Skip to content

[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.7 to 2.25.4#19

Open
thulani-shabangu-github wants to merge 1 commit into
mainfrom
snyk-fix-e648b06a853527551f592b995aa89d1a
Open

[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.7 to 2.25.4#19
thulani-shabangu-github wants to merge 1 commit into
mainfrom
snyk-fix-e648b06a853527551f592b995aa89d1a

Conversation

@thulani-shabangu-github

@thulani-shabangu-github thulani-shabangu-github commented Apr 21, 2026

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • todolist-goof/todolist-web-struts/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
medium severity Improper Encoding or Escaping of Output
SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967769		   66   org.apache.logging.log4j:log4j-core:
2.7 -> 2.25.4
No Path Found No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967804		   66   org.apache.logging.log4j:log4j-core:
2.7 -> 2.25.4
No Path Found No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Encoding or Escaping of Output

@acn-tesch

acn-tesch commented Apr 21, 2026

Copy link
Copy Markdown

Logo
Checkmarx One – Scan Summary & Details99e73af5-209e-4d41-8c53-4e7dab55c024

New Issues (12) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 HIGH CVE-2024-4027 Maven-io.undertow:undertow-core-2.2.13.Final
detailsRecommended version: 2.2.39.Final
Description: A flaw was found in Undertow. Servlets using a method that calls "HttpServletRequestImpl.getParameterNames()" can cause an OutOfMemoryError when th...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
2 HIGH Cxfa47c4e4-5ef9 Maven-com.fasterxml.jackson.core:jackson-core-2.6.5
detailsRecommended version: 2.12.7.SP1-redhat-00001
Description: The non-blocking (async) JSON parser in jackson-core bypasses the "maxNumberLength" constraint (default: 1000 characters) defined in "StreamReadCon...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
3 HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4275
detailsContainers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
4 HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4278
detailsContainers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
5 HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4272
detailsContainers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
6 HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4272
detailsContainers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
7 HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4278
detailsContainers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
8 HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4275
detailsContainers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
9 LOW Missing AppArmor Profile /calico.yaml: 4060
detailsContainers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
10 LOW Missing AppArmor Profile /calico.yaml: 4060
detailsContainers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
11 LOW Missing AppArmor Profile /calico.yaml: 4060
detailsContainers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
12 LOW Missing AppArmor Profile /calico.yaml: 4060
detailsContainers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
Fixed Issues (13) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
CRITICAL CVE-2017-5645 Maven-org.apache.logging.log4j:log4j-core-2.7
CRITICAL CVE-2019-17571 Maven-org.apache.logging.log4j:log4j-core-2.7
HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4273
HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4279
HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4279
HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4276
HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4273
HIGH Volume Mount With OS Directory Write Permissions /calico.yaml: 4276
LOW CVE-2020-9488 Maven-org.apache.logging.log4j:log4j-core-2.7
LOW Missing AppArmor Profile /calico.yaml: 4060
LOW Missing AppArmor Profile /calico.yaml: 4060
LOW Missing AppArmor Profile /calico.yaml: 4060
LOW Missing AppArmor Profile /calico.yaml: 4060

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thulani-shabangu-github @acn-tesch @snyk-bot