We’ve disclosed 1175 vulnerabilities
by Snyk Security
How to fix?
org.springframework:spring-beans to version 5.2.20, 5.3.18 or higher.
middleware-serde is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'.
grafana-django-saml2-auth is a Django SAML2 Authentication Made Easy.
Affected versions of this package are vulnerable to Open Redirect due to missing validation of the
next URL in the login flow.
Affected versions of this package are vulnerable to SpEL Expression injection when using
@Aggregation-annotated query methods with
SpEL expressions. Exploiting this vulnerability is possible if the query parameter placeholders contain unsanitized value binding.
Applications are not affected if one of the followings is true:
The annotated repository query or aggregation method does not contain expressions
The annotated repository query or aggregation method does not use the parameter placeholder syntax within the expression
The user-supplied input is sanitized by the application
The repository is configured to use a
QueryMethodEvaluationContextProvider that limits
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.