[Snyk] Fix for 47 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
	590/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-173761	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-2331703	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	No Known Exploit	No Path Found
	335/1000 Why? Has a fix available, CVSS 3.7	Information Exposure SNYK-JAVA-COMMONSCODEC-561518	org.drools:drools-core: 6.5.0.Final -> 7.32.0.k20191220	No	No Known Exploit	No Path Found
	655/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	490/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Arbitrary File Deletion SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	595/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Mature	No Path Found
	515/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.8	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	490/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	490/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	680/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.1	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	530/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	490/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	530/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	490/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	530/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	600/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	490/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	535/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Remote Code Execution (RCE) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	550/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	650/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	Proof of Concept	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394	org.drools:drools-compiler: 6.5.0.Final -> 7.66.0.Final	Yes	No Known Exploit	No Path Found
	580/1000 Why? Has a fix available, CVSS 8.6	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832		Yes	No Known Exploit	No Path Found
	365/1000 Why? Has a fix available, CVSS 4.3	Improper Output Neutralization for Logs SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097		Yes	No Known Exploit	No Path Found
	365/1000 Why? Has a fix available, CVSS 4.3	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878		Yes	No Known Exploit	No Path Found
	465/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828		Yes	No Known Exploit	No Path Found
	840/1000 Why? Currently trending on Twitter, Mature exploit, Recently disclosed, Has a fix available, CVSS 9.8	Remote Code Execution SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751		Yes	Mature	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-31332		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JAVA-ORGSPRINGFRAMEWORK-31689		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Multipart Content Pollution SNYK-JAVA-ORGSPRINGFRAMEWORK-32199		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-32202		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Cross-Site Tracing (XST) SNYK-JAVA-ORGSPRINGFRAMEWORK-451604		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Multipart Content Pollution SNYK-JAVA-ORGSPRINGFRAMEWORK-460644		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JAVA-ORGSPRINGFRAMEWORK-467268		No	No Known Exploit	No Path Found
	335/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-72470		No	No Known Exploit	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.springframework.boot:spring-boot-starter-jersey@1.4.2.RELEASE to org.springframework.boot:spring-boot-starter-jersey@2.3.0.RELEASE; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.4.2.RELEASE/spring-boot-dependencies-1.4.2.RELEASE.pom
  • Could not upgrade org.springframework.boot:spring-boot-starter-thymeleaf@1.4.2.RELEASE to org.springframework.boot:spring-boot-starter-thymeleaf@2.0.0.RELEASE; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.4.2.RELEASE/spring-boot-dependencies-1.4.2.RELEASE.pom
  • Could not upgrade org.springframework.boot:spring-boot-starter-web-services@1.4.2.RELEASE to org.springframework.boot:spring-boot-starter-web-services@2.5.12; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.4.2.RELEASE/spring-boot-dependencies-1.4.2.RELEASE.pom

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary File Deletion
🦉 Server-Side Request Forgery (SSRF)
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn