[Snyk] Fix for 88 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • eventbrite-service/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324		No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	XML External Entity (XXE) Injection SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302		Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449		Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450		Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588		Yes	Proof of Concept
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414		Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416		Yes	Proof of Concept
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417		Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418		Yes	Proof of Concept
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419		Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420		Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421		Yes	Proof of Concept
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424		Yes	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425		Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426		Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427		Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931		Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736		No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207		No	Proof of Concept
	834/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917		No	Mature
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617		No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014		No	No Known Exploit
	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015		No	Mature
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016		No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674		No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676		No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943		No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980		No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500		No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451		No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094		No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106		No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762		No	Proof of Concept
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373		No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585		No	Proof of Concept
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314		No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316		No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664		No	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458		No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Arbitrary File Deletion SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966		Yes	Proof of Concept
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967		Yes	Mature
	611/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.8	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328		Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329		Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330		Yes	Proof of Concept
	776/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.1	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331		Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332		Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333		Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334		Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335		Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336		Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337		Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338		Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Remote Code Execution (RCE) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187		Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190		Yes	Proof of Concept
	746/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.5	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191		Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977		No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-456705		No	No Known Exploit
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Insecure XML deserialization SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764		No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058		No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Information Exposure SNYK-JAVA-ORGBOUNCYCASTLE-1035561		No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Timing Attack SNYK-JAVA-ORGBOUNCYCASTLE-1296075		Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Improper Output Neutralization for Logs SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097		No	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878		No	No Known Exploit
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828		No	No Known Exploit
	676/1000 Why? Recently disclosed, Has a fix available, CVSS 7.8	Insecure Temporary File SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287		No	No Known Exploit
	465/1000 Why? Has a fix available, CVSS 4.8	Improper Access Control SNYK-JAVA-ORGSPRINGFRAMEWORKCLOUD-1072461		No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cryptographic Weakness SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-570203	org.springframework.cloud:spring-cloud-commons: 2.0.1.RELEASE -> 2.2.3.RELEASE	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.1.2.RELEASE/spring-boot-dependencies-2.1.2.RELEASE.pom
  • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.1.2.RELEASE/spring-boot-dependencies-2.1.2.RELEASE.pom
  • Could not upgrade org.springframework.cloud:[email protected] to org.springframework.cloud:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/cloud/spring-cloud-commons-dependencies/2.1.0.RELEASE/spring-cloud-commons-dependencies-2.1.0.RELEASE.pom
  • Could not upgrade org.springframework.cloud:[email protected] to org.springframework.cloud:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/cloud/spring-cloud-netflix-dependencies/2.1.0.RELEASE/spring-cloud-netflix-dependencies-2.1.0.RELEASE.pom
  • Could not upgrade org.springframework.cloud:[email protected] to org.springframework.cloud:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/cloud/spring-cloud-netflix-dependencies/2.1.0.RELEASE/spring-cloud-netflix-dependencies-2.1.0.RELEASE.pom

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary File Deletion
🦉 Server-Side Request Forgery (SSRF)
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn