[Snyk] Fix for 12 vulnerabilities #92

timomayer · 2024-09-20T10:36:14Z

Snyk has created this PR to fix 12 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue	Score	Upgrade
Deserialization of Untrusted Data SNYK-JAVA-LOG4J-572732	811	org.keycloak:keycloak-core: `22.0.3` -> `25.0.6` `Major version upgrade` `Proof of Concept`
URL Redirection to Untrusted Site ('Open Redirect') SNYK-JAVA-ORGKEYCLOAK-8061810	666	org.keycloak:keycloak-server-spi-private: `22.0.3` -> `25.0.6` org.keycloak:keycloak-services: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`
URL Redirection to Untrusted Site ('Open Redirect') SNYK-JAVA-ORGKEYCLOAK-8061811	666	org.keycloak:keycloak-services: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`
Arbitrary Code Execution SNYK-JAVA-LOG4J-2316893	651	org.keycloak:keycloak-core: `22.0.3` -> `25.0.6` `Major version upgrade` `Proof of Concept`
Improper Handling of Extra Values SNYK-JAVA-ORGKEYCLOAK-7926864	641	org.keycloak:keycloak-server-spi: `22.0.3` -> `25.0.6` org.keycloak:keycloak-server-spi-private: `22.0.3` -> `25.0.6` org.keycloak:keycloak-services: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`
SQL Injection SNYK-JAVA-LOG4J-2342645	619	org.keycloak:keycloak-core: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342646	619	org.keycloak:keycloak-core: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`
Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342647	619	org.keycloak:keycloak-core: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`
Improper Verification of Cryptographic Signature SNYK-JAVA-ORGKEYCLOAK-8061829	551	org.keycloak:keycloak-services: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-LOG4J-3358774	509	org.keycloak:keycloak-core: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`
Man-in-the-Middle (MitM) SNYK-JAVA-LOG4J-1300176	399	org.keycloak:keycloak-core: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`
Cross-Site Request Forgery (CSRF) SNYK-JAVA-ORGKEYCLOAK-7247314	399	org.keycloak:keycloak-services: `22.0.3` -> `25.0.6` `Major version upgrade` `No Known Exploit`

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Execution
🦉 SQL Injection
🦉 Deserialization of Untrusted Data
🦉 More lessons are available in Snyk Learn

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.keycloak:keycloak-core","from":"22.0.3","to":"25.0.6"},{"name":"org.keycloak:keycloak-server-spi","from":"22.0.3","to":"25.0.6"},{"name":"org.keycloak:keycloak-server-spi-private","from":"22.0.3","to":"25.0.6"},{"name":"org.keycloak:keycloak-services","from":"22.0.3","to":"25.0.6"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-LOG4J-1300176","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Man-in-the-Middle (MitM)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-LOG4J-2316893","priority_score":651,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.6","score":330},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-LOG4J-2342645","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"SQL Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-LOG4J-2342646","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-LOG4J-2342647","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-LOG4J-3358774","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JAVA-LOG4J-572732","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061811","priority_score":666,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"URL Redirection to Untrusted Site ('Open Redirect')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061810","priority_score":666,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"URL Redirection to Untrusted Site ('Open Redirect')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7247314","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-Site Request Forgery (CSRF)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061810","priority_score":666,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"URL Redirection to Untrusted Site ('Open Redirect')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7926864","priority_score":641,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Values"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7926864","priority_score":641,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Values"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-7926864","priority_score":641,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Values"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JAVA-ORGKEYCLOAK-8061829","priority_score":551,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Verification of Cryptographic Signature"}],"prId":"a509b012-8055-41db-8584-57690b1c9b47","prPublicId":"a509b012-8055-41db-8584-57690b1c9b47","packageManager":"maven","priorityScoreList":[399,651,619,619,619,509,811,666,666,399,641,551],"projectPublicId":"10ce1857-6fb3-4edf-b843-c93667df0913","projectUrl":"https://app.snyk.io/org/timomayer/project/10ce1857-6fb3-4edf-b843-c93667df0913?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-LOG4J-1300176","SNYK-JAVA-LOG4J-2316893","SNYK-JAVA-LOG4J-2342645","SNYK-JAVA-LOG4J-2342646","SNYK-JAVA-LOG4J-2342647","SNYK-JAVA-LOG4J-3358774","SNYK-JAVA-LOG4J-572732","SNYK-JAVA-ORGKEYCLOAK-7247314","SNYK-JAVA-ORGKEYCLOAK-7926864","SNYK-JAVA-ORGKEYCLOAK-8061810","SNYK-JAVA-ORGKEYCLOAK-8061811","SNYK-JAVA-ORGKEYCLOAK-8061829"],"vulns":["SNYK-JAVA-LOG4J-1300176","SNYK-JAVA-LOG4J-2316893","SNYK-JAVA-LOG4J-2342645","SNYK-JAVA-LOG4J-2342646","SNYK-JAVA-LOG4J-2342647","SNYK-JAVA-LOG4J-3358774","SNYK-JAVA-LOG4J-572732","SNYK-JAVA-ORGKEYCLOAK-8061811","SNYK-JAVA-ORGKEYCLOAK-8061810","SNYK-JAVA-ORGKEYCLOAK-7247314","SNYK-JAVA-ORGKEYCLOAK-7926864","SNYK-JAVA-ORGKEYCLOAK-8061829"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'