:commons-io:
2.6 -> 2.7
Why? Proof of Concept exploit, Has a fix available, CVSS 8.6
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Mature exploit, Has a fix available, CVSS 6.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 9.1
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 6.1
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 6.1
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 6.1
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Proof of Concept exploit, Has a fix available, CVSS 8.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Has a fix available, CVSS 7.5
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977
com.thoughtworks.xstream:xstream:
1.4.11.1 -> 1.4.19
Why? Has a fix available, CVSS 9.8
SNYK-JAVA-ORGCODEHAUSGROOVY-31510
org.codehaus.groovy:groovy-all:
2.4.6 -> 2.4.7
Why? Has a fix available, CVSS 8.2
SNYK-JAVA-ORGHIBERNATE-1041788
org.hibernate:hibernate-c3p0:
4.3.10.Final -> 5.4.24.Final
org.hibernate:hibernate-core:
4.3.10.Final -> 5.4.24.Final
org.hibernate:hibernate-ehcache:
4.3.10.Final -> 5.4.24.Final
org.hibernate:hibernate-search-orm:
5.3.0.Final -> 5.11.7.Final
Why? Has a fix available, CVSS 5.3
SNYK-JAVA-ORGHIBERNATE-568162
org.hibernate:hibernate-validator:
4.3.2.Final -> 6.0.23.Final
Why? Has a fix available, CVSS 6.5
SNYK-JAVA-ORGHIBERNATE-569100
org.hibernate:hibernate-validator:
4.3.2.Final -> 6.0.23.Final
Why? Has a fix available, CVSS 8.1
SNYK-JAVA-ORGHIBERNATE-584563
org.hibernate:hibernate-c3p0:
4.3.10.Final -> 5.4.24.Final
org.hibernate:hibernate-core:
4.3.10.Final -> 5.4.24.Final
org.hibernate:hibernate-ehcache:
4.3.10.Final -> 5.4.24.Final
org.hibernate:hibernate-search-orm:
5.3.0.Final -> 5.11.7.Final
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JAVA-ORGLIQUIBASE-2419059
org.liquibase:liquibase-core:
2.0.5 -> 4.8.0
Why? Has a fix available, CVSS 4.3
SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
org.springframework:spring-aop:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-beans:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context-support:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-core:
4.1.4.RELEASE -> 5.2.19.RELEASE
org.springframework:spring-jdbc:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-orm:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-tx:
4.1.4.RELEASE -> 5.2.22.RELEASE
Why? Has a fix available, CVSS 4.3
SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
org.springframework:spring-aop:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-beans:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context-support:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-core:
4.1.4.RELEASE -> 5.2.19.RELEASE
org.springframework:spring-jdbc:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-orm:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-tx:
4.1.4.RELEASE -> 5.2.22.RELEASE
Why? Has a fix available, CVSS 5.3
SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828
org.springframework:spring-context:
4.1.4.RELEASE -> 5.2.22.RELEASE
Why? Mature exploit, Has a fix available, CVSS 9.8
SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
org.springframework:spring-aop:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-beans:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context-support:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-jdbc:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-orm:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-tx:
4.1.4.RELEASE -> 5.2.22.RELEASE
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634
org.springframework:spring-context:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context-support:
4.1.4.RELEASE -> 5.2.22.RELEASE
Why? Has a fix available, CVSS 5.3
SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313
org.springframework:spring-aop:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-beans:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context-support:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-jdbc:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-orm:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-tx:
4.1.4.RELEASE -> 5.2.22.RELEASE
Why? Has a fix available, CVSS 3.7
SNYK-JAVA-ORGSPRINGFRAMEWORK-31326
org.springframework:spring-aop:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-beans:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-context-support:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-core:
4.1.4.RELEASE -> 5.2.19.RELEASE
org.springframework:spring-jdbc:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-orm:
4.1.4.RELEASE -> 5.2.22.RELEASE
org.springframework:spring-tx:
4.1.4.RELEASE -> 5.2.22.RELEASE
Why? Has a fix available, CVSS 7.5
SNYK-JAVA-XERCES-2359991
xerces:xercesImpl:
2.8.0 -> 2.12.2
Why? Has a fix available, CVSS 6.5
SNYK-JAVA-XERCES-30183
xerces:xercesImpl:
2.8.0 -> 2.12.2
Why? Mature exploit, Has a fix available, CVSS 5.3
SNYK-JAVA-XERCES-31497
xerces:xercesImpl:
2.8.0 -> 2.12.2
Why? Has a fix available, CVSS 7.5
SNYK-JAVA-XERCES-31585
xerces:xercesImpl:
2.8.0 -> 2.12.2
Why? Has a fix available, CVSS 5.3
SNYK-JAVA-XERCES-32014
xerces:xercesImpl:
2.8.0 -> 2.12.2
Why? Has a fix available, CVSS 5.3
SNYK-JAVA-XERCES-608891
xerces:xercesImpl:
2.8.0 -> 2.12.2
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:![](https://camo.githubusercontent.com/c28d253e0d14d5e11b5e0e2953a69e874075b0a44ce2480461a53cee41d8a8d6/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a6b596d4d304d324d795a6931684d6d49784c54526b597a6774596d4d325a6931684d5755784f44417a597a55785a6a49694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d5269597a517a597a4a6d4c574579596a45744e47526a4f433169597a5a6d4c5745785a5445344d444e6a4e54466d4d694a3966513d3d)
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Denial of Service (DoS)
🦉 Denial of Service (DoS)
🦉 Denial of Service (DoS)
🦉 More lessons are available in Snyk Learn