deserialize icon indicating copy to clipboard operation
deserialize copied to clipboard
verified publisher icon eoftedal

[Snyk] Upgrade org.springframework:spring-core from 4.0.0.RELEASE to 4.3.30.RELEASE

Open eoftedal opened this issue 1 year ago • 0 comments

snyk-top-banner

Snyk has created this PR to upgrade org.springframework:spring-core from 4.0.0.RELEASE to 4.3.30.RELEASE.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 60 versions ahead of your current version.

  • The recommended version was released on 4 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-30159		 654 No Known Exploit
high severity Improper Input Validation
SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832		 654 No Known Exploit
high severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-30163		 654 No Known Exploit
high severity Reflected File Download
SNYK-JAVA-ORGSPRINGFRAMEWORK-30165		 654 No Known Exploit
high severity Authentication Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORK-536316		 654 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-31328		 654 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-30167		 654 No Known Exploit
medium severity Directory Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-31325		 654 No Known Exploit
medium severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-30160		 654 No Known Exploit
medium severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-30158		 654 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-30164		 654 No Known Exploit
medium severity Cross-site Request Forgery (CSRF)
SNYK-JAVA-ORGSPRINGFRAMEWORK-31331		 654 No Known Exploit
medium severity Directory Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-30169		 654 No Known Exploit
medium severity Directory Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-32202		 654 Proof of Concept

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.springframework:spring-core","from":"4.0.0.RELEASE","to":"4.3.30.RELEASE"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30159","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30159","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","priority_score":644,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Reflected File Download"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-536316","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-536316","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Authentication Bypass"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31328","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31328","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30167","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30167","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Directory Traversal"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30160","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30160","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30158","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30158","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30169","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30169","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Directory Traversal"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-32202","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-32202","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Directory Traversal"}],"prId":"9da467ba-504b-4755-92fb-640a04e44b71","prPublicId":"9da467ba-504b-4755-92fb-640a04e44b71","packageManager":"maven","priorityScoreList":[654,644,654,644,589,489,429,479,529,529,489,529,479,616],"projectPublicId":"13c08cb8-bfda-431d-af1d-8fd8974e912b","projectUrl":"https://app.snyk.io/org/eoftedal/project/13c08cb8-bfda-431d-af1d-8fd8974e912b?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-ORGSPRINGFRAMEWORK-30159","SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","SNYK-JAVA-ORGSPRINGFRAMEWORK-536316","SNYK-JAVA-ORGSPRINGFRAMEWORK-31328","SNYK-JAVA-ORGSPRINGFRAMEWORK-30167","SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","SNYK-JAVA-ORGSPRINGFRAMEWORK-30160","SNYK-JAVA-ORGSPRINGFRAMEWORK-30158","SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","SNYK-JAVA-ORGSPRINGFRAMEWORK-30169","SNYK-JAVA-ORGSPRINGFRAMEWORK-32202"],"upgradeInfo":{"versionsDiff":60,"publishedDate":"2020-12-09T08:59:32.000Z"},"vulns":["SNYK-JAVA-ORGSPRINGFRAMEWORK-30159","SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832","SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","SNYK-JAVA-ORGSPRINGFRAMEWORK-536316","SNYK-JAVA-ORGSPRINGFRAMEWORK-31328","SNYK-JAVA-ORGSPRINGFRAMEWORK-30167","SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","SNYK-JAVA-ORGSPRINGFRAMEWORK-30160","SNYK-JAVA-ORGSPRINGFRAMEWORK-30158","SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","SNYK-JAVA-ORGSPRINGFRAMEWORK-31331","SNYK-JAVA-ORGSPRINGFRAMEWORK-30169","SNYK-JAVA-ORGSPRINGFRAMEWORK-32202"]}'

eoftedal avatar Aug 25 '24 08:08 eoftedal