We’ve disclosed 2270 vulnerabilities
by Snyk Security
How to fix?
org.springframework:spring-beans to version 5.2.20, 5.3.18 or higher.
joplin is a note taking and to-do application.
Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to improper validation of schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function. Exploiting this vulnerability is possible on any client that opens a link in a malicious markdown file via this package.
wordops is an An essential toolset that eases server administration
Affected versions of this package are vulnerable to Information Exposure as it is dumping sensitive information in logs, such as MariaDB password.
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Denial of Service (DoS) in the
_deserializeFromArray() function in
BeanDeserializer, due to resource exhaustion when processing a deeply nested array.
For this vulnerability to be exploitable the non-default
DeserializationFeature must be enabled.
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.