[Snyk] Fix for 28 vulnerabilities #60

snyk-bot · 2022-09-24T20:08:40Z

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- tensorflow/java/maven/tensorflow-hadoop/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
599/1000 Why? Has a fix available, CVSS 7.7	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLECODEGSON-1730327	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	Yes	No Known Exploit
486/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.3	Information Disclosure SNYK-JAVA-COMGOOGLEGUAVA-1015415	`org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	Yes	Proof of Concept
509/1000 Why? Has a fix available, CVSS 5.9	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLEGUAVA-32236	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3` `org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-2331703	`com.google.protobuf:protobuf-java:` `3.5.1 -> 3.16.1`	No	No Known Exploit
681/1000 Why? Mature exploit, Has a fix available, CVSS 5.9	Directory Traversal SNYK-JAVA-COMJCRAFT-30302	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	Mature
399/1000 Why? Has a fix available, CVSS 3.7	Information Exposure SNYK-JAVA-COMMONSCODEC-561518	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3` `org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	Yes	No Known Exploit
919/1000 Why? Mature exploit, Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMMONSCOLLECTIONS-30078	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	Yes	Mature
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Deserialization of Untrusted Data SNYK-JAVA-COMMONSCOLLECTIONS-472711	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	Yes	Proof of Concept
651/1000 Why? Mature exploit, Has a fix available, CVSS 5.3	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3` `org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	Yes	Mature
589/1000 Why? Has a fix available, CVSS 7.5	Information Exposure SNYK-JAVA-IONETTY-30430	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3` `org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316640	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3` `org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316641	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3` `org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	No	No Known Exploit
489/1000 Why? Has a fix available, CVSS 5.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-32473	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3` `org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JAVA-ORGAPACHEHADOOP-2443177	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	Yes	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JAVA-ORGAPACHEHADOOP-2975400	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-30627	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Improper Access Control SNYK-JAVA-ORGAPACHEHADOOP-30628	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	No Known Exploit
524/1000 Why? Has a fix available, CVSS 6.2	Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-30634	`org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGAPACHEHADOOP-31587	`org.apache.hadoop:hadoop-mapreduce-client-core:` `2.6.0 -> 3.3.3`	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-461004	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	No Known Exploit
591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Man-in-the-Middle (MitM) SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Directory Traversal SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	No Known Exploit
429/1000 Why? Has a fix available, CVSS 4.3	Man-in-the-Middle (MitM) SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-451097	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	Yes	No Known Exploit
536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Access Control Bypass SNYK-JAVA-ORGAPACHEZOOKEEPER-174781	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	Proof of Concept
414/1000 Why? Has a fix available, CVSS 4	Insufficiently Protected Credentials SNYK-JAVA-ORGAPACHEZOOKEEPER-31035	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHEZOOKEEPER-31428	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Authentication Bypass SNYK-JAVA-ORGAPACHEZOOKEEPER-32301	`org.apache.hadoop:hadoop-common:` `2.6.0 -> 3.3.3`	No	No Known Exploit