Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade org.apache.commons:commons-compress from 1.15 to 1.27.1 #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade org.apache.commons:commons-compress from 1.15 to 1.27.1 #2

wants to merge 1 commit into from

Conversation

karencapiiro
Copy link

snyk-top-banner

Snyk has created this PR to upgrade org.apache.commons:commons-compress from 1.15 to 1.27.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 16 versions ahead of your current version.

  • The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHECOMMONS-1316641		 121 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHECOMMONS-460507		 121 No Known Exploit
high severity Infinite loop
SNYK-JAVA-ORGAPACHECOMMONS-6254296		 121 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHECOMMONS-1316638		 121 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHECOMMONS-1316639		 121 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHECOMMONS-1316640		 121 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHECOMMONS-32122		 121 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHECOMMONS-32473		 121 No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade org.apache.commons:commons-compress from 1.15 to 1.27.1
5791c4a 
Snyk has created this PR to upgrade org.apache.commons:commons-compress from 1.15 to 1.27.1.

See this package in maven:
org.apache.commons:commons-compress

See this project in Snyk:
https://app.snyk.io/org/apiiro-snyk/project/0fc753fa-77ca-439c-b75c-9997b6f4c80c?utm_source=github&utm_medium=referral&page=upgrade-pr
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
maven/org.apache.commons/commons-compress@1.27.1 eval, filesystem, network, unsafe Transitive: environment, shell +108 223 MB

🚮 Removed packages: maven/org.apache.commons/commons-compress@1.15, npm/conventional-changelog-ember@2.0.9, npm/conventional-changelog-eslint@3.0.9, npm/conventional-changelog-express@2.0.6, npm/conventional-changelog-jquery@3.0.11, npm/conventional-changelog-jshint@2.0.9, npm/conventional-changelog-preset-loader@2.3.4, npm/conventional-changelog-writer@5.0.0, npm/conventional-commits-filter@2.0.7, npm/conventional-commits-parser@3.2.3, npm/convert-source-map@1.8.0, npm/cookie-signature@1.0.6, npm/cookie@0.4.0, npm/copy-anything@2.0.3, npm/copy-descriptor@0.1.1, npm/copy-props@2.0.5, npm/copy-webpack-plugin@9.0.1, npm/core-js-bundle@3.19.3, npm/core-js-compat@3.19.3, npm/core-js@3.19.0, npm/core-util-is@1.0.3, npm/cors@2.8.5, npm/corser@2.0.1, npm/cosmiconfig@7.0.1, npm/crc-32@1.2.0, npm/crc32-stream@4.0.2, npm/create-require@1.1.1, npm/critters@0.0.14, npm/cross-env@5.2.1, npm/cross-spawn@7.0.3, npm/css-blank-pseudo@0.1.4, npm/css-has-pseudo@0.10.0, npm/css-loader@6.5.0, npm/css-prefers-color-scheme@3.1.1, npm/css-select@4.1.3, npm/css-shorthand-properties@1.1.1, npm/css-value@0.0.1, npm/css-what@5.1.0, npm/css@3.0.0, npm/cssdb@4.4.0, npm/cssesc@3.0.0, npm/csv-streamify@3.0.4, npm/custom-event@1.0.1, npm/d@1.0.1, npm/dargs@7.0.0, npm/dashdash@1.14.1, npm/data-uri-to-buffer@3.0.1, npm/date-format@3.0.0, npm/dateformat@3.0.3, npm/debug@4.3.3, npm/decamelize-keys@1.1.0, npm/decamelize@1.2.0

View full report↗︎

@rafikmojr
Copy link
Collaborator

Logo
Checkmarx One – Scan Summary & Detailsa71b497a-d84f-4f26-a55e-42a572a035c4

New Issues

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2024-42005 Python-Django-1.2 Vulnerable Package
CRITICAL Cx9eb96c9b-eb45 Npm-angular-mocks-1.8-1.8.2 Vulnerable Package
CRITICAL Cxcf770dcb-fd21 Npm-angular-1.8-1.8.2 Vulnerable Package
HIGH CVE-2024-27351 Python-Django-1.2 Vulnerable Package
HIGH CVE-2024-29180 Npm-webpack-dev-middleware-5.2.1 Vulnerable Package
HIGH CVE-2024-29415 Npm-ip-1.1.5 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-7.5.6 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-7.4.6 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-8.2.3 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-8.3.0 Vulnerable Package
HIGH CVE-2024-38355 Npm-socket.io-4.4.0 Vulnerable Package
HIGH CVE-2024-38875 Python-Django-1.2 Vulnerable Package
HIGH CVE-2024-39330 Python-Django-1.2 Vulnerable Package
HIGH CVE-2024-39614 Python-Django-1.2 Vulnerable Package
HIGH CVE-2024-4068 Npm-braces-2.3.2 Vulnerable Package
HIGH CVE-2024-4068 Npm-braces-3.0.2 Vulnerable Package
HIGH CVE-2024-41989 Python-Django-1.2 Vulnerable Package
HIGH CVE-2024-41990 Python-Django-1.2 Vulnerable Package
HIGH CVE-2024-41991 Python-Django-1.2 Vulnerable Package
HIGH CVE-2024-45296 Npm-path-to-regexp-1.8.0 Vulnerable Package
HIGH CVE-2024-45296 Npm-path-to-regexp-0.1.7 Vulnerable Package
HIGH CVE-2024-45590 Npm-body-parser-1.19.0 Vulnerable Package
HIGH Cx37f28a21-b2a7 Npm-angular-1.8-1.8.2 Vulnerable Package
HIGH Cx94a5c81d-63b1 Npm-angular-1.8-1.8.2 Vulnerable Package
HIGH Sensitive Port Is Exposed To Entire Network /ec2.tf: 83 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
HIGH Sensitive Port Is Exposed To Entire Network /ec2.tf: 83 A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
MEDIUM CVE-2024-28849 Npm-follow-redirects-1.14.6 Vulnerable Package
MEDIUM CVE-2024-28863 Npm-tar-4.4.19 Vulnerable Package
MEDIUM CVE-2024-28863 Npm-tar-6.1.11 Vulnerable Package
MEDIUM CVE-2024-29041 Npm-express-4.17.1 Vulnerable Package
MEDIUM CVE-2024-37168 Npm-@grpc/grpc-js-1.4.4 Vulnerable Package
MEDIUM CVE-2024-38999 Npm-requirejs-2.3.6 Vulnerable Package
MEDIUM CVE-2024-39329 Python-Django-1.2 Vulnerable Package
MEDIUM CVE-2024-4067 Npm-micromatch-4.0.4 Vulnerable Package
MEDIUM CVE-2024-4067 Npm-micromatch-3.1.10 Vulnerable Package
MEDIUM CVE-2024-43788 Npm-webpack-5.64.1 Vulnerable Package
MEDIUM CVE-2024-43796 Npm-express-4.17.1 Vulnerable Package
MEDIUM CVE-2024-43799 Npm-send-0.17.1 Vulnerable Package
MEDIUM CVE-2024-43800 Npm-serve-static-1.14.1 Vulnerable Package
LOW CVE-2024-4128 Npm-firebase-tools-9.23.1 Vulnerable Package
LOW IAM Access Analyzer Not Enabled /gcs.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /iam.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /security_center.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /bucket.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /app_service.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /logging.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /es.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /db-app.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /aks.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /kms.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /ecr.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /instances.tf: 3 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /elb.tf: 2 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /policies.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /s3.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /big_data.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /rds.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /networks.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /compartment.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /key_vault.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /random.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /roles.tf: 3 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /storage.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /sql.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /mssql.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /gke.tf: 6 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /trail.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /rds.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /ec2.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /resource_group.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /lambda.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /application_gateway.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /neptune.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /eks.tf: 18 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /instance.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW IAM Access Analyzer Not Enabled /networking.tf: 1 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2019-12402 Maven-org.apache.commons:commons-compress-1.15
HIGH Cx37f28a21-b2a7 Npm-angular-1.8-1.8.2
HIGH Cx94a5c81d-63b1 Npm-angular-1.8-1.8.2
HIGH Cx9eb96c9b-eb45 Npm-angular-mocks-1.8-1.8.2
HIGH Cxab55612e-3a56 Npm-braces-3.0.2
HIGH Cxab55612e-3a56 Npm-braces-2.3.2
HIGH Cxca84a1c2-1f12 Npm-micromatch-3.1.10
HIGH Cxca84a1c2-1f12 Npm-micromatch-4.0.4
HIGH Cxcf770dcb-fd21 Npm-angular-1.8-1.8.2
HIGH S3 Bucket SSE Disabled /ec2.tf: 271
HIGH S3 Bucket SSE Disabled /s3.tf: 89
HIGH S3 Bucket SSE Disabled /s3.tf: 1
HIGH S3 Bucket SSE Disabled /s3.tf: 65
HIGH S3 Bucket SSE Disabled /s3.tf: 42
HIGH S3 Bucket Without Enabled MFA Delete /ec2.tf: 271
HIGH S3 Bucket Without Enabled MFA Delete /s3.tf: 1
HIGH S3 Bucket Without Enabled MFA Delete /s3.tf: 42
MEDIUM CVE-2007-2379 Npm-jquery-3.6.0
MEDIUM CVE-2014-6071 Npm-jquery-3.6.0
MEDIUM CVE-2018-11771 Maven-org.apache.commons:commons-compress-1.15
MEDIUM CVE-2018-1324 Maven-org.apache.commons:commons-compress-1.15

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@karencapiiro @rafikmojr @snyk-bot