[Snyk] Fix for 7 vulnerabilities #85

Closed

snyk-bot wants to merge 1 commit from snyk-fix-31d84c356650e25f4b840f99a72ef6f7 into main

pull from: snyk-fix-31d84c356650e25f4b840f99a72ef6f7

merge into: simcop2387:main

simcop2387:main

simcop2387:snyk-fix-87f091d6d28902b2564bf345520cc345

simcop2387:snyk-fix-f1d4070edb81844bd44f2d7bdb6f1e31

simcop2387:snyk-fix-e9c98c5cad147ebd0406bdbfe233d4bf

simcop2387:snyk-fix-bbd87b1a7d93ef6934554e4a37ea593b

simcop2387:snyk-fix-de5656b94e5d7eca4a4fbc50a43f2bb4

simcop2387:snyk-fix-b77cdca57f7a9866400bd1c684b97eda

simcop2387:snyk-fix-c80917a09f194f0fdc83449f67347e58

simcop2387:snyk-fix-807326fe63ab7370d6a0713d2b73f623

simcop2387:snyk-fix-35a8fb07d74b1d0945646878ab9e93b0

simcop2387:snyk-fix-5251145197c42b2244a4dbf344cd4ea3

simcop2387:snyk-fix-f339fd2028a515424472226e8e8d3953

simcop2387:snyk-fix-4b6bfd4255d874cd405fd60d3621b71f

simcop2387:snyk-fix-b9798efdb4ce2bb8187b486ab5bb5f04

simcop2387:snyk-fix-b829a195e6ab247261f357fc17a6b422

simcop2387:snyk-fix-1d6a068171001f967c1ca6c36732c30d

simcop2387:snyk-fix-4f45246ada375846f4b3c7d72bcd237c

simcop2387:snyk-fix-9fb28f421405f19535c9c59b3cdcd487

simcop2387:snyk-fix-047c6ebdfce43006056131d793a122b1

simcop2387:snyk-fix-8b89ff88241ed1f1d9e8f14eab2b2fe0

simcop2387:snyk-fix-f675580a3c91a981cf7918a6fcf1c2fd

simcop2387:snyk-fix-aab8605bd8a134a41ec14f4be29bbb65

simcop2387:snyk-fix-47676ea32c27b68b9745b9eba88a5ed2

simcop2387:snyk-fix-5bca119f765ec6fd95e844cdf14c21a4

simcop2387:snyk-fix-d2891f636cafa094616fe45ba5bdb8f5

simcop2387:snyk-fix-194bcbaabf1672744afdca9fc7705378

simcop2387:snyk-fix-6cb0665335b0ed347f87cf0d7e3657fd

simcop2387:snyk-fix-e3642b84208caa9395afa5d9d86f5c17

simcop2387:snyk-fix-47496cac6e9eb93c0b9925669e9fe3ab

simcop2387:snyk-fix-3ae0991c68eca96e784f8c9327d66ef9

simcop2387:snyk-fix-a491ae1cbb0f4e78a4566bb3677251cb

simcop2387:snyk-fix-62d8269d12fd870973fe9c91f7dd980e

simcop2387:snyk-fix-11d30bbf609cb6385b88ffa0ef193ba3

simcop2387:snyk-fix-4e4a28957007e6ba5e001b550c6c8cd5

simcop2387:snyk-fix-958407a741f2461f83e0cf7da64f33d9

simcop2387:snyk-fix-50a1d5e8da43b4f799afa0fc88c4e2ea

simcop2387:snyk-fix-58f7638d9c42041b158777146d88f8ec

simcop2387:snyk-fix-7e25fdc9ac0490889f4174355d3b9e5b

simcop2387:snyk-fix-53546034d3f8eccc262e89854748e6b6

simcop2387:snyk-fix-d9b3662fb51a0be6e1fc28bb06ae2121

simcop2387:dependabot/maven/org.owasp-dependency-check-maven-8.0.1

simcop2387:dependabot/maven/org.codehaus.plexus-plexus-archiver-4.6.1

simcop2387:dependabot/maven/com.puppycrawl.tools-checkstyle-10.6.0

simcop2387:snyk-fix-1784829284bb7a4c38aaf61cbbf29728

simcop2387:dependabot/maven/keycloak.version-16.1.1

simcop2387:snyk-fix-a07df67a730ba01b787d651d96b2db74

simcop2387:snyk-fix-0be362a409edc416ebc37616505430eb

simcop2387:snyk-fix-e85d2d8fa778fab006ffd5cfbdcb9e01

simcop2387:snyk-fix-afe1713e31439068648574f59959ae10

simcop2387:dependabot/maven/org.codehaus.mojo-extra-enforcer-rules-1.6.1

simcop2387:snyk-fix-6447e8907aba6d7c6de38d9e0b93f54d

simcop2387:snyk-fix-e49f286a7d6348e83c1c5ba2a6576d2a

simcop2387:snyk-fix-a69ce7007fa0e924e385e613b61f2930

simcop2387:snyk-fix-aef3db04521bd1633056970197363ce8

simcop2387:snyk-fix-3883f8440a69027f4b30250b06aabd03

simcop2387:snyk-fix-9c569fe1de069d203b18a3c5b480e794

simcop2387:snyk-fix-2e879a9eb587a9c0ea31f5bcaae3f709

simcop2387:snyk-fix-3eb73edd04c76a081ce1b050f13e3169

simcop2387:snyk-fix-ba01f58f385afe2850ab55d427d38bc1

simcop2387:snyk-fix-c2b8b7af53ee1397c4fe5a5000cbc325

simcop2387:dependabot/maven/org.codehaus.mojo-buildnumber-maven-plugin-3.0.0

Conversation 0 Commits 1 Files changed 1 +1 -1

snyk-bot commented 2023-02-21 13:27:49 -05:00 (Migrated from github.com)

Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Cryptographic Issues SNYK-JAVA-ORGBOUNCYCASTLE-2841508	org.keycloak:keycloak-services: 15.0.2 -> 20.0.5	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JAVA-ORGJBOSSRESTEASY-1009963	org.keycloak:keycloak-services: 15.0.2 -> 20.0.5	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGYAML-2806360	org.keycloak:keycloak-server-spi-private: 15.0.2 -> 20.0.5	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3016888	org.keycloak:keycloak-server-spi-private: 15.0.2 -> 20.0.5	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3016889	org.keycloak:keycloak-server-spi-private: 15.0.2 -> 20.0.5	Yes	No Known Exploit
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3016891	org.keycloak:keycloak-server-spi-private: 15.0.2 -> 20.0.5	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3113851	org.keycloak:keycloak-server-spi-private: 15.0.2 -> 20.0.5	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cryptographic Issues
🦉 Denial of Service (DoS)

<h3>Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.</h3> #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - pom.xml #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------  | **561/1000** <br/> **Why?** Proof of Concept exploit, Has a fix available, CVSS 4.8 | Cryptographic Issues <br/>[SNYK-JAVA-ORGBOUNCYCASTLE-2841508](https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508) | `org.keycloak:keycloak-services:` <br> `15.0.2 -> 20.0.5` <br> | Yes | Proof of Concept  | **479/1000** <br/> **Why?** Has a fix available, CVSS 5.3 | Information Exposure <br/>[SNYK-JAVA-ORGJBOSSRESTEASY-1009963](https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963) | `org.keycloak:keycloak-services:` <br> `15.0.2 -> 20.0.5` <br> | Yes | No Known Exploit  | **589/1000** <br/> **Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS) <br/>[SNYK-JAVA-ORGYAML-2806360](https://snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360) | `org.keycloak:keycloak-server-spi-private:` <br> `15.0.2 -> 20.0.5` <br> | Yes | No Known Exploit  | **506/1000** <br/> **Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Stack-based Buffer Overflow <br/>[SNYK-JAVA-ORGYAML-3016888](https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888) | `org.keycloak:keycloak-server-spi-private:` <br> `15.0.2 -> 20.0.5` <br> | Yes | Proof of Concept  | **399/1000** <br/> **Why?** Has a fix available, CVSS 3.7 | Stack-based Buffer Overflow <br/>[SNYK-JAVA-ORGYAML-3016889](https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889) | `org.keycloak:keycloak-server-spi-private:` <br> `15.0.2 -> 20.0.5` <br> | Yes | No Known Exploit  | **536/1000** <br/> **Why?** Proof of Concept exploit, Has a fix available, CVSS 4.3 | Stack-based Buffer Overflow <br/>[SNYK-JAVA-ORGYAML-3016891](https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891) | `org.keycloak:keycloak-server-spi-private:` <br> `15.0.2 -> 20.0.5` <br> | Yes | Proof of Concept  | **399/1000** <br/> **Why?** Has a fix available, CVSS 3.7 | Stack-based Buffer Overflow <br/>[SNYK-JAVA-ORGYAML-3113851](https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851) | `org.keycloak:keycloak-server-spi-private:` <br> `15.0.2 -> 20.0.5` <br> | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIwZWIwOWNmNi0zNDBiLTQzOTEtOTIyNi1jMTVkYjBiZjkxNjMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjBlYjA5Y2Y2LTM0MGItNDM5MS05MjI2LWMxNWRiMGJmOTE2MyJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/lucafilipozzi/project/1029ac93-ceb3-4aa4-8d68-9192b9dd20a5?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/lucafilipozzi/project/1029ac93-ceb3-4aa4-8d68-9192b9dd20a5?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"0eb09cf6-340b-4391-9226-c15db0bf9163","prPublicId":"0eb09cf6-340b-4391-9226-c15db0bf9163","dependencies":[{"name":"org.keycloak:keycloak-server-spi-private","from":"15.0.2","to":"20.0.5"},{"name":"org.keycloak:keycloak-services","from":"15.0.2","to":"20.0.5"}],"packageManager":"maven","projectPublicId":"1029ac93-ceb3-4aa4-8d68-9192b9dd20a5","projectUrl":"https://app.snyk.io/org/lucafilipozzi/project/1029ac93-ceb3-4aa4-8d68-9192b9dd20a5?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-ORGBOUNCYCASTLE-2841508","SNYK-JAVA-ORGJBOSSRESTEASY-1009963","SNYK-JAVA-ORGYAML-2806360","SNYK-JAVA-ORGYAML-3016888","SNYK-JAVA-ORGYAML-3016889","SNYK-JAVA-ORGYAML-3016891","SNYK-JAVA-ORGYAML-3113851"],"upgrade":["SNYK-JAVA-ORGBOUNCYCASTLE-2841508","SNYK-JAVA-ORGJBOSSRESTEASY-1009963","SNYK-JAVA-ORGYAML-2806360","SNYK-JAVA-ORGYAML-3016888","SNYK-JAVA-ORGYAML-3016889","SNYK-JAVA-ORGYAML-3016891","SNYK-JAVA-ORGYAML-3113851"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[561,479,589,506,399,536,399]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Cryptographic Issues](https://learn.snyk.io/lessons/insecure-hash/java/?loc&#x3D;fix-pr) 🦉 [Denial of Service (DoS)](https://learn.snyk.io/lessons/redos/javascript/?loc&#x3D;fix-pr)

simcop2387 closed this pull request 2025-05-04 13:16:29 -04:00

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: simcop2387/keycloak-regex-mapper#85

No description provided.