Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade org.elasticsearch.client:elasticsearch-rest-high-level-client from 7.8.1 to 7.17.24 #863

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

edengal
Copy link
Collaborator

@edengal edengal commented Oct 24, 2024

snyk-top-banner

Snyk has created this PR to upgrade org.elasticsearch.client:elasticsearch-rest-high-level-client from 7.8.1 to 7.17.24.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 52 versions ahead of your current version.

  • The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JAVA-ORGELASTICSEARCH-6039899
500 No Known Exploit
high severity Improper Handling of Exceptional Conditions
SNYK-JAVA-ORGELASTICSEARCH-6083305
500 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGYAML-2806360
500 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGYAML-6056527
500 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGELASTICSEARCH-1324572
500 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGELASTICSEARCH-2431020
500 No Known Exploit
medium severity Stack-based Buffer Overflow
SNYK-JAVA-ORGELASTICSEARCH-6038562
500 Mature
medium severity Insertion of Sensitive Information into Log File
SNYK-JAVA-ORGELASTICSEARCH-6125580
500 No Known Exploit
medium severity Uncontrolled Recursion
SNYK-JAVA-ORGELASTICSEARCH-6508260
500 No Known Exploit
medium severity Missing Encryption of Sensitive Data
SNYK-JAVA-ORGELASTICSEARCH-7577201
500 No Known Exploit
medium severity Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1061930
500 No Known Exploit
medium severity Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1089258
500 No Known Exploit
medium severity Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3016891
500 Proof of Concept
low severity Missing Authorization
SNYK-JAVA-ORGELASTICSEARCH-2431238
500 No Known Exploit
low severity Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3016888
500 Proof of Concept
low severity Information Exposure
SNYK-JAVA-COMMONSCODEC-561518
500 No Known Exploit
low severity Information Exposure
SNYK-JAVA-ORGELASTICSEARCH-1021613
500 No Known Exploit
low severity Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1071900
500 No Known Exploit
low severity Information Exposure
SNYK-JAVA-ORGELASTICSEARCH-1083274
500 No Known Exploit
low severity Information Disclosure
SNYK-JAVA-ORGELASTICSEARCH-1089259
500 No Known Exploit
low severity Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3016889
500 No Known Exploit
low severity Stack-based Buffer Overflow
SNYK-JAVA-ORGYAML-3113851
500 No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"org.elasticsearch.client:elasticsearch-rest-high-level-client","from":"7.8.1","to":"7.17.24"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6039899","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6039899","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6083305","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6083305","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Exceptional Conditions"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-2806360","issue_id":"SNYK-JAVA-ORGYAML-2806360","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-6056527","issue_id":"SNYK-JAVA-ORGYAML-6056527","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1324572","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1324572","priority_score":520,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-2431020","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-2431020","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGELASTICSEARCH-6038562","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6038562","priority_score":711,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6125580","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6125580","priority_score":474,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.2","score":260},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insertion of Sensitive Information into Log File"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6508260","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6508260","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Recursion"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-7577201","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-7577201","priority_score":559,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Encryption of Sensitive Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1061930","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1061930","priority_score":440,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1089258","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1089258","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Disclosure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGYAML-3016891","issue_id":"SNYK-JAVA-ORGYAML-3016891","priority_score":536,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-2431238","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-2431238","priority_score":369,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.1","score":155},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Missing Authorization"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGYAML-3016888","issue_id":"SNYK-JAVA-ORGYAML-3016888","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMMONSCODEC-561518","issue_id":"SNYK-JAVA-COMMONSCODEC-561518","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1021613","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1021613","priority_score":369,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.1","score":155},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1071900","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1071900","priority_score":309,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"1.9","score":95},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1083274","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1083274","priority_score":344,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.6","score":130},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1089259","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1089259","priority_score":344,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.6","score":130},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-3016889","issue_id":"SNYK-JAVA-ORGYAML-3016889","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-3113851","issue_id":"SNYK-JAVA-ORGYAML-3113851","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"}],"prId":"c25e0c27-ff9f-4063-ab1e-c27d9193d772","prPublicId":"c25e0c27-ff9f-4063-ab1e-c27d9193d772","packageManager":"maven","priorityScoreList":[589,589,589,589,520,449,711,474,429,559,440,429,536,369,506,399,369,309,344,344,399,399],"projectPublicId":"6f226390-d845-4198-821b-1ab29d3c180d","projectUrl":"https://app.snyk.io/org/dataroma/project/6f226390-d845-4198-821b-1ab29d3c180d?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-ORGELASTICSEARCH-6039899","SNYK-JAVA-ORGELASTICSEARCH-6083305","SNYK-JAVA-ORGYAML-2806360","SNYK-JAVA-ORGYAML-6056527","SNYK-JAVA-ORGELASTICSEARCH-1324572","SNYK-JAVA-ORGELASTICSEARCH-2431020","SNYK-JAVA-ORGELASTICSEARCH-6038562","SNYK-JAVA-ORGELASTICSEARCH-6125580","SNYK-JAVA-ORGELASTICSEARCH-6508260","SNYK-JAVA-ORGELASTICSEARCH-7577201","SNYK-JAVA-ORGELASTICSEARCH-1061930","SNYK-JAVA-ORGELASTICSEARCH-1089258","SNYK-JAVA-ORGYAML-3016891","SNYK-JAVA-ORGELASTICSEARCH-2431238","SNYK-JAVA-ORGYAML-3016888","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-ORGELASTICSEARCH-1021613","SNYK-JAVA-ORGELASTICSEARCH-1071900","SNYK-JAVA-ORGELASTICSEARCH-1083274","SNYK-JAVA-ORGELASTICSEARCH-1089259","SNYK-JAVA-ORGYAML-3016889","SNYK-JAVA-ORGYAML-3113851"],"upgradeInfo":{"versionsDiff":52,"publishedDate":"2024-09-09T10:11:09.000Z"},"vulns":["SNYK-JAVA-ORGELASTICSEARCH-6039899","SNYK-JAVA-ORGELASTICSEARCH-6083305","SNYK-JAVA-ORGYAML-2806360","SNYK-JAVA-ORGYAML-6056527","SNYK-JAVA-ORGELASTICSEARCH-1324572","SNYK-JAVA-ORGELASTICSEARCH-2431020","SNYK-JAVA-ORGELASTICSEARCH-6038562","SNYK-JAVA-ORGELASTICSEARCH-6125580","SNYK-JAVA-ORGELASTICSEARCH-6508260","SNYK-JAVA-ORGELASTICSEARCH-7577201","SNYK-JAVA-ORGELASTICSEARCH-1061930","SNYK-JAVA-ORGELASTICSEARCH-1089258","SNYK-JAVA-ORGYAML-3016891","SNYK-JAVA-ORGELASTICSEARCH-2431238","SNYK-JAVA-ORGYAML-3016888","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-ORGELASTICSEARCH-1021613","SNYK-JAVA-ORGELASTICSEARCH-1071900","SNYK-JAVA-ORGELASTICSEARCH-1083274","SNYK-JAVA-ORGELASTICSEARCH-1089259","SNYK-JAVA-ORGYAML-3016889","SNYK-JAVA-ORGYAML-3113851"]}'

…lient from 7.8.1 to 7.17.24

Snyk has created this PR to upgrade org.elasticsearch.client:elasticsearch-rest-high-level-client from 7.8.1 to 7.17.24.

See this package in maven:
org.elasticsearch.client:elasticsearch-rest-high-level-client

See this project in Snyk:
https://app.snyk.io/org/dataroma/project/6f226390-d845-4198-821b-1ab29d3c180d?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants