Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Snyk] Fix for 14 vulnerabilities#97

Open
mrrajan wants to merge 1 commit into
mainmrrajan/devfile-sample-java-springboot-basic:mainfrom
snyk-fix-77548536a42c47f400098499f564a2d8mrrajan/devfile-sample-java-springboot-basic:snyk-fix-77548536a42c47f400098499f564a2d8Copy head branch name to clipboard
Open

[Snyk] Fix for 14 vulnerabilities#97
mrrajan wants to merge 1 commit into
mainmrrajan/devfile-sample-java-springboot-basic:mainfrom
snyk-fix-77548536a42c47f400098499f564a2d8mrrajan/devfile-sample-java-springboot-basic:snyk-fix-77548536a42c47f400098499f564a2d8Copy head branch name to clipboard

Conversation

@mrrajan

@mrrajan mrrajan commented Jul 15, 2025

Copy link
Copy Markdown
Owner

snyk-top-banner

Snyk has created this PR to fix 14 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Stack-based Buffer Overflow
SNYK-JAVA-COMFASTERXMLJACKSONCORE-10500754		   721   io.quarkus:quarkus-oidc:
2.13.7.Final -> 3.1.1.Final
io.vertx:vertx-web:
4.3.7 -> 4.4.2
org.keycloak:keycloak-core:
16.1.0 -> 22.0.0
Major version upgrade No Known Exploit
high severity Integer Overflow or Wraparound
SNYK-JAVA-ORGAPACHETOMCAT-10674390		   721   org.apache.tomcat:tomcat-catalina:
11.0.0-M10 -> 11.0.9
No Known Exploit
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGAPACHETOMCAT-10676856		   721   org.apache.tomcat:tomcat-catalina:
11.0.0-M10 -> 11.0.9
No Known Exploit
high severity Integer Overflow or Wraparound
SNYK-JAVA-ORGAPACHETOMCATEMBED-10674391		   721   org.apache.tomcat.embed:tomcat-embed-core:
10.1.0 -> 10.1.43
No Known Exploit
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGAPACHETOMCATEMBED-10676855		   721   org.apache.tomcat.embed:tomcat-embed-core:
10.1.0 -> 10.1.43
No Known Exploit
high severity Improper Handling of Extra Values
SNYK-JAVA-ORGKEYCLOAK-7926864		   569   io.quarkus:quarkus-keycloak-authorization:
2.13.7.Final -> 3.2.5.Final
Major version upgrade No Known Exploit
medium severity Cryptographic Issues
SNYK-JAVA-ORGBOUNCYCASTLE-2841508		   561   io.quarkus:quarkus-keycloak-authorization:
2.13.7.Final -> 3.2.5.Final
Proof of Concept
medium severity Exposure of Sensitive Information Through Environmental Variables
SNYK-JAVA-ORGKEYCLOAK-8622552		   559   io.quarkus:quarkus-keycloak-authorization:
2.13.7.Final -> 3.2.5.Final
Major version upgrade No Known Exploit
medium severity Use of a Key Past its Expiration Date
SNYK-JAVA-ORGKEYCLOAK-8186433		   529   io.quarkus:quarkus-keycloak-authorization:
2.13.7.Final -> 3.2.5.Final
Major version upgrade No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGKEYCLOAK-3016866		   499   io.quarkus:quarkus-keycloak-authorization:
2.13.7.Final -> 3.2.5.Final
No Known Exploit
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JAVA-ORGBOUNCYCASTLE-6084022		   489   io.quarkus:quarkus-keycloak-authorization:
2.13.7.Final -> 3.2.5.Final
Major version upgrade No Known Exploit
medium severity Unprotected Transport of Credentials
SNYK-JAVA-ORGKEYCLOAK-7268350		   469   io.quarkus:quarkus-keycloak-authorization:
2.13.7.Final -> 3.2.5.Final
Major version upgrade No Known Exploit
medium severity Improper Certificate Validation
SNYK-JAVA-ORGKEYCLOAK-5291542		   454   io.quarkus:quarkus-keycloak-authorization:
2.13.7.Final -> 3.2.5.Final
Major version upgrade No Known Exploit
medium severity Information Exposure
SNYK-JAVA-ORGBOUNCYCASTLE-5771339		   449   io.quarkus:quarkus-keycloak-authorization:
2.13.7.Final -> 3.2.5.Final
Major version upgrade No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling
🦉 Cryptographic Issues
🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: pom.xml to reduce vulnerabilities
efa0f56 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-10500754
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-10674390
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-10676856
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-10674391
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-10676855
- https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-7926864
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508
- https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-8622552
- https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-8186433
- https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-3016866
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6084022
- https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-7268350
- https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-5771339
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mrrajan @snyk-bot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.