Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade org.apache.struts:struts2-core from 2.3.1 to 2.5.26 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade org.apache.struts:struts2-core from 2.3.1 to 2.5.26 #5

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade org.apache.struts:struts2-core from 2.3.1 to 2.5.26.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 58 versions ahead of your current version.
  • The recommended version was released 7 months ago, on 2020-11-25.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Expression Language Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-31329		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
XML External Entity (XXE) Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-30163		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Server-side Template Injection (SSTI)
SNYK-JAVA-ORGFREEMARKER-1076795		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Arbitrary Code Injection
SNYK-JAVA-ORGAPACHESTRUTSXWORK-536487		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Command Injection
SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Improper Input Validation
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Parameter Alteration
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30796		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30795		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30794		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Command Execution
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30789		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Authorization Bypass
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30787		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Unrestricted Upload of File with Dangerous Type
SNYK-JAVA-ORGAPACHESTRUTS-609765		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Denial of Service (DoS)
SNYK-JAVA-ORGAPACHESTRUTS-608098		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Remote Code Execution (RCE)
SNYK-JAVA-ORGAPACHESTRUTS-608097		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Code Injection
SNYK-JAVA-ORGAPACHESTRUTS-480474		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Improper Action Name Cleanup
SNYK-JAVA-ORGAPACHESTRUTS-451610		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Remote Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-32477		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-31503		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Command Execution
SNYK-JAVA-ORGAPACHESTRUTS-31495		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Command Execution
SNYK-JAVA-ORGAPACHESTRUTS-30772		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-30771		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Command Injection
SNYK-JAVA-ORGAPACHESTRUTS-30770		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Command Execution
SNYK-JAVA-ORGAPACHESTRUTS-30766		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Manipulation of Struts' internals
SNYK-JAVA-ORGAPACHESTRUTS-30060		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-30055		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Dynamic Method Executions
SNYK-JAVA-ORGAPACHESTRUTS-30052		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Remote Command Execution
SNYK-JAVA-ORGAPACHESTRUTS-30050		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-30048		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Injection
SNYK-JAVA-ORGAPACHESTRUTS-30047		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Injection
SNYK-JAVA-ORGAPACHESTRUTS-30046		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Code Injection
SNYK-JAVA-ORGAPACHESTRUTS-30045		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Remote Code Execution (RCE)
SNYK-JAVA-ORGAPACHESTRUTS-1049003		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESHIRO-30724		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
XML External Entity (XXE) Injection
SNYK-JAVA-JAVAXSERVLET-30449		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Execution
SNYK-JAVA-COMMONSFILEUPLOAD-30401		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Denial of Service (DoS)
SNYK-JAVA-COMMONSFILEUPLOAD-30081		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary File Write
SNYK-JAVA-COMMONSFILEUPLOAD-30080		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Cross-site Request Forgery (CSRF)
SNYK-JAVA-ORGSPRINGFRAMEWORK-31331		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
XML External Entity (XXE) Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-31330		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
XML External Entity (XXE) Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-30162		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
XML External Entity (XXE) Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-30160		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Privilege Escalation
SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Improper Input Validation
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Denial of Service (DoS)
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30793		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30791		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Arbitrary Fie Overwrite
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30790		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-480466		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHESTRUTS-30773		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary File Overwrite
SNYK-JAVA-ORGAPACHESTRUTS-30767		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Access Restriction Bypass
SNYK-JAVA-ORGAPACHESTRUTS-30764		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHESTRUTS-30059		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Cross-site Request Forgery (CSRF)
SNYK-JAVA-ORGAPACHESTRUTS-30057		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Classloader manipulation via CookieInterceptor
SNYK-JAVA-ORGAPACHESTRUTS-30056		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
ClassLoader Manipulation via ParametersInterceptor
SNYK-JAVA-ORGAPACHESTRUTS-30053		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Bypass Access Controls
SNYK-JAVA-ORGAPACHESTRUTS-30051		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
URL Redirection to Untrusted Site
SNYK-JAVA-ORGAPACHESTRUTS-30049		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Cross-site Request Forgery (CSRF)
SNYK-JAVA-ORGAPACHESTRUTS-30043		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Remote code execution
SNYK-JAVA-ORGAPACHESTRUTS-30041		 579/1000
Why? Has a fix available, CVSS 7.3		 Mature
Denial of Service (DoS)
SNYK-JAVA-OGNL-30474		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Directory Traversal
SNYK-JAVA-COMMONSIO-1277109		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Information Exposure
SNYK-JAVA-COMMONSFILEUPLOAD-31540		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Time of Check Time of Use (TOCTOU)
SNYK-JAVA-COMMONSFILEUPLOAD-30079		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Cross-site Scripting (XSS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-30161		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHESTRUTS-30769		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot