We’ve disclosed 1155 vulnerabilities
by Snyk Security
How to fix?
org.springframework:spring-beans to version 5.2.20, 5.3.18 or higher.
cassproject is a Competency and Skills Service
Affected versions of this package are vulnerable to Missing Cryptographic Step when storing cryptographic keys. Exploiting this vulnerability allows a server administrator access to an account’s cryptographic keys.
This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e cryptographic security of authorization credentials.
The vulnerable accounts are only resecured when the user next logs in using standalone authentication after upgrading.
Pillow is a PIL (Python Imaging Library) fork.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow. When reading a TGA file with RLE packets that cross scan lines. Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input validation, it is possible to inject malicious content into the
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.