Skip to content

[Snyk] Security upgrade org.slf4j:slf4j-reload4j from 1.7.36 to 2.0.1#14

Open
tyleragypt wants to merge 1 commit into
masterfrom
snyk-fix-af5e6fe31a1c778cd031165068a81fe7
Open

[Snyk] Security upgrade org.slf4j:slf4j-reload4j from 1.7.36 to 2.0.1#14
tyleragypt wants to merge 1 commit into
masterfrom
snyk-fix-af5e6fe31a1c778cd031165068a81fe7

Conversation

@tyleragypt

@tyleragypt tyleragypt commented Jun 23, 2023

Copy link
Copy Markdown
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity Reachability
high severity 565/1000
Why? Recently disclosed, Has a fix available, CVSS 7.3		 XML External Entity (XXE) Injection
SNYK-JAVA-CHQOSRELOAD4J-5731326		 org.slf4j:slf4j-reload4j:
1.7.36 -> 2.0.1
Yes No Known Exploit No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML External Entity (XXE) Injection

@snyk-bot
fix: pom.xml to reduce vulnerabilities
147c972 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-CHQOSRELOAD4J-5731326
@tyleragypt

tyleragypt commented Jun 23, 2023

Copy link
Copy Markdown
Owner Author

Logo
Checkmarx One – Scan Summary & Detailsa6d49bab-ceb6-4f1a-ab69-8c239dae0768

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2016-10707 Npm-jquery-2.1.4 Vulnerable Package
HIGH CVE-2022-41853 Maven-org.hsqldb:hsqldb-2.3.6 Vulnerable Package
HIGH CVE-2023-20863 Maven-org.springframework:spring-expression-4.3.30.RELEASE Vulnerable Package
HIGH CVE-2023-24998 Maven-commons-fileupload:commons-fileupload-1.3.3 Vulnerable Package
MEDIUM CVE-2007-2379 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2014-6071 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2015-9251 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2019-11358 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2020-11022 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2020-11023 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2023-20861 Maven-org.springframework:spring-expression-4.3.30.RELEASE Vulnerable Package
MEDIUM Cxf0b588a3-5c6f Npm-jquery-2.1.4 Vulnerable Package
LOW Unprotected_Cookie /src/main/webapp/js/testsuiteutils.js: 52 Attack Vector

Fixed Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01444.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01191.java: 44 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01445.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02612.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01363.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01067.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02512.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00980.java: 59 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01066.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00570.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00309.java: 44 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01190.java: 44 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01192.java: 44 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02070.java: 44 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00823.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00827.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00495.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01608.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02515.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02516.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02517.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02155.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00982.java: 59 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01442.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02341.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02344.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00825.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01691.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01690.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02613.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01361.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02514.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01288.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00496.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00498.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01287.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00175.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00172.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00173.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00174.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00311.java: 44 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00306.java: 44 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00740.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02513.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02511.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02518.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00412.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00983.java: 59 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00574.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00573.java: 45 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00497.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00410.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00743.java: 43 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java: 59 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00091.java: 59 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00007.java: 46 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31 Attack Vector
HIGH Command_Injection /src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01005.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01883.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00111.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00997.java: 54 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00112.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01008.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01877.java: 54 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01000.java: 54 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01889.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01887.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01890.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01009.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00115.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01891.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01007.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00998.java: 54 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00103.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01888.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java: 53 Attack Vector
HIGH SQL_Injection /src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01885.java: 53 Attack Vector
HIGH

More results are available on AST platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tyleragypt @snyk-bot