[Snyk] Fix for 6 vulnerabilities by snyk-bot · Pull Request #6 · kutsyk/tutorials

snyk-bot · 2021-06-18T21:40:47Z

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml

Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JAVA-CHQOSLOGBACK-30208	`ch.qos.logback:logback-classic:` `1.1.1 -> 1.1.11`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JAVA-CHQOSLOGBACK-31407		No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519		No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520		No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Improper Access Control SNYK-JAVA-ORGAPACHETOMCATEMBED-30991		No	No Known Exploit
495/1000 Why? Has a fix available, CVSS 5.4	Denial of Service (DoS) SNYK-JAVA-ORGYAML-537645		No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Upgrade:
- Could not upgrade org.springframework.boot:spring-boot-starter-web@1.1.4.RELEASE to org.springframework.boot:spring-boot-starter-web@1.3.5.RELEASE; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.1.4.RELEASE/spring-boot-dependencies-1.1.4.RELEASE.pom

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

Provide feedback