[jira] [Created] (MSITE-830) Dependency upgrades related to identified security reports

Wed, 14 Nov 2018 08:37:19 -0800 

Sylwester Lachiewicz created MSITE-830:
------------------------------------------

             Summary: Dependency upgrades related to identified security reports
                 Key: MSITE-830
                 URL: https://issues.apache.org/jira/browse/MSITE-830
             Project: Maven Site Plugin
          Issue Type: Improvement
            Reporter: Sylwester Lachiewicz


Fix problems reported by [Snyk.io|https://snyk.io/]
  
|H|[Arbitrary File Write via Archive Extraction (Zip 
Slip)|https://app.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680] in 
org.codehaus.plexus:plexus-archiver|
|H| [Arbitrary Code 
Execution|https://app.snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-30077] in 
commons-beanutils:commons-beanutils|
|H| [Arbitrary Code 
Execution|https://app.snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078] in 
commons-collections:commons-collections|
|H| [XML External Entity (XXE) 
Injection|https://app.snyk.io/vuln/SNYK-JAVA-DOM4J-72444] in dom4j:dom4j|
|H| [Denial of Service 
(DoS)|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHEPDFBOX-32417] in 
org.apache.pdfbox:fontbox|
|H| [Arbitrary Code 
Injection|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30763] in 
org.apache.struts:struts-core|
|H| [Arbitrary Command 
Execution|https://app.snyk.io/vuln/SNYK-JAVA-ORGMORTBAYJETTY-32091] in 
org.mortbay.jetty:jetty|
|M|[Denial of Service 
(DoS)|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-32122] in 
org.apache.commons:commons-compress|
|M|[Directory 
Traversal|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-72275] in 
org.apache.commons:commons-compress|
|M| [Man-in-the-Middle 
(MitM)|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646] in 
org.apache.httpcomponents:httpclient|
|M| [Directory 
Traversal|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517] in 
org.apache.httpcomponents:httpclient|
|M| [Improper Input 
Validation|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30645] in 
org.apache.httpcomponents:httpclient|
|M| [Information 
Exposure|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30644] in 
org.apache.httpcomponents:httpclient|
|M| [Denial of Service 
(DoS)|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30647] in 
org.apache.httpcomponents:httpclient|
|M| [Denial of Service 
(DoS)|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHEPDFBOX-72426] in 
org.apache.pdfbox:pdfbox|
|L|[Denial of Service 
(DoS)|https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-32473] in 
org.apache.commons:commons-compress|



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to