Skip to content

[Snyk] Upgrade com.thoughtworks.xstream:xstream from 1.4.5 to 1.4.20#1

Open
mgulter wants to merge 1 commit intomainfrom
snyk-upgrade-af75f61bf12fe96f7e9fc656fda86706
Open

[Snyk] Upgrade com.thoughtworks.xstream:xstream from 1.4.5 to 1.4.20#1
mgulter wants to merge 1 commit intomainfrom
snyk-upgrade-af75f61bf12fe96f7e9fc656fda86706

Conversation

@mgulter
Copy link
Copy Markdown

@mgulter mgulter commented Mar 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade com.thoughtworks.xstream:xstream from 1.4.5 to 1.4.20.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 22 versions ahead of your current version.
  • The recommended version was released a year ago, on 2022-12-23.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Remote Code Execution (RCE)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Mature
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 No Known Exploit
XML External Entity (XXE) Injection
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 No Known Exploit
Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 No Known Exploit
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Insecure XML deserialization
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Mature
Arbitrary File Deletion
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 No Known Exploit
Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Mature
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept
Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336		 611/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.8		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mgulter @snyk-bot