[Snyk] Fix for 4 vulnerabilities #119

Closed

LucaFilipozzi wants to merge 1 commit from snyk-fix-c80917a09f194f0fdc83449f67347e58 into main

LucaFilipozzi commented

2024-09-20 05:35:22 -04:00

(Migrated from github.com)

Snyk has created this PR to fix 4 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue	Score	Upgrade
URL Redirection to Untrusted Site ('Open Redirect') SNYK-JAVA-ORGKEYCLOAK-8061810	666	org.keycloak:keycloak-server-spi-private: `15.0.2` -> `25.0.6` org.keycloak:keycloak-services: `15.0.2` -> `25.0.6` `Major version upgrade` `No Known Exploit`
URL Redirection to Untrusted Site ('Open Redirect') SNYK-JAVA-ORGKEYCLOAK-8061811	666	org.keycloak:keycloak-services: `15.0.2` -> `25.0.6` `Major version upgrade` `No Known Exploit`
Improper Handling of Extra Values SNYK-JAVA-ORGKEYCLOAK-7926864	641	org.keycloak:keycloak-server-spi: `15.0.2` -> `25.0.6` org.keycloak:keycloak-server-spi-private: `15.0.2` -> `25.0.6` org.keycloak:keycloak-services: `15.0.2` -> `25.0.6` `Major version upgrade` `No Known Exploit`
Cross-Site Request Forgery (CSRF) SNYK-JAVA-ORGKEYCLOAK-7247314	399	org.keycloak:keycloak-services: `15.0.2` -> `25.0.6` `Major version upgrade` `No Known Exploit`

Important

Check the changes in this PR to ensure they won't cause issues with your project.

Max score is 1000. Note that the real score may have changed since the PR was raised.

This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 URL Redirection to Untrusted Site ('Open Redirect')
🦉 Cross-Site Request Forgery (CSRF)

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.keycloak:keycloak-server-spi","from":"15.0.2","to":"25.0.6"},{"name":"org.keycloak:keycloak-server-spi-private","from":"15.0.2","to":"25.0.6"},{"name":"org.keycloak:keycloak-services","from":"15.0.2","to":"25.0.6"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061811","priority_score":666,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"URL Redirection to Untrusted Site ('Open Redirect')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7926864","priority_score":641,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Values"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7926864","priority_score":641,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Values"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7926864","priority_score":641,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Values"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061810","priority_score":666,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"URL Redirection to Untrusted Site ('Open Redirect')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7247314","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-Site Request Forgery (CSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061810","priority_score":666,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"URL Redirection to Untrusted Site ('Open Redirect')"}],"prId":"3fefd5bc-0cbb-448a-92af-8603871b68a2","prPublicId":"3fefd5bc-0cbb-448a-92af-8603871b68a2","packageManager":"maven","priorityScoreList":[666,641,666,399],"projectPublicId":"1029ac93-ceb3-4aa4-8d68-9192b9dd20a5","projectUrl":"https://app.snyk.io/org/lucafilipozzi/project/1029ac93-ceb3-4aa4-8d68-9192b9dd20a5?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-ORGKEYCLOAK-7247314","SNYK-JAVA-ORGKEYCLOAK-7926864","SNYK-JAVA-ORGKEYCLOAK-8061810","SNYK-JAVA-ORGKEYCLOAK-8061811"],"vulns":["SNYK-JAVA-ORGKEYCLOAK-8061811","SNYK-JAVA-ORGKEYCLOAK-7926864","SNYK-JAVA-ORGKEYCLOAK-8061810","SNYK-JAVA-ORGKEYCLOAK-7247314"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 4 vulnerabilities in the maven dependencies of this project. #### Snyk changed the following file(s): - `pom.xml` #### Vulnerabilities that will be fixed with an upgrade: | | Issue | Score | Upgrade :-------------------------:|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | URL Redirection to Untrusted Site ('Open Redirect') [SNYK-JAVA-ORGKEYCLOAK-8061810](https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-8061810) |   **666**   | org.keycloak:keycloak-server-spi-private: `15.0.2` -> `25.0.6` org.keycloak:keycloak-services: `15.0.2` -> `25.0.6` `Major version upgrade` `No Known Exploit` ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | URL Redirection to Untrusted Site ('Open Redirect') [SNYK-JAVA-ORGKEYCLOAK-8061811](https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-8061811) |   **666**   | org.keycloak:keycloak-services: `15.0.2` -> `25.0.6` `Major version upgrade` `No Known Exploit` ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Improper Handling of Extra Values [SNYK-JAVA-ORGKEYCLOAK-7926864](https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-7926864) |   **641**   | org.keycloak:keycloak-server-spi: `15.0.2` -> `25.0.6` org.keycloak:keycloak-server-spi-private: `15.0.2` -> `25.0.6` org.keycloak:keycloak-services: `15.0.2` -> `25.0.6` `Major version upgrade` `No Known Exploit` ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png 'low severity') | Cross-Site Request Forgery (CSRF) [SNYK-JAVA-ORGKEYCLOAK-7247314](https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-7247314) |   **399**   | org.keycloak:keycloak-services: `15.0.2` -> `25.0.6` `Major version upgrade` `No Known Exploit` --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIzZmVmZDViYy0wY2JiLTQ0OGEtOTJhZi04NjAzODcxYjY4YTIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjNmZWZkNWJjLTBjYmItNDQ4YS05MmFmLTg2MDM4NzFiNjhhMiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/lucafilipozzi/project/1029ac93-ceb3-4aa4-8d68-9192b9dd20a5?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/lucafilipozzi/project/1029ac93-ceb3-4aa4-8d68-9192b9dd20a5?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [URL Redirection to Untrusted Site ('Open Redirect')](https://learn.snyk.io/lesson/open-redirect/?loc=fix-pr) 🦉 [Cross-Site Request Forgery (CSRF)](https://learn.snyk.io/lesson/csrf-attack/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.keycloak:keycloak-server-spi","from":"15.0.2","to":"25.0.6"},{"name":"org.keycloak:keycloak-server-spi-private","from":"15.0.2","to":"25.0.6"},{"name":"org.keycloak:keycloak-services","from":"15.0.2","to":"25.0.6"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061811","priority_score":666,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"URL Redirection to Untrusted Site ('Open Redirect')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7926864","priority_score":641,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Values"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7926864","priority_score":641,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Values"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7926864","priority_score":641,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Values"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061810","priority_score":666,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"URL Redirection to Untrusted Site ('Open Redirect')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7247314","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-Site Request Forgery (CSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061810","priority_score":666,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"URL Redirection to Untrusted Site ('Open Redirect')"}],"prId":"3fefd5bc-0cbb-448a-92af-8603871b68a2","prPublicId":"3fefd5bc-0cbb-448a-92af-8603871b68a2","packageManager":"maven","priorityScoreList":[666,641,666,399],"projectPublicId":"1029ac93-ceb3-4aa4-8d68-9192b9dd20a5","projectUrl":"https://app.snyk.io/org/lucafilipozzi/project/1029ac93-ceb3-4aa4-8d68-9192b9dd20a5?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-ORGKEYCLOAK-7247314","SNYK-JAVA-ORGKEYCLOAK-7926864","SNYK-JAVA-ORGKEYCLOAK-8061810","SNYK-JAVA-ORGKEYCLOAK-8061811"],"vulns":["SNYK-JAVA-ORGKEYCLOAK-8061811","SNYK-JAVA-ORGKEYCLOAK-7926864","SNYK-JAVA-ORGKEYCLOAK-8061810","SNYK-JAVA-ORGKEYCLOAK-7247314"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'