[Snyk] Security upgrade org.keycloak:keycloak-core from 17.0.1 to 24.0.0 #995

st3v0rr · 2024-03-04T19:51:48Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- contrib/custom-representations/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
399/1000 Why? Has a fix available, CVSS 3.7	Man-in-the-Middle (MitM) SNYK-JAVA-LOG4J-1300176	`org.keycloak:keycloak-core:` `17.0.1 -> 24.0.0`	Yes	No Known Exploit
651/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.6	Arbitrary Code Execution SNYK-JAVA-LOG4J-2316893	`org.keycloak:keycloak-core:` `17.0.1 -> 24.0.0`	Yes	Proof of Concept
619/1000 Why? Has a fix available, CVSS 8.1	SQL Injection SNYK-JAVA-LOG4J-2342645	`org.keycloak:keycloak-core:` `17.0.1 -> 24.0.0`	Yes	No Known Exploit
619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342646	`org.keycloak:keycloak-core:` `17.0.1 -> 24.0.0`	Yes	No Known Exploit
619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342647	`org.keycloak:keycloak-core:` `17.0.1 -> 24.0.0`	Yes	No Known Exploit
509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JAVA-LOG4J-3358774	`org.keycloak:keycloak-core:` `17.0.1 -> 24.0.0`	Yes	No Known Exploit
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-572732	`org.keycloak:keycloak-core:` `17.0.1 -> 24.0.0`	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Execution
🦉 SQL Injection
🦉 Deserialization of Untrusted Data
🦉 More lessons are available in Snyk Learn

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-LOG4J-1300176 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-2316893 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-2342645 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-2342646 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-2342647 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-3358774 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-572732

codecov · 2024-03-04T19:55:47Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.74%. Comparing base (efc3bfa) to head (7085b58).

Additional details and impacted files

@@             Coverage Diff              @@
##               main     #995      +/-   ##
============================================
- Coverage     95.76%   95.74%   -0.03%     
+ Complexity     1366     1365       -1     
============================================
  Files            80       80              
  Lines          4367     4367              
  Branches        491      491              
============================================
- Hits           4182     4181       -1     
  Misses           92       92              
- Partials         93       94       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.