[Snyk] Security upgrade io.undertow:undertow-core from 2.0.9.Final to 2.3.17.Final by weinrich15 · Pull Request #39 · LegitAJ/JavaVulnerableLab

weinrich15 · 2024-09-30T05:59:23Z

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Race Condition SNYK-JAVA-IOUNDERTOW-7707751	559	io.undertow:undertow-core: `2.0.9.Final` -> `2.3.17.Final` `No Known Exploit`

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7707751

weinrich15 · 2024-09-30T06:02:28Z

Checkmarx One – Scan Summary & Details – 23b8f341-cff9-4729-8aa5-4729c34ac5c4

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-38808	Maven-org.springframework:spring-expression-5.0.4.RELEASE	Vulnerable Package

Fixed Issues

Severity	Issue	Source File / Package
	CVE-2019-10212	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2019-3888	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2020-10705	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2020-1745	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2020-1757	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2020-27782	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2021-3690	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2021-3859	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2022-0084	Maven-org.jboss.xnio:xnio-api-3.3.8.Final
	CVE-2022-1319	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2022-2053	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2022-4492	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2023-1108	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2023-5379	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2023-5685	Maven-org.jboss.xnio:xnio-api-3.3.8.Final
	CVE-2024-5971	Maven-io.undertow:undertow-core-2.0.9.Final
	CVE-2024-6162	Maven-io.undertow:undertow-core-2.0.9.Final
	Client_DOM_Stored_XSS	/src/main/webapp/vulnerability/Injection/xxe.jsp: 15
	Client_DOM_Stored_XSS	/src/main/webapp/vulnerability/Injection/xxe.jsp: 12
	Client_DOM_Stored_XSS	/src/main/webapp/vulnerability/Injection/xxe.jsp: 12
	Client_DOM_Stored_XSS	/src/main/webapp/vulnerability/Injection/xxe.jsp: 15
	Client_DOM_Stored_XSS	/src/main/webapp/vulnerability/Injection/xxe.jsp: 15
	Client_DOM_Stored_XSS	/src/main/webapp/vulnerability/Injection/xxe.jsp: 12
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	Connection_String_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java: 25
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 60
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 47
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 46
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 45
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 45
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 46
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 47
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 60
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 47
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java: 25
	SQL_Injection	/src/main/webapp/vulnerability/DisplayMessage.jsp: 16
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35
	SQL_Injection	/src/main/webapp/ForgotPassword.jsp: 42
	SQL_Injection	/src/main/webapp/vulnerability/forumposts.jsp: 9
	SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 41
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 44
	SQL_Injection	/src/main/webapp/vulnerability/sqli/download_id.jsp: 18
	SQL_Injection	/src/main/webapp/vulnerability/csrf/change-info.jsp: 26
	SQL_Injection	/src/main/webapp/changeCardDetails.jsp: 37
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 43
	SQL_Injection	/src/main/webapp/ForgotPassword.jsp: 42
	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11
	SQL_Injection	/src/main/webapp/admin/manageusers.jsp: 13
	SQL_Injection	/src/main/webapp/vulnerability/idor/change-email.jsp: 28
	SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 42
	SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 45
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 46
	SQL_Injection	/src/main/webapp/vulnerability/UserDetails.jsp: 8
	SQL_Injection	/src/main/webapp/myprofile.jsp: 16
	SQL_Injection	/src/main/webapp/myprofile.jsp: 16
	SQL_Injection	/src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18
	SQL_Injection	/src/main/webapp/vulnerability/idor/change-email.jsp: 27
	SQL_Injection	/src/main/webapp/changeCardDetails.jsp: 38
	SQL_Injection	/src/main/webapp/changeCardDetails.jsp: 39
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java: 44
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 60
	SQL_Injection	/src/main/webapp/vulnerability/csrf/changepassword.jsp: 33
	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36
	Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 20
	Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 20
	Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 20
	Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 20
	Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/webapp/vulnerability/forum.jsp: 60
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/webapp/myprofile.jsp: 21
	Stored_XSS	/src/main/webapp/myprofile.jsp: 29
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/webapp/vulnerability/securitymisconfig/pages.jsp: 19
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/webapp/vulnerability/forum.jsp: 60
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/webapp/myprofile.jsp: 21
	Stored_XSS	/src/main/webapp/vulnerability/Injection/orm.jsp: 12
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/webapp/myprofile.jsp: 29
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/webapp/vulnerability/forumUsersList.jsp: 12
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/webapp/vulnerability/securitymisconfig/pages.jsp: 19
	Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp: 14
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp: 14
	Stored_XSS	/src/main/webapp/vulnerability/forum.jsp: 60
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/webapp/myprofile.jsp: 21
	Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp: 14
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/webapp/vulnerability/Messages.jsp: 14
	Stored_XSS	/src/main/webapp/myprofile.jsp: 29
	Stored_XSS	/src/main/webapp/vulnerability/DisplayMessage.jsp: 16
	Stored_XSS	/src/main/webapp/vulnerability/securitymisconfig/pages.jsp: 19
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp: 20
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/webapp/vulnerability/DisplayMessage.jsp: 16
	Stored_XSS	/src/main/webapp/vulnerability/UserDetails.jsp: 13
	Stored_XSS	/src/main/webapp/vulnerability/DisplayMessage.jsp: 16
	Stored_XSS	/src/main/webapp/ForgotPassword.jsp: 42
	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52
	Stored_XSS	/src/main/webapp/admin/manageusers.jsp: 19
	Absolute_Path_Traversal

More results are available on AST platform

fix: pom.xml to reduce vulnerabilities

1c12b83

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7707751

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

[Snyk] Security upgrade io.undertow:undertow-core from 2.0.9.Final to 2.3.17.Final#39

[Snyk] Security upgrade io.undertow:undertow-core from 2.0.9.Final to 2.3.17.Final#39
weinrich15 wants to merge 1 commit intomasterfrom
snyk-fix-05f25715677dfd2b4842f69e20470033

weinrich15 commented Sep 30, 2024

Uh oh!

weinrich15 commented Sep 30, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Comments

Conversation

weinrich15 commented Sep 30, 2024

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

weinrich15 commented Sep 30, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

New Issues

Fixed Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

weinrich15 commented Sep 30, 2024 •

edited

Loading