SWI-3723 [Snyk] Fix for 4 vulnerabilities by bwappsec · Pull Request #352 · Bandwidth/openapi-generator

bwappsec · 2025-01-23T15:40:45Z

Issue	Score	Upgrade
Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JAVA-ORGAPACHETOMCATEMBED-8523186	180	`Major version upgrade` `No Path Found` `No Known Exploit`
Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JAVA-ORGAPACHETOMCATEMBED-8547999	180	`Major version upgrade` `No Path Found` `No Known Exploit`
Denial of Service (DoS) SNYK-JAVA-ORGAPACHECXF-8648831	112	org.apache.cxf:cxf-rt-frontend-jaxrs: `3.3.0` -> `3.5.10` org.apache.cxf:cxf-rt-ws-policy: `3.3.0` -> `3.5.10` org.apache.cxf:cxf-rt-wsdl: `3.3.0` -> `3.5.10` org.apache.cxf:cxf-spring-boot-starter-jaxrs: `3.3.0` -> `3.5.10` `No Path Found` `No Known Exploit`
Improper Neutralization of Special Elements SNYK-JAVA-CHQOSLOGBACK-8539867	61	`Major version upgrade` `No Path Found` `No Known Exploit`

Upgrade:
- Could not upgrade org.springframework.boot:spring-boot-starter-web@2.7.15 to org.springframework.boot:spring-boot-starter-web@3.3.7; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.7.15/spring-boot-dependencies-2.7.15.pom

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

Learn how to fix vulnerabilities with free interactive lessons:

bwappsec changed the title ~~[Snyk] Fix for 4 vulnerabilities~~ SWI-3723 [Snyk] Fix for 4 vulnerabilities Jan 23, 2025

jgutierrezglez closed this Oct 1, 2025

jgutierrezglez deleted the snyk-fix-d0149bea85492adc66fb71f4b9ce5f4e branch October 1, 2025 14:32

Provide feedback