Skip to content

[Snyk] Security upgrade org.asciidoctor:asciidoctorj from 2.4.3 to 2.5.4#8

Open
msant262 wants to merge 1 commit intodevelopfrom
snyk-fix-ddc3241e46a30fed47df8e295f0650e8
Open

[Snyk] Security upgrade org.asciidoctor:asciidoctorj from 2.4.3 to 2.5.4#8
msant262 wants to merge 1 commit intodevelopfrom
snyk-fix-ddc3241e46a30fed47df8e295f0650e8

Conversation

@msant262
Copy link
Owner

@msant262 msant262 commented Apr 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • webgoat-container/pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 NULL Pointer Dereference
SNYK-JAVA-JODATIME-6595834		 org.asciidoctor:asciidoctorj:
2.4.3 -> 2.5.4
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 NULL Pointer Dereference

@sonarqubecloud
Copy link

sonarqubecloud bot commented Apr 14, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@msant262
Copy link
Owner Author

msant262 commented Apr 14, 2024

Logo
Checkmarx One – Scan Summary & Details89136f0f-5854-46e8-bd93-68673dca79f9

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2023-34034 Maven-org.springframework.security:spring-security-config-5.4.5 Vulnerable Package
HIGH CVE-2023-34034 Maven-org.springframework.security:spring-security-web-5.4.5 Vulnerable Package
HIGH CVE-2023-51775 Maven-org.bitbucket.b_c:jose4j-0.7.6 Vulnerable Package
HIGH CVE-2023-5685 Maven-org.jboss.xnio:xnio-api-3.8.0.Final Vulnerable Package
HIGH CVE-2023-6481 Maven-ch.qos.logback:logback-core-1.2.3 Vulnerable Package
HIGH CVE-2024-22257 Maven-org.springframework.security:spring-security-core-5.4.5 Vulnerable Package
HIGH CVE-2024-22259 Maven-org.springframework:spring-web-5.3.4 Vulnerable Package
MEDIUM Improper_Restriction_of_XXE_Ref /webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java: 79 Attack Vector
MEDIUM Improper_Restriction_of_XXE_Ref /webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java: 69 Attack Vector
MEDIUM Improper_Restriction_of_XXE_Ref /webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/ContentTypeAssignment.java: 59 Attack Vector
MEDIUM JWT_Sensitive_Information_Exposure /webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java: 129 Attack Vector
MEDIUM Parameter_Tampering /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java: 51 Attack Vector
MEDIUM Parameter_Tampering /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java: 67 Attack Vector
MEDIUM Parameter_Tampering /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java: 56 Attack Vector
MEDIUM Update Instruction Alone /Dockerfile: 8 Instruction 'RUN update' should always be followed by ' install' in the same RUN statement
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1203 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1203 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1215 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1203 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1203 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js: 505 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js: 332 Attack Vector

Fixed Issues

Severity Issue Source File / Package
HIGH Cx8fd408ac-dd80 Maven-com.beust:jcommander-1.72
MEDIUM Update Instruction Alone /Dockerfile: 6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msant262 @snyk-bot