[Snyk] Fix for 55 vulnerabilities

[KenichiroArai]

Snyk has created this PR to fix 55 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Remote Code Execution SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751	919	Mature
	Arbitrary Code Execution SNYK-JAVA-XALAN-2953385	811	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730	726	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 Proof of Concept
	Remote Code Execution (RCE) SNYK-JAVA-ORGPOSTGRESQL-2390459	696	Proof of Concept
	XML External Entity (XXE) Injection SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754	684	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	SQL Injection SNYK-JAVA-ORGPOSTGRESQL-2970521	676	Proof of Concept
	SQL Injection SNYK-JAVA-ORGPOSTGRESQL-6252740	664	No Known Exploit
	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	651	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 Mature
	Arbitrary Code Execution SNYK-JAVA-ORGYAML-3152153	651	Major version upgrade Proof of Concept
	Infinite loop SNYK-JAVA-ORGAPACHECOMMONS-6254296	619	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Arbitrary Code Injection SNYK-JAVA-ORGPOSTGRESQL-2401816	619	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316641	589	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHEPDFBOX-1088011	589	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHEPDFBOX-1088012	589	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHEPDFBOX-1304912	589	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHEPDFBOX-1304913	589	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGYAML-2806360	589	Major version upgrade No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGYAML-6056527	589	Major version upgrade No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1074910	579	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728	579	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729	579	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-CHQOSLOGBACK-6094942	569	Major version upgrade No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-CHQOSLOGBACK-6094943	569	Major version upgrade No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JAVA-CHQOSLOGBACK-6097492	569	Major version upgrade No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JAVA-CHQOSLOGBACK-6097493	569	Major version upgrade No Known Exploit
	Cryptographic Issues SNYK-JAVA-ORGBOUNCYCASTLE-2841508	561	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316638	539	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316639	539	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316640	539	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JAVA-ORGAPACHESANTUARIO-6017551	539	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1079038	539	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063691	539	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5855824	539	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217	539	No Known Exploit
	Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3016891	536	Major version upgrade Proof of Concept
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634	506	Proof of Concept
	Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3016888	506	Major version upgrade Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JAVA-ORGBOUNCYCASTLE-6084022	489	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135	479	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGAPACHESANTUARIO-1655558	479	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Information Exposure SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063442	479	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961	479	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGBOUNCYCASTLE-6613080	479	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313	479	No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749	479	No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-7687446	479	Major version upgrade No Known Exploit
	Insufficient Hostname Verification SNYK-JAVA-CHQOSLOGBACK-1726923	454	No Known Exploit
	Information Exposure SNYK-JAVA-ORGBOUNCYCASTLE-5771339	449	org.apache.poi:poi-ooxml: 5.0.0 -> 5.3.0 No Known Exploit
	Information Exposure SNYK-JAVA-ORGPOSTGRESQL-3146847	449	No Known Exploit
	Improper Output Neutralization for Logs SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097	429	No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878	429	No Known Exploit
	Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3016889	399	Major version upgrade No Known Exploit
	Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3113851	399	Major version upgrade No Known Exploit

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.postgresql:[email protected] to org.postgresql:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.4.4/spring-boot-dependencies-2.4.4.pom
• Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.4.4/spring-boot-dependencies-2.4.4.pom
• Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.4.4/spring-boot-dependencies-2.4.4.pom

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Insufficient Hostname Verification
🦉 Denial of Service (DoS)
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.apache.poi:poi-ooxml","from":"5.0.0","to":"5.3.0"},{"name":"org.postgresql:postgresql","from":"42.2.19","to":"42.3.3"},{"name":"org.springframework.boot:spring-boot-starter","from":"2.4.4","to":"3.2.0"},{"name":"org.springframework.boot:spring-boot-starter-jdbc","from":"2.4.4","to":"2.5.14"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-1726923","priority_score":454,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insufficient Hostname Verification"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6094943","priority_score":569,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6097493","priority_score":569,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6094942","priority_score":569,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-CHQOSLOGBACK-6097492","priority_score":569,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754","priority_score":684,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.4","score":470},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-JAVA-COMMONSIO-1277109","priority_score":651,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHECOMMONS-1316638","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHECOMMONS-1316639","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHECOMMONS-1316640","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHECOMMONS-1316641","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHECOMMONS-6254296","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Infinite loop"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEPDFBOX-1088011","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEPDFBOX-1088012","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEPDFBOX-1304912","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEPDFBOX-1304913","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHESANTUARIO-1655558","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHESANTUARIO-6017551","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insertion of Sensitive Information into Log File"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1074910","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1074910","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1074910","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1079038","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1079038","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1079038","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063442","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063442","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063442","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063442","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063442","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063442","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063442","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063691","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5855824","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063691","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5855824","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063691","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5855824","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGBOUNCYCASTLE-2841508","priority_score":561,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cryptographic Issues"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGBOUNCYCASTLE-5771339","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGBOUNCYCASTLE-6084022","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGBOUNCYCASTLE-6613080","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGBOUNCYCASTLE-2841508","priority_score":561,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cryptographic Issues"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGBOUNCYCASTLE-5771339","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGBOUNCYCASTLE-6084022","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGBOUNCYCASTLE-6613080","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGPOSTGRESQL-2390459","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGPOSTGRESQL-2401816","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGPOSTGRESQL-2970521","priority_score":676,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"SQL Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGPOSTGRESQL-3146847","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGPOSTGRESQL-6252740","priority_score":664,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9","score":450},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"SQL Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Output Neutralization for Logs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-7687446","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"Mature","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751","priority_score":919,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751","priority_score":919,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751","priority_score":919,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751","priority_score":919,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Handling of Case Sensitivity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGYAML-2806360","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGYAML-3016888","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGYAML-3016889","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGYAML-3016891","priority_score":536,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGYAML-3113851","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-ORGYAML-3152153","priority_score":651,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.6","score":330},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGYAML-6056527","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-XALAN-2953385","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Code Execution"}],"prId":"88d517eb-f205-4d79-acdd-317ffd7d343b","prPublicId":"88d517eb-f205-4d79-acdd-317ffd7d343b","packageManager":"maven","priorityScoreList":[454,569,569,569,569,684,479,651,539,539,539,589,619,589,589,589,589,479,539,579,539,579,579,726,479,479,539,539,561,449,489,479,696,619,676,449,664,429,429,479,479,539,479,919,479,506,589,589,506,399,536,399,651,589,811],"projectPublicId":"df8b7e3c-23d0-4304-9fe0-af3a5e4c4189","projectUrl":"https://app.snyk.io/org/kenichiroarai/project/df8b7e3c-23d0-4304-9fe0-af3a5e4c4189?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"user-initiated","upgrade":["SNYK-JAVA-CHQOSLOGBACK-1726923","SNYK-JAVA-CHQOSLOGBACK-6094942","SNYK-JAVA-CHQOSLOGBACK-6094943","SNYK-JAVA-CHQOSLOGBACK-6097492","SNYK-JAVA-CHQOSLOGBACK-6097493","SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754","SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-ORGAPACHECOMMONS-1316638","SNYK-JAVA-ORGAPACHECOMMONS-1316639","SNYK-JAVA-ORGAPACHECOMMONS-1316640","SNYK-JAVA-ORGAPACHECOMMONS-1316641","SNYK-JAVA-ORGAPACHECOMMONS-6254296","SNYK-JAVA-ORGAPACHEPDFBOX-1088011","SNYK-JAVA-ORGAPACHEPDFBOX-1088012","SNYK-JAVA-ORGAPACHEPDFBOX-1304912","SNYK-JAVA-ORGAPACHEPDFBOX-1304913","SNYK-JAVA-ORGAPACHESANTUARIO-1655558","SNYK-JAVA-ORGAPACHESANTUARIO-6017551","SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1074910","SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1079038","SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031728","SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729","SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730","SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063442","SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063691","SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961","SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5855824","SNYK-JAVA-ORGBOUNCYCASTLE-2841508","SNYK-JAVA-ORGBOUNCYCASTLE-5771339","SNYK-JAVA-ORGBOUNCYCASTLE-6084022","SNYK-JAVA-ORGBOUNCYCASTLE-6613080","SNYK-JAVA-ORGPOSTGRESQL-2390459","SNYK-JAVA-ORGPOSTGRESQL-2401816","SNYK-JAVA-ORGPOSTGRESQL-2970521","SNYK-JAVA-ORGPOSTGRESQL-3146847","SNYK-JAVA-ORGPOSTGRESQL-6252740","SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097","SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878","SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828","SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751","SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634","SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313","SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749","SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217","SNYK-JAVA-ORGSPRINGFRAMEWORK-7687446","SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390","SNYK-JAVA-ORGYAML-2806360","SNYK-JAVA-ORGYAML-3016888","SNYK-JAVA-ORGYAML-3016889","SNYK-JAVA-ORGYAML-3016891","SNYK-JAVA-ORGYAML-3113851","SNYK-JAVA-ORGYAML-3152153","SNYK-JAVA-ORGYAML-6056527","SNYK-JAVA-XALAN-2953385"],"vulns":["SNYK-JAVA-CHQOSLOGBACK-1726923","SNYK-JAVA-CHQOSLOGBACK-6094943","SNYK-JAVA-CHQOSLOGBACK-6097493","SNYK-JAVA-CHQOSLOGBACK-6094942","SNYK-JAVA-CHQOSLOGBACK-6097492","SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754","SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-ORGAPACHECOMMONS-1316638","SNYK-JAVA-ORGAPACHECOMMONS-1316639","SNYK-JAVA-ORGAPACHECOMMONS-1316640","SNYK-JAVA-ORGAPACHECOMMONS-1316641","SNYK-JAVA-ORGAPACHECOMMONS-6254296","SNYK-JAVA-ORGAPACHEPDFBOX-1088011"...

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.