Skip to content

[Snyk] Fix for 5 vulnerabilities

Anthony Nolan requested to merge snyk-fix-17776206f088e7e0e5eb731591259150 into main

snyk-top-banner

Snyk has created this Merge Request to fix 5 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • authorization-service/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Path Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373 		  721   No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364 		  401   No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365 		  401   org.springframework.security:spring-security-oauth2-authorization-server:
1.2.1 -> 1.2.7
No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366 		  401   org.springframework.security:spring-security-oauth2-authorization-server:
1.2.1 -> 1.2.7
No Known Exploit
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368 		  401   No Known Exploit

Vulnerabilities that could not be fixed

  • Upgrade:
    • Could not upgrade org.springframework.boot:spring-boot-starter-security@3.2.2 to org.springframework.boot:spring-boot-starter-security@3.2.11; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/3.2.2/spring-boot-dependencies-3.2.2.pom
  • Could not upgrade org.springframework.boot:spring-boot-starter-web@3.2.2 to org.springframework.boot:spring-boot-starter-web@3.2.11; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/3.2.2/spring-boot-dependencies-3.2.2.pom

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Path Traversal

Merge request reports