Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade com.amazonaws:aws-java-sdk-core from 1.11.505 to 1.12.703 #143

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade com.amazonaws:aws-java-sdk-core from 1.11.505 to 1.12.703 #143

wants to merge 1 commit into from

Conversation

rahulroycontractor
Copy link

@rahulroycontractor rahulroycontractor commented Apr 18, 2024
edited by codiumai-pr-agent-pro bot
Loading

User description

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • localstack/ext/java/pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity Reachability
high severity 164/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1217, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 164/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1217, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 239/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00674, Social Trends: No, Days since published: 1208, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.44, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
high severity 164/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 238/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
high severity 164/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 238/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
high severity 164/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 238/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00357, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
high severity 238/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
high severity 164/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 164/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 238/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
high severity 238/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00262, Social Trends: No, Days since published: 1197, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
high severity 165/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00431, Social Trends: No, Days since published: 1186, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00218, Social Trends: No, Days since published: 769, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
medium severity 146/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00214, Social Trends: No, Days since published: 564, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.42, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
medium severity 243/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00205, Social Trends: No, Days since published: 564, Reachable: Yes, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 4.04, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept Reachable
medium severity 76/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2402, Reachable: Yes, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 3.19, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit Reachable
medium severity 46/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2402, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.92, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 271/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.13977, Social Trends: No, Days since published: 2278, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.77, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
high severity 187/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0927, Social Trends: No, Days since published: 2277, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 397/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.95118, Social Trends: No, Days since published: 2243, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 4.05, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
medium severity 146/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00703, Social Trends: No, Days since published: 1765, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.44, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Proof of Concept No Path Found
high severity 670/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.36859, Social Trends: No, Days since published: 1759, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 6.83, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No Mature No Path Found
high severity 165/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00572, Social Trends: No, Days since published: 1725, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 167/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01174, Social Trends: No, Days since published: 1655, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.7, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 166/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0069, Social Trends: No, Days since published: 1649, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.69, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 165/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00631, Social Trends: No, Days since published: 1567, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 164/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00116, Social Trends: No, Days since published: 1725, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.67, Score Version: V5		 Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0011, Social Trends: No, Days since published: 1178, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329		 com.amazonaws:aws-java-sdk-core:
1.11.505 -> 1.12.703
No No Known Exploit No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data
🦉 Denial of Service (DoS)

Type

enhancement

Description

  • Upgraded aws-java-sdk-core to version 1.12.703 to address multiple security vulnerabilities.
  • This update is intended to mitigate issues related to the Jackson data-binding vulnerabilities as identified by Snyk.

Changes walkthrough

Relevant files
Dependencies
pom.xml
Update AWS SDK Core Version to Mitigate Vulnerabilities   

localstack/ext/java/pom.xml

  • Updated the version of aws-java-sdk-core from 1.11.505 to 1.12.703.
    		•  +1/-1     

    PR-Agent usage:
    Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

    @snyk-bot
    fix: localstack/ext/java/pom.xml to reduce vulnerabilities
    bbff485 
    The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329
    @codiumai-pr-agent-pro codiumai-pr-agent-pro bot added the enhancement New feature or request label Apr 18, 2024
    @codiumai-pr-agent-pro CodiumAI PR-Agent Pro
    Copy link

    PR Description updated to latest commit (bbff485)

    @codiumai-pr-agent-pro CodiumAI PR-Agent Pro
    Copy link

    PR Review

    ⏱️ Estimated effort to review [1-5]

    1, because the PR involves a simple version update in a Maven dependency. This is a straightforward change that typically doesn't require extensive review, assuming compatibility is maintained.

    🧪 Relevant tests

    No

    🔍 Possible issues

    No

    🔒 Security concerns

    No
    ✨ Review tool usage guide:

    Overview:
    The review tool scans the PR code changes, and generates a PR review which includes several types of feedbacks, such as possible PR issues, security threats and relevant test in the PR. More feedbacks can be added by configuring the tool.

    The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.

    • When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:
    /review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...

    [pr_reviewer]
some_config1=...
some_config2=...

    See the review usage page for a comprehensive guide on using this tool.

    @codiumai-pr-agent-pro CodiumAI PR-Agent Pro
    Copy link

    PR Code Suggestions

    CategorySuggestions                                                                                                                                                       
    Best practice
    Standardize AWS SDK versions across all dependencies.

    Ensure that all dependencies are using the same version of AWS SDK to avoid conflicts and
    unexpected behavior. This can be achieved by defining the AWS SDK version as a property in
    the section and referencing this property in each dependency.

    localstack/ext/java/pom.xml [108]

    -<version>1.12.703</version>
+<version>${aws.sdk.version}</version>
    ✨ Improve tool usage guide:

    Overview:
    The improve tool scans the PR code changes, and automatically generates suggestions for improving the PR code. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on a PR.

    • When commenting, to edit configurations related to the improve tool (pr_code_suggestions section), use the following template:
    /improve --pr_code_suggestions.some_config1=... --pr_code_suggestions.some_config2=...

    [pr_code_suggestions]
some_config1=...
some_config2=...

    See the improve usage page for a comprehensive guide on using this tool.

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers
    No reviews
    Assignees
    No one assigned
    Labels
    enhancement New feature or request Review effort [1-5]: 1
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    2 participants
    @rahulroycontractor @snyk-bot