[Snyk] Fix for 29 vulnerabilities #1118

snyk-bot · 2020-09-09T06:41:29Z

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- ArgusWebServices/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	Proof of Concept
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	Proof of Concept
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	Proof of Concept
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
776/1000 Why? Recently disclosed, Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664	`org.glassfish.jersey.media:jersey-media-json-jackson:` `2.26 -> 2.30.1`	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	XML Entity Expansion SNYK-JAVA-ORGGLASSFISHJERSEYMEDIA-595972		No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Vulnerabilities that could not be fixed

Upgrade:
- Could not upgrade org.glassfish.jersey.core:[email protected] to org.glassfish.jersey.core:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/glassfish/jersey/containers/project/2.26/project-2.26.pom

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

salesforce-cla bot added the cla:signed label Sep 9, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 29 vulnerabilities #1118

[Snyk] Fix for 29 vulnerabilities #1118

snyk-bot commented Sep 9, 2020

[Snyk] Fix for 29 vulnerabilities #1118

Are you sure you want to change the base?

[Snyk] Fix for 29 vulnerabilities #1118

Conversation

snyk-bot commented Sep 9, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Vulnerabilities that could not be fixed