CVE-2024-47554 Apache Commons IO: Possible denial of service attack o…

…n untrusted input to XmlStreamReader (#46)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Valera V Harseko <vharseko@3a-systems.ru>

OpenICF-csvfile-connector/pom.xml

@@ -14,6 +14,7 @@
  * own identifying information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2011-2016 ForgeRock AS.
+ * Portions Copyrighted 2018-2024 3A Systems, LLC
  */
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
@@ -48,7 +49,6 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.7</version>
         </dependency>
 
         <!-- Test Dependencies -->

OpenICF-groovy-connector/src/test/resources/arm/SearchScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/arm/TestScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/AuthenticateScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * c
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/CreateScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/DeleteScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/ResolveUsernameScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/SchemaScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/ScriptOnResourceScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/SearchScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/SyncScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/TestScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest/UpdateScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest_sample/AuthenticateScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.auth.AuthScope

OpenICF-groovy-connector/src/test/resources/rest_sample/CreateScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovy.json.JsonBuilder
 import groovyx.net.http.RESTClient

OpenICF-groovy-connector/src/test/resources/rest_sample/DeleteScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest_sample/ResolveUsernameScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest_sample/SchemaScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest_sample/ScriptOnResourceScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest_sample/SearchScript.groovy

@@ -20,10 +20,11 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest_sample/SyncScript.groovy

@@ -20,10 +20,11 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest_sample/TestScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovyx.net.http.RESTClient
 import org.apache.http.client.HttpClient

OpenICF-groovy-connector/src/test/resources/rest_sample/UpdateScript.groovy

@@ -20,11 +20,12 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ * Portions Copyrighted 2024 3A Systems, LLC
  */
 
 @Grapes([
         @Grab(group = 'org.codehaus.groovy.modules.http-builder', module = 'http-builder', version = '0.7.1'),
-        @Grab(group = 'commons-io', module = 'commons-io', version = '2.4')]
+        @Grab(group = 'commons-io', module = 'commons-io', version = '2.16.1')]
 )
 import groovy.json.JsonBuilder
 import groovyx.net.http.RESTClient

OpenICF-java-framework/connector-test-common/pom.xml

@@ -21,6 +21,7 @@
  with the fields enclosed by brackets [] replaced by
  your own identifying information:
  "Portions Copyrighted [year] [name of copyright owner]"
+  Portions Copyrighted 2024 3A Systems, LLC
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -45,7 +46,6 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.7</version>
         </dependency>
 
         <!-- Test Dependencies -->