[Snyk] Security upgrade org.apache.tomcat:tomcat-coyote from 9.0.22 to 9.0.109 by weinrich15 · Pull Request #50 · LegitAJ/JavaVulnerableLab

weinrich15 · 2025-11-02T09:09:48Z

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Improper Output Neutralization for Logs SNYK-JAVA-ORGAPACHETOMCAT-13723548	601	org.apache.tomcat:tomcat-coyote: `9.0.22` -> `9.0.109` `No Known Exploit`

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Output Neutralization for Logs

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-13723548

weinrich15 · 2025-11-02T09:12:04Z

Checkmarx One – Scan Summary & Details – bfca65e8-53c5-491a-83c5-bc140f7a538f

New Issues (81)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
S3 Bucket Allows Delete Action From All Principals	/s3_with_all_permissions.tf: 5	details S3 Buckets must not allow Delete Action From All Principals, as to prevent leaking private information to the entire internet or allow unauthorized... `ID: j6z7Nppuf3vonyn6ZDSKClAqRBE%3D`
CVE-2019-14888	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.38.Final Description: A vulnerability was found in the Undertow HTTP server in versions through 2.0.28.SP1-redhat-00001, version 2.0.28.Final-redhat-00001, and version 2... Attack Vector: NETWORK Attack Complexity: LOW `ID: aS%2FcAMDu6DJLT%2F%2BdTd25ZKt%2BjFN5wdKpwQGgesA0%2BfE%3D` Vulnerable Package
CVE-2023-1973	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.38.Final Description: A flaw was found in Undertow package. Using the "FormAuthenticationMechanism", a malicious user could trigger a Denial of Service by sending crafte... Attack Vector: NETWORK Attack Complexity: LOW `ID: S68khhnBvE%2FGXtuiV3OOxQICzluj3deMgWXslrD3fHg%3D` Vulnerable Package
CVE-2023-22102	Maven-mysql:mysql-connector-java-5.1.26	details Description: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). The affected versions are through 8.1.0. The difficult-to-e... Attack Vector: NETWORK Attack Complexity: HIGH `ID: B%2FPyM%2BXy5Sj305TVCNmcQSlvhf8D2aKfxcKdvv%2F%2FyiM%3D` Vulnerable Package
CVE-2023-3223	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.38.Final Description: A flaw was found in undertow versions through 2.2.26.Final, and 2.3.0.Alpha1 through 2.3.8.Final. Servlets annotated with '@MultipartConfig' may ca... Attack Vector: NETWORK Attack Complexity: LOW `ID: swBCg%2FrzGQKmFIUsRA7KXSNH4yYesUv%2BdiZUNEK0DDQ%3D` Vulnerable Package
CVE-2023-4639	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.38.Final Description: A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allo... Attack Vector: NETWORK Attack Complexity: HIGH `ID: abDMufCL40aGOiqrg40QRF1adsT5X7%2FXrHNkRMc5Fbc%3D` Vulnerable Package
CVE-2024-1635	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.38.Final Description: A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious use... Attack Vector: NETWORK Attack Complexity: LOW `ID: VZeD3gzoeZ4vdN92a65FT3D%2FjgsD%2BIV5jxjwAnuHOqo%3D` Vulnerable Package
CVE-2024-7885	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.38.Final Description: A vulnerability was found in Undertow where the "ProxyProtocolReadListener" reuses the same "StringBuilder" instance across multiple requests. This... Attack Vector: NETWORK Attack Complexity: LOW `ID: OCvKsnp7Xum3QLTBFkalZ0mp8akopkqoKwZLlrhGfGQ%3D` Vulnerable Package
CVE-2025-41249	Maven-org.springframework:spring-core-5.0.4.RELEASE	details Recommended version: 6.2.11 Description: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized s... Attack Vector: NETWORK Attack Complexity: LOW `ID: Jbcdk5A%2BirMXFuvNmMkKbjmh%2Bwxo%2BMoGqcZhjdvEkJE%3D` Vulnerable Package
CVE-2025-9784	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.38.Final Description: A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, r... Attack Vector: NETWORK Attack Complexity: LOW `ID: 8U1Ya7eMZZnPRVUu6yvzEI%2BE%2BCL0LQgntkwfR4JeVYo%3D` Vulnerable Package
Remote Desktop Port Open To Internet	/AJP_Open_Port.tf: 6	details The Remote Desktop port is open to the internet in a Security Group `ID: n184d2i0e3AlwvbL%2FJBiRl9dy8w%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 2vnxR%2B6jBBEsaUSpED6znAvCNsU%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 2Zx3v1MgE2E6flIPX9aDpcmFAUo%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: SiAXHgRFmSnJM2NsYYpHUsdSjQ0%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: rp%2BMtYbW9pkxDZa130o3pnSTLQM%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: lo%2FvWvaQG3GF7wr7e%2F8MOejGUfo%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: UR7uKd5rxUUhYsIJw1f8Gce%2FyHc%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: ci%2FrmVz87oBdbVoBWnx%2B0odzhXY%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: dCGzrXvWHUL7Q%2BwP3wg0Sb0mufw%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: jjrdipl8x2qejIcEqs84XWw7uDg%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: n4%2BpBjOefWE8ZBzL4%2BdidF%2FdFog%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: snfE0BtC0HONM9I%2FeFWWA3nisWs%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 9Tw3S2US2VIYaL8UuaKMS%2BcvM%2FY%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 4hn2t8Pkae3OpZNm7CQ%2Fyr6y5wo%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: FTamKnTqBlQ30pRaFB0SfKPVZxc%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 0xHCc%2FlMirk%2B27gimL1k5RqU5pE%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: RW%2BvMIohdId6RkgndlmPNV60AhU%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: JWq4Lixv30GsuJeJ4mY0f1FUE2c%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: ReatByiMlBBN%2FRB7SJibAZ4%2FHVQ%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: Ho1WKMVs%2FpEMty%2Bi5j17qjsA9JU%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 4jvbRU%2B72arEhXpjysba1yuwPlE%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: cCF%2BttQ6mvoNLCEEL30H0wUzyWo%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: idBPp7JFC90S8MpnJPd89G5EZn8%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 8sjFNQHwpPdSyZrOKlINCwIPy7c%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: iXa0eR39ts06knLRgTcr4EI8I64%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 8OxgpW8oGXG%2FU3KFYb1sdWtoHhI%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: KVvlYBJ79MzapIUbLBPFfONDV%2Bs%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: VEfFRpRMjj%2FsEt5Cr8AvCrg%2BKgQ%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: Igu3R7B7s49NoGrMOK2diIGlfmQ%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: V58KhwRv3TmRIN4OFsvWQvkwPtQ%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 9xpyyKkXXB%2FrZjfqdnbkSC3FECU%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: Ml3z%2FsF5q3c2neurJEgtCi%2BJ2Fs%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: RJTMJZflR3g%2BN5dl0QPDbWo2HD8%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: OuV1uNkwJurDpbYae7ld2SHPj%2BY%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: CznX86T%2BSOFnBx%2BxPqAH2ogFbdg%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: XKHvGYlUie1KOLRkbhAPbx3RYQE%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: VLCBYTBXGh04DCN8NyKsPyI7skE%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: %2Fvg8OaLX1HpYHNefS1ttUzc64mM%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: bGJpV6Wb%2BTVWqqCRwiBoesm46Hg%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 7rnBvlakHbl6xJShMnz%2Br7n803E%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: OoFQ%2FJheoT2e8ILiEpHuoqggoJM%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: hkR%2BDU3C%2FfmgoJtUPRNP45HgA5k%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: J2LXKQcLMuER0gg1yfDs3D7UXnI%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: EjIoP0v538k%2FaZVHooXZdn2ep%2FY%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: zuFnUa91eanZsIyydkvgtAHWL5I%3D`
Unknown Port Exposed To Internet	/AJP_Open_Port.tf: 6	details AWS Security Group should not have an unknown port exposed to the entire Internet `ID: 9QBYw83goqJ9FNoz%2FtuSFg9uWyk%3D`
Unrestricted Security Group Ingress	/AJP_Open_Port.tf: 11	details Security groups allow ingress from 0.0.0.0:0 and/or ::/0 `ID: tnUQtBqKQd3Dhbcn73FlAoNETco%3D`
CVE-2021-20220	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.38.Final Description: A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible aga... Attack Vector: NETWORK Attack Complexity: HIGH Exploitable Path: parse@.../jvl/controller/AddPageVuln.java - ... - verifyToken@...tow/server/Connectors.java `ID: TwHMaF5kfUrlX7spAyE5ofL5C4uC1hqNGOO7sxntym8%3D` Vulnerable Package
CVE-2024-12798	Maven-ch.qos.logback:logback-classic-1.2.3	details Recommended version: 1.3.15 Description: Arbitrary Code Execution vulnerability in "JaninoEventEvaluator" by QOS.CH logback in Java applications, allows attackers to execute arbitrary code... Attack Vector: LOCAL Attack Complexity: LOW `ID: n7y%2BpZ%2BRtoBuZqjrRt6TN4plWA%2F%2FZ9kDZUxicF8syys%3D` Vulnerable Package

More results are available on the CxOne platform

Fixed Issues (192)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CVE-2016-10707~~	Npm-jquery-1.6.4
	~~CVE-2018-1272~~	Maven-org.springframework:spring-core-5.0.4.RELEASE
	~~CVE-2020-11996~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2020-13934~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2020-17527~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2020-1938~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2021-25122~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2021-30639~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2021-41079~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2022-42252~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2023-24998~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2023-44487~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~CVE-2024-24549~~	Maven-org.apache.tomcat:tomcat-coyote-9.0.22
	~~Client_DOM_Stored_XSS~~	/src/main/webapp/vulnerability/Injection/xxe.jsp: 12
	~~Client_DOM_Stored_XSS~~	/src/main/webapp/vulnerability/Injection/xxe.jsp: 15
	~~Remote Desktop Port Open To Internet~~	/AJP_Open_Port.tf: 1
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Unknown Port Exposed To Internet~~	/AJP_Open_Port.tf: 11
	~~Unrestricted Security Group Ingress~~	/AJP_Open_Port.tf: 11
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 57
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54
	~~CSRF~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 54

More results are available on the CxOne platform

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

fix: pom.xml to reduce vulnerabilities

25f5463

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-13723548

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

[Snyk] Security upgrade org.apache.tomcat:tomcat-coyote from 9.0.22 to 9.0.109#50

[Snyk] Security upgrade org.apache.tomcat:tomcat-coyote from 9.0.22 to 9.0.109#50
weinrich15 wants to merge 1 commit intomasterfrom
snyk-fix-894ed2c31fd8eb824289ea7dc86a0ee0

weinrich15 commented Nov 2, 2025

Uh oh!

weinrich15 commented Nov 2, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Comments

Conversation

weinrich15 commented Nov 2, 2025

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

weinrich15 commented Nov 2, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants