[Snyk] Fix for 27 vulnerabilities #928

faizalghazali · 2022-08-24T01:01:47Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- quests/dataflow/6_SQL_Streaming_Analytics/solution/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMALIBABA-2859222	`org.apache.beam:beam-sdks-java-extensions-sql:` `2.23.0 -> 2.41.0`	No	Proof of Concept
509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698	`org.apache.beam:beam-sdks-java-core:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-extensions-google-cloud-platform-core:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-extensions-sql:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	`org.apache.beam:beam-sdks-java-core:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-extensions-google-cloud-platform-core:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-extensions-sql:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
599/1000 Why? Has a fix available, CVSS 7.7	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLECODEGSON-1730327	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0`	No	No Known Exploit
486/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.3	Information Disclosure SNYK-JAVA-COMGOOGLEGUAVA-1015415	`org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	Proof of Concept
649/1000 Why? Has a fix available, CVSS 8.7	Improper Verification of Cryptographic Signature SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808	`org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
584/1000 Why? Has a fix available, CVSS 7.4	Improper Authorization SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276	`org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
509/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JAVA-IOGRPC-571957	`org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-IONETTY-1020439	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0`	No	No Known Exploit
524/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1070799	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0`	No	No Known Exploit
524/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1082234	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
524/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1082235	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
524/1000 Why? Has a fix available, CVSS 6.2	Information Disclosure SNYK-JAVA-IONETTY-1082236	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
724/1000 Why? Mature exploit, Has a fix available, CVSS 5.9	HTTP Request Smuggling SNYK-JAVA-IONETTY-1317097	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0`	No	Mature
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-IONETTY-1584063	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-IONETTY-1584064	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-2314893	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0`	No	No Known Exploit
489/1000 Why? Has a fix available, CVSS 5.5	Information Exposure SNYK-JAVA-IONETTY-2812456	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0` `org.apache.beam:beam-sdks-java-io-google-cloud-platform:` `2.23.0 -> 2.41.0`	No	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-469234	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0`	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-543490	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0`	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-543669	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0`	No	Proof of Concept
624/1000 Why? Has a fix available, CVSS 8.2	Uncontrolled Memory Allocation SNYK-JAVA-IONETTY-564897	`org.apache.beam:beam-sdks-java-extensions-sql-zetasql:` `2.23.0 -> 2.41.0`	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316638	`org.apache.beam:beam-sdks-java-core:` `2.23.0 -> 2.41.0`	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316639	`org.apache.beam:beam-sdks-java-core:` `2.23.0 -> 2.41.0`	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316640	`org.apache.beam:beam-sdks-java-core:` `2.23.0 -> 2.41.0`	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316641	`org.apache.beam:beam-sdks-java-core:` `2.23.0 -> 2.41.0`	No	No Known Exploit
489/1000 Why? Has a fix available, CVSS 5.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-32473	`org.apache.beam:beam-sdks-java-core:` `2.23.0 -> 2.41.0`	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data
🦉 Deserialization of Untrusted Data

This was referenced Oct 27, 2023

[Snyk] Security upgrade @google-cloud/trace-agent from 2.11.0 to 3.5.2 #2232

Open

[Snyk] Security upgrade @google-cloud/trace-agent from 2.11.0 to 3.5.2 #2234

Open

[Snyk] Security upgrade @google-cloud/trace-agent from 2.11.0 to 3.5.2 #2236

Open

This was referenced Nov 28, 2023

[Snyk] Fix for 13 vulnerabilities #2396

Open

[Snyk] Fix for 13 vulnerabilities #2408

Open

This was referenced Dec 14, 2023

[Snyk] Fix for 1 vulnerabilities #2604

Open

[Snyk] Fix for 1 vulnerabilities #2611

Open

[Snyk] Fix for 1 vulnerabilities #2630

Open

[Snyk] Fix for 5 vulnerabilities #2631

Open

[Snyk] Fix for 5 vulnerabilities #2632

Open

This was referenced Jan 1, 2024

[Snyk] Fix for 1 vulnerabilities #2639

Open

[Snyk] Fix for 1 vulnerabilities #2642

Open

[Snyk] Fix for 1 vulnerabilities #2648

Open

This was referenced Jan 5, 2024

[Snyk] Fix for 1 vulnerabilities #2677

Open

[Snyk] Fix for 1 vulnerabilities #2685

Open

[Snyk] Fix for 1 vulnerabilities #2694

Open

This was referenced Mar 15, 2024

[Snyk] Fix for 1 vulnerabilities #2873

Open

[Snyk] Fix for 1 vulnerabilities #2884

Open

[Snyk] Fix for 1 vulnerabilities #2897

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 27 vulnerabilities #928

[Snyk] Fix for 27 vulnerabilities #928

faizalghazali commented Aug 24, 2022

[Snyk] Fix for 27 vulnerabilities #928

Are you sure you want to change the base?

[Snyk] Fix for 27 vulnerabilities #928

Conversation

faizalghazali commented Aug 24, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: