Snyk listed two critical vulnerabilities in cbioportal 6.0.5:
org.redisson:redisson Deserialization of Untrusted Data
com.fasterxml.woodstox:woodstox-core XML External Entity (XXE) Injection
Issue 1 can be fixed by updating org.redisson:redisson@3.12.2 to org.redisson:redisson@3.22.0
Issue 2 can be fixed by updatin com.fasterxml.woodstox:woodstox-core@5.0.3 to com.fasterxml.woodstox:woodstox-core@5.3.0
Snyk listed two critical vulnerabilities in cbioportal 6.0.5:
Issue 1 can be fixed by updating
org.redisson:redisson@3.12.2toorg.redisson:redisson@3.22.0Issue 2 can be fixed by updatincom.fasterxml.woodstox:woodstox-core@5.0.3tocom.fasterxml.woodstox:woodstox-core@5.3.0