Skip to content

Comments

[Snyk] Security upgrade org.apache.tomcat:tomcat-coyote from 9.0.22 to 9.0.90#38

Open
weinrich15 wants to merge 1 commit intomasterfrom
snyk-fix-4a31a98bef34f38634ee36c63d77105c
Open

[Snyk] Security upgrade org.apache.tomcat:tomcat-coyote from 9.0.22 to 9.0.90#38
weinrich15 wants to merge 1 commit intomasterfrom
snyk-fix-4a31a98bef34f38634ee36c63d77105c

Conversation

@weinrich15
Copy link
Collaborator

@weinrich15 weinrich15 commented Sep 24, 2024

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGAPACHETOMCAT-8073089		   721   org.apache.tomcat:tomcat-coyote:
9.0.22 -> 9.0.90
No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

@weinrich15
Copy link
Collaborator Author

weinrich15 commented Sep 24, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details0653a65f-d9e4-4098-a4a6-6cb72bb7b1fb

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2023-1973 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
HIGH CVE-2023-3223 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
HIGH CVE-2024-1635 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
HIGH CVE-2024-7885 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
MEDIUM CVE-2021-20220 Maven-io.undertow:undertow-core-2.0.9.Final Vulnerable Package
MEDIUM CVE-2024-38808 Maven-org.springframework:spring-expression-5.0.4.RELEASE Vulnerable Package

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2020-11996 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2020-13934 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2020-17527 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2020-1938 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2021-25122 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2021-30639 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2021-41079 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2022-42252 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2023-24998 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2023-44487 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH CVE-2024-24549 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
HIGH Client_DOM_Stored_XSS /src/main/webapp/vulnerability/Injection/xxe.jsp: 15
HIGH Client_DOM_Stored_XSS /src/main/webapp/vulnerability/Injection/xxe.jsp: 12
HIGH Client_DOM_Stored_XSS /src/main/webapp/vulnerability/Injection/xxe.jsp: 12
HIGH Client_DOM_Stored_XSS /src/main/webapp/vulnerability/Injection/xxe.jsp: 15
HIGH Client_DOM_Stored_XSS /src/main/webapp/vulnerability/Injection/xxe.jsp: 12
HIGH Client_DOM_Stored_XSS /src/main/webapp/vulnerability/Injection/xxe.jsp: 15
MEDIUM CVE-2019-17569 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
MEDIUM CVE-2020-13943 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
MEDIUM CVE-2020-1935 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
MEDIUM CVE-2021-33037 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
MEDIUM CVE-2023-42795 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
MEDIUM CVE-2023-42795 Maven-org.apache.tomcat:tomcat-util-9.0.22
MEDIUM CVE-2023-45648 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
MEDIUM CVE-2024-21733 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
LOW CVE-2021-43980 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
LOW CVE-2024-34750 Maven-org.apache.tomcat:tomcat-coyote-9.0.22
LOW S3 Bucket Without Enabled MFA Delete /s3_with_all_permissions.tf: 1
LOW S3 Bucket Without Enabled MFA Delete /Unsecure_Storage_of_Encryption_Key.tf: 1
LOW S3 Bucket Without Enabled MFA Delete /s3.tf: 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@weinrich15 @snyk-bot