search

gate5 / struts-2.3.20

0 stars 0 forks source link

[Snyk] Security upgrade org.apache.tomcat:jasper from 6.0.18 to 6.0.53 #292

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Information Exposure
SNYK-JAVA-ORGAPACHETOMCAT-30826		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHETOMCAT-30828		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHETOMCAT-30829		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Access Restriction Bypass
SNYK-JAVA-ORGAPACHETOMCAT-30830		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
low severity 379/1000
Why? Has a fix available, CVSS 3.3		 Information Exposure
SNYK-JAVA-ORGAPACHETOMCAT-30831		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Input Validation
SNYK-JAVA-ORGAPACHETOMCAT-30832		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 651/1000
Why? Mature exploit, Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCAT-30834		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No Mature
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Access Restriction Bypass
SNYK-JAVA-ORGAPACHETOMCAT-30835		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Improper Authentication
SNYK-JAVA-ORGAPACHETOMCAT-30836		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Cryptographic Issues
SNYK-JAVA-ORGAPACHETOMCAT-30837		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCAT-30838		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Access Restriction Bypass
SNYK-JAVA-ORGAPACHETOMCAT-30839		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Cross-site Request Forgery (CSRF)
SNYK-JAVA-ORGAPACHETOMCAT-30840		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Access Restriction Bypass
SNYK-JAVA-ORGAPACHETOMCAT-30841		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Authentication
SNYK-JAVA-ORGAPACHETOMCAT-30842		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Authentication
SNYK-JAVA-ORGAPACHETOMCAT-30843		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Information Exposure
SNYK-JAVA-ORGAPACHETOMCAT-30845		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Arbitrary File Read
SNYK-JAVA-ORGAPACHETOMCAT-30847		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Arbitrary File Read
SNYK-JAVA-ORGAPACHETOMCAT-30848		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCAT-30849		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Directory Traversal
SNYK-JAVA-ORGAPACHETOMCAT-30850		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Directory Traversal
SNYK-JAVA-ORGAPACHETOMCAT-30851		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Information Exposure
SNYK-JAVA-ORGAPACHETOMCAT-30852		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 Arbitrary Code Execution
SNYK-JAVA-ORGAPACHETOMCAT-30853		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Timing Attack
SNYK-JAVA-ORGAPACHETOMCAT-30854		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Access Restriction Bypass
SNYK-JAVA-ORGAPACHETOMCAT-30855		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Access Control
SNYK-JAVA-ORGAPACHETOMCAT-30873		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Information Exposure
SNYK-JAVA-ORGAPACHETOMCAT-30874		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Arbitrary File Read
SNYK-JAVA-ORGAPACHETOMCAT-30875		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Access Control
SNYK-JAVA-ORGAPACHETOMCAT-30876		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Access Restriction Bypass
SNYK-JAVA-ORGAPACHETOMCAT-30877		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Access Restriction Bypass
SNYK-JAVA-ORGAPACHETOMCAT-30878		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No Proof of Concept
low severity 359/1000
Why? Has a fix available, CVSS 2.9		 Directory Traversal
SNYK-JAVA-ORGAPACHETOMCAT-460328		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
low severity 410/1000
Why? Has a fix available, CVSS 3.7		 Frame injection
SNYK-JAVA-ORGAPACHETOMCAT-467247		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Authentication Bypass
SNYK-JAVA-ORGAPACHETOMCAT-467408		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 424/1000
Why? Has a fix available, CVSS 4.2		 Information Exposure
SNYK-JAVA-ORGAPACHETOMCAT-468852		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Information Exposure
SNYK-JAVA-ORGAPACHETOMCAT-468853		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHETOMCAT-468870		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Directory Traversal
SNYK-JAVA-ORGAPACHETOMCAT-468871		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Information Exposure
SNYK-JAVA-ORGAPACHETOMCAT-471342		 org.apache.tomcat:jasper:
6.0.18 -> 6.0.53
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic