Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency vulnerability check #141

Closed
Vismayak opened this issue Jun 8, 2023 · 2 comments · Fixed by #177
Closed

Dependency vulnerability check #141

Vismayak opened this issue Jun 8, 2023 · 2 comments · Fixed by #177
Assignees
@Vismayak

Comments

@Vismayak
Copy link
Member

Vismayak commented Jun 8, 2023

Use a java dependency vulnerability scanner
@Vismayak Vismayak self-assigned this Jun 8, 2023
@Vismayak
Copy link
Member Author

Vismayak commented Jun 9, 2023

Got the following output on running snyk test

Issues to fix by upgrading:

  Upgrade org.gretty:gretty-runner-jetty7@3.0.3 to org.gretty:gretty-runner-jetty7@3.0.8 to fix
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.4
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > commons-io:commons-io@2.4 and 1 other path(s)
  ✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)

  Upgrade org.gretty:gretty-runner-tomcat85@3.0.3 to org.gretty:gretty-runner-tomcat85@3.0.5 to fix
  ✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Session Fixation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-538488] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
  ✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-557361] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)

  Upgrade org.gretty:gretty-runner-tomcat9@3.0.3 to org.gretty:gretty-runner-tomcat9@3.0.8 to fix
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat9@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@9.0.34 and 2 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)

  Upgrade org.gretty:gretty-starter@3.0.3 to org.gretty:gretty-starter@3.1.1 to fix
  ✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:spring-expression@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
  ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
  ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217] in org.springframework:spring-expression@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:spring-beans@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
  ✗ Insufficient Hostname Verification [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923] in ch.qos.logback:logback-core@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.4
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > commons-io:commons-io@2.4 and 1 other path(s)
  ✗ Improper Output Neutralization for Logs [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097] in org.springframework:spring-core@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
  ✗ Insecure Temporary File [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287] in org.springframework.boot:spring-boot@2.0.2.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE and 1 other path(s)
  ✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
  ✗ Remote Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751] in org.springframework:spring-beans@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-30208] in ch.qos.logback:logback-core@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)


Issues with no direct upgrade or patch:
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  This issue was fixed in versions: 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  This issue was fixed in versions: 8.5.85, 9.0.71, 10.1.5, 11.0.0-M3
  ✗ Unprotected Transport of Credentials [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  This issue was fixed in versions: 8.5.86, 9.0.72, 10.1.6, 11.0.0-M3
  ✗ Information Exposure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1035561] in org.bouncycastle:bcprov-jdk15on@1.60
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
  This issue was fixed in versions: 1.61
  ✗ Timing Attack [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1296075] in org.bouncycastle:bcprov-jdk15on@1.60
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
  This issue was fixed in versions: 1.66
  ✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508] in org.bouncycastle:bcprov-jdk15on@1.60
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
  This issue was fixed in versions: 1.69
  ✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1021614] in org.eclipse.jetty:jetty-webapp@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 and 13 other path(s)
  This issue was fixed in versions: 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1047304] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
  This issue was fixed in versions: 9.4.35.v20201120, 10.0.0.beta3, 11.0.0.beta3
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1080611] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
  This issue was fixed in versions: 9.4.37.v20210219, 10.0.1, 11.0.1
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1313686] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
  This issue was fixed in versions: 11.0.3, 10.0.3, 9.4.41
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426159] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
  This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426160] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
  This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1090340] in org.eclipse.jetty:jetty-io@8.1.22.v20160922
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-io@9.2.26.v20180806 and 12 other path(s)
  This issue was fixed in versions: 9.4.39.v20210325, 10.0.2, 11.0.2
  ✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-173763] in org.eclipse.jetty:jetty-server@7.6.21.v20160908
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 2 other path(s)
  This issue was fixed in versions: 8.1.0.v20120127
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174560] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
  This issue was fixed in versions: 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418
  ✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-460763] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
  This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-480557] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 and 1 other path(s)
  This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479] in org.eclipse.jetty:jetty-util@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-plus@9.2.26.v20180806 > org.eclipse.jetty:jetty-jndi@9.2.26.v20180806 > org.eclipse.jetty:jetty-util@9.2.26.v20180806 and 5 other path(s)
  This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
  ✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452] in org.eclipse.jetty:jetty-http@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 > org.eclipse.jetty:jetty-http@7.6.21.v20160908 and 8 other path(s)
  This issue was fixed in versions: 9.4.47, 10.0.10, 11.0.10
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426161] in org.eclipse.jetty:jetty-http@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 > org.eclipse.jetty:jetty-http@7.6.21.v20160908 and 8 other path(s)
  This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
  ✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32383] in org.eclipse.jetty:jetty-http@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-http@9.2.26.v20180806 and 1 other path(s)
  This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
  ✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945453] in org.eclipse.jetty:jetty-client@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty.websocket:javax-websocket-server-impl@9.4.24.v20191120 > org.eclipse.jetty.websocket:websocket-server@9.4.24.v20191120 > org.eclipse.jetty.websocket:websocket-client@9.4.24.v20191120 > org.eclipse.jetty:jetty-client@9.4.24.v20191120
  This issue was fixed in versions: 9.4.47, 10.0.10, 11.0.10
  ✗ Timing Attack [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151] in org.eclipse.jetty:jetty-util@8.1.22.v20160922
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 > org.eclipse.jetty:jetty-xml@7.6.21.v20160908 > org.eclipse.jetty:jetty-util@7.6.21.v20160908 and 3 other path(s)
  This issue was fixed in versions: 9.2.22.v20170606, 9.3.20.v20170531, 9.4.6.v20170531
  ✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISH-2841368] in org.glassfish:javax.el@3.0.0
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-jsp@9.2.26.v20180806 > org.glassfish:javax.el@3.0.0 and 1 other path(s)
  No upgrade or patch available

@Vismayak Vismayak closed this as completed Jun 9, 2023
@Vismayak Vismayak reopened this Jun 9, 2023
@Vismayak
Copy link
Member Author

Vismayak commented Jun 9, 2023

On running snyk test --all-sub-projects got this output


Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 175 dependencies for known issues, found 53 issues, 254 vulnerable paths.


Issues to fix by upgrading:

  Upgrade org.gretty:gretty-runner-jetty7@3.0.3 to org.gretty:gretty-runner-jetty7@3.0.8 to fix
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.4
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > commons-io:commons-io@2.4 and 1 other path(s)
  ✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)

  Upgrade org.gretty:gretty-runner-tomcat85@3.0.3 to org.gretty:gretty-runner-tomcat85@3.0.5 to fix
  ✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Session Fixation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-538488] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
  ✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-557361] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)

  Upgrade org.gretty:gretty-runner-tomcat9@3.0.3 to org.gretty:gretty-runner-tomcat9@3.0.8 to fix
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat9@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@9.0.34 and 2 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)

  Upgrade org.gretty:gretty-starter@3.0.3 to org.gretty:gretty-starter@3.1.1 to fix
  ✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:spring-expression@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
  ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
  ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217] in org.springframework:spring-expression@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:spring-beans@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
  ✗ Insufficient Hostname Verification [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923] in ch.qos.logback:logback-core@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.4
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > commons-io:commons-io@2.4 and 1 other path(s)
  ✗ Improper Output Neutralization for Logs [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097] in org.springframework:spring-core@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
  ✗ Insecure Temporary File [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287] in org.springframework.boot:spring-boot@2.0.2.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE and 1 other path(s)
  ✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
  ✗ Remote Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751] in org.springframework:spring-beans@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-30208] in ch.qos.logback:logback-core@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)


Issues with no direct upgrade or patch:
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  This issue was fixed in versions: 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  This issue was fixed in versions: 8.5.85, 9.0.71, 10.1.5, 11.0.0-M3
  ✗ Unprotected Transport of Credentials [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  This issue was fixed in versions: 8.5.86, 9.0.72, 10.1.6, 11.0.0-M3
  ✗ Information Exposure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1035561] in org.bouncycastle:bcprov-jdk15on@1.60
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
  This issue was fixed in versions: 1.61
  ✗ Timing Attack [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1296075] in org.bouncycastle:bcprov-jdk15on@1.60
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
  This issue was fixed in versions: 1.66
  ✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508] in org.bouncycastle:bcprov-jdk15on@1.60
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
  This issue was fixed in versions: 1.69
  ✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1021614] in org.eclipse.jetty:jetty-webapp@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 and 13 other path(s)
  This issue was fixed in versions: 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1047304] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
  This issue was fixed in versions: 9.4.35.v20201120, 10.0.0.beta3, 11.0.0.beta3
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1080611] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
  This issue was fixed in versions: 9.4.37.v20210219, 10.0.1, 11.0.1
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1313686] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
  This issue was fixed in versions: 11.0.3, 10.0.3, 9.4.41
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426159] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
  This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426160] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
  This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1090340] in org.eclipse.jetty:jetty-io@8.1.22.v20160922
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-io@9.2.26.v20180806 and 12 other path(s)
  This issue was fixed in versions: 9.4.39.v20210325, 10.0.2, 11.0.2
  ✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-173763] in org.eclipse.jetty:jetty-server@7.6.21.v20160908
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 2 other path(s)
  This issue was fixed in versions: 8.1.0.v20120127
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174560] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
  This issue was fixed in versions: 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418
  ✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-460763] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
  This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-480557] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 and 1 other path(s)
  This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479] in org.eclipse.jetty:jetty-util@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-plus@9.2.26.v20180806 > org.eclipse.jetty:jetty-jndi@9.2.26.v20180806 > org.eclipse.jetty:jetty-util@9.2.26.v20180806 and 5 other path(s)
  This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
  ✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452] in org.eclipse.jetty:jetty-http@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 > org.eclipse.jetty:jetty-http@7.6.21.v20160908 and 8 other path(s)
  This issue was fixed in versions: 9.4.47, 10.0.10, 11.0.10
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426161] in org.eclipse.jetty:jetty-http@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 > org.eclipse.jetty:jetty-http@7.6.21.v20160908 and 8 other path(s)
  This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
  ✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32383] in org.eclipse.jetty:jetty-http@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-http@9.2.26.v20180806 and 1 other path(s)
  This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
  ✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945453] in org.eclipse.jetty:jetty-client@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty.websocket:javax-websocket-server-impl@9.4.24.v20191120 > org.eclipse.jetty.websocket:websocket-server@9.4.24.v20191120 > org.eclipse.jetty.websocket:websocket-client@9.4.24.v20191120 > org.eclipse.jetty:jetty-client@9.4.24.v20191120
  This issue was fixed in versions: 9.4.47, 10.0.10, 11.0.10
  ✗ Timing Attack [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151] in org.eclipse.jetty:jetty-util@8.1.22.v20160922
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 > org.eclipse.jetty:jetty-xml@7.6.21.v20160908 > org.eclipse.jetty:jetty-util@7.6.21.v20160908 and 3 other path(s)
  This issue was fixed in versions: 9.2.22.v20170606, 9.3.20.v20170531, 9.4.6.v20170531
  ✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISH-2841368] in org.glassfish:javax.el@3.0.0
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-jsp@9.2.26.v20180806 > org.glassfish:javax.el@3.0.0 and 1 other path(s)
  No upgrade or patch available



Organization:      vismayakfb
Package manager:   gradle
Target file:       build.gradle
Project name:      server
Open source:       no
Project path:      /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses:          enabled

-------------------------------------------------------

Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 394 dependencies for known issues, found 97 issues, 389 vulnerable paths.


Issues to fix by upgrading:

  Upgrade com.fasterxml.jackson.dataformat:jackson-dataformat-csv@2.4.0 to com.fasterxml.jackson.dataformat:jackson-dataformat-csv@2.13.5 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)

  Upgrade com.github.lookfirst:sardine@5.1 to com.github.lookfirst:sardine@5.3 to fix
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518] in commons-codec:commons-codec@1.10
    introduced by com.github.lookfirst:sardine@5.1 > commons-codec:commons-codec@1.10 and 2 other path(s)

  Upgrade com.google.code.gson:gson@2.2.4 to com.google.code.gson:gson@2.8.9 to fix
  ✗ Deserialization of Untrusted Data [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327] in com.google.code.gson:gson@2.2.4
    introduced by com.google.code.gson:gson@2.2.4

  Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
  ✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
    introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)

  Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)

  Upgrade org.apache.httpcomponents:httpmime@4.5.5 to org.apache.httpcomponents:httpmime@4.5.13 to fix
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058] in org.apache.httpcomponents:httpclient@4.5.5
    introduced by com.github.lookfirst:sardine@5.1 > org.apache.httpcomponents:httpclient@4.5.5 and 1 other path(s)

  Upgrade org.eclipse.jetty:jetty-client@11.0.2 to org.eclipse.jetty:jetty-client@11.0.14 to fix
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426161] in org.eclipse.jetty:jetty-http@11.0.2
    introduced by org.eclipse.jetty:jetty-client@11.0.2 > org.eclipse.jetty:jetty-http@11.0.2 and 9 other path(s)
  ✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452] in org.eclipse.jetty:jetty-http@11.0.2
    introduced by org.eclipse.jetty:jetty-client@11.0.2 > org.eclipse.jetty:jetty-http@11.0.2 and 9 other path(s)
  ✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945453] in org.eclipse.jetty:jetty-client@11.0.2
    introduced by org.eclipse.jetty:jetty-client@11.0.2 and 1 other path(s)
  ✗ Improper Resource Shutdown or Release [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945459] in org.eclipse.jetty:jetty-io@11.0.2
    introduced by org.eclipse.jetty:jetty-client@11.0.2 > org.eclipse.jetty:jetty-io@11.0.2 and 2 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
    introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.gretty:gretty-runner-jetty7@3.0.3 to org.gretty:gretty-runner-jetty7@3.0.8 to fix
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
    introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 6 other path(s)
  ✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)

  Upgrade org.gretty:gretty-runner-tomcat85@3.0.3 to org.gretty:gretty-runner-tomcat85@3.0.5 to fix
  ✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Session Fixation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-538488] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
  ✗ HTTP Request Smuggling [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-557361] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 2 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)

  Upgrade org.gretty:gretty-runner-tomcat9@3.0.3 to org.gretty:gretty-runner-tomcat9@3.0.8 to fix
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat9@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@9.0.34 and 2 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@8.5.49
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)

  Upgrade org.gretty:gretty-starter@3.0.3 to org.gretty:gretty-starter@3.1.1 to fix
  ✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:spring-expression@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
  ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
  ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217] in org.springframework:spring-expression@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-expression@5.0.6.RELEASE
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:spring-beans@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
  ✗ Insufficient Hostname Verification [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923] in ch.qos.logback:logback-core@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
    introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 6 other path(s)
  ✗ Improper Output Neutralization for Logs [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097] in org.springframework:spring-core@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-core@5.0.6.RELEASE and 4 other path(s)
  ✗ Insecure Temporary File [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287] in org.springframework.boot:spring-boot@2.0.2.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE and 1 other path(s)
  ✗ Information Disclosure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694] in org.codehaus.groovy:groovy@2.5.10
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.codehaus.groovy:groovy@2.5.10 and 4 other path(s)
  ✗ Remote Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751] in org.springframework:spring-beans@5.0.6.RELEASE
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.springframework.boot:spring-boot-devtools@2.0.2.RELEASE > org.springframework.boot:spring-boot@2.0.2.RELEASE > org.springframework:spring-context@5.0.6.RELEASE > org.springframework:spring-beans@5.0.6.RELEASE and 1 other path(s)
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-30208] in ch.qos.logback:logback-core@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 > ch.qos.logback:logback-core@1.1.3
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407] in ch.qos.logback:logback-classic@1.1.3
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > ch.qos.logback:logback-classic@1.1.3 and 1 other path(s)

  Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)

  Upgrade org.jsoup:jsoup@1.10.2 to org.jsoup:jsoup@1.15.3 to fix
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSOUP-2989728] in org.jsoup:jsoup@1.10.2
    introduced by org.jsoup:jsoup@1.10.2
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSOUP-1567345] in org.jsoup:jsoup@1.10.2
    introduced by org.jsoup:jsoup@1.10.2


Issues with no direct upgrade or patch:
  ✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
  This issue was fixed in versions: 30.0-android, 30.0-jre
  ✗ Improper Certificate Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSHTTPCLIENT-30083] in commons-httpclient:commons-httpclient@3.1
    introduced by it.geosolutions:geoserver-manager@1.7.0 > commons-httpclient:commons-httpclient@3.1
  This issue was fixed in versions: 3.1-jenkins-3
  ✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSHTTPCLIENT-31660] in commons-httpclient:commons-httpclient@3.1
    introduced by it.geosolutions:geoserver-manager@1.7.0 > commons-httpclient:commons-httpclient@3.1
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
    introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
  This issue was fixed in versions: 1.10.0
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  This issue was fixed in versions: 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  This issue was fixed in versions: 8.5.85, 9.0.71, 10.1.5, 11.0.0-M3
  ✗ Unprotected Transport of Credentials [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687] in org.apache.tomcat.embed:tomcat-embed-core@9.0.34
    introduced by org.gretty:gretty-runner-tomcat85@3.0.3 > org.apache.tomcat.embed:tomcat-embed-core@8.5.49 and 5 other path(s)
  This issue was fixed in versions: 8.5.86, 9.0.72, 10.1.6, 11.0.0-M3
  ✗ Information Exposure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1035561] in org.bouncycastle:bcprov-jdk15on@1.60
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
  This issue was fixed in versions: 1.61
  ✗ Timing Attack [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1296075] in org.bouncycastle:bcprov-jdk15on@1.60
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
  This issue was fixed in versions: 1.66
  ✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508] in org.bouncycastle:bcprov-jdk15on@1.60
    introduced by org.gretty:gretty-starter@3.0.3 > org.gretty:gretty-core@3.0.3 > org.bouncycastle:bcprov-jdk15on@1.60
  This issue was fixed in versions: 1.69
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.0.3, 2.1.1
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.1.3, 2.0.3
  ✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1021614] in org.eclipse.jetty:jetty-webapp@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 and 13 other path(s)
  This issue was fixed in versions: 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3
  ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1047304] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
  This issue was fixed in versions: 9.4.35.v20201120, 10.0.0.beta3, 11.0.0.beta3
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1080611] in org.eclipse.jetty:jetty-server@9.4.24.v20191120
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 1 other path(s)
  This issue was fixed in versions: 9.4.37.v20210219, 10.0.1, 11.0.1
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1313686] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
  This issue was fixed in versions: 11.0.3, 10.0.3, 9.4.41
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426159] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
  This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426160] in org.eclipse.jetty:jetty-server@9.3.28.v20191105
    introduced by org.gretty:gretty-runner-jetty94@3.0.3 > org.eclipse.jetty:jetty-server@9.4.24.v20191120 and 11 other path(s)
  This issue was fixed in versions: 9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1090340] in org.eclipse.jetty:jetty-io@8.1.22.v20160922
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-io@9.2.26.v20180806 and 12 other path(s)
  This issue was fixed in versions: 9.4.39.v20210325, 10.0.2, 11.0.2
  ✗ Cryptographic Issues [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-173763] in org.eclipse.jetty:jetty-server@7.6.21.v20160908
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 2 other path(s)
  This issue was fixed in versions: 8.1.0.v20120127
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174560] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
  This issue was fixed in versions: 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418
  ✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-460763] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-server@7.6.21.v20160908 and 7 other path(s)
  This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-480557] in org.eclipse.jetty:jetty-server@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 and 1 other path(s)
  This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479] in org.eclipse.jetty:jetty-util@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-plus@9.2.26.v20180806 > org.eclipse.jetty:jetty-jndi@9.2.26.v20180806 > org.eclipse.jetty:jetty-util@9.2.26.v20180806 and 5 other path(s)
  This issue was fixed in versions: 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411
  ✗ Web Cache Poisoning [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32383] in org.eclipse.jetty:jetty-http@9.2.26.v20180806
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-server@9.2.26.v20180806 > org.eclipse.jetty:jetty-http@9.2.26.v20180806 and 1 other path(s)
  This issue was fixed in versions: 9.3.24.v20180605, 9.4.11.v20180605
  ✗ Timing Attack [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151] in org.eclipse.jetty:jetty-util@8.1.22.v20160922
    introduced by org.gretty:gretty-runner-jetty7@3.0.3 > org.eclipse.jetty:jetty-webapp@7.6.21.v20160908 > org.eclipse.jetty:jetty-xml@7.6.21.v20160908 > org.eclipse.jetty:jetty-util@7.6.21.v20160908 and 3 other path(s)
  This issue was fixed in versions: 9.2.22.v20170606, 9.3.20.v20170531, 9.4.6.v20170531
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
    introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
    introduced by org.geotools:gt-main@24.1 and 15 other path(s)
  No upgrade or patch available
  ✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISH-2841368] in org.glassfish:javax.el@3.0.0
    introduced by org.gretty:gretty-runner-jetty9@3.0.3 > org.eclipse.jetty:jetty-jsp@9.2.26.v20180806 > org.glassfish:javax.el@3.0.0 and 1 other path(s)
  No upgrade or patch available
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
    introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
  This issue was fixed in versions: 2.7.1
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJDOM-1311147] in org.jdom:jdom@1.1
    introduced by it.geosolutions:geoserver-manager@1.7.0 > jdom:jdom@1.1 > org.jdom:jdom@1.1
  No upgrade or patch available
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
    introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
  This issue was fixed in versions: 3.41.2.2
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 2.0



Organization:      vismayakfb
Package manager:   gradle
Target file:       build.gradle
Project name:      server/data-service
Open source:       no
Project path:      /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses:          enabled

-------------------------------------------------------

Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 202 dependencies for known issues, found 36 issues, 111 vulnerable paths.


Issues to fix by upgrading:

  Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
  ✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
    introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)

  Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
    introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)


Issues with no direct upgrade or patch:
  ✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
  This issue was fixed in versions: 30.0-android, 30.0-jre
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
    introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
  This issue was fixed in versions: 2.7
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
    introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
  This issue was fixed in versions: 1.10.0
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.0.3, 2.1.1
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.1.3, 2.0.3
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
    introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
    introduced by org.geotools:gt-main@24.1 and 15 other path(s)
  No upgrade or patch available
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
    introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
  This issue was fixed in versions: 2.7.1
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
    introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
  This issue was fixed in versions: 3.41.2.2
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 2.0



Organization:      vismayakfb
Package manager:   gradle
Target file:       build.gradle
Project name:      server/dfr3-service
Open source:       no
Project path:      /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses:          enabled

-------------------------------------------------------

Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 210 dependencies for known issues, found 38 issues, 114 vulnerable paths.


Issues to fix by upgrading:

  Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
  ✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
    introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)

  Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)

  Upgrade org.apache.httpcomponents:httpclient@4.5.5 to org.apache.httpcomponents:httpclient@4.5.13 to fix
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058] in org.apache.httpcomponents:httpclient@4.5.5
    introduced by org.apache.httpcomponents:httpclient@4.5.5 and 1 other path(s)

  Upgrade org.apache.httpcomponents:httpmime@4.5.5 to org.apache.httpcomponents:httpmime@4.5.13 to fix
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058] in org.apache.httpcomponents:httpclient@4.5.5
    introduced by org.apache.httpcomponents:httpclient@4.5.5 and 1 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
    introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)


Issues with no direct upgrade or patch:
  ✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
  This issue was fixed in versions: 30.0-android, 30.0-jre
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518] in commons-codec:commons-codec@1.10
    introduced by org.apache.httpcomponents:httpclient@4.5.5 > commons-codec:commons-codec@1.10
  This issue was fixed in versions: 1.13
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
    introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
  This issue was fixed in versions: 2.7
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
    introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
  This issue was fixed in versions: 1.10.0
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.0.3, 2.1.1
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.1.3, 2.0.3
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
    introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
    introduced by org.geotools:gt-main@24.1 and 15 other path(s)
  No upgrade or patch available
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
    introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
  This issue was fixed in versions: 2.7.1
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
    introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
  This issue was fixed in versions: 3.41.2.2
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 2.0



Organization:      vismayakfb
Package manager:   gradle
Target file:       build.gradle
Project name:      server/hazard-service
Open source:       no
Project path:      /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses:          enabled

-------------------------------------------------------

Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 74 dependencies for known issues, found 26 issues, 59 vulnerable paths.


Issues to fix by upgrading:

  Upgrade com.fasterxml.jackson.core:jackson-databind@2.10.5 to com.fasterxml.jackson.core:jackson-databind@2.12.7.1 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)

  Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
  ✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
    introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)

  Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@20.0
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@20.0 and 2 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Deserialization of Untrusted Data [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236] in com.google.guava:guava@20.0
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@20.0 and 2 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)

  Upgrade junit:junit@4.12 to junit:junit@4.13.1 to fix
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
    introduced by junit:junit@4.12 and 1 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)

  Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)

  Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.5 and 4 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.core:jersey-server@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 7 other path(s)

  Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
    introduced by org.json:json@20171018
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
    introduced by org.json:json@20171018


Issues with no direct upgrade or patch:
  ✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 2.0



Organization:      vismayakfb
Package manager:   gradle
Target file:       build.gradle
Project name:      server/incore-common
Open source:       no
Project path:      /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses:          enabled

-------------------------------------------------------

Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 202 dependencies for known issues, found 36 issues, 111 vulnerable paths.


Issues to fix by upgrading:

  Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
  ✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
    introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)

  Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
    introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)


Issues with no direct upgrade or patch:
  ✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
  This issue was fixed in versions: 30.0-android, 30.0-jre
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
    introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
  This issue was fixed in versions: 2.7
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
    introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
  This issue was fixed in versions: 1.10.0
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.0.3, 2.1.1
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.1.3, 2.0.3
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
    introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
    introduced by org.geotools:gt-main@24.1 and 15 other path(s)
  No upgrade or patch available
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
    introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
  This issue was fixed in versions: 2.7.1
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
    introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
  This issue was fixed in versions: 3.41.2.2
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 2.0



Organization:      vismayakfb
Package manager:   gradle
Target file:       build.gradle
Project name:      server/maestro-service
Open source:       no
Project path:      /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses:          enabled

-------------------------------------------------------

Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 37 dependencies for known issues, found 86 issues, 86 vulnerable paths.


Issues to fix by upgrading:

  Upgrade com.fasterxml.jackson.core:jackson-databind@2.9.0 to com.fasterxml.jackson.core:jackson-databind@2.12.7.1 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72446] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044] in com.fasterxml.jackson.core:jackson-databind@2.9.0
    introduced by com.fasterxml.jackson.core:jackson-databind@2.9.0

  Upgrade com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 to com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.15.0 to fix
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
    introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
    introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
    introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
    introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
    introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
    introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
    introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17

  Upgrade commons-io:commons-io@2.5 to commons-io:commons-io@2.7 to fix
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.5
    introduced by commons-io:commons-io@2.5

  Upgrade org.apache.jena:jena-core@3.1.1 to org.apache.jena:jena-core@4.2.0 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-30183] in xerces:xercesImpl@2.11.0
    introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-608891] in xerces:xercesImpl@2.11.0
    introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEJENA-1586035] in org.apache.jena:jena-core@3.1.1
    introduced by org.apache.jena:jena-core@3.1.1
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEJENA-2808937] in org.apache.jena:jena-core@3.1.1
    introduced by org.apache.jena:jena-core@3.1.1
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-2359991] in xerces:xercesImpl@2.11.0
    introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-31585] in xerces:xercesImpl@2.11.0
    introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0

  Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
    introduced by org.json:json@20171018
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
    introduced by org.json:json@20171018


Issues with no direct upgrade or patch:
  ✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available



Organization:      vismayakfb
Package manager:   gradle
Target file:       build.gradle
Project name:      server/semantic-core
Open source:       no
Project path:      /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses:          enabled

-------------------------------------------------------

Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 216 dependencies for known issues, found 42 issues, 133 vulnerable paths.


Issues to fix by upgrading:

  Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
  ✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
    introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)

  Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.8 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)

  Upgrade org.apache.jena:jena-core@3.1.1 to org.apache.jena:jena-core@4.2.0 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-30183] in xerces:xercesImpl@2.11.0
    introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-608891] in xerces:xercesImpl@2.11.0
    introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEJENA-1586035] in org.apache.jena:jena-core@3.1.1
    introduced by org.apache.jena:jena-core@3.1.1 and 1 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEJENA-2808937] in org.apache.jena:jena-core@3.1.1
    introduced by org.apache.jena:jena-core@3.1.1 and 1 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-2359991] in xerces:xercesImpl@2.11.0
    introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-XERCES-31585] in xerces:xercesImpl@2.11.0
    introduced by org.apache.jena:jena-core@3.1.1 > xerces:xercesImpl@2.11.0

  Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 6 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
    introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
    introduced by org.json:json@20171018 and 3 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
    introduced by org.json:json@20171018 and 3 other path(s)


Issues with no direct upgrade or patch:
  ✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
  This issue was fixed in versions: 30.0-android, 30.0-jre
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
    introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
  This issue was fixed in versions: 2.7
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 3 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
    introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
  This issue was fixed in versions: 1.10.0
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.0.3, 2.1.1
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.1.3, 2.0.3
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
    introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
    introduced by org.geotools:gt-main@24.1 and 15 other path(s)
  No upgrade or patch available
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
    introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
  This issue was fixed in versions: 2.7.1
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
    introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
  This issue was fixed in versions: 3.41.2.2
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
    introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 1.31
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
    introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 1.32
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
    introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 1.31
  ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
    introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 1.31
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
    introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 1.32
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
    introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 2.0
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
    introduced by incore-v2:semantic-core@unspecified > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.9.0 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 1.26



Organization:      vismayakfb
Package manager:   gradle
Target file:       build.gradle
Project name:      server/semantics-service
Open source:       no
Project path:      /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses:          enabled

-------------------------------------------------------

Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 202 dependencies for known issues, found 36 issues, 111 vulnerable paths.


Issues to fix by upgrading:

  Upgrade dev.morphia.morphia:morphia-core@2.1.3 to dev.morphia.morphia:morphia-core@2.2.0 to fix
  ✗ Man-in-the-Middle (MitM) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:mongodb-driver-sync@4.0.5
    introduced by dev.morphia.morphia:morphia-core@2.1.3 > org.mongodb:mongodb-driver-sync@4.0.5 and 1 other path(s)

  Upgrade io.swagger:swagger-jersey2-jaxrs@1.5.13 to io.swagger:swagger-jersey2-jaxrs@1.6.9 to fix
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-grizzly2-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.containers:jersey-container-servlet@2.31 to org.glassfish.jersey.containers:jersey-container-servlet@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.core:jersey-server@2.31 to org.glassfish.jersey.core:jersey-server@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.inject:jersey-hk2@2.31 to org.glassfish.jersey.inject:jersey-hk2@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-json-jackson@2.31 to org.glassfish.jersey.media:jersey-media-json-jackson@2.39 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.5
    introduced by incore-v2:incore-common@unspecified > com.fasterxml.jackson.core:jackson-databind@2.10.5 and 5 other path(s)

  Upgrade org.glassfish.jersey.media:jersey-media-multipart@2.31 to org.glassfish.jersey.media:jersey-media-multipart@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 to org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.34 to fix
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047] in junit:junit@4.12
    introduced by org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2@2.31 > junit:junit@4.12 and 2 other path(s)
  ✗ Information Disclosure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.31
    introduced by org.glassfish.jersey.containers:jersey-container-servlet@2.31 > org.glassfish.jersey.core:jersey-common@2.31 and 9 other path(s)

  Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
    introduced by org.json:json@20171018 and 2 other path(s)


Issues with no direct upgrade or patch:
  ✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@27.0-jre
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > com.google.guava:guava@27.0-jre and 3 other path(s)
  This issue was fixed in versions: 30.0-android, 30.0-jre
  ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
    introduced by org.geotools:gt-coverage@24.1 > commons-io:commons-io@2.6 and 2 other path(s)
  This issue was fixed in versions: 2.7
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995] in commons-jxpath:commons-jxpath@1.3
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools.xsd:gt-xsd-core@24.1 > commons-jxpath:commons-jxpath@1.3
  No upgrade or patch available
  ✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce and 2 other path(s)
  No upgrade or patch available
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138] in org.apache.commons:commons-text@1.6
    introduced by org.geotools:gt-main@24.1 > org.apache.commons:commons-text@1.6
  This issue was fixed in versions: 1.10.0
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.0.3, 2.1.1
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
    introduced by incore-v2:tools-common@unspecified > org.dom4j:dom4j@2.0.0
  This issue was fixed in versions: 2.1.3, 2.0.3
  ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-2701673] in org.geotools:gt-metadata@24.1
    introduced by org.geotools:gt-referencing@24.1 > org.geotools:gt-metadata@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329307] in org.geotools:gt-jdbc@24.1
    introduced by org.geotools:gt-geopkg@24.1 > org.geotools:gt-jdbc@24.1
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGEOTOOLS-3329308] in org.geotools:gt-main@24.1
    introduced by org.geotools:gt-main@24.1 and 15 other path(s)
  No upgrade or patch available
  ✗ Remote Code Execution (RCE) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860] in org.hsqldb:hsqldb@2.4.1
    introduced by org.geotools:gt-epsg-hsql@24.1 > org.hsqldb:hsqldb@2.4.1
  This issue was fixed in versions: 2.7.1
  ✗ Arbitrary Code Execution [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIAL-5596891] in org.xerial:sqlite-jdbc@3.31.1
    introduced by org.geotools:gt-geopkg@24.1 > org.xerial:sqlite-jdbc@3.31.1
  This issue was fixed in versions: 3.41.2.2
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.17
    introduced by io.swagger:swagger-jersey2-jaxrs@1.5.13 > io.swagger:swagger-jaxrs@1.5.13 > io.swagger:swagger-core@1.5.13 > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.8.5 > org.yaml:snakeyaml@1.17
  This issue was fixed in versions: 2.0



Organization:      vismayakfb
Package manager:   gradle
Target file:       build.gradle
Project name:      server/space-service
Open source:       no
Project path:      /Users/mohanar2/Desktop/INCORE/incore-services/server
Licenses:          enabled

-------------------------------------------------------

Testing /Users/mohanar2/Desktop/INCORE/incore-services/server...

Tested 19 dependencies for known issues, found 11 issues, 11 vulnerable paths.


Issues to fix by upgrading:

  Upgrade org.dom4j:dom4j@2.0.0 to org.dom4j:dom4j@2.0.3 to fix
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-32474] in org.dom4j:dom4j@2.0.0
    introduced by org.dom4j:dom4j@2.0.0
  ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.0.0
    introduced by org.dom4j:dom4j@2.0.0

  Upgrade org.json:json@20171018 to org.json:json@20230227 to fix
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379] in org.json:json@20171018
    introduced by org.json:json@20171018
  ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20171018
    introduced by org.json:json@20171018


Issues with no direct upgrade or patch:
  ✗ Man-in-the-Middle (MitM) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-1300176] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342645] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342646] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2342647] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-3358774] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available
  ✗ Deserialization of Untrusted Data [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-572732] in log4j:log4j@1.2.17.norce
    introduced by log4j:log4j@1.2.17.norce
  No upgrade or patch available

@Vismayak Vismayak closed this as completed Jun 9, 2023
@navarroc navarroc mentioned this issue Jun 23, 2023
Closed
@longshuicy longshuicy linked a pull request Jul 11, 2023 that will close this issue
141 dependency vulnerability check #177
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Vismayak Vismayak

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

141 dependency vulnerability check IN-CORE/incore-services
1 participant
@Vismayak