[Snyk] Upgrade org.apache.struts:struts2-core from 2.3.20 to 2.5.26 (!5) · Merge requests · Snyk / java-goof

Sean Clarke requested to merge snyk-upgrade-da57ff7813e5f67104e5945ef21220f2 into master Sep 08, 2021

Created by: snyk-bot

Snyk has created this PR to upgrade org.apache.struts:struts2-core from 2.3.20 to 2.5.26.

ℹ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 37 versions ahead of your current version.
The recommended version was released 9 months ago, on 2020-11-25.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Server-side Template Injection (SSTI) SNYK-JAVA-ORGFREEMARKER-1076795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Insecure Defaults SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Command Injection SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Mature
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Parameter Alteration SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Unrestricted Upload of File with Dangerous Type SNYK-JAVA-ORGAPACHESTRUTS-609765	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-608098	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Remote Code Execution SNYK-JAVA-ORGAPACHESTRUTS-32477	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Mature
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31501	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-31495	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Mature
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGAPACHESTRUTS-30774	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Command Injection SNYK-JAVA-ORGAPACHESTRUTS-30770	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Mature
Manipulation of Struts' internals SNYK-JAVA-ORGAPACHESTRUTS-30060	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-30082	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-608097	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Mature
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTS-460223	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Improper Action Name Cleanup SNYK-JAVA-ORGAPACHESTRUTS-451610	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-31503	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Mature
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31502	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31500	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Directory Traversal SNYK-JAVA-ORGAPACHESTRUTS-30778	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30776	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30775	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTS-30773	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-30772	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Mature
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30771	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30207	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Mature
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-1049003	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-OGNL-30474	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Information Exposure SNYK-JAVA-COMMONSFILEUPLOAD-31540	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-COMMONSFILEUPLOAD-30401	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit