Skip to content

[Snyk] Fix for 16 vulnerabilities#456

Open
pushkala-datastax wants to merge 1 commit into
2.10_dsfrom
snyk-fix-056eabd81340755e0bb351a2957ee189
Open

[Snyk] Fix for 16 vulnerabilities#456
pushkala-datastax wants to merge 1 commit into
2.10_dsfrom
snyk-fix-056eabd81340755e0bb351a2957ee189

Conversation

@pushkala-datastax

Copy link
Copy Markdown
Collaborator

snyk-top-banner

Snyk has created this PR to fix 16 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Uncontrolled Recursion
SNYK-JAVA-COMMONSLANG-10734077
  726   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
critical severity Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JAVA-ORGAPACHEHADOOP-2443177
  704   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
org.apache.hbase:hbase-common:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
critical severity Arbitrary Code Execution
SNYK-JAVA-ORGAPACHEHADOOP-2975400
  704   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
org.apache.hbase:hbase-common:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
critical severity Improper Input Validation
SNYK-JAVA-ORGCODEHAUSJACKSON-3326362
  704   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGXERIALSNAPPY-5918282
  696   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
Proof of Concept
medium severity Improper Check for Unusual or Exceptional Conditions
SNYK-JAVA-COMNIMBUSDS-536068
  636   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
Proof of Concept
high severity Infinite loop
SNYK-JAVA-ORGAPACHECOMMONS-6254296
  619   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
high severity Authorization Bypass Through User-Controlled Key
SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102
  619   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-COMNIMBUSDS-6247633
  589   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
high severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGCODEHAUSJACKSON-534878
  589   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-COMMONSCONFIGURATION-10116124
  559   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
medium severity Creation of Temporary File in Directory with Insecure Permissions
SNYK-JAVA-ORGAPACHEHADOOP-8089372
  554   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
org.apache.hbase:hbase-common:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
medium severity Cryptographic Issues
SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040
  550   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
medium severity Information Exposure
SNYK-JAVA-ORGAPACHEZOOKEEPER-6447882
  539   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGAPACHECOMMONS-6254297
  429   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit
low severity Information Exposure
SNYK-JAVA-COMMONSNET-3153503
  399   org.apache.hbase:hbase-client:
2.4.9 -> 2.5.11-hadoop3
No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling
🦉 Cryptographic Issues
🦉 Arbitrary Code Execution
🦉 More lessons are available in Snyk Learn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants