Skip to content

[Snyk] Security upgrade io.mosip.kernel:kernel-keymanager-service from 1.2.2.0-SNAPSHOT to 1.3.0#21

Open
Md-Humair-KK wants to merge 1 commit intodevelopfrom
snyk-fix-a5b647d319ab796bea96a6b01b4c76b9
Open

[Snyk] Security upgrade io.mosip.kernel:kernel-keymanager-service from 1.2.2.0-SNAPSHOT to 1.3.0#21
Md-Humair-KK wants to merge 1 commit intodevelopfrom
snyk-fix-a5b647d319ab796bea96a6b01b4c76b9

Conversation

@Md-Humair-KK
Copy link
Owner

@Md-Humair-KK Md-Humair-KK commented Feb 2, 2026

snyk-top-banner

Snyk has created this PR to fix 34 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • esignet-core/pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGBITBUCKETBC-14465261		   756   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
Proof of Concept
high severity Denial of Service (DoS)
SNYK-JAVA-NETMINIDEV-3369748		   696   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
Proof of Concept
high severity Denial of Service (DoS)
SNYK-JAVA-ORGBITBUCKETBC-6139942		   696   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
Proof of Concept
high severity Comparison Using Wrong Factors
SNYK-JAVA-ORGBOUNCYCASTLE-1052448		   686   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
Proof of Concept
high severity Open Redirect
SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586		   676   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
Proof of Concept
high severity Race Condition
SNYK-JAVA-ORGAPACHETOMCATEMBED-10676854		   659   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Directory Traversal
SNYK-JAVA-COMMONSIO-1277109		   651   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
Mature
high severity Access Restriction Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5441321		   619   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Observable Discrepancy
SNYK-JAVA-ORGBOUNCYCASTLE-8731360		   616   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
Proof of Concept
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-COMNIMBUSDS-6247633		   589   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-6435950		   589   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
high severity Use of a Broken or Risky Cryptographic Algorithm
SNYK-JAVA-ORGBITBUCKETBC-5488281		   589   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390		   589   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
high severity Improper Input Validation
SNYK-JAVA-ORGGLASSFISH-1297098		   579   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-CHQOSLOGBACK-6094942		   569   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-CHQOSLOGBACK-6094943		   569   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
high severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JAVA-CHQOSLOGBACK-6097492		   569   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
high severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JAVA-CHQOSLOGBACK-6097493		   569   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Cryptographic Issues
SNYK-JAVA-ORGBOUNCYCASTLE-2841508		   561   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-8384234		   559   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGBOUNCYCASTLE-11777856		   529   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGBOUNCYCASTLE-11789705		   529   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-NETMINIDEV-1078499		   509   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Inadequate Encryption Strength
SNYK-JAVA-ORGBITBUCKETBC-6036303		   509   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
low severity Buffer Overflow
SNYK-JAVA-COMJAYWAYJSONPATH-6140361		   506   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
Proof of Concept
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JAVA-ORGBOUNCYCASTLE-6084022		   489   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-NETMINIDEV-1298655		   479   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGBOUNCYCASTLE-6613080		   479   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-6226862		   479   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Insufficient Hostname Verification
SNYK-JAVA-CHQOSLOGBACK-1726923		   454   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Information Exposure
SNYK-JAVA-ORGBOUNCYCASTLE-5771339		   449   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Privilege Escalation
SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829		   434   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Improper Output Neutralization for Logs
SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097		   429   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit
medium severity Improper Input Validation
SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878		   429   io.mosip.kernel:kernel-keymanager-service:
1.2.2.0-SNAPSHOT -> 1.3.0
No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Insufficient Hostname Verification
🦉 Denial of Service (DoS)
🦉 Allocation of Resources Without Limits or Throttling
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: esignet-core/pom.xml to reduce vulnerabilities
5a36b46 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGBITBUCKETBC-14465261
- https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748
- https://snyk.io/vuln/SNYK-JAVA-ORGBITBUCKETBC-6139942
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1052448
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-10676854
- https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5441321
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-8731360
- https://snyk.io/vuln/SNYK-JAVA-COMNIMBUSDS-6247633
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6435950
- https://snyk.io/vuln/SNYK-JAVA-ORGBITBUCKETBC-5488281
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390
- https://snyk.io/vuln/SNYK-JAVA-ORGGLASSFISH-1297098
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094942
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094943
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097492
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097493
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8384234
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-11777856
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-11789705
- https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1078499
- https://snyk.io/vuln/SNYK-JAVA-ORGBITBUCKETBC-6036303
- https://snyk.io/vuln/SNYK-JAVA-COMJAYWAYJSONPATH-6140361
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6084022
- https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1298655
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6613080
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-6226862
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-5771339
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Md-Humair-KK @snyk-bot