search

lunixbr / WebGoat

WebGoat is a deliberately insecure application
https://webgoat.github.io/WebGoat/
Other
0 stars 0 forks source link

[Snyk] Upgrade com.thoughtworks.xstream:xstream from 1.4.5 to 1.4.16 #4

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade com.thoughtworks.xstream:xstream from 1.4.5 to 1.4.16.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
XML External Entity (XXE) Injection
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Insecure XML deserialization
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967		 589/1000
Why? Has a fix available, CVSS 7.5		 Mature
Arbitrary File Deletion
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

sonarcloud[bot] commented 3 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information