Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: org.apache.struts:struts2-core, org.apache.struts:struts2-spring-plugin, org.springframework:spring-web, org.zeroturnaround:zt-zip #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: org.apache.struts:struts2-core, org.apache.struts:struts2-spring-plugin, org.springframework:spring-web, org.zeroturnaround:zt-zip #2

wants to merge 1 commit into from

Conversation

NRF-Snyk
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

org.apache.struts:struts2-core
from 2.3.20 to 2.5.33 | 47 versions ahead of your current version | 9 months ago
on 2023-12-05
org.apache.struts:struts2-spring-plugin
from 2.3.20 to 2.5.33 | 47 versions ahead of your current version | 9 months ago
on 2023-12-05
org.springframework:spring-web
from 3.2.6.RELEASE to 3.2.18.RELEASE | 12 versions ahead of your current version | 8 years ago
on 2016-12-21
org.zeroturnaround:zt-zip
from 1.12 to 1.17 | 5 versions ahead of your current version | 8 months ago
on 2024-01-28

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JAVA-COMMONSFILEUPLOAD-30082		 123 No Known Exploit
high severity Command Injection
SNYK-JAVA-ORGAPACHESTRUTS-30770		 123 Mature
high severity Parameter Alteration
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798		 123 No Known Exploit
medium severity Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JAVA-ORGZEROTURNAROUND-31681		 123 No Known Exploit
critical severity Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-30771		 123 No Known Exploit
medium severity Denial of Service
SNYK-JAVA-ORGAPACHESTRUTS-6100744		 123 No Known Exploit
critical severity Remote Code Execution (RCE)
SNYK-JAVA-ORGAPACHESTRUTS-6102825		 123 Mature
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHESTRUTS-31501		 123 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHESTRUTS-31502		 123 No Known Exploit
high severity Improper Input Validation
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799		 123 No Known Exploit
critical severity Arbitrary Command Execution
SNYK-JAVA-ORGAPACHESTRUTS-30772		 123 Mature
critical severity Arbitrary Code Execution
SNYK-JAVA-COMMONSFILEUPLOAD-30401		 123 No Known Exploit
high severity Access Restriction Bypass
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802		 123 No Known Exploit
high severity Insecure Defaults
SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418		 123 No Known Exploit
high severity Improper Input Validation
SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864		 123 No Known Exploit
medium severity Information Exposure
SNYK-JAVA-COMMONSFILEUPLOAD-31540		 123 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-OGNL-30474		 123 No Known Exploit
critical severity Remote Code Execution (RCE)
SNYK-JAVA-ORGAPACHESTRUTS-1049003		 123 Mature
critical severity Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-31503		 123 Mature
high severity Remote Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-32477		 123 Mature
high severity Cross-site Request Forgery (CSRF)
SNYK-JAVA-ORGAPACHESTRUTS-30774		 123 No Known Exploit
high severity Access Restriction Bypass
SNYK-JAVA-ORGAPACHESTRUTS-30775		 123 No Known Exploit
high severity Remote Code Execution (RCE)
SNYK-JAVA-ORGAPACHESTRUTS-2635340		 123 Proof of Concept
high severity Manipulation of Struts' internals
SNYK-JAVA-ORGAPACHESTRUTS-30060		 123 No Known Exploit
high severity Access Restriction Bypass
SNYK-JAVA-ORGAPACHESTRUTS-30776		 123 No Known Exploit
high severity Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803		 123 No Known Exploit
high severity Server-side Template Injection (SSTI)
SNYK-JAVA-ORGFREEMARKER-1076795		 123 Proof of Concept
high severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGSPRINGFRAMEWORK-30163		 123 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHESTRUTS-608098		 123 Proof of Concept
high severity Unrestricted Upload of File with Dangerous Type
SNYK-JAVA-ORGAPACHESTRUTS-609765		 123 No Known Exploit
high severity Reflected File Download
SNYK-JAVA-ORGSPRINGFRAMEWORK-30165		 123 No Known Exploit
high severity Arbitrary Command Execution
SNYK-JAVA-ORGAPACHESTRUTS-31495		 123 Mature
high severity Command Injection
SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611		 123 Mature
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHESTRUTS-31500		 123 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHESTRUTS-30773		 123 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800		 123 No Known Exploit
medium severity Improper Input Validation
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801		 123 No Known Exploit
critical severity Improper Action Name Cleanup
SNYK-JAVA-ORGAPACHESTRUTS-451610		 123 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JAVA-ORGAPACHESTRUTS-460223		 123 No Known Exploit
critical severity Directory Traversal
SNYK-JAVA-ORGAPACHESTRUTS-30778		 123 No Known Exploit
critical severity Arbitrary Code Execution
SNYK-JAVA-ORGAPACHESTRUTS-30207		 123 Mature
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGAPACHESTRUTS-5707101		 123 No Known Exploit
critical severity Remote Code Execution (RCE)
SNYK-JAVA-ORGAPACHESTRUTS-608097		 123 Mature
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804		 123 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-30164		 123 No Known Exploit
medium severity Cross-site Request Forgery (CSRF)
SNYK-JAVA-ORGSPRINGFRAMEWORK-31331		 123 No Known Exploit
medium severity Directory Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-31325		 123 No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.apache.struts:struts2-core","from":"2.3.20","to":"2.5.33"},{"name":"org.apache.struts:struts2-spring-plugin","from":"2.3.20","to":"2.5.33"},{"name":"org.springframework:spring-web","from":"3.2.6.RELEASE","to":"3.2.18.RELEASE"},{"name":"org.zeroturnaround:zt-zip","from":"1.12","to":"1.17"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMMONSFILEUPLOAD-30082","issue_id":"SNYK-JAVA-COMMONSFILEUPLOAD-30082","priority_score":123,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.05931},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Dec 25 2016 16:51:56 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.04},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-30770","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30770","priority_score":670,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.97524},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Apr 22 2016 04:32:51 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":6.83},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Command Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00305},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Sep 28 2015 16:59:30 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Parameter Alteration"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGZEROTURNAROUND-31681","issue_id":"SNYK-JAVA-ORGZEROTURNAROUND-31681","priority_score":78,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00079},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu May 31 2018 07:32:02 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.29},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Arbitrary File Write via Archive Extraction (Zip Slip)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30771","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30771","priority_score":420,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.95903},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Apr 22 2016 02:36:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":4.29},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-6100744","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-6100744","priority_score":49,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00264},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Dec 06 2023 08:01:07 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-6102825","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-6102825","priority_score":691,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.09044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Dec 07 2023 12:27:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":7.06},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-31501","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31501","priority_score":117,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02403},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Sep 12 2017 12:47:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.95},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-31502","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31502","priority_score":253,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.93195},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Sep 12 2017 12:47:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":4.22},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799","priority_score":173,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01731},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Mar 16 2016 05:58:06 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.77},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-30772","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30772","priority_score":691,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.46493},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Jun 02 2016 00:40:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":7.06},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Arbitrary Command Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMMONSFILEUPLOAD-30401","issue_id":"SNYK-JAVA-COMMONSFILEUPLOAD-30401","priority_score":200,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.05866},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Oct 26 2016 03:04:11 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.04},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00531},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 21 2016 01:33:07 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Access Restriction Bypass"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418","priority_score":108,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0119},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 11 2015 16:51:55 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.92},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Insecure Defaults"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864","priority_score":173,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01352},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Aug 01 2023 09:22:02 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.76},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMMONSFILEUPLOAD-31540","issue_id":"SNYK-JAVA-COMMONSFILEUPLOAD-31540","priority_score":81,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Feb 17 2017 08:05:48 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.19},{"name":"likelihood","value":1.92},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-OGNL-30474","issue_id":"SNYK-JAVA-OGNL-30474","priority_score":47,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02732},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Jun 02 2016 02:16:48 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":1.96},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-1049003","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-1049003","priority_score":691,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.97257},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Dec 08 2020 19:25:43 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":7.06},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-31503","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31503","priority_score":595,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"functional"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.973},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 06 2017 17:28:23 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":6.07},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-32477","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-32477","priority_score":670,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.9753},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Aug 22 2018 11:53:44 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":6.83},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Remote Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30774","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30774","priority_score":143,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jun 20 2016 07:00:37 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.46},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30775","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30775","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00914},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 21 2016 04:49:27 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.91},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Access Restriction Bypass"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGAPACHESTRUTS-2635340","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-2635340","priority_score":283,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.18558},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Apr 12 2022 20:33:08 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.88},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30060","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30060","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00305},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jul 01 2015 16:51:56 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Manipulation of Struts' internals"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30776","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30776","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00531},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 21 2016 01:33:07 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Access Restriction Bypass"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803","priority_score":192,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.09408},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Nov 14 2016 07:48:03 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.96},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGFREEMARKER-1076795","issue_id":"SNYK-JAVA-ORGFREEMARKER-1076795","priority_score":224,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Feb 19 2021 15:54:24 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.28},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Server-side Template Injection (SSTI)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30163","priority_score":190,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00181},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Dec 25 2016 16:51:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.94},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGAPACHESTRUTS-608098","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-608098","priority_score":173,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.09793},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Aug 21 2020 14:36:29 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.89},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-609765","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-609765","priority_score":170,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00216},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Sep 04 2020 15:56:53 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.73},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Unrestricted Upload of File with Dangerous Type"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30165","priority_score":131,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00278},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Dec 25 2016 16:51:56 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":10.1},{"name":"likelihood","value":1.3},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Reflected File Download"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-31495","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31495","priority_score":670,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.97515},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 06 2017 17:28:23 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":6.83},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary Command Execution"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611","priority_score":670,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.97524},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Apr 22 2016 04:32:51 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":6.83},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Command Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-31500","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-31500","priority_score":119,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.03467},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Sep 12 2017 12:47:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.98},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30773","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30773","priority_score":68,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01905},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Mar 16 2016 06:52:13 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":1.49},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800","priority_score":87,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.18207},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Mar 16 2016 07:51:26 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801","priority_score":47,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02732},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Jun 02 2016 02:16:48 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":1.96},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-451610","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-451610","priority_score":191,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02365},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Sep 19 2016 05:25:51 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.95},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Improper Action Name Cleanup"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-460223","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-460223","priority_score":101,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.959},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jun 20 2016 07:45:43 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":4.29},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-30778","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30778","priority_score":190,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02019},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Oct 19 2016 01:09:09 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.94},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Directory Traversal"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-30207","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-30207","priority_score":712,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.96541},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 21 2017 15:30:44 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":10.1},{"name":"likelihood","value":7.06},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTS-5707101","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-5707101","priority_score":35,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01484},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jun 14 2023 10:55:13 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":1.48},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGAPACHESTRUTS-608097","issue_id":"SNYK-JAVA-ORGAPACHESTRUTS-608097","priority_score":590,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"functional"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.95377},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Aug 21 2020 14:06:54 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":6.02},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","issue_id":"SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804","priority_score":101,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.959},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jun 20 2016 07:45:43 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":4.29},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","issue_id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-30164","priority_score":84,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchange...

@snyk-bot
fix: upgrade multiple dependencies with Snyk
012f4df 
Snyk has created this PR to upgrade:
  - org.apache.struts:struts2-core from 2.3.20 to 2.5.33.
    See this package in maven: https://mvnrepository.com/artifact/org.apache.struts/struts2-core/
  - org.apache.struts:struts2-spring-plugin from 2.3.20 to 2.5.33.
    See this package in maven: https://mvnrepository.com/artifact/org.apache.struts/struts2-spring-plugin/
  - org.springframework:spring-web from 3.2.6.RELEASE to 3.2.18.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework/spring-web/
  - org.zeroturnaround:zt-zip from 1.12 to 1.17.
    See this package in maven: https://mvnrepository.com/artifact/org.zeroturnaround/zt-zip/

See this project in Snyk:
https://app.snyk.io/org/web-applications-WKPKmyY6aBzAT5pqceZcrF/project/46bf21d4-8799-431e-ac71-e37cac6b8716?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NRF-Snyk @snyk-bot