[Snyk] Fix for 11 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml
Vulnerabilities that will be fixed
With an upgrade:
Severity | Issue | Upgrade | Breaking Change | Exploit Maturity |
---|---|---|---|---|
Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-456705 |
org.apache.activemq:activemq-http: 5.15.2 -> 5.15.10 |
No | No Known Exploit | |
Insecure XML deserialization SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764 |
org.apache.activemq:activemq-http: 5.15.2 -> 5.15.10 |
No | Proof of Concept | |
Information Exposure SNYK-JAVA-IONETTY-73571 |
io.searchbox:jest: 2.0.3 -> 5.3.2 |
No | No Known Exploit | |
Man-in-the-Middle (MitM) SNYK-JAVA-ORGAPACHEACTIVEMQ-460123 |
org.apache.activemq:activemq-client: 5.15.2 -> 5.15.9 |
No | No Known Exploit | |
Denial of Service (DoS) SNYK-JAVA-ORGAPACHEACTIVEMQ-461169 |
org.apache.activemq:activemq-client: 5.15.2 -> 5.15.9 |
No | No Known Exploit | |
Directory Traversal SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517 |
io.searchbox:jest: 2.0.3 -> 5.3.2 org.apache.httpcomponents:httpclient: 4.5.1 -> 4.5.3 |
Yes | No Known Exploit | |
Deserialization of Untrusted Data SNYK-JAVA-ORGCODEHAUSGROOVY-31510 |
io.searchbox:jest: 2.0.3 -> 5.3.2 |
No | No Known Exploit | |
Timing Attack SNYK-JAVA-ORGECLIPSEJETTY-32151 |
org.eclipse.jetty:jetty-server: 9.2.14.v20151106 -> 9.3.24.v20180605 |
No | No Known Exploit | |
Cache Poisoning SNYK-JAVA-ORGECLIPSEJETTY-32383 |
org.eclipse.jetty:jetty-server: 9.2.14.v20151106 -> 9.3.24.v20180605 |
No | No Known Exploit | |
Authorization Bypass SNYK-JAVA-ORGECLIPSEJETTY-32385 |
org.eclipse.jetty:jetty-server: 9.2.14.v20151106 -> 9.3.24.v20180605 |
No | No Known Exploit | |
Cache Poisoning SNYK-JAVA-ORGECLIPSEJETTY-460763 |
org.eclipse.jetty:jetty-server: 9.2.14.v20151106 -> 9.3.24.v20180605 |
No | No Known Exploit |
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report