[Snyk] Upgrade org.apache.struts:struts2-dojo-plugin from 2.3.1 to 2.3.37 by snyk-bot · Pull Request #2 · selenide-examples/chgk

snyk-bot · 2021-06-03T20:59:39Z

Snyk has created this PR to upgrade org.apache.struts:struts2-dojo-plugin from 2.3.1 to 2.3.37.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 37 versions ahead of your current version.
The recommended version was released 2 years ago, on 2018-12-30.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Arbitrary Code Injection SNYK-JAVA-ORGAPACHESTRUTSXWORK-536487	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Command Injection SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Parameter Alteration SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30796	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30795	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30794	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30789	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Authorization Bypass SNYK-JAVA-ORGAPACHESTRUTSXWORK-30787	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Code Injection SNYK-JAVA-ORGAPACHESTRUTS-480474	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Improper Action Name Cleanup SNYK-JAVA-ORGAPACHESTRUTS-451610	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Remote Code Execution SNYK-JAVA-ORGAPACHESTRUTS-32477	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-31503	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-31495	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-30772	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30771	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Command Injection SNYK-JAVA-ORGAPACHESTRUTS-30770	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-30766	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Manipulation of Struts' internals SNYK-JAVA-ORGAPACHESTRUTS-30060	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30055	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Dynamic Method Executions SNYK-JAVA-ORGAPACHESTRUTS-30052	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Remote Command Execution SNYK-JAVA-ORGAPACHESTRUTS-30050	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30048	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary Code Injection SNYK-JAVA-ORGAPACHESTRUTS-30047	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary Code Injection SNYK-JAVA-ORGAPACHESTRUTS-30046	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Code Injection SNYK-JAVA-ORGAPACHESTRUTS-30045	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Code Execution SNYK-JAVA-COMMONSFILEUPLOAD-30401	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-30081	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary File Write SNYK-JAVA-COMMONSFILEUPLOAD-30080	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30793	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30791	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Arbitrary Fie Overwrite SNYK-JAVA-ORGAPACHESTRUTSXWORK-30790	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-480466	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTS-30773	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary File Overwrite SNYK-JAVA-ORGAPACHESTRUTS-30767	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30764	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTS-30059	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGAPACHESTRUTS-30057	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Classloader manipulation via CookieInterceptor SNYK-JAVA-ORGAPACHESTRUTS-30056	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
ClassLoader Manipulation via ParametersInterceptor SNYK-JAVA-ORGAPACHESTRUTS-30053	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Bypass Access Controls SNYK-JAVA-ORGAPACHESTRUTS-30051	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
URL Redirection to Untrusted Site SNYK-JAVA-ORGAPACHESTRUTS-30049	654/1000 Why? Has a fix available, CVSS 8.8	Proof of Concept
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGAPACHESTRUTS-30043	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Remote code execution SNYK-JAVA-ORGAPACHESTRUTS-30041	654/1000 Why? Has a fix available, CVSS 8.8	Mature
Denial of Service (DoS) SNYK-JAVA-OGNL-30474	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Information Exposure SNYK-JAVA-COMMONSFILEUPLOAD-31540	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Time of Check Time of Use (TOCTOU) SNYK-JAVA-COMMONSFILEUPLOAD-30079	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTS-30769	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade org.apache.struts:struts2-dojo-plugin from 2.3.1 to 2.3.37. See this package in Maven Repository: https://mvnrepository.com/artifact/org.apache.struts/struts2-dojo-plugin/ See this project in Snyk: https://app.snyk.io/org/asolntsev/project/93cb3b84-b4b9-45cc-8a7a-5360c1ac500a?utm_source=github&utm_medium=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

[Snyk] Upgrade org.apache.struts:struts2-dojo-plugin from 2.3.1 to 2.3.37#2

[Snyk] Upgrade org.apache.struts:struts2-dojo-plugin from 2.3.1 to 2.3.37#2
snyk-bot wants to merge 1 commit intomasterfrom
snyk-upgrade-ff4daaf5fa601c0e0bede27bf067ead0

snyk-bot commented Jun 3, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

Conversation

snyk-bot commented Jun 3, 2021

Snyk has created this PR to upgrade org.apache.struts:struts2-dojo-plugin from 2.3.1 to 2.3.37.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant