This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS) [SNYK-JAVA-COMMONSFILEUPLOAD-30082](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082) | | No | No Known Exploit
 | **704/1000** **Why?** Has a fix available, CVSS 9.8 | Arbitrary Code Execution [SNYK-JAVA-COMMONSFILEUPLOAD-30401](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30401) | | No | No Known Exploit
 | **539/1000** **Why?** Has a fix available, CVSS 6.5 | Information Exposure [SNYK-JAVA-COMMONSFILEUPLOAD-31540](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-31540) | | No | No Known Exploit
 | **651/1000** **Why?** Mature exploit, Has a fix available, CVSS 5.3 | Directory Traversal [SNYK-JAVA-COMMONSIO-1277109](https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109) | | Yes | Mature
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Denial of Service (DoS) [SNYK-JAVA-OGNL-30474](https://snyk.io/vuln/SNYK-JAVA-OGNL-30474) | | No | No Known Exploit
 | **919/1000** **Why?** Mature exploit, Has a fix available, CVSS 9.8 | Remote Code Execution (RCE) [SNYK-JAVA-ORGAPACHESTRUTS-1049003](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-1049003) | | No | Mature
 | **726/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Remote Code Execution (RCE) [SNYK-JAVA-ORGAPACHESTRUTS-2635340](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-2635340) | | No | Proof of Concept
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Manipulation of Struts' internals [SNYK-JAVA-ORGAPACHESTRUTS-30060](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30060) | | No | No Known Exploit
 | **929/1000** **Why?** Mature exploit, Has a fix available, CVSS 10 | Arbitrary Code Execution [SNYK-JAVA-ORGAPACHESTRUTS-30207](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30207) | | No | Mature
 | **834/1000** **Why?** Mature exploit, Has a fix available, CVSS 8.1 | Command Injection [SNYK-JAVA-ORGAPACHESTRUTS-30770](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30770) | | No | Mature
 | **704/1000** **Why?** Has a fix available, CVSS 9.8 | Arbitrary Code Execution [SNYK-JAVA-ORGAPACHESTRUTS-30771](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30771) | | No | No Known Exploit
 | **919/1000** **Why?** Mature exploit, Has a fix available, CVSS 9.8 | Arbitrary Command Execution [SNYK-JAVA-ORGAPACHESTRUTS-30772](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30772) | | No | Mature
 | **519/1000** **Why?** Has a fix available, CVSS 6.1 | Cross-site Scripting (XSS) [SNYK-JAVA-ORGAPACHESTRUTS-30773](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30773) | | No | No Known Exploit
 | **654/1000** **Why?** Has a fix available, CVSS 8.8 | Cross-site Request Forgery (CSRF) [SNYK-JAVA-ORGAPACHESTRUTS-30774](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30774) | | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHESTRUTS-30775](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30775) | | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHESTRUTS-30776](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30776) | | No | No Known Exploit
 | **704/1000** **Why?** Has a fix available, CVSS 9.8 | Directory Traversal [SNYK-JAVA-ORGAPACHESTRUTS-30778](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30778) | | No | No Known Exploit
 | **834/1000** **Why?** Mature exploit, Has a fix available, CVSS 8.1 | Arbitrary Command Execution [SNYK-JAVA-ORGAPACHESTRUTS-31495](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31495) | | No | Mature
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS) [SNYK-JAVA-ORGAPACHESTRUTS-31500](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31500) | | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS) [SNYK-JAVA-ORGAPACHESTRUTS-31501](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31501) | | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS) [SNYK-JAVA-ORGAPACHESTRUTS-31502](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31502) | | No | No Known Exploit
 | **876/1000** **Why?** Mature exploit, Has a fix available, CVSS 9.8 | Arbitrary Code Execution [SNYK-JAVA-ORGAPACHESTRUTS-31503](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31503) | | No | Mature
 | **834/1000** **Why?** Mature exploit, Has a fix available, CVSS 8.1 | Remote Code Execution [SNYK-JAVA-ORGAPACHESTRUTS-32477](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-32477) | | No | Mature
 | **704/1000** **Why?** Has a fix available, CVSS 9.8 | Improper Action Name Cleanup [SNYK-JAVA-ORGAPACHESTRUTS-451610](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-451610) | | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JAVA-ORGAPACHESTRUTS-460223](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-460223) | | No | No Known Exploit
 | **876/1000** **Why?** Mature exploit, Has a fix available, CVSS 9.8 | Remote Code Execution (RCE) [SNYK-JAVA-ORGAPACHESTRUTS-608097](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608097) | | No | Mature
 | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Denial of Service (DoS) [SNYK-JAVA-ORGAPACHESTRUTS-608098](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608098) | | No | Proof of Concept
 | **654/1000** **Why?** Has a fix available, CVSS 8.8 | Unrestricted Upload of File with Dangerous Type [SNYK-JAVA-ORGAPACHESTRUTS-609765](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-609765) | | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Parameter Alteration [SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798) | | No | No Known Exploit
 | **654/1000** **Why?** Has a fix available, CVSS 8.8 | Improper Input Validation [SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799) | | No | No Known Exploit
 | **519/1000** **Why?** Has a fix available, CVSS 6.1 | Cross-site Scripting (XSS) [SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800) | | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Improper Input Validation [SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801) | | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802) | | No | No Known Exploit
 | **654/1000** **Why?** Has a fix available, CVSS 8.8 | Arbitrary Code Execution [SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803) | | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804) | | No | No Known Exploit
 | **834/1000** **Why?** Mature exploit, Has a fix available, CVSS 8.1 | Command Injection [SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611) | | No | Mature
 | **579/1000** **Why?** Has a fix available, CVSS 7.3 | Insecure Defaults [SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418) | | No | No Known Exploit
 | **571/1000** **Why?** Mature exploit, Has a fix available, CVSS 3.7 | Information Exposure [SNYK-JAVA-ORGAPACHETOMCAT-30826](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30826) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | Mature
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Cross-site Scripting (XSS) [SNYK-JAVA-ORGAPACHETOMCAT-30828](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30828) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Cross-site Scripting (XSS) [SNYK-JAVA-ORGAPACHETOMCAT-30829](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30829) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHETOMCAT-30830](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30830) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **379/1000** **Why?** Has a fix available, CVSS 3.3 | Information Exposure [SNYK-JAVA-ORGAPACHETOMCAT-30831](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30831) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Improper Input Validation [SNYK-JAVA-ORGAPACHETOMCAT-30832](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30832) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **651/1000** **Why?** Mature exploit, Has a fix available, CVSS 5.3 | Denial of Service (DoS) [SNYK-JAVA-ORGAPACHETOMCAT-30834](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30834) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | Mature
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHETOMCAT-30835](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30835) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Improper Authentication [SNYK-JAVA-ORGAPACHETOMCAT-30836](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30836) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Cryptographic Issues [SNYK-JAVA-ORGAPACHETOMCAT-30837](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30837) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Denial of Service (DoS) [SNYK-JAVA-ORGAPACHETOMCAT-30838](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30838) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHETOMCAT-30839](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30839) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Cross-site Request Forgery (CSRF) [SNYK-JAVA-ORGAPACHETOMCAT-30840](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30840) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHETOMCAT-30841](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30841) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Improper Authentication [SNYK-JAVA-ORGAPACHETOMCAT-30842](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30842) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Improper Authentication [SNYK-JAVA-ORGAPACHETOMCAT-30843](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30843) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Information Exposure [SNYK-JAVA-ORGAPACHETOMCAT-30845](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30845) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Arbitrary File Read [SNYK-JAVA-ORGAPACHETOMCAT-30847](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30847) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Arbitrary File Read [SNYK-JAVA-ORGAPACHETOMCAT-30848](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30848) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS) [SNYK-JAVA-ORGAPACHETOMCAT-30849](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30849) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Directory Traversal [SNYK-JAVA-ORGAPACHETOMCAT-30850](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30850) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Directory Traversal [SNYK-JAVA-ORGAPACHETOMCAT-30851](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30851) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Information Exposure [SNYK-JAVA-ORGAPACHETOMCAT-30852](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30852) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **654/1000** **Why?** Has a fix available, CVSS 8.8 | Arbitrary Code Execution [SNYK-JAVA-ORGAPACHETOMCAT-30853](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30853) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **509/1000** **Why?** Has a fix available, CVSS 5.9 | Timing Attack [SNYK-JAVA-ORGAPACHETOMCAT-30854](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30854) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHETOMCAT-30855](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30855) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Improper Access Control [SNYK-JAVA-ORGAPACHETOMCAT-30873](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30873) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Information Exposure [SNYK-JAVA-ORGAPACHETOMCAT-30874](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30874) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **429/1000** **Why?** Has a fix available, CVSS 4.3 | Arbitrary File Read [SNYK-JAVA-ORGAPACHETOMCAT-30875](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30875) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Improper Access Control [SNYK-JAVA-ORGAPACHETOMCAT-30876](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30876) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHETOMCAT-30877](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30877) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **761/1000** **Why?** Mature exploit, Has a fix available, CVSS 7.5 | Access Restriction Bypass [SNYK-JAVA-ORGAPACHETOMCAT-30878](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30878) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | Mature
 | **359/1000** **Why?** Has a fix available, CVSS 2.9 | Directory Traversal [SNYK-JAVA-ORGAPACHETOMCAT-460328](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-460328) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **410/1000** **Why?** Has a fix available, CVSS 3.7 | Frame injection [SNYK-JAVA-ORGAPACHETOMCAT-467247](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-467247) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Authentication Bypass [SNYK-JAVA-ORGAPACHETOMCAT-467408](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-467408) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **424/1000** **Why?** Has a fix available, CVSS 4.2 | Information Exposure [SNYK-JAVA-ORGAPACHETOMCAT-468852](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-468852) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Information Exposure [SNYK-JAVA-ORGAPACHETOMCAT-468853](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-468853) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **646/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Cross-site Scripting (XSS) [SNYK-JAVA-ORGAPACHETOMCAT-468870](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-468870) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | Proof of Concept
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Directory Traversal [SNYK-JAVA-ORGAPACHETOMCAT-468871](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-468871) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Information Exposure [SNYK-JAVA-ORGAPACHETOMCAT-471342](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-471342) | `org.apache.tomcat:jasper:` `6.0.18 -> 6.0.53` | No | No Known Exploit
 | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Server-side Template Injection (SSTI) [SNYK-JAVA-ORGFREEMARKER-1076795](https://snyk.io/vuln/SNYK-JAVA-ORGFREEMARKER-1076795) | | No | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
#### Vulnerabilities that could not be fixed
- Upgrade:
- Could not upgrade `org.apache.struts:struts2-core@2.3.20` to `org.apache.struts:struts2-core@6.0.0`; Reason `could not apply upgrade, dependency is managed externally` ; Location: `provenance does not contain location`
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
π§ [View latest project report](https://app.snyk.io/org/din.shap/project/ae1bb1af-1add-48cb-99d6-5255e9a5a642?utm_source=github&utm_medium=referral&page=fix-pr)
π [Adjust project settings](https://app.snyk.io/org/din.shap/project/ae1bb1af-1add-48cb-99d6-5255e9a5a642?utm_source=github&utm_medium=referral&page=fix-pr/settings)
π [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"907cbde6-2c03-488a-b2f7-f2196757a5de","prPublicId":"907cbde6-2c03-488a-b2f7-f2196757a5de","dependencies":[{"name":"org.apache.struts:struts2-core","from":"2.3.20","to":"6.0.0"},{"name":"org.apache.tomcat:jasper","from":"6.0.18","to":"6.0.53"}],"packageManager":"maven","projectPublicId":"ae1bb1af-1add-48cb-99d6-5255e9a5a642","projectUrl":"https://app.snyk.io/org/din.shap/project/ae1bb1af-1add-48cb-99d6-5255e9a5a642?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-ORGFREEMARKER-1076795","SNYK-JAVA-ORGAPACHETOMCAT-30878","SNYK-JAVA-ORGAPACHETOMCAT-30877","SNYK-JAVA-ORGAPACHETOMCAT-30876","SNYK-JAVA-ORGAPACHETOMCAT-30875","SNYK-JAVA-ORGAPACHETOMCAT-30874","SNYK-JAVA-ORGAPACHETOMCAT-30873","SNYK-JAVA-ORGAPACHETOMCAT-471342","SNYK-JAVA-ORGAPACHETOMCAT-468871","SNYK-JAVA-ORGAPACHETOMCAT-468870","SNYK-JAVA-ORGAPACHETOMCAT-468853","SNYK-JAVA-ORGAPACHETOMCAT-468852","SNYK-JAVA-ORGAPACHETOMCAT-467408","SNYK-JAVA-ORGAPACHETOMCAT-467247","SNYK-JAVA-ORGAPACHETOMCAT-460328","SNYK-JAVA-ORGAPACHETOMCAT-30855","SNYK-JAVA-ORGAPACHETOMCAT-30854","SNYK-JAVA-ORGAPACHETOMCAT-30853","SNYK-JAVA-ORGAPACHETOMCAT-30852","SNYK-JAVA-ORGAPACHETOMCAT-30851","SNYK-JAVA-ORGAPACHETOMCAT-30850","SNYK-JAVA-ORGAPACHETOMCAT-30849","SNYK-JAVA-ORGAPACHETOMCAT-30848","SNYK-JAVA-ORGAPACHETOMCAT-30847","SNYK-JAVA-ORGAPACHETOMCAT-30845","SNYK-JAVA-ORGAPACHETOMCAT-30843","SNYK-JAVA-ORGAPACHETOMCAT-30842","SNYK-JAVA-ORGAPACHETOMCAT-30841","SNYK-JAVA-ORGAPACHETOMCAT-30840","SNYK-JAVA-ORGAPACHETOMCAT-30839","SNYK-JAVA-ORGAPACHETOMCAT-30838","SNYK-JAVA-ORGAPACHETOMCAT-30837","SNYK-JAVA-ORGAPACHETOMCAT-30836","SNYK-JAVA-ORGAPACHETOMCAT-30835","SNYK-JAVA-ORGAPACHETOMCAT-30834","SNYK-JAVA-ORGAPACHETOMCAT-30832","SNYK-JAVA-ORGAPACHETOMCAT-30831","SNYK-JAVA-ORGAPACHETOMCAT-30830","SNYK-JAVA-ORGAPACHETOMCAT-30829","SNYK-JAVA-ORGAPACHETOMCAT-30828","SNYK-JAVA-ORGAPACHETOMCAT-30826","SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","SNYK-JAVA-ORGAPACHESTRUTS-609765","SNYK-JAVA-ORGAPACHESTRUTS-608098","SNYK-JAVA-ORGAPACHESTRUTS-608097","SNYK-JAVA-ORGAPACHESTRUTS-460223","SNYK-JAVA-ORGAPACHESTRUTS-451610","SNYK-JAVA-ORGAPACHESTRUTS-32477","SNYK-JAVA-ORGAPACHESTRUTS-31503","SNYK-JAVA-ORGAPACHESTRUTS-31502","SNYK-JAVA-ORGAPACHESTRUTS-31501","SNYK-JAVA-ORGAPACHESTRUTS-31500","SNYK-JAVA-ORGAPACHESTRUTS-31495","SNYK-JAVA-ORGAPACHESTRUTS-30778","SNYK-JAVA-ORGAPACHESTRUTS-30776","SNYK-JAVA-ORGAPACHESTRUTS-30775","SNYK-JAVA-ORGAPACHESTRUTS-30774","SNYK-JAVA-ORGAPACHESTRUTS-30773","SNYK-JAVA-ORGAPACHESTRUTS-30772","SNYK-JAVA-ORGAPACHESTRUTS-30771","SNYK-JAVA-ORGAPACHESTRUTS-30770","SNYK-JAVA-ORGAPACHESTRUTS-30207","SNYK-JAVA-ORGAPACHESTRUTS-30060","SNYK-JAVA-ORGAPACHESTRUTS-2635340","SNYK-JAVA-ORGAPACHESTRUTS-1049003","SNYK-JAVA-OGNL-30474","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-COMMONSFILEUPLOAD-31540","SNYK-JAVA-COMMONSFILEUPLOAD-30401","SNYK-JAVA-COMMONSFILEUPLOAD-30082"],"upgrade":["SNYK-JAVA-COMMONSFILEUPLOAD-30082","SNYK-JAVA-COMMONSFILEUPLOAD-30401","SNYK-JAVA-COMMONSFILEUPLOAD-31540","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-OGNL-30474","SNYK-JAVA-ORGAPACHESTRUTS-1049003","SNYK-JAVA-ORGAPACHESTRUTS-2635340","SNYK-JAVA-ORGAPACHESTRUTS-30060","SNYK-JAVA-ORGAPACHESTRUTS-30207","SNYK-JAVA-ORGAPACHESTRUTS-30770","SNYK-JAVA-ORGAPACHESTRUTS-30771","SNYK-JAVA-ORGAPACHESTRUTS-30772","SNYK-JAVA-ORGAPACHESTRUTS-30773","SNYK-JAVA-ORGAPACHESTRUTS-30774","SNYK-JAVA-ORGAPACHESTRUTS-30775","SNYK-JAVA-ORGAPACHESTRUTS-30776","SNYK-JAVA-ORGAPACHESTRUTS-30778","SNYK-JAVA-ORGAPACHESTRUTS-31495","SNYK-JAVA-ORGAPACHESTRUTS-31500","SNYK-JAVA-ORGAPACHESTRUTS-31501","SNYK-JAVA-ORGAPACHESTRUTS-31502","SNYK-JAVA-ORGAPACHESTRUTS-31503","SNYK-JAVA-ORGAPACHESTRUTS-32477","SNYK-JAVA-ORGAPACHESTRUTS-451610","SNYK-JAVA-ORGAPACHESTRUTS-460223","SNYK-JAVA-ORGAPACHESTRUTS-608097","SNYK-JAVA-ORGAPACHESTRUTS-608098","SNYK-JAVA-ORGAPACHESTRUTS-609765","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","SNYK-JAVA-ORGAPACHETOMCAT-30826","SNYK-JAVA-ORGAPACHETOMCAT-30828","SNYK-JAVA-ORGAPACHETOMCAT-30829","SNYK-JAVA-ORGAPACHETOMCAT-30830","SNYK-JAVA-ORGAPACHETOMCAT-30831","SNYK-JAVA-ORGAPACHETOMCAT-30832","SNYK-JAVA-ORGAPACHETOMCAT-30834","SNYK-JAVA-ORGAPACHETOMCAT-30835","SNYK-JAVA-ORGAPACHETOMCAT-30836","SNYK-JAVA-ORGAPACHETOMCAT-30837","SNYK-JAVA-ORGAPACHETOMCAT-30838","SNYK-JAVA-ORGAPACHETOMCAT-30839","SNYK-JAVA-ORGAPACHETOMCAT-30840","SNYK-JAVA-ORGAPACHETOMCAT-30841","SNYK-JAVA-ORGAPACHETOMCAT-30842","SNYK-JAVA-ORGAPACHETOMCAT-30843","SNYK-JAVA-ORGAPACHETOMCAT-30845","SNYK-JAVA-ORGAPACHETOMCAT-30847","SNYK-JAVA-ORGAPACHETOMCAT-30848","SNYK-JAVA-ORGAPACHETOMCAT-30849","SNYK-JAVA-ORGAPACHETOMCAT-30850","SNYK-JAVA-ORGAPACHETOMCAT-30851","SNYK-JAVA-ORGAPACHETOMCAT-30852","SNYK-JAVA-ORGAPACHETOMCAT-30853","SNYK-JAVA-ORGAPACHETOMCAT-30854","SNYK-JAVA-ORGAPACHETOMCAT-30855","SNYK-JAVA-ORGAPACHETOMCAT-30873","SNYK-JAVA-ORGAPACHETOMCAT-30874","SNYK-JAVA-ORGAPACHETOMCAT-30875","SNYK-JAVA-ORGAPACHETOMCAT-30876","SNYK-JAVA-ORGAPACHETOMCAT-30877","SNYK-JAVA-ORGAPACHETOMCAT-30878","SNYK-JAVA-ORGAPACHETOMCAT-460328","SNYK-JAVA-ORGAPACHETOMCAT-467247","SNYK-JAVA-ORGAPACHETOMCAT-467408","SNYK-JAVA-ORGAPACHETOMCAT-468852","SNYK-JAVA-ORGAPACHETOMCAT-468853","SNYK-JAVA-ORGAPACHETOMCAT-468870","SNYK-JAVA-ORGAPACHETOMCAT-468871","SNYK-JAVA-ORGAPACHETOMCAT-471342","SNYK-JAVA-ORGFREEMARKER-1076795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,761,589,479,429,429,479,589,589,646,589,424,589,410,359,589,509,654,429,479,429,589,429,429,429,479,479,479,429,429,479,429,429,479,651,479,379,479,429,429,571,579,834,479,654,589,479,519,654,589,654,696,876,479,704,834,876,589,589,589,834,704,589,589,654,519,919,704,834,929,589,726,919,479,651,539,704,589]})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
π¦ [Server-side Template Injection (SSTI)](https://learn.snyk.io/lessons/spring4shell/java/?loc=fix-pr)
π¦ [Access Restriction Bypass](https://learn.snyk.io/lessons/broken-access-control/javascript/?loc=fix-pr)
π¦ [Access Restriction Bypass](https://learn.snyk.io/lessons/broken-access-control/javascript/?loc=fix-pr)
π¦ [More lessons are available in Snyk Learn](https://learn.snyk.io?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - pom.xml #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------  | **589/1000****Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-COMMONSFILEUPLOAD-30082](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082) | | No | No Known Exploit  | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Arbitrary Code Execution
[SNYK-JAVA-COMMONSFILEUPLOAD-30401](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30401) | | No | No Known Exploit  | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | Information Exposure
[SNYK-JAVA-COMMONSFILEUPLOAD-31540](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-31540) | | No | No Known Exploit  | **651/1000**
**Why?** Mature exploit, Has a fix available, CVSS 5.3 | Directory Traversal
[SNYK-JAVA-COMMONSIO-1277109](https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109) | | Yes | Mature  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Denial of Service (DoS)
[SNYK-JAVA-OGNL-30474](https://snyk.io/vuln/SNYK-JAVA-OGNL-30474) | | No | No Known Exploit  | **919/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Remote Code Execution (RCE)
[SNYK-JAVA-ORGAPACHESTRUTS-1049003](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-1049003) | | No | Mature  | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
[SNYK-JAVA-ORGAPACHESTRUTS-2635340](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-2635340) | | No | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Manipulation of Struts' internals
[SNYK-JAVA-ORGAPACHESTRUTS-30060](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30060) | | No | No Known Exploit  | **929/1000**
**Why?** Mature exploit, Has a fix available, CVSS 10 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-30207](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30207) | | No | Mature  | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Command Injection
[SNYK-JAVA-ORGAPACHESTRUTS-30770](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30770) | | No | Mature  | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-30771](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30771) | | No | No Known Exploit  | **919/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Arbitrary Command Execution
[SNYK-JAVA-ORGAPACHESTRUTS-30772](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30772) | | No | Mature  | **519/1000**
**Why?** Has a fix available, CVSS 6.1 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHESTRUTS-30773](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30773) | | No | No Known Exploit  | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Cross-site Request Forgery (CSRF)
[SNYK-JAVA-ORGAPACHESTRUTS-30774](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30774) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHESTRUTS-30775](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30775) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHESTRUTS-30776](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30776) | | No | No Known Exploit  | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Directory Traversal
[SNYK-JAVA-ORGAPACHESTRUTS-30778](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30778) | | No | No Known Exploit  | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Arbitrary Command Execution
[SNYK-JAVA-ORGAPACHESTRUTS-31495](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31495) | | No | Mature  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-31500](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31500) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-31501](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31501) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-31502](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31502) | | No | No Known Exploit  | **876/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-31503](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31503) | | No | Mature  | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Remote Code Execution
[SNYK-JAVA-ORGAPACHESTRUTS-32477](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-32477) | | No | Mature  | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Improper Action Name Cleanup
[SNYK-JAVA-ORGAPACHESTRUTS-451610](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-451610) | | No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JAVA-ORGAPACHESTRUTS-460223](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-460223) | | No | No Known Exploit  | **876/1000**
**Why?** Mature exploit, Has a fix available, CVSS 9.8 | Remote Code Execution (RCE)
[SNYK-JAVA-ORGAPACHESTRUTS-608097](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608097) | | No | Mature  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHESTRUTS-608098](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608098) | | No | Proof of Concept  | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Unrestricted Upload of File with Dangerous Type
[SNYK-JAVA-ORGAPACHESTRUTS-609765](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-609765) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Parameter Alteration
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798) | | No | No Known Exploit  | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Improper Input Validation
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799) | | No | No Known Exploit  | **519/1000**
**Why?** Has a fix available, CVSS 6.1 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800) | | No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801) | | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802) | | No | No Known Exploit  | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803) | | No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804) | | No | No Known Exploit  | **834/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Command Injection
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611) | | No | Mature  | **579/1000**
**Why?** Has a fix available, CVSS 7.3 | Insecure Defaults
[SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418) | | No | No Known Exploit  | **571/1000**
**Why?** Mature exploit, Has a fix available, CVSS 3.7 | Information Exposure
[SNYK-JAVA-ORGAPACHETOMCAT-30826](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30826) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | Mature  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHETOMCAT-30828](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30828) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHETOMCAT-30829](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30829) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHETOMCAT-30830](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30830) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **379/1000**
**Why?** Has a fix available, CVSS 3.3 | Information Exposure
[SNYK-JAVA-ORGAPACHETOMCAT-30831](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30831) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JAVA-ORGAPACHETOMCAT-30832](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30832) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **651/1000**
**Why?** Mature exploit, Has a fix available, CVSS 5.3 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHETOMCAT-30834](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30834) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | Mature  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHETOMCAT-30835](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30835) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Improper Authentication
[SNYK-JAVA-ORGAPACHETOMCAT-30836](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30836) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Cryptographic Issues
[SNYK-JAVA-ORGAPACHETOMCAT-30837](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30837) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHETOMCAT-30838](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30838) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHETOMCAT-30839](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30839) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Cross-site Request Forgery (CSRF)
[SNYK-JAVA-ORGAPACHETOMCAT-30840](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30840) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHETOMCAT-30841](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30841) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Authentication
[SNYK-JAVA-ORGAPACHETOMCAT-30842](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30842) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Authentication
[SNYK-JAVA-ORGAPACHETOMCAT-30843](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30843) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Information Exposure
[SNYK-JAVA-ORGAPACHETOMCAT-30845](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30845) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Arbitrary File Read
[SNYK-JAVA-ORGAPACHETOMCAT-30847](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30847) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Arbitrary File Read
[SNYK-JAVA-ORGAPACHETOMCAT-30848](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30848) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHETOMCAT-30849](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30849) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Directory Traversal
[SNYK-JAVA-ORGAPACHETOMCAT-30850](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30850) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Directory Traversal
[SNYK-JAVA-ORGAPACHETOMCAT-30851](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30851) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Information Exposure
[SNYK-JAVA-ORGAPACHETOMCAT-30852](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30852) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **654/1000**
**Why?** Has a fix available, CVSS 8.8 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHETOMCAT-30853](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30853) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **509/1000**
**Why?** Has a fix available, CVSS 5.9 | Timing Attack
[SNYK-JAVA-ORGAPACHETOMCAT-30854](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30854) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHETOMCAT-30855](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30855) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Access Control
[SNYK-JAVA-ORGAPACHETOMCAT-30873](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30873) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Information Exposure
[SNYK-JAVA-ORGAPACHETOMCAT-30874](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30874) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Arbitrary File Read
[SNYK-JAVA-ORGAPACHETOMCAT-30875](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30875) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Access Control
[SNYK-JAVA-ORGAPACHETOMCAT-30876](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30876) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHETOMCAT-30877](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30877) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **761/1000**
**Why?** Mature exploit, Has a fix available, CVSS 7.5 | Access Restriction Bypass
[SNYK-JAVA-ORGAPACHETOMCAT-30878](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-30878) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | Mature  | **359/1000**
**Why?** Has a fix available, CVSS 2.9 | Directory Traversal
[SNYK-JAVA-ORGAPACHETOMCAT-460328](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-460328) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **410/1000**
**Why?** Has a fix available, CVSS 3.7 | Frame injection
[SNYK-JAVA-ORGAPACHETOMCAT-467247](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-467247) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Authentication Bypass
[SNYK-JAVA-ORGAPACHETOMCAT-467408](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-467408) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **424/1000**
**Why?** Has a fix available, CVSS 4.2 | Information Exposure
[SNYK-JAVA-ORGAPACHETOMCAT-468852](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-468852) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Information Exposure
[SNYK-JAVA-ORGAPACHETOMCAT-468853](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-468853) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHETOMCAT-468870](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-468870) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Directory Traversal
[SNYK-JAVA-ORGAPACHETOMCAT-468871](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-468871) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Information Exposure
[SNYK-JAVA-ORGAPACHETOMCAT-471342](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-471342) | `org.apache.tomcat:jasper:`
`6.0.18 -> 6.0.53`
| No | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Server-side Template Injection (SSTI)
[SNYK-JAVA-ORGFREEMARKER-1076795](https://snyk.io/vuln/SNYK-JAVA-ORGFREEMARKER-1076795) | | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised. #### Vulnerabilities that could not be fixed - Upgrade: - Could not upgrade `org.apache.struts:struts2-core@2.3.20` to `org.apache.struts:struts2-core@6.0.0`; Reason `could not apply upgrade, dependency is managed externally` ; Location: `provenance does not contain location` Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: