[Snyk] Fix for 45 vulnerabilities

[gate5]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - pom.xml - plugins/testng/pom.xml #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-COMMONSFILEUPLOAD-30082](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082) | | No | No Known Exploit  | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Arbitrary Code Execution
[SNYK-JAVA-COMMONSFILEUPLOAD-30401](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30401) | | No | No Known Exploit  | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | Information Exposure
[SNYK-JAVA-COMMONSFILEUPLOAD-31540](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-31540) | | No | No Known Exploit  | **651/1000**
**Why?** Mature exploit, Has a fix available, CVSS 5.3 | Directory Traversal
[SNYK-JAVA-COMMONSIO-1277109](https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109) | | Yes | Mature  | **466/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 2.9 | Information Exposure
[SNYK-JAVA-JUNIT-1017047](https://snyk.io/vuln/SNYK-JAVA-JUNIT-1017047) | `org.testng:testng:`
`5.1 -> 7.0.0`
| Yes | Proof of Concept  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Denial of Service (DoS)
[SNYK-JAVA-OGNL-30474](https://snyk.io/vuln/SNYK-JAVA-OGNL-30474) | | No | No Known Exploit  | **919/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Remote Code Execution (RCE)
[SNYK-JAVA-ORGAPACHESTRUTS-1049003](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-1049003) | | No | Mature  | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
[SNYK-JAVA-ORGAPACHESTRUTS-2635340](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-2635340) | | No | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Manipulation of Struts' internals
[SNYK-JAVA-ORGAPACHESTRUTS-30060](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30060) | | No | No Known Exploit  | **929/1000**
**Why?** Mature exploit, Has a fix available, CVSS 10 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-30207](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30207) | | No | Mature  | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Command Injection
[SNYK-JAVA-ORGAPACHESTRUTS-30770](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30770) | | No | Mature  | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-30771](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30771) | | No | No Known Exploit  | **919/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Arbitrary Command Execution
[SNYK-JAVA-ORGAPACHESTRUTS-30772](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30772) | | No | Mature  | **519/1000**
**Why?** Has a fix available, CVSS 6.1 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHESTRUTS-30773](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30773) | | No | No Known Exploit  | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Cross-site Request Forgery (CSRF)
[SNYK-JAVA-ORGAPACHESTRUTS-30774](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30774) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHESTRUTS-30775](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30775) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHESTRUTS-30776](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30776) | | No | No Known Exploit  | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Directory Traversal
[SNYK-JAVA-ORGAPACHESTRUTS-30778](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30778) | | No | No Known Exploit  | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Arbitrary Command Execution
[SNYK-JAVA-ORGAPACHESTRUTS-31495](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31495) | | No | Mature  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-31500](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31500) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-31501](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31501) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-31502](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31502) | | No | No Known Exploit  | **876/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-31503](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31503) | | No | Mature  | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Remote Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-32477](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-32477) | | No | Mature  | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Improper Action Name Cleanup
[SNYK-JAVA-ORGAPACHESTRUTS-451610](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-451610) | | No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JAVA-ORGAPACHESTRUTS-460223](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-460223) | | No | No Known Exploit  | **876/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Remote Code Execution (RCE)
[SNYK-JAVA-ORGAPACHESTRUTS-608097](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608097) | | No | Mature  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-608098](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608098) | | No | Proof of Concept  | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Unrestricted Upload of File with Dangerous Type
[SNYK-JAVA-ORGAPACHESTRUTS-609765](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-609765) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Parameter Alteration
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798) | | No | No Known Exploit  | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Improper Input Validation
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799) | | No | No Known Exploit  | **519/1000**
**Why?** Has a fix available, CVSS 6.1 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800) | | No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802) | | No | No Known Exploit  | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803) | | No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804) | | No | No Known Exploit  | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Command Injection
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611) | | No | Mature  | **579/1000**
**Why?** Has a fix available, CVSS 7.3 | Insecure Defaults
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418) | | No | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Server-side Template Injection (SSTI)
[SNYK-JAVA-ORGFREEMARKER-1076795](https://snyk.io/vuln/SNYK-JAVA-ORGFREEMARKER-1076795) | | No | Proof of Concept  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Improper Output Neutralization for Logs
[SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097](https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097) | `org.springframework:spring-core:`
`3.0.5.RELEASE -> 5.2.19.RELEASE`
| Yes | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Improper Input Validation
[SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878](https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878) | `org.springframework:spring-core:`
`3.0.5.RELEASE -> 5.2.19.RELEASE`
| Yes | No Known Exploit  | **579/1000**
**Why?** Has a fix available, CVSS 7.3 | Expression Language Injection
[SNYK-JAVA-ORGSPRINGFRAMEWORK-30157](https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30157) | `org.springframework:spring-core:`
`3.0.5.RELEASE -> 5.2.19.RELEASE`
| No | No Known Exploit  | **529/1000**
**Why?** Has a fix available, CVSS 6.3 | Access Restriction Bypass
[SNYK-JAVA-ORGSPRINGFRAMEWORK-31324](https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31324) | `org.springframework:spring-core:`
`3.0.5.RELEASE -> 5.2.19.RELEASE`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Directory Traversal
[SNYK-JAVA-ORGSPRINGFRAMEWORK-31325](https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31325) | `org.springframework:spring-core:`
`3.0.5.RELEASE -> 5.2.19.RELEASE`
| No | No Known Exploit  | **494/1000**
**Why?** Has a fix available, CVSS 5.6 | Unsafe Dependency Resolution
[SNYK-JAVA-ORGTESTNG-174823](https://snyk.io/vuln/SNYK-JAVA-ORGTESTNG-174823) | `org.testng:testng:`
`5.1 -> 7.0.0`
| Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised. #### Vulnerabilities that could not be fixed - Upgrade: - Could not upgrade `org.apache.struts:struts2-core@2.3.20` to `org.apache.struts:struts2-core@6.0.0`; Reason `could not apply upgrade, dependency is managed externally` ; Location: `provenance does not contain location` Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/din.shap/project/ef8120ef-40cf-4860-a9e0-0ff61b6e3ed8?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/din.shap/project/ef8120ef-40cf-4860-a9e0-0ff61b6e3ed8?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"3319197e-0a30-41d5-be76-0b0f2c9a8726","prPublicId":"3319197e-0a30-41d5-be76-0b0f2c9a8726","dependencies":[{"name":"org.apache.struts:struts2-core","from":"2.3.20","to":"6.0.0"},{"name":"org.springframework:spring-core","from":"3.0.5.RELEASE","to":"5.2.19.RELEASE"},{"name":"org.testng:testng","from":"5.1","to":"7.0.0"}],"packageManager":"maven","projectPublicId":"ef8120ef-40cf-4860-a9e0-0ff61b6e3ed8","projectUrl":"https://app.snyk.io/org/din.shap/project/ef8120ef-40cf-4860-a9e0-0ff61b6e3ed8?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-ORGTESTNG-174823","SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","SNYK-JAVA-ORGSPRINGFRAMEWORK-31324","SNYK-JAVA-ORGSPRINGFRAMEWORK-30157","SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","SNYK-JAVA-ORGFREEMARKER-1076795","SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","SNYK-JAVA-ORGAPACHESTRUTS-609765","SNYK-JAVA-ORGAPACHESTRUTS-608098","SNYK-JAVA-ORGAPACHESTRUTS-608097","SNYK-JAVA-ORGAPACHESTRUTS-460223","SNYK-JAVA-ORGAPACHESTRUTS-451610","SNYK-JAVA-ORGAPACHESTRUTS-32477","SNYK-JAVA-ORGAPACHESTRUTS-31503","SNYK-JAVA-ORGAPACHESTRUTS-31502","SNYK-JAVA-ORGAPACHESTRUTS-31501","SNYK-JAVA-ORGAPACHESTRUTS-31500","SNYK-JAVA-ORGAPACHESTRUTS-31495","SNYK-JAVA-ORGAPACHESTRUTS-30778","SNYK-JAVA-ORGAPACHESTRUTS-30776","SNYK-JAVA-ORGAPACHESTRUTS-30775","SNYK-JAVA-ORGAPACHESTRUTS-30774","SNYK-JAVA-ORGAPACHESTRUTS-30773","SNYK-JAVA-ORGAPACHESTRUTS-30772","SNYK-JAVA-ORGAPACHESTRUTS-30771","SNYK-JAVA-ORGAPACHESTRUTS-30770","SNYK-JAVA-ORGAPACHESTRUTS-30207","SNYK-JAVA-ORGAPACHESTRUTS-30060","SNYK-JAVA-ORGAPACHESTRUTS-2635340","SNYK-JAVA-ORGAPACHESTRUTS-1049003","SNYK-JAVA-OGNL-30474","SNYK-JAVA-JUNIT-1017047","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-COMMONSFILEUPLOAD-31540","SNYK-JAVA-COMMONSFILEUPLOAD-30401","SNYK-JAVA-COMMONSFILEUPLOAD-30082"],"upgrade":["SNYK-JAVA-COMMONSFILEUPLOAD-30082","SNYK-JAVA-COMMONSFILEUPLOAD-30401","SNYK-JAVA-COMMONSFILEUPLOAD-31540","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-JUNIT-1017047","SNYK-JAVA-OGNL-30474","SNYK-JAVA-ORGAPACHESTRUTS-1049003","SNYK-JAVA-ORGAPACHESTRUTS-2635340","SNYK-JAVA-ORGAPACHESTRUTS-30060","SNYK-JAVA-ORGAPACHESTRUTS-30207","SNYK-JAVA-ORGAPACHESTRUTS-30770","SNYK-JAVA-ORGAPACHESTRUTS-30771","SNYK-JAVA-ORGAPACHESTRUTS-30772","SNYK-JAVA-ORGAPACHESTRUTS-30773","SNYK-JAVA-ORGAPACHESTRUTS-30774","SNYK-JAVA-ORGAPACHESTRUTS-30775","SNYK-JAVA-ORGAPACHESTRUTS-30776","SNYK-JAVA-ORGAPACHESTRUTS-30778","SNYK-JAVA-ORGAPACHESTRUTS-31495","SNYK-JAVA-ORGAPACHESTRUTS-31500","SNYK-JAVA-ORGAPACHESTRUTS-31501","SNYK-JAVA-ORGAPACHESTRUTS-31502","SNYK-JAVA-ORGAPACHESTRUTS-31503","SNYK-JAVA-ORGAPACHESTRUTS-32477","SNYK-JAVA-ORGAPACHESTRUTS-451610","SNYK-JAVA-ORGAPACHESTRUTS-460223","SNYK-JAVA-ORGAPACHESTRUTS-608097","SNYK-JAVA-ORGAPACHESTRUTS-608098","SNYK-JAVA-ORGAPACHESTRUTS-609765","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","SNYK-JAVA-ORGFREEMARKER-1076795","SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","SNYK-JAVA-ORGSPRINGFRAMEWORK-30157","SNYK-JAVA-ORGSPRINGFRAMEWORK-31324","SNYK-JAVA-ORGSPRINGFRAMEWORK-31325","SNYK-JAVA-ORGTESTNG-174823"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[494,479,529,579,429,429,696,579,834,479,654,589,479,519,654,589,654,696,876,479,704,834,876,589,589,589,834,704,589,589,654,519,919,704,834,929,589,726,919,479,466,651,539,704,589]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Directory Traversal](https://learn.snyk.io/lessons/directory-traversal/java/?loc=fix-pr) 🦉 [Server-side Template Injection (SSTI)](https://learn.snyk.io/lessons/spring4shell/java/?loc=fix-pr) 🦉 [Cross-site Scripting (XSS)](https://learn.snyk.io/lessons/xss/java/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io?loc=fix-pr)