[Snyk] Security upgrade org.webjars:bootstrap from 3.3.7 to 5.3.3 by msant262 · Pull Request #9 · msant262/WebGoat

msant262 · 2024-07-13T04:50:09Z

This PR was automatically created by Snyk using the credentials of a real user.

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

webwolf/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Cross-site Scripting SNYK-JAVA-ORGWEBJARS-7444620	688	org.webjars:bootstrap: `3.3.7` -> `5.3.3` `Major version upgrade` `Proof of Concept`

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-7444620

deepsource-io · 2024-07-13T04:50:32Z

Here's the code health analysis summary for commits ec11eb6..669e2eb. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
Java	✅ Success		View Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

guardrails · 2024-07-13T04:50:34Z

⚠️ We detected 8 security issues in this pull request:

Vulnerable Libraries (8)

Severity	Details
High	pkg:maven/org.springframework/spring-core@5.3.4 (t) upgrade to: 5.3.19,5.2.21
Critical	pkg:maven/org.springframework/spring-webmvc@5.3.4 (t) upgrade to: 5.2.20.RELEASE,2.5.12,2.6.6,5.3.18
Critical	pkg:maven/org.springframework/spring-web@5.3.4 (t) upgrade to: 6.0.0
Medium	pkg:maven/org.yaml/snakeyaml@1.27 (t) upgrade to: 1.31
Critical	pkg:maven/org.thymeleaf/thymeleaf-spring5@3.0.12.RELEASE (t) upgrade to: 3.0.13.RELEASE
High	pkg:maven/ch.qos.logback/logback-core@1.2.3 (t) upgrade to: 1.3.12,1.4.12
High	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.11.4 (t) upgrade to: 2.13.2.1,2.12.6.1
High	pkg:maven/ch.qos.logback/logback-classic@1.2.3 (t) upgrade to: 1.3.12,1.4.12

More info on how to fix Vulnerable Libraries in Java.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

sonarqubecloud · 2024-07-13T04:51:04Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

msant262 · 2024-07-13T04:57:43Z

Checkmarx One – Scan Summary & Details – 7189a491-a612-42d2-9bb7-94eabf49f286

New Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2024-5971	Maven-io.undertow:undertow-core-2.2.4.Final	Vulnerable Package
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 91	desc
Unpinned Actions Full Length Commit SHA	/build.yml: 55	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 61	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 101	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 51	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 211	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 161	desc
Unpinned Actions Full Length Commit SHA	/release.yml: 89	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 151	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 181	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 171	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 201	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 191	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 121	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 221	desc
Unpinned Actions Full Length Commit SHA	/release.yml: 80	desc
Unpinned Actions Full Length Commit SHA	/release.yml: 83	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 231	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 71	desc
Unpinned Actions Full Length Commit SHA	/rebase.yml: 17	desc
Unpinned Actions Full Length Commit SHA	/release.yml: 44	desc
Unpinned Actions Full Length Commit SHA	/release.yml: 77	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 21	desc
Unpinned Actions Full Length Commit SHA	/release.yml: 17	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 241	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 141	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 131	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 31	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 41	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 111	desc
Unpinned Actions Full Length Commit SHA	/jit-security.yml: 81	desc
CVE-2021-28169	Maven-org.eclipse.jetty:jetty-server-9.4.36.v20210114	Vulnerable Package
CVE-2021-28169	Maven-org.eclipse.jetty:jetty-http-9.4.36.v20210114	Vulnerable Package
CVE-2021-28169	Maven-org.eclipse.jetty:jetty-servlets-9.4.36.v20210114	Vulnerable Package

fix: webwolf/pom.xml to reduce vulnerabilities

669e2eb

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-7444620

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade org.webjars:bootstrap from 3.3.7 to 5.3.3#9

[Snyk] Security upgrade org.webjars:bootstrap from 3.3.7 to 5.3.3#9
msant262 wants to merge 1 commit intodevelopfrom
snyk-fix-6e64035d8c88fb759bee764c0ddfc92d

msant262 commented Jul 13, 2024

Uh oh!