search

cisagov / log4j-scanner

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
1.28k stars 215 forks source link

[Snyk] Upgrade org.eclipse.jetty:jetty-plus from 9.4.8.v20171121 to 9.4.44.v20210927 #31

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade org.eclipse.jetty:jetty-plus from 9.4.8.v20171121 to 9.4.44.v20210927.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Web Cache Poisoning
SNYK-JAVA-ORGECLIPSEJETTY-32383		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Denial of Service (DoS)
SNYK-JAVA-ORGECLIPSEJETTY-1090340		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Web Cache Poisoning
SNYK-JAVA-ORGECLIPSEJETTY-460763		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Session Hijacking
SNYK-JAVA-ORGECLIPSEJETTY-32381		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Privilege Escalation
SNYK-JAVA-ORGECLIPSEJETTY-1021614		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Information Exposure
SNYK-JAVA-ORGECLIPSEJETTY-461008		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JAVA-ORGECLIPSEJETTY-461009		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Authorization Bypass
SNYK-JAVA-ORGECLIPSEJETTY-32385		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JAVA-ORGECLIPSEJETTY-174560		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Denial of Service (DoS)
SNYK-JAVA-ORGECLIPSEJETTY-1080611		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
HTTP Request Smuggling
SNYK-JAVA-ORGECLIPSEJETTY-1047304		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JAVA-ORGECLIPSEJETTY-1313686		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs