search

coti-io / coti-node

COTI is the first DAG based chain protocol that's optimized for Enterprises and Stable-coins.
https://coti.io
GNU General Public License v3.0
188 stars 23 forks source link

[Snyk] Upgrade org.elasticsearch:elasticsearch from 7.1.1 to 7.17.9 #73

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to upgrade org.elasticsearch:elasticsearch from 7.1.1 to 7.17.9.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Privilege Escalation
SNYK-JAVA-ORGELASTICSEARCH-564117		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Privilege Escalation
SNYK-JAVA-ORGELASTICSEARCH-571299		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Denial of Service (DoS)
SNYK-JAVA-ORGELASTICSEARCH-1324572		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1089258		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Cross-site Scripting (XSS)
SNYK-JAVA-ORGELASTICSEARCH-2431020		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Race Condition
SNYK-JAVA-ORGELASTICSEARCH-460545		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1089259		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Information Exposure
SNYK-JAVA-ORGELASTICSEARCH-1021613		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1071900		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Missing Authorization
SNYK-JAVA-ORGELASTICSEARCH-2431238		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit
Information Exposure
SNYK-JAVA-ORGELASTICSEARCH-474622		 590/1000
Why? Has a fix available, CVSS 8.8		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

gmesika-coti commented 1 year ago

handled by Checkmarx dependencies fix and upgrades