secure-code-warrior-for-github[bot]
commented
2 years ago Micro-Learning Topic: Denial of service (Detected by phrase)
Matched on "Denial of Service"
The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service
Try a challenge in Secure Code Warrior
Micro-Learning Topic: Deserialization of untrusted data (Detected by phrase)
Matched on "Deserialization of Untrusted Data"
It is often convenient to serialize objects for communication or to save them for later use. However, serialized data or code can be modified. This malformed data or unexpected data could be used to abuse application logic, deny service, or execute arbitrary code when deserialized. This is usually done with "gadget chains
Try a challenge in Secure Code Warrior
Helpful references
- OWASP Deserialization Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing deserialization flaws in your applications.
- OWASP Deserialization of untrusted data - OWASP community page with comprehensive information about deserialization vulnerabilities, and links to various OWASP resources to help detect or prevent it.
- OWASP Top Ten 2017 A8: Insecure Deserialization - OWASP Top Ten articles provide basic techniques to protect against these high risk problem areas, and guidance on where to go next.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade org.apache.logging.log4j:log4j-core from 2.7 to 2.18.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **26 versions** ahead of your current version. - The recommended version was released **3 months ago**, on 2022-06-28. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JAVA-ORGAPACHELOGGINGLOG4J-567761](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-567761) | **335/1000**
**Why?** Has a fix available, CVSS 3.7 | No Known Exploit
[SNYK-JAVA-ORGAPACHELOGGINGLOG4J-31409](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-31409) | **335/1000**
**Why?** Has a fix available, CVSS 3.7 | Mature
[SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524) | **335/1000**
**Why?** Has a fix available, CVSS 3.7 | Proof of Concept
[SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339) | **335/1000**
**Why?** Has a fix available, CVSS 3.7 | Proof of Concept
[SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014) | **335/1000**
**Why?** Has a fix available, CVSS 3.7 | Proof of Concept
[SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720) | **335/1000**
**Why?** Has a fix available, CVSS 3.7 | Mature (*) Note that the real score may have changed since the PR was raised.
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: