Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade org.apache.karaf.features:standard from 4.0.4 to 4.4.0 #25

Open
wants to merge 1 commit into
base: master-seeburger
Choose a base branch
from
Open

[Snyk] Security upgrade org.apache.karaf.features:standard from 4.0.4 to 4.4.0 #25

wants to merge 1 commit into from

Conversation

ecki
Copy link
Member

@ecki ecki commented Dec 6, 2024

snyk-top-banner

Snyk has created this PR to fix 18 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • features/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-5953331		   864   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Mature
high severity Privilege Escalation
SNYK-JAVA-ORGECLIPSEJETTY-1021614		   711   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
high severity Denial of Service (DoS)
SNYK-JAVA-ORGECLIPSEJETTY-1090340		   696   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
high severity Insufficient Session Expiration
SNYK-JAVA-ORGAPACHETOMCATEMBED-7430175		   649   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
No Known Exploit
medium severity Improper Validation of Syntactic Correctness of Input
SNYK-JAVA-ORGECLIPSEJETTY-8186141		   636   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
medium severity Improper Validation of Syntactic Correctness of Input
SNYK-JAVA-ORGECLIPSEJETTY-8186158		   636   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264		   589   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
No Known Exploit
medium severity Information Exposure
SNYK-JAVA-ORGECLIPSEJETTY-1300835		   586   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGECLIPSEJETTY-5426159		   586   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
medium severity Improper Handling of Length Parameter Inconsistency
SNYK-JAVA-ORGECLIPSEJETTY-5902998		   586   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGECLIPSEJETTY-8186168		   559   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
No Known Exploit
low severity Arbitrary Code Execution
SNYK-JAVA-ORGECLIPSEJETTY-5903003		   496   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
low severity Information Exposure
SNYK-JAVA-ORGECLIPSEJETTY-5426160		   441   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
low severity Information Exposure
SNYK-JAVA-ORGECLIPSEJETTY-5426161		   441   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
Proof of Concept
low severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGECLIPSEJETTY-5769685		   409   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
No Known Exploit
low severity Information Exposure
SNYK-JAVA-ORGECLIPSEJETTY-1313686		   359   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
No Known Exploit
low severity Improper Input Validation
SNYK-JAVA-ORGECLIPSEJETTY-2945452		   349   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
No Known Exploit
low severity Improper Input Validation
SNYK-JAVA-ORGECLIPSEJETTY-2945453		   349   org.apache.karaf.features:standard:
4.0.4 -> 4.4.0
No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Improper Input Validation
🦉 XML External Entity (XXE) Injection

@snyk-bot
fix: features/pom.xml to reduce vulnerabilities
7524fb4 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5953331
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1021614
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1090340
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-7430175
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-8186141
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-8186158
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1300835
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426159
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5902998
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-8186168
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5903003
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426160
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426161
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5769685
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1313686
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945453
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ecki @snyk-bot