search

ging / fiware-draco

The Draco Generic Enabler is an alternative data persistence mechanism for managing the history of context. It is based on Apache NiFi and is a dataflow system based on the concepts of flow-based programming. It supports powerful and scalable directed graphs of data routing, transformation, and system mediation logic and also offers an intuitive graphical interface
https://fiware-draco.readthedocs.io/en/latest/
Apache License 2.0
20 stars 14 forks source link

[Snyk] Fix for 21 vulnerabilities #41

Closed sonsoleslp closed 3 years ago

sonsoleslp commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity
high severity 630/1000
Why? Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 XML External Entity (XXE) Injection
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
high severity 704/1000
Why? Has a fix available, CVSS 9.8		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
high severity 704/1000
Why? Has a fix available, CVSS 9.8		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
medium severity 651/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.6		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No Proof of Concept
high severity 630/1000
Why? Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No Proof of Concept
high severity 630/1000
Why? Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No Proof of Concept
high severity 630/1000
Why? Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No Proof of Concept
high severity 630/1000
Why? Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
high severity 630/1000
Why? Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No Proof of Concept
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664		 org.apache.nifi:nifi-json-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Comparison Using Wrong Factors
SNYK-JAVA-ORGBOUNCYCASTLE-1052448		 org.apache.nifi:nifi-avro-record-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-database-utils:
1.12.0 -> 1.13.0
org.apache.nifi:nifi-processor-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-record-serialization-services:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-security-utils:
1.12.1 -> 1.13.0
org.apache.nifi:nifi-socket-utils:
1.12.1 -> 1.13.0
No Proof of Concept
high severity 604/1000
Why? Has a fix available, CVSS 7.8		 Privilege Escalation
SNYK-JAVA-ORGECLIPSEJETTY-1021614		 org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
No No Known Exploit
medium severity 454/1000
Why? Has a fix available, CVSS 4.8		 HTTP Request Smuggling
SNYK-JAVA-ORGECLIPSEJETTY-1047304		 org.apache.nifi:nifi-mongodb-client-service-api-nar:
1.12.1 -> 1.13.0
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic