Skip to content

[Snyk] Fix for 8 vulnerabilities#1274

Open
jagankumar-egov wants to merge 1 commit into
masterfrom
snyk-fix-25601e479f43f3b497e7df8e6ac39306
Open

[Snyk] Fix for 8 vulnerabilities#1274
jagankumar-egov wants to merge 1 commit into
masterfrom
snyk-fix-25601e479f43f3b497e7df8e6ac39306

Conversation

@jagankumar-egov
Copy link
Copy Markdown
Contributor

@jagankumar-egov jagankumar-egov commented Apr 23, 2026

snyk-top-banner

Snyk has created this PR to fix 8 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • core-services/egov-user/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Upgrade
high severity Improper Authentication
SNYK-JAVA-ORGAPACHETOMCATEMBED-15989808		 Major version upgrade No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JAVA-ORGAPACHETOMCATEMBED-15989812		 Major version upgrade No Known Exploit
high severity Improper Authentication
SNYK-JAVA-ORGAPACHETOMCATEMBED-15989820		 Major version upgrade No Known Exploit
high severity HTTP Request Smuggling
SNYK-JAVA-ORGAPACHETOMCATEMBED-15990633		 Major version upgrade No Known Exploit
medium severity Open Redirect
SNYK-JAVA-ORGAPACHETOMCATEMBED-15990787		 Major version upgrade No Known Exploit
low severity HTTP Request Smuggling
SNYK-JAVA-ORGSPRINGFRAMEWORK-16109603		 Major version upgrade No Known Exploit
high severity Incomplete Cleanup
SNYK-JAVA-ORGSPRINGFRAMEWORK-16109615		 Major version upgrade No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGSPRINGFRAMEWORK-16109618		 org.springframework.kafka:spring-kafka:
1.3.11.RELEASE -> 3.3.14
Major version upgrade No Known Exploit

Vulnerabilities that could not be fixed

  • Upgrade:
    • Could not upgrade org.springframework.boot:spring-boot-starter-data-redis@1.5.22.RELEASE to org.springframework.boot:spring-boot-starter-data-redis@3.5.12; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.22.RELEASE/spring-boot-dependencies-1.5.22.RELEASE.pom
  • Could not upgrade org.springframework.boot:spring-boot-starter-jdbc@1.5.22.RELEASE to org.springframework.boot:spring-boot-starter-jdbc@3.5.12; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.22.RELEASE/spring-boot-dependencies-1.5.22.RELEASE.pom
  • Could not upgrade org.springframework.boot:spring-boot-starter-web@1.5.22.RELEASE to org.springframework.boot:spring-boot-starter-web@4.0.0; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.22.RELEASE/spring-boot-dependencies-1.5.22.RELEASE.pom

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Authentication
🦉 Improper Encoding or Escaping of Output
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 23, 2026

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 05b93bc4-7c29-4933-a424-eaa0128bd49d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch snyk-fix-25601e479f43f3b497e7df8e6ac39306

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@talele08 talele08 Awaiting requested review from talele08 talele08 is a code owner

@GhanshyamRawat-eGov GhanshyamRawat-eGov Awaiting requested review from GhanshyamRawat-eGov GhanshyamRawat-eGov is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jagankumar-egov @snyk-bot