Skip to content

[Snyk] Fix for 10 vulnerabilities

Brice Copy requested to merge snyk-fix-655f3c0e4430ae388a79252046f84910 into master

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Upgrade Breaking Change Exploit Maturity
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-456705
org.apache.activemq:activemq-http:
5.15.2 -> 5.15.10
No No Known Exploit
medium severity Insecure XML deserialization
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764
org.apache.activemq:activemq-http:
5.15.2 -> 5.15.10
No Proof of Concept
high severity Information Exposure
SNYK-JAVA-IONETTY-73571
io.searchbox:jest:
2.0.3 -> 5.3.2
No No Known Exploit
high severity Man-in-the-Middle (MitM)
SNYK-JAVA-ORGAPACHEACTIVEMQ-460123
org.apache.activemq:activemq-client:
5.15.2 -> 5.15.9
No No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHEACTIVEMQ-461169
org.apache.activemq:activemq-client:
5.15.2 -> 5.15.9
No No Known Exploit
medium severity Directory Traversal
SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517
io.searchbox:jest:
2.0.3 -> 5.3.2
org.apache.httpcomponents:httpclient:
4.5.1 -> 4.5.3
Yes No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-ORGCODEHAUSGROOVY-31510
io.searchbox:jest:
2.0.3 -> 5.3.2
No No Known Exploit
high severity Timing Attack
SNYK-JAVA-ORGECLIPSEJETTY-32151
org.eclipse.jetty:jetty-server:
9.2.14.v20151106 -> 9.3.24.v20180605
No No Known Exploit
high severity Cache Poisoning
SNYK-JAVA-ORGECLIPSEJETTY-32383
org.eclipse.jetty:jetty-server:
9.2.14.v20151106 -> 9.3.24.v20180605
No No Known Exploit
high severity Authorization Bypass
SNYK-JAVA-ORGECLIPSEJETTY-32385
org.eclipse.jetty:jetty-server:
9.2.14.v20151106 -> 9.3.24.v20180605
No No Known Exploit

Check the changes in this Merge Request to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Merge request reports