From 1c3e26b078605234e5672d193c7584bc856479cb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:07:22 +0000 Subject: [PATCH 01/12] fix: todolist-goof/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-FREETYPE-1019584 - https://snyk.io/vuln/SNYK-DEBIAN9-GLIBC-356506 - https://snyk.io/vuln/SNYK-DEBIAN9-GLIBC-356506 - https://snyk.io/vuln/SNYK-DEBIAN9-GLIBC-356506 - https://snyk.io/vuln/SNYK-DEBIAN9-LIBVORBIS-326217 --- todolist-goof/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/todolist-goof/Dockerfile b/todolist-goof/Dockerfile index 3d4c4fdfd..4515ea0d6 100644 --- a/todolist-goof/Dockerfile +++ b/todolist-goof/Dockerfile @@ -10,7 +10,7 @@ COPY todolist-web-common todolist-web-common COPY todolist-web-struts todolist-web-struts RUN --mount=target=$HOME/.m2,type=cache mvn install -FROM tomcat:8.5.21 +FROM tomcat:8.5.99 RUN mkdir /tmp/extracted_files COPY web.xml /usr/local/tomcat/conf/web.xml From 855680e55b4adcea334838f514eaf38368452105 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:09:02 +0000 Subject: [PATCH 02/12] fix: log4shell-goof/log4shell-server/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-5953384 - https://snyk.io/vuln/SNYK-DEBIAN11-CURL-2936229 - https://snyk.io/vuln/SNYK-DEBIAN11-CURL-3065656 --- log4shell-goof/log4shell-server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log4shell-goof/log4shell-server/Dockerfile b/log4shell-goof/log4shell-server/Dockerfile index ed6b0d833..cbda5f293 100644 --- a/log4shell-goof/log4shell-server/Dockerfile +++ b/log4shell-goof/log4shell-server/Dockerfile @@ -3,7 +3,7 @@ COPY pom.xml pom.xml COPY src src RUN --mount=target=$HOME/.m2,type=cache mvn clean package -FROM openjdk:8 as ldap +FROM openjdk:25 as ldap COPY --from=build target/log4shell-server-*-jar-with-dependencies.jar /server.jar EXPOSE 8000 EXPOSE 9999 From d5869eb83fdeb519094210f07e1c3ab60ec41a47 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:10:54 +0000 Subject: [PATCH 03/12] fix: todolist-goof/todolist-web-struts/pom.xml & todolist-goof/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30207 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-1049003 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30772 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-6102825 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-31409 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31503 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608097 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30770 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31495 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-32477 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-8496612 - https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30401 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30771 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30778 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-451610 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-2635340 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608098 - https://snyk.io/vuln/SNYK-JAVA-ORGFREEMARKER-1076795 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30774 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-609765 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30163 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30165 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586 - https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339 - https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-3326457 - https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109 - https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30060 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30775 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30776 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31500 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31501 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31502 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790 - https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-8161190 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-7687447 - https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-31540 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31331 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30773 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30164 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980 - https://snyk.io/vuln/SNYK-JAVA-OGNL-30474 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-460223 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-6100744 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-5707101 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-567761 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366 --- todolist-goof/pom.xml | 4 ++-- todolist-goof/todolist-web-struts/pom.xml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/todolist-goof/pom.xml b/todolist-goof/pom.xml index 4df79d1b1..998a63f9b 100644 --- a/todolist-goof/pom.xml +++ b/todolist-goof/pom.xml @@ -10,10 +10,10 @@ https://github.com/snyk/java-goof - 3.2.6.RELEASE + 6.1.14 4.3.7.Final 5.3.8 - 2.3.20 + 7.0.0 UTF-8 diff --git a/todolist-goof/todolist-web-struts/pom.xml b/todolist-goof/todolist-web-struts/pom.xml index e58874f82..affc8676b 100644 --- a/todolist-goof/todolist-web-struts/pom.xml +++ b/todolist-goof/todolist-web-struts/pom.xml @@ -27,7 +27,7 @@ org.apache.logging.log4j log4j-core - 2.7 + 2.13.2 org.apache.logging.log4j @@ -90,7 +90,7 @@ org.zeroturnaround zt-zip - 1.12 + 1.13 jar From 87408f57361d16259ab4a1efa2b0262716e9a173 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:18:37 +0000 Subject: [PATCH 04/12] fix: todolist-goof/todolist-web-struts/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339 --- todolist-goof/todolist-web-struts/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/todolist-goof/todolist-web-struts/pom.xml b/todolist-goof/todolist-web-struts/pom.xml index affc8676b..c0c7d9f6b 100644 --- a/todolist-goof/todolist-web-struts/pom.xml +++ b/todolist-goof/todolist-web-struts/pom.xml @@ -27,7 +27,7 @@ org.apache.logging.log4j log4j-core - 2.13.2 + 2.17.1 org.apache.logging.log4j From 94d50af976276aea0135b8970c325b0c1ce306d0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:19:34 +0000 Subject: [PATCH 05/12] fix: log4shell-goof/log4shell-server/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078 - https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-6056408 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7300153 - https://snyk.io/vuln/SNYK-JAVA-COMUNBOUNDID-32143 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-8383402 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7300152 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7433720 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7984545 - https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-472711 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-2391283 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-3012383 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-3339519 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-6567186 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-6669948 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSXNIO-6403375 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7707751 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-2871356 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-3358786 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7361775 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSXNIO-2994360 - https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-7433721 --- log4shell-goof/log4shell-server/pom.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/log4shell-goof/log4shell-server/pom.xml b/log4shell-goof/log4shell-server/pom.xml index 94de0952b..de0085d39 100644 --- a/log4shell-goof/log4shell-server/pom.xml +++ b/log4shell-goof/log4shell-server/pom.xml @@ -20,22 +20,22 @@ org.apache.logging.log4j log4j-core - 2.15.0 + 2.17.1 com.unboundid unboundid-ldapsdk - 3.1.1 + 4.0.5 io.undertow undertow-core - 2.2.13.Final + 2.2.37.Final commons-collections commons-collections - 3.1 + 3.2.2 org.apache.commons From 078d39cfa8d593348eeb74169b266d0ac95b93b1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:22:11 +0000 Subject: [PATCH 06/12] fix: todolist-goof/todolist-web-common/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31507 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-568162 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72446 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31573 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-569100 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-30098 --- todolist-goof/todolist-web-common/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/todolist-goof/todolist-web-common/pom.xml b/todolist-goof/todolist-web-common/pom.xml index 1e4535726..a02996839 100644 --- a/todolist-goof/todolist-web-common/pom.xml +++ b/todolist-goof/todolist-web-common/pom.xml @@ -21,12 +21,12 @@ com.fasterxml.jackson.core jackson-core - 2.6.5 + 2.15.0 com.fasterxml.jackson.core jackson-databind - 2.6.5 + 2.15.0 com.fasterxml.jackson.core @@ -59,7 +59,7 @@ org.hibernate hibernate-validator - 4.3.1.Final + 6.0.23.Final From 0226e396143ce185b0e7ccfc30fa7d9ecb6bd9d8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:23:50 +0000 Subject: [PATCH 07/12] fix: log4shell-goof/log4shell-client/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339 --- log4shell-goof/log4shell-client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log4shell-goof/log4shell-client/pom.xml b/log4shell-goof/log4shell-client/pom.xml index 5f36c4f8c..d90b3c42c 100644 --- a/log4shell-goof/log4shell-client/pom.xml +++ b/log4shell-goof/log4shell-client/pom.xml @@ -23,7 +23,7 @@ org.apache.logging.log4j log4j-slf4j-impl - 2.14.1 + 2.17.1 From 8484020c7fb358c46f7c8a180fef74ff7b12de74 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:25:35 +0000 Subject: [PATCH 08/12] fix: todolist-goof/pom.xml & todolist-goof/todolist-core/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-DOM4J-174153 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-1041788 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-584563 - https://snyk.io/vuln/SNYK-JAVA-ORGHSQLDB-3040860 - https://snyk.io/vuln/SNYK-JAVA-DOM4J-2812975 --- todolist-goof/pom.xml | 2 +- todolist-goof/todolist-core/pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/todolist-goof/pom.xml b/todolist-goof/pom.xml index 998a63f9b..52ae2030f 100644 --- a/todolist-goof/pom.xml +++ b/todolist-goof/pom.xml @@ -11,7 +11,7 @@ 6.1.14 - 4.3.7.Final + 5.4.24.Final 5.3.8 7.0.0 UTF-8 diff --git a/todolist-goof/todolist-core/pom.xml b/todolist-goof/todolist-core/pom.xml index aeb2068be..89a99db4d 100644 --- a/todolist-goof/todolist-core/pom.xml +++ b/todolist-goof/todolist-core/pom.xml @@ -59,7 +59,7 @@ org.hsqldb hsqldb - 2.3.2 + 2.7.1 From f73f9afc7a7ed24c26ac44eb4ec8ec231a73b0f3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:26:26 +0000 Subject: [PATCH 09/12] fix: todolist-goof/exploits/tomcat-rce/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963 - https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963 - https://snyk.io/vuln/SNYK-DEBIAN12-LIBXML2-8738027 - https://snyk.io/vuln/SNYK-DEBIAN12-LIBXML2-8738027 - https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSH-1556053 --- todolist-goof/exploits/tomcat-rce/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/todolist-goof/exploits/tomcat-rce/Dockerfile b/todolist-goof/exploits/tomcat-rce/Dockerfile index a1a44eb40..64e2c0300 100644 --- a/todolist-goof/exploits/tomcat-rce/Dockerfile +++ b/todolist-goof/exploits/tomcat-rce/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3 +FROM python:3.14-rc-slim-bookworm RUN pip install requests COPY exploit.py /exploit.py From a6e1ecdcd95a21e0745ac374865ec5ecd752e997 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:27:23 +0000 Subject: [PATCH 10/12] fix: todolist-goof/exploits/tomcat-rce/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963 - https://snyk.io/vuln/SNYK-DEBIAN12-SQLITE3-9685297 - https://snyk.io/vuln/SNYK-DEBIAN12-PAM-8303301 - https://snyk.io/vuln/SNYK-DEBIAN12-PERL-1556505 - https://snyk.io/vuln/SNYK-DEBIAN12-PERL-5489184 --- todolist-goof/exploits/tomcat-rce/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/todolist-goof/exploits/tomcat-rce/Dockerfile b/todolist-goof/exploits/tomcat-rce/Dockerfile index 64e2c0300..ac09324b6 100644 --- a/todolist-goof/exploits/tomcat-rce/Dockerfile +++ b/todolist-goof/exploits/tomcat-rce/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.14-rc-slim-bookworm +FROM python:3.14-rc-alpine3.20 RUN pip install requests COPY exploit.py /exploit.py From 5f63570c46f538f208aaad486eebfca03158e29b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Apr 2025 09:30:11 +0000 Subject: [PATCH 11/12] fix: todolist-goof/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-UBUNTU2204-BINUTILS-8719929 - https://snyk.io/vuln/SNYK-UBUNTU2204-BINUTILS-8719929 - https://snyk.io/vuln/SNYK-UBUNTU2204-BINUTILS-8719935 - https://snyk.io/vuln/SNYK-UBUNTU2204-BINUTILS-8719945 - https://snyk.io/vuln/SNYK-UBUNTU2204-BINUTILS-8719967 --- todolist-goof/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/todolist-goof/Dockerfile b/todolist-goof/Dockerfile index 4515ea0d6..4f62466d2 100644 --- a/todolist-goof/Dockerfile +++ b/todolist-goof/Dockerfile @@ -10,7 +10,7 @@ COPY todolist-web-common todolist-web-common COPY todolist-web-struts todolist-web-struts RUN --mount=target=$HOME/.m2,type=cache mvn install -FROM tomcat:8.5.99 +FROM tomcat:11.0.6 RUN mkdir /tmp/extracted_files COPY web.xml /usr/local/tomcat/conf/web.xml From f96d87a7f381a5db5abfab6d660f3a3bf2c39ba5 Mon Sep 17 00:00:00 2001 From: Warren Lee Date: Fri, 11 Apr 2025 10:50:46 +0100 Subject: [PATCH 12/12] Fixed privileged container --- todolist-goof/k8s/calico.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/todolist-goof/k8s/calico.yaml b/todolist-goof/k8s/calico.yaml index f79ef13bc..c6226075a 100644 --- a/todolist-goof/k8s/calico.yaml +++ b/todolist-goof/k8s/calico.yaml @@ -4106,7 +4106,7 @@ spec: - mountPath: /host/opt/cni/bin name: cni-bin-dir securityContext: - privileged: true + privileged: false # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni @@ -4147,7 +4147,7 @@ spec: - mountPath: /host/etc/cni/net.d name: cni-net-dir securityContext: - privileged: true + privileged: false # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # to communicate with Felix over the Policy Sync API. - name: flexvol-driver @@ -4156,7 +4156,7 @@ spec: - name: flexvol-driver-host mountPath: /host/driver securityContext: - privileged: true + privileged: false containers: # Runs calico-node container on each Kubernetes node. This # container programs network policy and routes on each @@ -4233,7 +4233,7 @@ spec: - name: FELIX_HEALTHENABLED value: "true" securityContext: - privileged: true + privileged: false resources: requests: cpu: 250m