Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Snyk] Security upgrade org.codehaus.sonar:sonar-plugin-api from 4.5.4 to 5.0#33

Open
liorsamuni wants to merge 1 commit intomasterfrom
snyk-fix-bc1bf291d09fd739bf13cf59c05664a1
Open

[Snyk] Security upgrade org.codehaus.sonar:sonar-plugin-api from 4.5.4 to 5.0#33
liorsamuni wants to merge 1 commit intomasterfrom
snyk-fix-bc1bf291d09fd739bf13cf59c05664a1

Conversation

@liorsamuni
Copy link
Owner

@liorsamuni liorsamuni commented Aug 28, 2025

snyk-top-banner

Snyk has created this PR to fix 41 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
critical severity Deserialization of Untrusted Data
SNYK-JAVA-COMMONSCOLLECTIONS-30078		   919   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Mature
critical severity Deserialization of Untrusted Data
SNYK-JAVA-COMMONSCOLLECTIONS-6056408		   919   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Mature
high severity Remote Code Execution (RCE)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183		   854   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Mature
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-8352924		   756   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458		   751   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191		   746   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967		   711   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Mature
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337		   696   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Uncontrolled Recursion
SNYK-JAVA-COMMONSLANG-10734077		   654   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189		   646   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540		   631   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332		   626   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334		   626   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336		   626   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Insecure XML deserialization
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764		   626   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Mature
medium severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897		   616   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328		   611   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMMONSCOLLECTIONS-472711		   601   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331		   591   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
high severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977		   589   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade No Known Exploit
high severity XML External Entity (XXE) Injection
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385		   589   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394		   589   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade No Known Exploit
medium severity Arbitrary File Deletion
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966		   586   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329		   586   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330		   586   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333		   586   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335		   586   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338		   586   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade Proof of Concept
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-COMMONSCONFIGURATION-10116124		   559   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180		   479   org.codehaus.sonar:sonar-plugin-api:
4.5.4 -> 5.0
Major version upgrade No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data
🦉 Allocation of Resources Without Limits or Throttling
🦉 Arbitrary File Deletion
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: pom.xml to reduce vulnerabilities
5efaeb0 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078
- https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-6056408
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-8352924
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337
- https://snyk.io/vuln/SNYK-JAVA-COMMONSLANG-10734077
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328
- https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-472711
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338
- https://snyk.io/vuln/SNYK-JAVA-COMMONSCONFIGURATION-10116124
- https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@liorsamuni @snyk-bot