Skip to content

[Snyk] Upgrade org.slf4j:slf4j-log4j12 from 1.5.0 to 1.7.36#3

Open
nirw wants to merge 1 commit into
masterfrom
snyk-upgrade-a58d309e76f86ce3989c557c517a0ea0
Open

[Snyk] Upgrade org.slf4j:slf4j-log4j12 from 1.5.0 to 1.7.36#3
nirw wants to merge 1 commit into
masterfrom
snyk-upgrade-a58d309e76f86ce3989c557c517a0ea0

Conversation

@nirw

@nirw nirw commented Mar 6, 2023

Copy link
Copy Markdown

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade org.slf4j:slf4j-log4j12 from 1.5.0 to 1.7.36.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 56 versions ahead of your current version.
  • The recommended version was released a year ago, on 2022-02-08.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@nirw

nirw commented Mar 6, 2023
edited
Loading

Copy link
Copy Markdown
Author

Logo
Checkmarx One – Scan Summary & Details96720a2c-1772-4c4c-9619-21cf884c9674

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2022-34169 Maven-xalan:xalan-2.7.0 Vulnerable Package
HIGH CVE-2023-24998 Maven-commons-fileupload:commons-fileupload-1.3.1 Vulnerable Package
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java: 24 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java: 27 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java: 22 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java: 22 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java: 22 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java: 21 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/performance/CreatingUnnecessaryObjectsServlet.java: 21 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java: 86 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/vulnerabilities/VerboseErrorMessageServlet.java: 35 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java: 27 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/vulnerabilities/BruteForceServlet.java: 27 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/webapp/dfi/includable.jsp: 28 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/webapp/uid/serverinfo.jsp: 25 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/webapp/uid/clientinfo.jsp: 24 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/webapp/dt/includable.jsp: 24 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/webapp/dfi/includable.jsp: 12 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/webapp/dt/includable.jsp: 12 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/webapp/uid/serverinfo.jsp: 12 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/webapp/uid/clientinfo.jsp: 12 Attack Vector
HIGH Stored_XSS /src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java: 69 Attack Vector
HIGH Stored_XSS /src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java: 68 Attack Vector
HIGH Stored_XSS /src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java: 128 Attack Vector
HIGH Stored_XSS /src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java: 56 Attack Vector
HIGH Stored_XSS /src/main/java/org/t246osslab/easybuggy/troubles/FileDescriptorLeakServlet.java: 53 Attack Vector
MEDIUM CVE-2012-6153 Maven-commons-httpclient:commons-httpclient-3.1 Vulnerable Package
MEDIUM CVE-2018-1313 Maven-org.apache.derby:derby-10.8.3.0 Vulnerable Package
MEDIUM Cleartext_Submission_of_Sensitive_Information /src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java: 73 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java: 72 Attack Vector
LOW Heap_Inspection /src/main/java/org/t246osslab/easybuggy/core/utils/ApplicationUtils.java: 44 Attack Vector

Fixed Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java: 39 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java: 39 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java: 86 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/vulnerabilities/VerboseErrorMessageServlet.java: 35 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java: 27 Attack Vector
HIGH Reflected_XSS_All_Clients /src/main/java/org/t246osslab/easybuggy/vulnerabilities/BruteForceServlet.java: 27 Attack Vector

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nirw @snyk-bot