[Snyk] Security upgrade org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream from 2.1.2.RELEASE to 2.1.3.RELEASE by snyk-bot · Pull Request #830 · Centaurioun/tutorials

snyk-bot · 2023-03-15T09:02:29Z

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- spring-cloud-modules/spring-cloud-stream-starters/twitterhdfs/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	Proof of Concept
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316	`org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream:` `2.1.2.RELEASE -> 2.1.3.RELEASE`	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data

…bilities (#425) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DEBUG-3227433 Co-authored-by: snyk-bot <snyk-bot@snyk.io>

Signed-off-by: null <null> Signed-off-by: null <null>

…3.4.0 (#622) * fix: libraries-data/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKAFKA-3317161 * Restyled by whitespace (#623) Co-authored-by: Restyled.io <commits@restyled.io> --------- Co-authored-by: restyled-io[bot] <32688539+restyled-io[bot]@users.noreply.github.com> Co-authored-by: Restyled.io <commits@restyled.io>

Centaurioun and others added 4 commits January 11, 2023 20:12

fix: json-modules/json/src/main/webapp/package.json to reduce vulnera…

af59c74

…bilities (#425) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DEBUG-3227433 Co-authored-by: snyk-bot <snyk-bot@snyk.io>

ci(Mergify): configuration update (#443)

10f5ee8

Signed-off-by: null <null> Signed-off-by: null <null>

restyled-io bot mentioned this pull request Mar 15, 2023

Restyle [Snyk] Security upgrade org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream from 2.1.2.RELEASE to 2.1.3.RELEASE #831

Closed

Centaurioun force-pushed the master branch from 7247a04 to 38fa542 Compare April 3, 2023 01:44

This was referenced Apr 10, 2023

[Snyk] Fix for 1 vulnerabilities #278

Merged

[Snyk] Fix for 1 vulnerabilities #283

Merged

mergify bot merged commit 484b942 into master Sep 11, 2023

mergify bot deleted the snyk-fix-4f831d2344773038480f0350c05637b4 branch September 11, 2023 20:17

snyk-bot mentioned this pull request Sep 16, 2023

[Snyk] Fix for 1 vulnerabilities #346

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream from 2.1.2.RELEASE to 2.1.3.RELEASE#830

[Snyk] Security upgrade org.springframework.cloud.stream.app:spring-cloud-starter-stream-source-twitterstream from 2.1.2.RELEASE to 2.1.3.RELEASE#830
mergify[bot] merged 4 commits intomasterfrom
snyk-fix-4f831d2344773038480f0350c05637b4

snyk-bot commented Mar 15, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

snyk-bot commented Mar 15, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants