Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: com.amazonaws:aws-java-sdk-core, com.esotericsoftware:kryo, redis.clients:jedis, io.github.resilience4j:resilience4j-ratelimiter, io.kamon:kamon-bundle_2.11, io.kamon:kamon-datadog_2.11, io.kamon:kamon-prometheus_2.11, org.elasticsearch.client:elasticsearch-rest-high-level-client, org.tmatesoft.sqljet:sqljet, org.xerial:sqlite-jdbc #852

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

edengal
Copy link
Collaborator

@edengal edengal commented Sep 19, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

com.amazonaws:aws-java-sdk-core
from 1.11.965 to 1.12.769 | 837 versions ahead of your current version | a month ago
on 2024-08-15
com.esotericsoftware:kryo
from 5.0.3 to 5.6.0 | 9 versions ahead of your current version | 8 months ago
on 2024-01-08
redis.clients:jedis
from 3.6.0 to 3.10.0 | 9 versions ahead of your current version | a year ago
on 2023-04-27
io.github.resilience4j:resilience4j-ratelimiter
from 1.7.0 to 1.7.1 | 1 version ahead of your current version | 3 years ago
on 2021-06-25
io.kamon:kamon-bundle_2.11
from 2.5.12 to 2.7.3 | 10 versions ahead of your current version | 3 months ago
on 2024-06-05
io.kamon:kamon-datadog_2.11
from 2.0.1 to 2.7.3 | 58 versions ahead of your current version | 3 months ago
on 2024-06-05
io.kamon:kamon-prometheus_2.11
from 2.5.12 to 2.7.3 | 10 versions ahead of your current version | 3 months ago
on 2024-06-05
org.elasticsearch.client:elasticsearch-rest-high-level-client
from 7.8.1 to 7.17.23 | 51 versions ahead of your current version | 2 months ago
on 2024-07-30
org.tmatesoft.sqljet:sqljet
from 1.1.13 to 1.1.15 | 2 versions ahead of your current version | 2 years ago
on 2022-11-08
org.xerial:sqlite-jdbc
from 3.15.1 to 3.46.1.0 | 52 versions ahead of your current version | a month ago
on 2024-08-19

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917
402 Mature
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111
402 No Known Exploit
high severity Arbitrary Code Execution
SNYK-JAVA-ORGXERIAL-5596891
402 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGYAML-2806360
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588
402 Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416
402 Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418
402 Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420
402 Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421
402 Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427
402 Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931
402 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043
402 Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044
402 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329
402 No Known Exploit
high severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JAVA-ORGELASTICSEARCH-6039899
402 No Known Exploit
high severity Improper Handling of Exceptional Conditions
SNYK-JAVA-ORGELASTICSEARCH-6083305
402 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGYAML-6056527
402 No Known Exploit
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-SOFTWAREAMAZONION-6153869
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425
402 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426
402 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207
402 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519
402 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520
402 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGELASTICSEARCH-1324572
402 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424
402 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426
402 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-COMSQUAREUPOKIO-5820002
402 Proof of Concept
medium severity Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1061930
402 No Known Exploit
medium severity Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1089258
402 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGELASTICSEARCH-2431020
402 No Known Exploit
medium severity Stack-based Buffer Overflow
SNYK-JAVA-ORGELASTICSEARCH-6038562
402 Mature
medium severity Insertion of Sensitive Information into Log File
SNYK-JAVA-ORGELASTICSEARCH-6125580
402 No Known Exploit
medium severity Uncontrolled Recursion
SNYK-JAVA-ORGELASTICSEARCH-6508260
402 No Known Exploit
medium severity Missing Encryption of Sensitive Data
SNYK-JAVA-ORGELASTICSEARCH-7577201
402 No Known Exploit
medium severity Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3016891
402 Proof of Concept
low severity Information Exposure
SNYK-JAVA-COMMONSCODEC-561518
402 No Known Exploit
low severity Information Exposure
SNYK-JAVA-ORGELASTICSEARCH-1021613
402 No Known Exploit
low severity Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1071900
402 No Known Exploit
low severity Information Exposure
SNYK-JAVA-ORGELASTICSEARCH-1083274
402 No Known Exploit
low severity Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1089259
402 No Known Exploit
low severity Missing Authorization
SNYK-JAVA-ORGELASTICSEARCH-2431238
402 No Known Exploit
low severity Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3016888
402 Proof of Concept
low severity Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3016889
402 No Known Exploit
low severity Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3113851
402 No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"com.amazonaws:aws-java-sdk-core","from":"1.11.965","to":"1.12.769"},{"name":"com.esotericsoftware:kryo","from":"5.0.3","to":"5.6.0"},{"name":"redis.clients:jedis","from":"3.6.0","to":"3.10.0"},{"name":"io.github.resilience4j:resilience4j-ratelimiter","from":"1.7.0","to":"1.7.1"},{"name":"io.kamon:kamon-bundle_2.11","from":"2.5.12","to":"2.7.3"},{"name":"io.kamon:kamon-datadog_2.11","from":"2.0.1","to":"2.7.3"},{"name":"io.kamon:kamon-prometheus_2.11","from":"2.5.12","to":"2.7.3"},{"name":"org.elasticsearch.client:elasticsearch-rest-high-level-client","from":"7.8.1","to":"7.17.23"},{"name":"org.tmatesoft.sqljet:sqljet","from":"1.1.13","to":"1.1.15"},{"name":"org.xerial:sqlite-jdbc","from":"3.15.1","to":"3.46.1.0"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"mature","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","priority_score":619,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGXERIAL-5596891","issue_id":"SNYK-JAVA-ORGXERIAL-5596891","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-2806360","issue_id":"SNYK-JAVA-ORGYAML-2806360","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6039899","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6039899","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6083305","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6083305","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Exceptional Conditions"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-6056527","issue_id":"SNYK-JAVA-ORGYAML-6056527","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-SOFTWAREAMAZONION-6153869","issue_id":"SNYK-JAVA-SOFTWAREAMAZONION-6153869","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","priority_score":402,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1324572","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1324572","priority_score":520,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","priority_score":402,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","priority_score":402,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMSQUAREUPOKIO-5820002","issue_id":"SNYK-JAVA-COMSQUAREUPOKIO-5820002","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1061930","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1061930","priority_score":440,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1089258","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1089258","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-2431020","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-2431020","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGELASTICSEARCH-6038562","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6038562","priority_score":711,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6125580","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6125580","priority_score":474,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.2","score":260},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insertion of Sensitive Information into Log File"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6508260","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6508260","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Recursion"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-7577201","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-7577201","priority_score":559,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Encryption of Sensitive Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGYAML-3016891","issue_id":"SNYK-JAVA-ORGYAML-3016891","priority_score":536,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMMONSCODEC-561518","issue_id":"SNYK-JAVA-COMMONSCODEC-561518","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1021613","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1021613","priority_score":369,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.1","score":155},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1071900","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1071900","priority_score":309,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"1.9","score":95},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1083274","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1083274","priority_score":344,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.6","score":130},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1089259","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1089259","priority_score":344,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.6","score":130},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-2431238","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-2431238","priority_score":369,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.1","score":155},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Missing Authorization"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGYAML-3016888","issue_id":"SNYK-JAVA-ORGYAML-3016888","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-3016889","issue_id":"SNYK-JAVA-ORGYAML-3016889","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-3113851","issue_id":"SNYK-JAVA-ORGYAML-3113851","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"}],"prId":"7487fde6-e70c-4427-833f-0d7ac086001f","prPublicId":"7487fde6-e70c-4427-833f-0d7ac086001f","packageManager":"maven","priorityScoreList":[619,405,405,405,405,405,405,654,589,405,405,512,416,512,416,512,416,512,512,512,405,375,512,405,589,589,589,589,589,416,416,512,402,265,265,520,402,402,616,440,429,449,711,474,429,559,536,399,369,309,344,344,369,506,399,399],"projectPublicId":"6f226390-d845-4198-821b-1ab29d3c180d","projectUrl":"https://app.snyk.io/org/dataroma/project/6f226390-d845-4198-821b-1ab29d3c180d?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","SNYK-JAVA-ORGXERIAL-5596891","SNYK-JAVA-ORGYAML-2806360","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329","SNYK-JAVA-ORGELASTICSEARCH-6039899","SNYK-JAVA-ORGELASTICSEARCH-6083305","SNYK-JAVA-ORGYAML-6056527","SNYK-JAVA-SOFTWAREAMAZONION-6153869","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520","SNYK-JAVA-ORGELASTICSEARCH-1324572","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMSQUAREUPOKIO-5820002","SNYK-JAVA-ORGELASTICSEARCH-1061930","SNYK-JAVA-ORGELASTICSEARCH-1089258","SNYK-JAVA-ORGELASTICSEARCH-2431020","SNYK-JAVA-ORGELASTICSEARCH-6038562","SNYK-JAVA-ORGELASTICSEARCH-6125580","SNYK-JAVA-ORGELASTICSEARCH-6508260","SNYK-JAVA-ORGELASTICSEARCH-7577201","SNYK-JAVA-ORGYAML-3016891","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-ORGELASTICSEARCH-1021613","SNYK-JAVA-ORGELASTICSEARCH-1071900","SNYK-JAVA-ORGELASTICSEARCH-1083274","SNYK-JAVA-ORGELASTICSEARCH-1089259","SNYK-JAVA-ORGELASTICSEARCH-2431238","SNYK-JAVA-ORGYAML-3016888","SNYK-JAVA-ORGYAML-3016889","SNYK-JAVA-ORGYAML-3113851"],"upgradeInfo":{"versionsDiff":837,"publishedDate":"2024-08-15T21:02:07.000Z"},"vulns":["SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","SNYK-JAVA-ORGXERIAL-5596891","SNYK-JAVA-ORGYAML-2806360","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329","SNYK-JAVA-ORGELASTICSEARCH-6039899","SNYK-JAVA-ORGELASTICSEARCH-6083305","SNYK-JAVA-ORGYAML-6056527","SNYK-JAVA-SOFTWAREAMAZONION-6153869","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520","SNYK-JAVA-ORGELASTICSEARCH-1324572","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMSQUAREUPOKIO-5820002","SNYK-JAVA-ORGELASTICSEARCH-1061930","SNYK-JAVA-ORGELASTICSEARCH-1089258","SNYK-JAVA-ORGELASTICSEARCH-2431020","SNYK-JAVA-ORGELASTICSEARCH-6038562","SNYK-JAVA-ORGELASTICSEARCH-6125580","SNYK-JAVA-ORGELASTICSEARCH-6508260","SNYK-JAVA-ORGELASTICSEARCH-7577201","SNYK-JAVA-ORGYAML-3016891","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-ORGELASTICSEARCH-1021613","SNYK-JAVA-ORGELASTICSEARCH-1071900","SNYK-JAVA-ORGELASTICSEARCH-1083274","SNYK-JAVA-ORGELASTICSEARCH-1089259","SNYK-JAVA-ORGELASTICSEARCH-2431238","SNYK-JAVA-ORGYAML-3016888","SNYK-JAVA-ORGYAML-3016889","SNYK-JAVA-ORGYAML-3113851"]}'

Snyk has created this PR to upgrade:
  - com.amazonaws:aws-java-sdk-core from 1.11.965 to 1.12.769.
    See this package in maven: https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-core/
  - com.esotericsoftware:kryo from 5.0.3 to 5.6.0.
    See this package in maven: https://mvnrepository.com/artifact/com.esotericsoftware/kryo/
  - redis.clients:jedis from 3.6.0 to 3.10.0.
    See this package in maven: https://mvnrepository.com/artifact/redis.clients/jedis/
  - io.github.resilience4j:resilience4j-ratelimiter from 1.7.0 to 1.7.1.
    See this package in maven: https://mvnrepository.com/artifact/io.github.resilience4j/resilience4j-ratelimiter/
  - io.kamon:kamon-bundle_2.11 from 2.5.12 to 2.7.3.
    See this package in maven: https://mvnrepository.com/artifact/io.kamon/kamon-bundle_2.11/
  - io.kamon:kamon-datadog_2.11 from 2.0.1 to 2.7.3.
    See this package in maven: https://mvnrepository.com/artifact/io.kamon/kamon-datadog_2.11/
  - io.kamon:kamon-prometheus_2.11 from 2.5.12 to 2.7.3.
    See this package in maven: https://mvnrepository.com/artifact/io.kamon/kamon-prometheus_2.11/
  - org.elasticsearch.client:elasticsearch-rest-high-level-client from 7.8.1 to 7.17.23.
    See this package in maven: https://mvnrepository.com/artifact/org.elasticsearch.client/elasticsearch-rest-high-level-client/
  - org.tmatesoft.sqljet:sqljet from 1.1.13 to 1.1.15.
    See this package in maven: https://mvnrepository.com/artifact/org.tmatesoft.sqljet/sqljet/
  - org.xerial:sqlite-jdbc from 3.15.1 to 3.46.1.0.
    See this package in maven: https://mvnrepository.com/artifact/org.xerial/sqlite-jdbc/

See this project in Snyk:
https://app.snyk.io/org/dataroma/project/6f226390-d845-4198-821b-1ab29d3c180d?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants