Closed Vismayak closed 1 year ago
Got the following output on running snyk test
Issues to fix by upgrading:
Upgrade org.gretty:gretty-runner-jetty7@3.0.3 to org.gretty:gretty-runner-jetty7@3.0.8 to fix
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.4
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > commons-io:commons-io@2.4 and 1 other path(s)
✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)
Upgrade org.gretty:gretty-runner-tomcat85@3.0.3 to org.gretty:gretty-runner-tomcat85@3.0.5 to fix
✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Session Fixation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-538488] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-557361] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
Upgrade org.gretty:gretty-runner-tomcat9@3.0.3 to org.gretty:gretty-runner-tomcat9@3.0.8 to fix
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat9@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@9.0.34 and 2 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
Upgrade org.gretty:gretty-starter@3.0.3 to org.gretty:gretty-starter@3.1.1 to fix
✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:spring-expression@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217] in org.springframework:spring-expression@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:spring-beans@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
✗ Insufficient Hostname Verification [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923] in ch.qos.logback:logback-core@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.4
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > commons-io:commons-io@2.4 and 1 other path(s)
✗ Improper Output Neutralization for Logs [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097] in org.springframework:spring-core@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
✗ Insecure Temporary File [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287] in org.springframework.boot:spring-boot@2.0.2.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE and 1 other path(s)
✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
✗ Remote Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751] in org.springframework:spring-beans@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-30208] in ch.qos.logback:logback-core@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)
Issues with no direct upgrade or patch:
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
This issue was fixed in versions: 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
This issue was fixed in versions: 8.5.85, 9.0.71, 10.1.5, 11.0.0-M3
✗ Unprotected Transport of Credentials [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
This issue was fixed in versions: 8.5.86, 9.0.72, 10.1.6, 11.0.0-M3
✗ Information Exposure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1035561] in org.bouncycastle:bcprov-jdk15on@1.60
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
This issue was fixed in versions: 1.61
✗ Timing Attack [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1296075] in org.bouncycastle:bcprov-jdk15on@1.60
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
This issue was fixed in versions: 1.66
✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508] in org.bouncycastle:bcprov-jdk15on@1.60
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
This issue was fixed in versions: 1.69
✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1021614] in org.eclipse.jetty:jetty-webapp@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 and 13 other path(s)
This issue was fixed in versions: 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1047304] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
This issue was fixed in versions: 9.4.35.v20201120, 10.0.0.beta3, 11.0.0.beta3
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1080611] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
This issue was fixed in versions: 9.4.37.v20210219, 10.0.1, 11.0.1
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1313686] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
This issue was fixed in versions: 11.0.3, 10.0.3, 9.4.41
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426159] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426160] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1090340] in org.eclipse.jetty:jetty-io@8.1.22.v20160922
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-io@9.2.26.v20180806 and 12 other path(s)
This issue was fixed in versions: 9.4.39.v20210325, 10.0.2, 11.0.2
✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-173763] in org.eclipse.jetty:jetty-server@7.6.21.v20160908
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 2 other path(s)
This issue was fixed in versions: 8.1.0.v20120127
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174560] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
This issue was fixed in versions: 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418
✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-460763] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-480557] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 and 1 other path(s)
This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479] in org.eclipse.jetty:jetty-util@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-plus@9.2.26.v20180806 > org.eclipse.jetty:jetty-jndi@9.2.26.v20180806 > org.eclipse.jetty:jetty-util@9.2.26.v20180806 and 5 other path(s)
This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452] in org.eclipse.jetty:jetty-http@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 > org.eclipse.jetty:jetty-http@7.6.21.v20160908 and 8 other path(s)
This issue was fixed in versions: 9.4.47, 10.0.10, 11.0.10
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426161] in org.eclipse.jetty:jetty-http@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 > org.eclipse.jetty:jetty-http@7.6.21.v20160908 and 8 other path(s)
This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32383] in org.eclipse.jetty:jetty-http@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-http@9.2.26.v20180806 and 1 other path(s)
This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945453] in org.eclipse.jetty:jetty-client@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty.websocket:javax-websocket-server-impl@9.4.24.v20191120 > org.eclipse.jetty.websocket:websocket-server@9.4.24.v20191120 > org.eclipse.jetty.websocket:websocket-client@9.4.24.v20191120 > org.eclipse.jetty:jetty-client@9.4.24.v20191120
This issue was fixed in versions: 9.4.47, 10.0.10, 11.0.10
✗ Timing Attack [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151] in org.eclipse.jetty:jetty-util@8.1.22.v20160922
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 > org.eclipse.jetty:jetty-xml@7.6.21.v20160908 > org.eclipse.jetty:jetty-util@7.6.21.v20160908 and 3 other path(s)
This issue was fixed in versions: 9.2.22.v20170606, 9.3.20.v20170531, 9.4.6.v20170531
✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISH-2841368] in org.glassfish:javax.el@3.0.0
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-jsp@9.2.26.v20180806 > org.glassfish:javax.el@3.0.0 and 1 other path(s)
No upgrade or patch available
On running snyk test --all-sub-projects
got this output
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 175 dependencies for known issues, found 53 issues, 254 vulnerable paths.
Issues to fix by upgrading:
Upgrade org.gretty:gretty-runner-jetty7@3.0.3 to org.gretty:gretty-runner-jetty7@3.0.8 to fix
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.4
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > commons-io:commons-io@2.4 and 1 other path(s)
✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)
Upgrade org.gretty:gretty-runner-tomcat85@3.0.3 to org.gretty:gretty-runner-tomcat85@3.0.5 to fix
✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Session Fixation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-538488] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-557361] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
Upgrade org.gretty:gretty-runner-tomcat9@3.0.3 to org.gretty:gretty-runner-tomcat9@3.0.8 to fix
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat9@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@9.0.34 and 2 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
Upgrade org.gretty:gretty-starter@3.0.3 to org.gretty:gretty-starter@3.1.1 to fix
✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:spring-expression@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217] in org.springframework:spring-expression@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:spring-beans@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
✗ Insufficient Hostname Verification [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923] in ch.qos.logback:logback-core@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.4
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > commons-io:commons-io@2.4 and 1 other path(s)
✗ Improper Output Neutralization for Logs [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097] in org.springframework:spring-core@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
✗ Insecure Temporary File [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287] in org.springframework.boot:spring-boot@2.0.2.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE and 1 other path(s)
✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
✗ Remote Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751] in org.springframework:spring-beans@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-30208] in ch.qos.logback:logback-core@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)
Issues with no direct upgrade or patch:
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
This issue was fixed in versions: 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
This issue was fixed in versions: 8.5.85, 9.0.71, 10.1.5, 11.0.0-M3
✗ Unprotected Transport of Credentials [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
This issue was fixed in versions: 8.5.86, 9.0.72, 10.1.6, 11.0.0-M3
✗ Information Exposure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1035561] in org.bouncycastle:bcprov-jdk15on@1.60
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
This issue was fixed in versions: 1.61
✗ Timing Attack [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1296075] in org.bouncycastle:bcprov-jdk15on@1.60
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
This issue was fixed in versions: 1.66
✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508] in org.bouncycastle:bcprov-jdk15on@1.60
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
This issue was fixed in versions: 1.69
✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1021614] in org.eclipse.jetty:jetty-webapp@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 and 13 other path(s)
This issue was fixed in versions: 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1047304] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
This issue was fixed in versions: 9.4.35.v20201120, 10.0.0.beta3, 11.0.0.beta3
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1080611] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
This issue was fixed in versions: 9.4.37.v20210219, 10.0.1, 11.0.1
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1313686] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
This issue was fixed in versions: 11.0.3, 10.0.3, 9.4.41
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426159] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426160] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1090340] in org.eclipse.jetty:jetty-io@8.1.22.v20160922
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-io@9.2.26.v20180806 and 12 other path(s)
This issue was fixed in versions: 9.4.39.v20210325, 10.0.2, 11.0.2
✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-173763] in org.eclipse.jetty:jetty-server@7.6.21.v20160908
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 2 other path(s)
This issue was fixed in versions: 8.1.0.v20120127
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174560] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
This issue was fixed in versions: 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418
✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-460763] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-480557] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 and 1 other path(s)
This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479] in org.eclipse.jetty:jetty-util@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-plus@9.2.26.v20180806 > org.eclipse.jetty:jetty-jndi@9.2.26.v20180806 > org.eclipse.jetty:jetty-util@9.2.26.v20180806 and 5 other path(s)
This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452] in org.eclipse.jetty:jetty-http@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 > org.eclipse.jetty:jetty-http@7.6.21.v20160908 and 8 other path(s)
This issue was fixed in versions: 9.4.47, 10.0.10, 11.0.10
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426161] in org.eclipse.jetty:jetty-http@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 > org.eclipse.jetty:jetty-http@7.6.21.v20160908 and 8 other path(s)
This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32383] in org.eclipse.jetty:jetty-http@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-http@9.2.26.v20180806 and 1 other path(s)
This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945453] in org.eclipse.jetty:jetty-client@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty.websocket:javax-websocket-server-impl@9.4.24.v20191120 > org.eclipse.jetty.websocket:websocket-server@9.4.24.v20191120 > org.eclipse.jetty.websocket:websocket-client@9.4.24.v20191120 > org.eclipse.jetty:jetty-client@9.4.24.v20191120
This issue was fixed in versions: 9.4.47, 10.0.10, 11.0.10
✗ Timing Attack [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151] in org.eclipse.jetty:jetty-util@8.1.22.v20160922
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 > org.eclipse.jetty:jetty-xml@7.6.21.v20160908 > org.eclipse.jetty:jetty-util@7.6.21.v20160908 and 3 other path(s)
This issue was fixed in versions: 9.2.22.v20170606, 9.3.20.v20170531, 9.4.6.v20170531
✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISH-2841368] in org.glassfish:javax.el@3.0.0
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-jsp@9.2.26.v20180806 > org.glassfish:javax.el@3.0.0 and 1 other path(s)
No upgrade or patch available
Organization: vismayakfb
Package manager: gradle
Target file: build.gradle
Project name: server
Open source: no
Project path: /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses: enabled
-------------------------------------------------------
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 394 dependencies for known issues, found 97 issues, 389 vulnerable paths.
Issues to fix by upgrading:
Upgrade com.fasterxml.jackson.dataformat:jackson-dataformat-csv@2.4.0 to com.fasterxml.jackson.dataformat:jackson-dataformat-csv@2.13.5 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
Upgrade com.github.lookfirst:sardine@5.1 to com.github.lookfirst:sardine@5.3 to fix
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518] in commons-codec:commons-codec@1.10
introduced by com.github.lookfirst:sardine@5.1 > commons-codec:commons-codec@1.10 and 2 other path(s)
Upgrade com.google.code.gson:gson@2.2.4 to com.google.code.gson:gson@2.8.9 to fix
✗ Deserialization of Untrusted Data [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327] in com.google.code.gson:gson@2.2.4
introduced by com.google.code.gson:gson@2.2.4
Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)
Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
Upgrade org.apache.httpcomponents:httpmime@4.5.5 to org.apache.httpcomponents:httpmime@4.5.13 to fix
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058] in org.apache.httpcomponents:httpclient@4.5.5
introduced by com.github.lookfirst:sardine@5.1 > org.apache.httpcomponents:httpclient@4.5.5 and 1 other path(s)
Upgrade org.eclipse.jetty:jetty-client@11.0.2 to org.eclipse.jetty:jetty-client@11.0.14 to fix
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426161] in org.eclipse.jetty:jetty-http@11.0.2
introduced by org.eclipse.jetty:jetty-client@11.0.2 > org.eclipse.jetty:jetty-http@11.0.2 and 9 other path(s)
✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452] in org.eclipse.jetty:jetty-http@11.0.2
introduced by org.eclipse.jetty:jetty-client@11.0.2 > org.eclipse.jetty:jetty-http@11.0.2 and 9 other path(s)
✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945453] in org.eclipse.jetty:jetty-client@11.0.2
introduced by org.eclipse.jetty:jetty-client@11.0.2 and 1 other path(s)
✗ Improper Resource Shutdown or Release [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945459] in org.eclipse.jetty:jetty-io@11.0.2
introduced by org.eclipse.jetty:jetty-client@11.0.2 > org.eclipse.jetty:jetty-io@11.0.2 and 2 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.gretty:gretty-runner-jetty7@3.0.3 to org.gretty:gretty-runner-jetty7@3.0.8 to fix
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 6 other path(s)
✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)
Upgrade org.gretty:gretty-runner-tomcat85@3.0.3 to org.gretty:gretty-runner-tomcat85@3.0.5 to fix
✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Session Fixation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-538488] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-557361] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
Upgrade org.gretty:gretty-runner-tomcat9@3.0.3 to org.gretty:gretty-runner-tomcat9@3.0.8 to fix
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat9@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@9.0.34 and 2 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
Upgrade org.gretty:gretty-starter@3.0.3 to org.gretty:gretty-starter@3.1.1 to fix
✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:spring-expression@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217] in org.springframework:spring-expression@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:spring-beans@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
✗ Insufficient Hostname Verification [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923] in ch.qos.logback:logback-core@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 6 other path(s)
✗ Improper Output Neutralization for Logs [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097] in org.springframework:spring-core@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
✗ Insecure Temporary File [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287] in org.springframework.boot:spring-boot@2.0.2.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE and 1 other path(s)
✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
✗ Remote Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751] in org.springframework:spring-beans@5.0.6.RELEASE
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-30208] in ch.qos.logback:logback-core@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)
Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
Upgrade org.jsoup:jsoup@1.10.2 to org.jsoup:jsoup@1.15.3 to fix
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSOUP-2989728] in org.jsoup:jsoup@1.10.2
introduced by org.jsoup:jsoup@1.10.2
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSOUP-1567345] in org.jsoup:jsoup@1.10.2
introduced by org.jsoup:jsoup@1.10.2
Issues with no direct upgrade or patch:
✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
This issue was fixed in versions: 30.0-android, 30.0-jre
✗ Improper Certificate Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSHTTPCLIENT-30083] in commons-httpclient:commons-httpclient@3.1
introduced by it.geosolutions:geoserver-manager@1.7.0 > commons-httpclient:commons-httpclient@3.1
This issue was fixed in versions: 3.1-jenkins-3
✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSHTTPCLIENT-31660] in commons-httpclient:commons-httpclient@3.1
introduced by it.geosolutions:geoserver-manager@1.7.0 > commons-httpclient:commons-httpclient@3.1
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
This issue was fixed in versions: 1.10.0
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
This issue was fixed in versions: 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
This issue was fixed in versions: 8.5.85, 9.0.71, 10.1.5, 11.0.0-M3
✗ Unprotected Transport of Credentials [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
This issue was fixed in versions: 8.5.86, 9.0.72, 10.1.6, 11.0.0-M3
✗ Information Exposure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1035561] in org.bouncycastle:bcprov-jdk15on@1.60
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
This issue was fixed in versions: 1.61
✗ Timing Attack [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1296075] in org.bouncycastle:bcprov-jdk15on@1.60
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
This issue was fixed in versions: 1.66
✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508] in org.bouncycastle:bcprov-jdk15on@1.60
introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
This issue was fixed in versions: 1.69
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.0.3, 2.1.1
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.1.3, 2.0.3
✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1021614] in org.eclipse.jetty:jetty-webapp@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 and 13 other path(s)
This issue was fixed in versions: 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3
✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1047304] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
This issue was fixed in versions: 9.4.35.v20201120, 10.0.0.beta3, 11.0.0.beta3
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1080611] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
This issue was fixed in versions: 9.4.37.v20210219, 10.0.1, 11.0.1
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1313686] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
This issue was fixed in versions: 11.0.3, 10.0.3, 9.4.41
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426159] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426160] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1090340] in org.eclipse.jetty:jetty-io@8.1.22.v20160922
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-io@9.2.26.v20180806 and 12 other path(s)
This issue was fixed in versions: 9.4.39.v20210325, 10.0.2, 11.0.2
✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-173763] in org.eclipse.jetty:jetty-server@7.6.21.v20160908
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 2 other path(s)
This issue was fixed in versions: 8.1.0.v20120127
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174560] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
This issue was fixed in versions: 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418
✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-460763] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-480557] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 and 1 other path(s)
This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479] in org.eclipse.jetty:jetty-util@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-plus@9.2.26.v20180806 > org.eclipse.jetty:jetty-jndi@9.2.26.v20180806 > org.eclipse.jetty:jetty-util@9.2.26.v20180806 and 5 other path(s)
This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32383] in org.eclipse.jetty:jetty-http@9.2.26.v20180806
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-http@9.2.26.v20180806 and 1 other path(s)
This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
✗ Timing Attack [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151] in org.eclipse.jetty:jetty-util@8.1.22.v20160922
introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 > org.eclipse.jetty:jetty-xml@7.6.21.v20160908 > org.eclipse.jetty:jetty-util@7.6.21.v20160908 and 3 other path(s)
This issue was fixed in versions: 9.2.22.v20170606, 9.3.20.v20170531, 9.4.6.v20170531
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
introduced by org.geotools:gt-main@24.1 and 15 other path(s)
No upgrade or patch available
✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISH-2841368] in org.glassfish:javax.el@3.0.0
introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-jsp@9.2.26.v20180806 > org.glassfish:javax.el@3.0.0 and 1 other path(s)
No upgrade or patch available
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
This issue was fixed in versions: 2.7.1
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJDOM-1311147] in org.jdom:jdom@1.1
introduced by it.geosolutions:geoserver-manager@1.7.0 > jdom:jdom@1.1 > org.jdom:jdom@1.1
No upgrade or patch available
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
This issue was fixed in versions: 3.41.2.2
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 2.0
Organization: vismayakfb
Package manager: gradle
Target file: build.gradle
Project name: server/data-service
Open source: no
Project path: /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses: enabled
-------------------------------------------------------
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 202 dependencies for known issues, found 36 issues, 111 vulnerable paths.
Issues to fix by upgrading:
Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)
Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
Issues with no direct upgrade or patch:
✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
This issue was fixed in versions: 30.0-android, 30.0-jre
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
This issue was fixed in versions: 2.7
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
This issue was fixed in versions: 1.10.0
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.0.3, 2.1.1
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.1.3, 2.0.3
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
introduced by org.geotools:gt-main@24.1 and 15 other path(s)
No upgrade or patch available
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
This issue was fixed in versions: 2.7.1
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
This issue was fixed in versions: 3.41.2.2
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 2.0
Organization: vismayakfb
Package manager: gradle
Target file: build.gradle
Project name: server/dfr3-service
Open source: no
Project path: /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses: enabled
-------------------------------------------------------
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 210 dependencies for known issues, found 38 issues, 114 vulnerable paths.
Issues to fix by upgrading:
Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)
Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
Upgrade org.apache.httpcomponents:httpclient@4.5.5 to org.apache.httpcomponents:httpclient@4.5.13 to fix
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058] in org.apache.httpcomponents:httpclient@4.5.5
introduced by org.apache.httpcomponents:httpclient@4.5.5 and 1 other path(s)
Upgrade org.apache.httpcomponents:httpmime@4.5.5 to org.apache.httpcomponents:httpmime@4.5.13 to fix
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058] in org.apache.httpcomponents:httpclient@4.5.5
introduced by org.apache.httpcomponents:httpclient@4.5.5 and 1 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
Issues with no direct upgrade or patch:
✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
This issue was fixed in versions: 30.0-android, 30.0-jre
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518] in commons-codec:commons-codec@1.10
introduced by org.apache.httpcomponents:httpclient@4.5.5 > commons-codec:commons-codec@1.10
This issue was fixed in versions: 1.13
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
This issue was fixed in versions: 2.7
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
This issue was fixed in versions: 1.10.0
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.0.3, 2.1.1
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.1.3, 2.0.3
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
introduced by org.geotools:gt-main@24.1 and 15 other path(s)
No upgrade or patch available
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
This issue was fixed in versions: 2.7.1
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
This issue was fixed in versions: 3.41.2.2
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 2.0
Organization: vismayakfb
Package manager: gradle
Target file: build.gradle
Project name: server/hazard-service
Open source: no
Project path: /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses: enabled
-------------------------------------------------------
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 74 dependencies for known issues, found 26 issues, 59 vulnerable paths.
Issues to fix by upgrading:
Upgrade com.fasterxml.jackson.core:jackson-databind@2.10.5 to com.fasterxml.jackson.core:jackson-databind@2.12.7.1 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)
Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@20.0
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@20.0 and 2 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Deserialization of Untrusted Data [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236] in com.google.guava:guava@20.0
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@20.0 and 2 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
Upgrade junit:junit@4.12 to junit:junit@4.13.1 to fix
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
introduced by junit:junit@4.12 and 1 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)
Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)
Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)
Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
introduced by org.json:json@20171018
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
introduced by org.json:json@20171018
Issues with no direct upgrade or patch:
✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 2.0
Organization: vismayakfb
Package manager: gradle
Target file: build.gradle
Project name: server/incore-common
Open source: no
Project path: /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses: enabled
-------------------------------------------------------
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 202 dependencies for known issues, found 36 issues, 111 vulnerable paths.
Issues to fix by upgrading:
Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)
Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
Issues with no direct upgrade or patch:
✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
This issue was fixed in versions: 30.0-android, 30.0-jre
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
This issue was fixed in versions: 2.7
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
This issue was fixed in versions: 1.10.0
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.0.3, 2.1.1
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.1.3, 2.0.3
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
introduced by org.geotools:gt-main@24.1 and 15 other path(s)
No upgrade or patch available
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
This issue was fixed in versions: 2.7.1
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
This issue was fixed in versions: 3.41.2.2
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 2.0
Organization: vismayakfb
Package manager: gradle
Target file: build.gradle
Project name: server/maestro-service
Open source: no
Project path: /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses: enabled
-------------------------------------------------------
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 37 dependencies for known issues, found 86 issues, 86 vulnerable paths.
Issues to fix by upgrading:
Upgrade com.fasterxml.jackson.core:jackson-databind@2.9.0 to com.fasterxml.jackson.core:jackson-databind@2.12.7.1 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72446] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044] in com.fasterxml.jackson.core:jackson-databind@2.9.0
introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
Upgrade com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 to com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.15.0 to fix
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
Upgrade commons-io:commons-io@2.5 to commons-io:commons-io@2.7 to fix
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.5
introduced by commons-io:commons-io@2.5
Upgrade org.apache.jena:jena-core@3.1.1 to org.apache.jena:jena-core@4.2.0 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-30183] in xerces:xercesImpl@2.11.0
introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-608891] in xerces:xercesImpl@2.11.0
introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEJENA-1586035] in org.apache.jena:jena-core@3.1.1
introduced by org.apache.jena:jena-core@3.1.1
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEJENA-2808937] in org.apache.jena:jena-core@3.1.1
introduced by org.apache.jena:jena-core@3.1.1
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-2359991] in xerces:xercesImpl@2.11.0
introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-31585] in xerces:xercesImpl@2.11.0
introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
introduced by org.json:json@20171018
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
introduced by org.json:json@20171018
Issues with no direct upgrade or patch:
✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
Organization: vismayakfb
Package manager: gradle
Target file: build.gradle
Project name: server/semantic-core
Open source: no
Project path: /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses: enabled
-------------------------------------------------------
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 216 dependencies for known issues, found 42 issues, 133 vulnerable paths.
Issues to fix by upgrading:
Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)
Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.8 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
Upgrade org.apache.jena:jena-core@3.1.1 to org.apache.jena:jena-core@4.2.0 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-30183] in xerces:xercesImpl@2.11.0
introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-608891] in xerces:xercesImpl@2.11.0
introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEJENA-1586035] in org.apache.jena:jena-core@3.1.1
introduced by org.apache.jena:jena-core@3.1.1 and 1 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEJENA-2808937] in org.apache.jena:jena-core@3.1.1
introduced by org.apache.jena:jena-core@3.1.1 and 1 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-2359991] in xerces:xercesImpl@2.11.0
introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-31585] in xerces:xercesImpl@2.11.0
introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
introduced by org.json:json@20171018 and 3 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
introduced by org.json:json@20171018 and 3 other path(s)
Issues with no direct upgrade or patch:
✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
This issue was fixed in versions: 30.0-android, 30.0-jre
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
This issue was fixed in versions: 2.7
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
This issue was fixed in versions: 1.10.0
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.0.3, 2.1.1
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.1.3, 2.0.3
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
introduced by org.geotools:gt-main@24.1 and 15 other path(s)
No upgrade or patch available
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
This issue was fixed in versions: 2.7.1
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
This issue was fixed in versions: 3.41.2.2
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 1.31
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 1.32
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 1.31
✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 1.31
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 1.32
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 2.0
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 1.26
Organization: vismayakfb
Package manager: gradle
Target file: build.gradle
Project name: server/semantics-service
Open source: no
Project path: /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses: enabled
-------------------------------------------------------
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 202 dependencies for known issues, found 36 issues, 111 vulnerable paths.
Issues to fix by upgrading:
Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)
Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
introduced by org.json:json@20171018 and 2 other path(s)
Issues with no direct upgrade or patch:
✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
This issue was fixed in versions: 30.0-android, 30.0-jre
✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
This issue was fixed in versions: 2.7
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
No upgrade or patch available
✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
No upgrade or patch available
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
This issue was fixed in versions: 1.10.0
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.0.3, 2.1.1
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
This issue was fixed in versions: 2.1.3, 2.0.3
✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
introduced by org.geotools:gt-main@24.1 and 15 other path(s)
No upgrade or patch available
✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
This issue was fixed in versions: 2.7.1
✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
This issue was fixed in versions: 3.41.2.2
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
This issue was fixed in versions: 2.0
Organization: vismayakfb
Package manager: gradle
Target file: build.gradle
Project name: server/space-service
Open source: no
Project path: /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses: enabled
-------------------------------------------------------
Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...
Tested 19 dependencies for known issues, found 11 issues, 11 vulnerable paths.
Issues to fix by upgrading:
Upgrade org.dom4j:dom4j@2.0.0 to org.dom4j:dom4j@2.0.3 to fix
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
introduced by org.dom4j:dom4j@2.0.0
✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
introduced by org.dom4j:dom4j@2.0.0
Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
introduced by org.json:json@20171018
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
introduced by org.json:json@20171018
Issues with no direct upgrade or patch:
✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
introduced by log4j:log4j@1.2.17.norce
No upgrade or patch available
Use a java dependency vulnerability scanner