search

pinterest / secor

Secor is a service implementing Kafka log persistence
Apache License 2.0
1.85k stars 540 forks source link

[Snyk] Fix for 13 vulnerabilities #2825

Open devinlundberg opened 1 month ago

devinlundberg commented 1 month ago

snyk-top-banner

Snyk has created this PR to fix 13 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
medium severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424		   146   com.amazonaws:aws-java-sdk-s3:
1.12.211 -> 1.12.776
Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426		   146   com.amazonaws:aws-java-sdk-s3:
1.12.211 -> 1.12.776
Proof of Concept
high severity Infinite loop
SNYK-JAVA-ORGAPACHECOMMONS-6254296		   137   org.apache.hadoop:hadoop-common:
2.9.2 -> 3.4.1
org.apache.hadoop:hadoop-mapreduce-client-core:
2.9.2 -> 3.4.1
Major version upgrade No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538		   125   com.amazonaws:aws-java-sdk-s3:
1.12.211 -> 1.12.776
No Known Exploit
high severity Stack-based Buffer Overflow
SNYK-JAVA-COMGOOGLEPROTOBUF-8055227		   124   org.apache.hadoop:hadoop-mapreduce-client-core:
2.9.2 -> 3.4.1
Major version upgrade No Known Exploit
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-COMNIMBUSDS-6247633		   124   org.apache.hadoop:hadoop-common:
2.9.2 -> 3.4.1
Major version upgrade No Known Exploit
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-SOFTWAREAMAZONION-6153869		   124   com.amazonaws:aws-java-sdk-s3:
1.12.211 -> 1.12.776
No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244		   114   com.amazonaws:aws-java-sdk-s3:
1.12.211 -> 1.12.776
No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-COMGOOGLEPROTOBUF-3167772		   114   org.apache.hadoop:hadoop-mapreduce-client-core:
2.9.2 -> 3.4.1
Major version upgrade No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698		   101   com.amazonaws:aws-java-sdk-s3:
1.12.211 -> 1.12.776
No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-COMGOOGLEPROTOBUF-3040284		   66   org.apache.hadoop:hadoop-mapreduce-client-core:
2.9.2 -> 3.4.1
Major version upgrade No Known Exploit
medium severity Directory Traversal
SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517		   46   com.amazonaws:aws-java-sdk-s3:
1.12.211 -> 1.12.776
No Known Exploit
medium severity Improper Input Validation
SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058		   45   com.amazonaws:aws-java-sdk-s3:
1.12.211 -> 1.12.776
No Known Exploit

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report πŸ“œ Customise PR templates πŸ›  Adjust project settings πŸ“š Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Denial of Service (DoS) πŸ¦‰ Allocation of Resources Without Limits or Throttling πŸ¦‰ Improper Input Validation πŸ¦‰ More lessons are available in Snyk Learn