[Snyk] Fix for 39 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • 00_framework/core/pom.xml
  • 00_framework/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
	390/1000 Why? Has a fix available, CVSS 4.8	Insufficient Hostname Verification SNYK-JAVA-CHQOSLOGBACK-1726923	org.springframework.boot:spring-boot-starter-data-jpa: 1.5.9.RELEASE -> 2.3.0.RELEASE org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	640/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JAVA-CHQOSLOGBACK-31407	org.springframework.boot:spring-boot-starter-data-jpa: 1.5.9.RELEASE -> 2.3.0.RELEASE org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	500/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Information Disclosure SNYK-JAVA-COMGOOGLEGUAVA-1015415	com.querydsl:querydsl-apt: 4.1.3 -> 5.0.0	Yes	Proof of Concept	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLEGUAVA-32236	com.querydsl:querydsl-apt: 4.1.3 -> 5.0.0	Yes	No Known Exploit	No Path Found
	460/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1082234	org.elasticsearch.client:transport: 5.3.3 -> 7.15.0	Yes	No Known Exploit	No Path Found
	460/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1082236	org.elasticsearch.client:transport: 5.3.3 -> 7.15.0	Yes	No Known Exploit	No Path Found
	430/1000 Why? Has a fix available, CVSS 5.6	HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	490/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	Proof of Concept	No Path Found
	415/1000 Why? Has a fix available, CVSS 5.3	Information Disclosure SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	500/1000 Why? Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	390/1000 Why? Has a fix available, CVSS 4.8	Improper Input Validation SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	415/1000 Why? Has a fix available, CVSS 5.3	HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	600/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	Proof of Concept	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-451342	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	No Known Exploit	No Path Found
	675/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Remote Code Execution SNYK-JAVA-ORGAPACHETOMCATEMBED-451343	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	Mature	No Path Found
	325/1000 Why? Has a fix available, CVSS 3.5	Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHETOMCATEMBED-451458	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-451459	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	No Known Exploit	No Path Found
	430/1000 Why? Has a fix available, CVSS 5.6	Open Redirect SNYK-JAVA-ORGAPACHETOMCATEMBED-451503	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JAVA-ORGAPACHETOMCATEMBED-451504	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	No Known Exploit	No Path Found
	640/1000 Why? Has a fix available, CVSS 9.8	Insecure Defaults SNYK-JAVA-ORGAPACHETOMCATEMBED-451505	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-451508	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	No Known Exploit	No Path Found
	475/1000 Why? Has a fix available, CVSS 6.5	Directory Traversal SNYK-JAVA-ORGAPACHETOMCATEMBED-451510	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Access Restriction Bypass SNYK-JAVA-ORGAPACHETOMCATEMBED-451511	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	No	No Known Exploit	No Path Found
	305/1000 Why? Has a fix available, CVSS 3.1	Session Fixation SNYK-JAVA-ORGAPACHETOMCATEMBED-538488	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	675/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHETOMCATEMBED-570072	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	Mature	No Path Found
	415/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-584427	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	568/1000 Why? Has a fix available, CVSS 8.2	SQL Injection SNYK-JAVA-ORGHIBERNATE-1041788	org.springframework.boot:spring-boot-starter-data-jpa: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	415/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JAVA-ORGHIBERNATE-568162	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	483/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JAVA-ORGHIBERNATE-569100	org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	SQL Injection SNYK-JAVA-ORGHIBERNATE-584563	org.springframework.boot:spring-boot-starter-data-jpa: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JAVA-ORGSPRINGFRAMEWORK-31689	cn.afterturn:easypoi-web: 3.0.3 -> 4.1.0	Yes	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Multipart Content Pollution SNYK-JAVA-ORGSPRINGFRAMEWORK-32199	cn.afterturn:easypoi-web: 3.0.3 -> 4.1.0	Yes	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Cross-Site Tracing (XST) SNYK-JAVA-ORGSPRINGFRAMEWORK-451604	cn.afterturn:easypoi-web: 3.0.3 -> 4.1.0	Yes	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Multipart Content Pollution SNYK-JAVA-ORGSPRINGFRAMEWORK-460644	cn.afterturn:easypoi-web: 3.0.3 -> 4.1.0 org.springframework.boot:spring-boot-starter-data-jpa: 1.5.9.RELEASE -> 2.3.0.RELEASE org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JAVA-ORGSPRINGFRAMEWORK-467268	cn.afterturn:easypoi-web: 3.0.3 -> 4.1.0	Yes	No Known Exploit	No Path Found
	335/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-72470	cn.afterturn:easypoi-web: 3.0.3 -> 4.1.0	Yes	No Known Exploit	No Path Found
	495/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Denial of Service (DoS) SNYK-JAVA-ORGYAML-537645	org.springframework.boot:spring-boot-starter-data-jpa: 1.5.9.RELEASE -> 2.3.0.RELEASE org.springframework.boot:spring-boot-starter-web: 1.5.9.RELEASE -> 2.3.0.RELEASE	Yes	Proof of Concept	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic