[Snyk] Security upgrade org.owasp.esapi:esapi from 2.2.3.1 to 2.6.2.0 by tyleragypt · Pull Request #30 · tyleragypt/BenchmarkJava

tyleragypt · 2025-06-06T11:39:29Z

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') SNYK-JAVA-COMMONSBEANUTILS-10259368	635	org.owasp.esapi:esapi: `2.2.3.1` -> `2.6.2.0` `No Path Found` `No Known Exploit`

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-10259368

tyleragypt · 2025-06-06T11:50:07Z

Checkmarx One – Scan Summary & Details – b8d718a8-5041-4ae0-8d02-30b1b9de5bac

New Issues (34)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2022-41853	Maven-org.hsqldb:hsqldb-2.3.6	details Recommended version: 2.7.1 Description: Those using "java.sql.Statement" or "java.sql.PreparedStatement" in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a Re... Attack Vector: NETWORK Attack Complexity: LOW Exploitable Path: executeBatch@...e/BenchmarkTest02454.java - ... - executeCompiledStatement@.../Session.java `ID: QG%2BGg3n2v%2BvjKIGlu%2F1dNHnFLI6XLGAPJWzw3mrSq0Q%3D` Vulnerable Package
CVE-2024-52046	Maven-org.apache.mina:mina-core-2.0.0-RC1	details Recommended version: 2.0.27 Description: The "ObjectSerializationDecoder" in Apache MINA uses Java's native deserialization protocol to process incoming serialized data but lacks the neces... Attack Vector: NETWORK Attack Complexity: LOW `ID: XsEIq4kpi%2Ft2EK9lfFnnG%2BjcmGAGqgXIq1r0BBxt0nM%3D` Vulnerable Package
CVE-2024-22243	Maven-org.springframework:spring-web-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: Applications that use "UriComponentsBuilder" to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on ... Attack Vector: NETWORK Attack Complexity: LOW `ID: o2DW7zdSNd94VhFWUDdzo3%2BihjSdKVa65EbBQDkCmjU%3D` Vulnerable Package
CVE-2024-22259	Maven-org.springframework:spring-web-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: Applications that use "UriComponentsBuilder" in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform v... Attack Vector: NETWORK Attack Complexity: LOW `ID: RKOaImPL%2BYJv8pfszQ3wwkv%2FHMnGIsj4svUxDfaD1RU%3D` Vulnerable Package
CVE-2024-22262	Maven-org.springframework:spring-web-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: Applications that use "UriComponentsBuilder" to parse an externally provided URL (e.g. through a query parameter) and perform validation checks on ... Attack Vector: NETWORK Attack Complexity: LOW `ID: GIMbmLclP46l4%2BIN1u57C8Fd%2FE7sJqc%2FPtLqFfx52j8%3D` Vulnerable Package
CVE-2024-38819	Maven-org.springframework:spring-webmvc-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: Applications serving static resources through the functional web frameworks "WebMvc.fn" or "WebFlux.fn" are vulnerable to path traversal attacks. A... Attack Vector: NETWORK Attack Complexity: LOW `ID: eSEUGngjIxih0nxomobrFDBTCFzH1txLw0hKzMKr6OU%3D` Vulnerable Package
CVE-2015-9251	Npm-jquery-2.1.4	details Recommended version: 3.5.0 Description: jQuery before 3.0.0-beta1 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType op... Attack Vector: NETWORK Attack Complexity: LOW `ID: mxg1f4hpfv0ISzRKufsMyjbhtUo532eM7gmFBgfzimg%3D` Vulnerable Package
CVE-2019-11358	Npm-jquery-2.1.4	details Recommended version: 3.5.0 Description: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollu... Attack Vector: NETWORK Attack Complexity: LOW `ID: RR3n8zRQoFPBtqZ8EB0h%2BOKDZFScGRbBNZ%2Fh%2BhVd5Zc%3D` Vulnerable Package
CVE-2020-11023	Npm-jquery-2.1.4	details Recommended version: 3.5.0 Description: In jQuery versions 1.0.3 through 3.4.1, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQu... Attack Vector: NETWORK Attack Complexity: LOW `ID: 66%2Fm3gI4GVpoKWiTdMhQXK%2F9JHNi%2BE2C%2FtQJvn1RKHM%3D` Vulnerable Package
CVE-2023-20861	Maven-org.springframework:spring-expression-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: In Spring Framework versions prior to 5.2.23.RELEASE, 5.3.x prior to 5.3.26 and 6.0.x prior to 6.0.7 it is possible for a user to provide a special... Attack Vector: NETWORK Attack Complexity: LOW `ID: UysCjdXJhiC%2Ba9qaLbWTxexUVy7LEemuPMAWJ7EN0zI%3D` Vulnerable Package
CVE-2023-20863	Maven-org.springframework:spring-expression-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: In spring framework in versions through 5.2.23.RELEASE, 5.3.0-M1 through 5.3.26, and 6.0.0-M1 through 6.0.7 it is possible for a user to provide a ... Attack Vector: NETWORK Attack Complexity: LOW `ID: PE62prXtsgpEvPwUleVEFfOlw%2B0YXzPnbCD%2BhxYyCEM%3D` Vulnerable Package
CVE-2023-33201	Maven-org.bouncycastle:bcprov-jdk15on-1.70	details Description: Bouncy Castle for Java versions prior to 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use ... Attack Vector: NETWORK Attack Complexity: LOW `ID: LyuwSgpcQWcTtXqbel%2Br8QVKOMXjhEgVgwal19l8iJ4%3D` Vulnerable Package
CVE-2023-33202	Maven-org.bouncycastle:bcprov-jdk15on-1.70	details Description: Bouncy Castle for Java in versions prior to 1.73 contains a potential Denial-of-Service (DoS) issue within the Bouncy Castle "org.bouncycastle.open... Attack Vector: LOCAL Attack Complexity: LOW `ID: NVPiJzmiQFxamTa2r6kvjuD8HwvBMJIwdznV039o43o%3D` Vulnerable Package
CVE-2024-29857	Maven-org.bouncycastle:bcprov-jdk15on-1.70	details Description: An issue was discovered in "ECCurve.java" and "ECCurve.cs" in Bouncy Castle Java (BC Java) versions prior to 1.78, BC Java LTS versions prior to 2.... Attack Vector: NETWORK Attack Complexity: LOW `ID: aBJrg4Fr9dbtmIgowncEJQrh%2BCXfMNZaqBoKr5p5JvY%3D` Vulnerable Package
CVE-2024-30171	Maven-org.bouncycastle:bcprov-jdk15on-1.70	details Description: An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. This issue also affects Bouncy Castle C# package prior to 2.3.... Attack Vector: NETWORK Attack Complexity: HIGH Exploitable Path: doFinal@...stcode/BenchmarkTest02024.java - ... - checkPkcs1Encoding@.../PKCS1Encoding.java `ID: 9T9WYtFqfyEGgXQ%2FszAHi2LsuPaO5EbpHBeGm45FjQI%3D` Vulnerable Package
CVE-2024-30172	Maven-org.bouncycastle:bcprov-jdk15on-1.70	details Description: An issue was discovered in Bouncy Castle Java Cryptography APIs prior to 1.78 and Bouncy Castle C# Cryptography prior to 2.3.1. An "Ed25519" verifi... Attack Vector: NETWORK Attack Complexity: LOW `ID: Jin5C%2BJB0N8IBzwYLj%2B5FajZsXrDKBq3%2BwyHBIG0mcs%3D` Vulnerable Package
CVE-2024-38808	Maven-org.springframework:spring-expression-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: In Spring Framework versions through 5.3.38, a user can provide a specially crafted Spring Expression Language (SpEL) expression that may cause a d... Attack Vector: NETWORK Attack Complexity: LOW `ID: %2FzHmvjsheNvVgHdEH8v91Efw20mJ3Jj6WJxj2dsBzQE%3D` Vulnerable Package
CVE-2024-38809	Maven-org.springframework:spring-web-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: The package "org.springframework:spring-web" versions through 5.3.37, 6.0.0-M1 through 6.0.22, and 6.1.0-M1 through 6.1.11 are vulnerable to Denial... Attack Vector: NETWORK Attack Complexity: LOW `ID: hFWzV72LhheQCAy8LOYyoT0EoO6PoCNPnLD0UPrf3rY%3D` Vulnerable Package
CVE-2024-38828	Maven-org.springframework:spring-webmvc-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: Spring MVC controller methods with an "@RequestBody byte[]" method parameter are vulnerable to a DoS attack. This issue affects the package org.spr... Attack Vector: NETWORK Attack Complexity: LOW `ID: IL%2BTOjGNBxzZn9fpNqmxkVPQ75fQ%2BJMpmTsBSfFGWqU%3D` Vulnerable Package
CVE-2024-6485	Npm-bootstrap-3.3.4	details Recommended version: 5.0.0 Description: A security vulnerability has been discovered in the package bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is as... Attack Vector: NETWORK Attack Complexity: HIGH `ID: 60TEqfsCo%2B04a1OSoWuPwbkBKyVDXepGhL0X6gd8mH8%3D` Vulnerable Package
CVE-2025-46392	Maven-commons-configuration:commons-configuration-1.10	details Description: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration versions 1.x. There are a number of issues in Apache Commons Confi... Attack Vector: NETWORK Attack Complexity: LOW `ID: %2F8iJiAE8qLxDgqXnE4O%2F0qr9XT9kQ0PvP%2BidpSResIU%3D` Vulnerable Package
Cxf0b588a3-5c6f	Npm-jquery-2.1.4	details Recommended version: 3.5.0 Description: The package `jQuery` before 1.12.0, between 1.12.2 and 2.1.4 and between 2.2.2 and 2.2.4 is vulnerable to `XSS`. The function `jQuery.parseHTML()` ... Attack Vector: NETWORK Attack Complexity: LOW `ID: UrkFnIK9qca4KHUbjrdl1f8DEpPESpzFaqxwE7%2FxuAc%3D` Vulnerable Package
Use_of_Broken_or_Risky_Cryptographic_Algorithm	/src/main/java/org/owasp/benchmark/helpers/Utils.java: 405	details In getCipher, the application protects sensitive data using a cryptographic algorithm, getInstance, that is considered weak or even trivially broke... `ID: Kf4XPaqf9bn5RzfELiMfHgV4f1Q%3D` Attack Vector
CVE-2024-38820	Maven-org.springframework:spring-context-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW `ID: 34SePF5JDD0BYUT0amYl3U5It74MokyaZqGW5B7KCyA%3D` Vulnerable Package
CVE-2024-38820	Maven-org.springframework:spring-expression-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW `ID: 7gQnnz8Z5dOe%2FmWozZeU2ULZB0xi7%2F%2BCBYsF4tEeQnE%3D` Vulnerable Package
CVE-2024-38820	Maven-org.springframework:spring-beans-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW `ID: 9C4368p1YgBRfcjqWJy9vhqgenobZV3YSRVX3cyjZvw%3D` Vulnerable Package
CVE-2024-38820	Maven-org.springframework:spring-core-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW `ID: DaSm3RyolLvPCbOq59db8%2FTl6WKbi0UCLWRnmIA%2BjpA%3D` Vulnerable Package
CVE-2024-38820	Maven-org.springframework:spring-jdbc-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW `ID: hnQgJxvmIXz2aiAt8QylFBxP42hYld3TxA1p6wIckf0%3D` Vulnerable Package
CVE-2024-38820	Maven-org.springframework:spring-webmvc-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW `ID: JG%2FE597zgJgjb%2F79X1CwuRq74ekkoNLhZFVwI08el7c%3D` Vulnerable Package
CVE-2024-38820	Maven-org.springframework:spring-web-4.3.30.RELEASE	details Recommended version: 5.3.31-wso2v1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW `ID: wSYP7fuyqwtYytLy69qaAnADjhbKSF0%2B1DaiBMEPliw%3D` Vulnerable Package
CVE-2024-6484	Npm-bootstrap-3.3.4	details Recommended version: 5.0.0 Description: A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel com... Attack Vector: NETWORK Attack Complexity: HIGH `ID: Va0ICdfAcikvmHWulqChdHyU%2BeATCK%2FlDBuUHcwSV%2Fo%3D` Vulnerable Package
Unpinned Actions Full Length Commit SHA	/codeql-analysis.yml: 47	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help... `ID: UOcbYZcnH8edcJ9EIDBbQcxFZRU%3D`
Unpinned Actions Full Length Commit SHA	/codeql-analysis.yml: 35	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help... `ID: ObVYxjWWBQFtn8BGykYTAK0WXQw%3D`
Update Instruction Alone	/Dockerfile: 7	details Instruction 'RUN update' should always be followed by ' install' in the same RUN statement `ID: TD4qbwpyXcx8jUWwtlBTkYHd9JU%3D`

Fixed Issues (962)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CVE-2016-1000031~~	Maven-commons-fileupload:commons-fileupload-1.3.3
	~~CVE-2019-17571~~	Maven-log4j:log4j-1.2.17
	~~CVE-2021-4104~~	Maven-log4j:log4j-1.2.17
	~~CVE-2022-23302~~	Maven-log4j:log4j-1.2.17
	~~CVE-2022-23305~~	Maven-log4j:log4j-1.2.17
	~~CVE-2022-23307~~	Maven-log4j:log4j-1.2.17
	~~CVE-2022-23457~~	Maven-org.owasp.esapi:esapi-2.2.3.1
	~~CVE-2022-24839~~	Maven-net.sourceforge.nekohtml:nekohtml-1.9.22
	~~Client_DOM_Stored_XSS~~	/src/main/webapp/js/testsuiteutils.js: 107
	~~Client_DOM_Stored_XSS~~	/src/main/webapp/js/testsuiteutils.js: 83
	~~Client_DOM_Stored_XSS~~	/src/main/webapp/js/testsuiteutils.js: 82
	~~Client_DOM_Stored_XSS~~	/src/main/webapp/js/testsuiteutils.js: 141
	~~Client_DOM_Stored_XSS~~	/src/main/webapp/js/testsuiteutils.js: 140
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01182.java: 44
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02058.java: 44
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02610.java: 43
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00558.java: 45
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02335.java: 45
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01600.java: 43
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01937.java: 45
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00494.java: 43
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00307.java: 44
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01865.java: 59
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01289.java: 43
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00741.java: 43
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00093.java: 59
	~~Command_Injection~~	/src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31
	~~LDAP_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02104.java: 43
	~~LDAP_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02114.java: 43
	~~LDAP_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00959.java: 53
	~~LDAP_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02572.java: 43
	~~LDAP_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01831.java: 53
	~~LDAP_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01832.java: 53
	~~LDAP_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00947.java: 53
	~~LDAP_Injection~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00948.java: 53
	~~LDAP_Injection~~	/src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java: 31
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02321.java: 45
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02587.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01438.java: 45
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02588.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01347.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01063.java: 45
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01598.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01268.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01261.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01254.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00805.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02145.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02132.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02126.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00385.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00737.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00725.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00383.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02052.java: 44
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02327.java: 45
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01172.java: 44
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02229.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01424.java: 45
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02323.java: 45
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01173.java: 44
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01178.java: 44
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02046.java: 44
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02055.java: 44
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02591.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01335.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01350.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01338.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02223.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02239.java: 43
	~~Reflected_XSS_All_Clients~~	/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01422.java: 45

More results are available on the CxOne platform

fix: pom.xml to reduce vulnerabilities

0a6de0e

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-10259368

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade org.owasp.esapi:esapi from 2.2.3.1 to 2.6.2.0#30

[Snyk] Security upgrade org.owasp.esapi:esapi from 2.2.3.1 to 2.6.2.0#30
tyleragypt wants to merge 1 commit into
masterfrom
snyk-fix-62a65ca9eb564e790a9dd9b1e0707218

tyleragypt commented Jun 6, 2025

Uh oh!

tyleragypt commented Jun 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

tyleragypt commented Jun 6, 2025

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

tyleragypt commented Jun 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants