search

gate5 / struts-2.3.20

0 stars 0 forks source link

[Snyk] Fix for 71 vulnerabilities #318

Open gate5 opened 1 year ago

gate5 commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - pom.xml #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-COMMONSFILEUPLOAD-30082](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082) | | No | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Arbitrary Code Execution
[SNYK-JAVA-COMMONSFILEUPLOAD-30401](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30401) | | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | Information Exposure
[SNYK-JAVA-COMMONSFILEUPLOAD-31540](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-31540) | | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **651/1000**
**Why?** Mature exploit, Has a fix available, CVSS 5.3 | Directory Traversal
[SNYK-JAVA-COMMONSIO-1277109](https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109) | | Yes | Mature ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **751/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.6 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Arbitrary File Deletion
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **711/1000**
**Why?** Mature exploit, Has a fix available, CVSS 6.5 | Server-Side Request Forgery (SSRF)
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Mature ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **611/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.8 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **776/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 9.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **626/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **626/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **626/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **631/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.2 | Deserialization of Untrusted Data
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Remote Code Execution (RCE)
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Arbitrary Code Execution
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Denial of Service (DoS)
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Server-Side Request Forgery (SSRF)
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **746/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.5 | Server-Side Request Forgery (SSRF)
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | XML External Entity (XXE) Injection
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **626/1000**
**Why?** Mature exploit, Has a fix available, CVSS 4.8 | Insecure XML deserialization
[SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764](https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764) | `com.thoughtworks.xstream:xstream:`
`1.4.2 -> 1.4.19`
| No | Mature ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Denial of Service (DoS)
[SNYK-JAVA-OGNL-30474](https://snyk.io/vuln/SNYK-JAVA-OGNL-30474) | | No | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **919/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Remote Code Execution (RCE)
[SNYK-JAVA-ORGAPACHESTRUTS-1049003](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-1049003) | | No | Mature ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
[SNYK-JAVA-ORGAPACHESTRUTS-2635340](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-2635340) | | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Manipulation of Struts' internals
[SNYK-JAVA-ORGAPACHESTRUTS-30060](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30060) | | No | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **929/1000**
**Why?** Mature exploit, Has a fix available, CVSS 10 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-30207](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30207) | | No | Mature ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Command Injection
[SNYK-JAVA-ORGAPACHESTRUTS-30770](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30770) | | No | Mature ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-30771](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30771) | | No | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **919/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Arbitrary Command Execution
[SNYK-JAVA-ORGAPACHESTRUTS-30772](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30772) | | No | Mature ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **519/1000**
**Why?** Has a fix available, CVSS 6.1 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHESTRUTS-30773](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30773) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Cross-site Request Forgery (CSRF)
[SNYK-JAVA-ORGAPACHESTRUTS-30774](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30774) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHESTRUTS-30775](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30775) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHESTRUTS-30776](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30776) | | No | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Directory Traversal
[SNYK-JAVA-ORGAPACHESTRUTS-30778](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30778) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Arbitrary Command Execution
[SNYK-JAVA-ORGAPACHESTRUTS-31495](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31495) | | No | Mature ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-31500](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31500) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-31501](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31501) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-31502](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31502) | | No | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **876/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-31503](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31503) | | No | Mature ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Remote Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-32477](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-32477) | | No | Mature ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Improper Action Name Cleanup
[SNYK-JAVA-ORGAPACHESTRUTS-451610](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-451610) | | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JAVA-ORGAPACHESTRUTS-460223](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-460223) | | No | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **876/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Remote Code Execution (RCE)
[SNYK-JAVA-ORGAPACHESTRUTS-608097](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608097) | | No | Mature ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-608098](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608098) | | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Unrestricted Upload of File with Dangerous Type
[SNYK-JAVA-ORGAPACHESTRUTS-609765](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-609765) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Parameter Alteration
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Improper Input Validation
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799) | | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **519/1000**
**Why?** Has a fix available, CVSS 6.1 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800) | | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803) | | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Command Injection
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611) | | No | Mature ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **579/1000**
**Why?** Has a fix available, CVSS 7.3 | Insecure Defaults
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418) | | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Server-side Template Injection (SSTI)
[SNYK-JAVA-ORGFREEMARKER-1076795](https://snyk.io/vuln/SNYK-JAVA-ORGFREEMARKER-1076795) | | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised. #### Vulnerabilities that could not be fixed - Upgrade: - Could not upgrade `org.apache.struts:struts2-core@2.3.20` to `org.apache.struts:struts2-core@6.0.0`; Reason `could not apply upgrade, dependency is managed externally` ; Location: `provenance does not contain location` Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/din.shap/project/ea0dc5bf-15c6-4152-9c53-31ddd044ff18?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/din.shap/project/ea0dc5bf-15c6-4152-9c53-31ddd044ff18?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"2ab34c10-0aff-47ab-976e-978b4927572f","prPublicId":"2ab34c10-0aff-47ab-976e-978b4927572f","dependencies":[{"name":"com.thoughtworks.xstream:xstream","from":"1.4.2","to":"1.4.19"},{"name":"org.apache.struts:struts2-core","from":"2.3.20","to":"6.0.0"}],"packageManager":"maven","projectPublicId":"ea0dc5bf-15c6-4152-9c53-31ddd044ff18","projectUrl":"https://app.snyk.io/org/din.shap/project/ea0dc5bf-15c6-4152-9c53-31ddd044ff18?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-ORGFREEMARKER-1076795","SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","SNYK-JAVA-ORGAPACHESTRUTS-609765","SNYK-JAVA-ORGAPACHESTRUTS-608098","SNYK-JAVA-ORGAPACHESTRUTS-608097","SNYK-JAVA-ORGAPACHESTRUTS-460223","SNYK-JAVA-ORGAPACHESTRUTS-451610","SNYK-JAVA-ORGAPACHESTRUTS-32477","SNYK-JAVA-ORGAPACHESTRUTS-31503","SNYK-JAVA-ORGAPACHESTRUTS-31502","SNYK-JAVA-ORGAPACHESTRUTS-31501","SNYK-JAVA-ORGAPACHESTRUTS-31500","SNYK-JAVA-ORGAPACHESTRUTS-31495","SNYK-JAVA-ORGAPACHESTRUTS-30778","SNYK-JAVA-ORGAPACHESTRUTS-30776","SNYK-JAVA-ORGAPACHESTRUTS-30775","SNYK-JAVA-ORGAPACHESTRUTS-30774","SNYK-JAVA-ORGAPACHESTRUTS-30773","SNYK-JAVA-ORGAPACHESTRUTS-30772","SNYK-JAVA-ORGAPACHESTRUTS-30771","SNYK-JAVA-ORGAPACHESTRUTS-30770","SNYK-JAVA-ORGAPACHESTRUTS-30207","SNYK-JAVA-ORGAPACHESTRUTS-30060","SNYK-JAVA-ORGAPACHESTRUTS-2635340","SNYK-JAVA-ORGAPACHESTRUTS-1049003","SNYK-JAVA-OGNL-30474","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-COMMONSFILEUPLOAD-31540","SNYK-JAVA-COMMONSFILEUPLOAD-30401","SNYK-JAVA-COMMONSFILEUPLOAD-30082"],"upgrade":["SNYK-JAVA-COMMONSFILEUPLOAD-30082","SNYK-JAVA-COMMONSFILEUPLOAD-30401","SNYK-JAVA-COMMONSFILEUPLOAD-31540","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394","SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764","SNYK-JAVA-OGNL-30474","SNYK-JAVA-ORGAPACHESTRUTS-1049003","SNYK-JAVA-ORGAPACHESTRUTS-2635340","SNYK-JAVA-ORGAPACHESTRUTS-30060","SNYK-JAVA-ORGAPACHESTRUTS-30207","SNYK-JAVA-ORGAPACHESTRUTS-30770","SNYK-JAVA-ORGAPACHESTRUTS-30771","SNYK-JAVA-ORGAPACHESTRUTS-30772","SNYK-JAVA-ORGAPACHESTRUTS-30773","SNYK-JAVA-ORGAPACHESTRUTS-30774","SNYK-JAVA-ORGAPACHESTRUTS-30775","SNYK-JAVA-ORGAPACHESTRUTS-30776","SNYK-JAVA-ORGAPACHESTRUTS-30778","SNYK-JAVA-ORGAPACHESTRUTS-31495","SNYK-JAVA-ORGAPACHESTRUTS-31500","SNYK-JAVA-ORGAPACHESTRUTS-31501","SNYK-JAVA-ORGAPACHESTRUTS-31502","SNYK-JAVA-ORGAPACHESTRUTS-31503","SNYK-JAVA-ORGAPACHESTRUTS-32477","SNYK-JAVA-ORGAPACHESTRUTS-451610","SNYK-JAVA-ORGAPACHESTRUTS-460223","SNYK-JAVA-ORGAPACHESTRUTS-608097","SNYK-JAVA-ORGAPACHESTRUTS-608098","SNYK-JAVA-ORGAPACHESTRUTS-609765","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","SNYK-JAVA-ORGFREEMARKER-1076795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,579,834,479,654,589,479,519,654,589,654,696,876,479,704,834,876,589,589,589,834,704,589,589,654,519,919,704,834,929,589,726,919,479,626,589,589,589,746,746,646,746,746,746,746,746,746,746,746,746,746,746,631,586,696,626,586,626,586,626,776,586,586,611,711,586,751,651,539,704,589]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Server-side Template Injection (SSTI)](https://learn.snyk.io/lessons/spring4shell/java/?loc=fix-pr) πŸ¦‰ [Cross-site Scripting (XSS)](https://learn.snyk.io/lessons/xss/java/?loc=fix-pr) πŸ¦‰ [Denial of Service (DoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) πŸ¦‰ [More lessons are available in Snyk Learn](https://learn.snyk.io?loc=fix-pr)