Skip to content

[Snyk] Security upgrade de.codecentric:spring-boot-starter-batch-web from 1.3.7.RELEASE to 1.4.0.RELEASE#2

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-e49329e06a58adafbd02534b24eaec91
Open

[Snyk] Security upgrade de.codecentric:spring-boot-starter-batch-web from 1.3.7.RELEASE to 1.4.0.RELEASE#2
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-e49329e06a58adafbd02534b24eaec91

Conversation

@snyk-bot

@snyk-bot snyk-bot commented Apr 5, 2022

Copy link
Copy Markdown

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity
high severity 644/1000
Why? Has a fix available, CVSS 8.6
Improper Input Validation
SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3
Improper Output Neutralization for Logs
SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3
Improper Input Validation
SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
critical severity 957/1000
Why? Currently trending on Twitter, Mature exploit, Recently disclosed, Has a fix available, CVSS 9.8
Remote Code Execution
SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No Mature
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Directory Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-31332
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Information Exposure
SNYK-JAVA-ORGSPRINGFRAMEWORK-31689
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Multipart Content Pollution
SNYK-JAVA-ORGSPRINGFRAMEWORK-32199
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Directory Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-32202
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Cross-Site Tracing (XST)
SNYK-JAVA-ORGSPRINGFRAMEWORK-451604
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Multipart Content Pollution
SNYK-JAVA-ORGSPRINGFRAMEWORK-460644
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Information Exposure
SNYK-JAVA-ORGSPRINGFRAMEWORK-467268
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-72470
de.codecentric:spring-boot-starter-batch-web:
1.3.7.RELEASE -> 1.4.0.RELEASE
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Multipart Content Pollution
🦉 Remote Code Execution
🦉 Directory Traversal
🦉 More lessons are available in Snyk Learn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant