[Snyk] Fix for 52 vulnerabilities by sharmyn-snyk-test · Pull Request #10 · sharmyn-snyk-test/Java-Goof

sharmyn-snyk-test · 2025-02-27T09:48:11Z

Snyk has created this PR to fix 52 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

pom.xml
todolist-web-struts/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue	Score	Upgrade
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-1049003	691	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-6102825	691	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Command Injection SNYK-JAVA-ORGAPACHESTRUTS-30770	670	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-31495	670	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Remote Code Execution SNYK-JAVA-ORGAPACHESTRUTS-32477	670	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Command Injection SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611	670	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `Mature`
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-31503	594	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-608097	590	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Mature`
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-2635340	460	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Proof of Concept`
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30771	360	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31502	251	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Server-side Template Injection (SSTI) SNYK-JAVA-ORGFREEMARKER-1076795	224	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `Proof of Concept`
Open Redirect SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586	206	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `Proof of Concept`
Improper Action Name Cleanup SNYK-JAVA-ORGAPACHESTRUTS-451610	195	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799	193	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Directory Traversal SNYK-JAVA-ORGAPACHESTRUTS-30778	191	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803	191	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30163	190	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `No Path Found` `No Known Exploit`
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864	186	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-608098	182	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `Proof of Concept`
Unrestricted Upload of File with Dangerous Type SNYK-JAVA-ORGAPACHESTRUTS-609765	171	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGAPACHESTRUTS-30774	164	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGSPRINGFRAMEWORK-31331	157	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `No Path Found` `No Known Exploit`
Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832	156	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Open Redirect SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790	152	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-3326457	150	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `Major version upgrade` `No Path Found` `Proof of Concept`
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30775	132	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Reflected File Download SNYK-JAVA-ORGSPRINGFRAMEWORK-30165	131	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `No Path Found` `No Known Exploit`
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30776	125	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802	125	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31501	123	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Manipulation of Struts' internals SNYK-JAVA-ORGAPACHESTRUTS-30060	120	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31500	116	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Insecure Defaults SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418	109	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217	104	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JAVA-ORGZEROTURNAROUND-31681	97	org.zeroturnaround:zt-zip: `1.12` -> `1.13` `Reachable` `No Known Exploit`
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTS-460223	91	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804	91	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Open Redirect SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980	91	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800	88	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Directory Traversal SNYK-JAVA-COMMONSIO-1277109	86	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `Major version upgrade` `No Path Found` `Mature`
Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-30164	86	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `No Path Found` `No Known Exploit`
Information Exposure SNYK-JAVA-COMMONSFILEUPLOAD-31540	81	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTS-30773	79	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-7687447	65	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366	53	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-OGNL-30474	49	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801	49	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` `No Path Found` `No Known Exploit`
Denial of Service SNYK-JAVA-ORGAPACHESTRUTS-6100744	45	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828	45	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749	45	org.springframework:spring-web: `3.2.6.RELEASE` -> `6.1.14` `Major version upgrade` `No Path Found` `No Known Exploit`
Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGAPACHESTRUTS-5707101	36	org.apache.struts:struts2-core: `2.3.20` -> `6.1.2` org.apache.struts:struts2-spring-plugin: `2.3.20` -> `2.5.33` `No Path Found` `No Known Exploit`

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Directory Traversal
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 52 vulnerabilities#10

[Snyk] Fix for 52 vulnerabilities#10
sharmyn-snyk-test wants to merge 1 commit into
masterfrom
snyk-fix-b742095b81894f50fc0eb13aaf96089b

sharmyn-snyk-test commented Feb 27, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

sharmyn-snyk-test commented Feb 27, 2025

Snyk has created this PR to fix 52 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants