Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 12.2.0Report Generated On : Tue, 24 Mar 2026 05:37:15 GMTDependencies Scanned : 34 (32 unique)Vulnerable Dependencies : 5 Vulnerabilities Found : 9Vulnerabilities Suppressed : 0
...
NVD API Last Checked : 2026-03-24T05:37:04ZNVD API Last Modified : 2026-03-24T05:16:25Z
Summary
Summary of Vulnerable Dependencies (click to show all)
Description:
args4j : Java command line arguments parser
License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/args4j/args4j/2.0.26/args4j-2.0.26.jar
MD5: b786c33b2467a55d7b7b2c90886d5b61
SHA1: 01ebb18ebb3b379a74207d5af4ea7c8338ebd78b
SHA256: 989bda2321ea073a03686e9d4437ea4928c72c99f993f9ca6fab24615f0771a4
Evidence
Type Source Name Value Confidence Vendor file name args4j High Vendor jar package name args4j Highest Vendor jar package name kohsuke Highest Vendor Manifest bundle-docurl http://www.kohsuke.org/ Low Vendor Manifest bundle-symbolicname org.kohsuke.args4j Medium Vendor pom artifactid args4j Low Vendor pom groupid args4j Highest Vendor pom name args4j High Vendor pom parent-artifactid args4j-site Low Product file name args4j High Product jar package name args4j Highest Product jar package name kohsuke Highest Product Manifest bundle-docurl http://www.kohsuke.org/ Low Product Manifest Bundle-Name args4j Medium Product Manifest bundle-symbolicname org.kohsuke.args4j Medium Product pom artifactid args4j Highest Product pom groupid args4j Highest Product pom name args4j High Product pom parent-artifactid args4j-site Medium Version file version 2.0.26 High Version Manifest Bundle-Version 2.0.26 High Version pom version 2.0.26 Highest
pkg:maven/args4j/args4j@2.0.26
(Confidence :High)
cpe:2.3:a:jsite:jsite:2.0.26:*:*:*:*:*:*:*
(Confidence :Low)
suppress
Description:
A Clojure HTTP library wrapping the Apache HttpComponents client.
License:
The MIT License: http://opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/clj-http/clj-http/3.13.1/clj-http-3.13.1.jar
MD5: ee6abb6a921ca50aaf63e4615fd27f8b
SHA1: 7d993eca25ed68283d296b69cca12cbfa170c5ab
SHA256: cf77d8a905a3fbf7600f1bfa2f8f8e4f66f96d742f4cc8700faa76ad8a1f42df
Evidence
Type Source Name Value Confidence Vendor file name clj-http High Vendor Manifest leiningen-project-artifactid clj-http Low Vendor Manifest leiningen-project-groupid clj-http Low Vendor pom artifactid clj-http Low Vendor pom groupid clj-http Highest Vendor pom name clj-http High Vendor pom url dakrone/clj-http/ Highest Product file name clj-http High Product Manifest leiningen-project-artifactid clj-http Low Product Manifest leiningen-project-groupid clj-http Low Product pom artifactid clj-http Highest Product pom groupid clj-http Highest Product pom name clj-http High Product pom url dakrone/clj-http/ High Version file version 3.13.1 High Version Manifest leiningen-project-version 3.13.1 Medium Version pom version 3.13.1 Highest
pkg:maven/clj-http/clj-http@3.13.1
(Confidence :High)
Description:
Clojure core environment and runtime library.
License:
Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php
File Path: /home/runner/.m2/repository/org/clojure/clojure/1.12.4/clojure-1.12.4.jar
MD5: c9e27ed601e1c83392c78fd9f3e7ecec
SHA1: 580cd548600f63b597efea7e94c3e55be2d12537
SHA256: 4b81e9ba6da38c45d9cc58023c674062b8c9f0714f33ff00ded22e6a949da177
Evidence
Type Source Name Value Confidence Vendor file name clojure High Vendor jar package name clojure Highest Vendor jar package name core Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid clojure Low Vendor pom developer email richhickey@gmail.com Low Vendor pom developer name Rich Hickey Medium Vendor pom groupid org.clojure Highest Vendor pom name clojure High Vendor pom url http://clojure.org/ Highest Product file name clojure High Product jar package name clojure Highest Product jar package name core Highest Product Manifest build-jdk-spec 1.8 Low Product pom artifactid clojure Highest Product pom developer email richhickey@gmail.com Low Product pom developer name Rich Hickey Low Product pom groupid org.clojure Highest Product pom name clojure High Product pom url http://clojure.org/ Medium Version file version 1.12.4 High Version pom version 1.12.4 Highest
Description:
ClojureScript compiler and core runtime library.
License:
Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php
File Path: /home/runner/.m2/repository/org/clojure/clojurescript/1.9.293/clojurescript-1.9.293.jar
MD5: 814254caf0b2a51b3a59fa548b11f074
SHA1: 9916db845e309c7a62caeaa2f71bce4ae878459b
SHA256: 38666b281a5c35d79c23c8c8bac70ef120d19b66085ef3a9d232d153dbc79f2e
Evidence
Type Source Name Value Confidence Vendor file name clojurescript High Vendor pom artifactid clojurescript Low Vendor pom developer name Aaron Bedra Medium Vendor pom developer name Alan Dipert Medium Vendor pom developer name Alan Malloy Medium Vendor pom developer name Alen Ribic Medium Vendor pom developer name Alex Dowad Medium Vendor pom developer name Alex Redington Medium Vendor pom developer name Ambrose Bonnaire-Sergeant Medium Vendor pom developer name Andrew Rosa Medium Vendor pom developer name Antonin Hildebrand Medium Vendor pom developer name Ben Moss Medium Vendor pom developer name Benjamin Meyer Medium Vendor pom developer name Bo Jeanes Medium Vendor pom developer name Bobby Calderwood Medium Vendor pom developer name Brandon Bloom Medium Vendor pom developer name Brenton Ashworth Medium Vendor pom developer name Brian Jenkins Medium Vendor pom developer name Brian Kim Medium Vendor pom developer name Brian Taylor Medium Vendor pom developer name Bruce Hauman Medium Vendor pom developer name Chad Taylor Medium Vendor pom developer name Charles Duffy Medium Vendor pom developer name Chas Emerick Medium Vendor pom developer name Chris Granger Medium Vendor pom developer name Chris Houser Medium Vendor pom developer name Chris Pickard Medium Vendor pom developer name Chris Truter Medium Vendor pom developer name Christopher Redinger Medium Vendor pom developer name Colin Jones Medium Vendor pom developer name Creighton Kirkendall Medium Vendor pom developer name Daniel Compton Medium Vendor pom developer name Daniel Skarda Medium Vendor pom developer name Dave Sann Medium Vendor pom developer name David Nolen Medium Vendor pom developer name Devin Walters Medium Vendor pom developer name Dylan Butman Medium Vendor pom developer name Edward Tsech Medium Vendor pom developer name Eric Normand Medium Vendor pom developer name Eric Thorsen Medium Vendor pom developer name Erik Ouchterlony Medium Vendor pom developer name Evan Mezeske Medium Vendor pom developer name Francis Avila Medium Vendor pom developer name Francoise De Serre Medium Vendor pom developer name Frank Failla Medium Vendor pom developer name Gary Fredericks Medium Vendor pom developer name Gary Trakhman Medium Vendor pom developer name Herwig Hochleitner Medium Vendor pom developer name Hubert Iwaniuk Medium Vendor pom developer name Hugo Duncan Medium Vendor pom developer name Immo Heikkinen Medium Vendor pom developer name Ivan Willig Medium Vendor pom developer name J. Pablo Fernandez Medium Vendor pom developer name Jamie Brandon Medium Vendor pom developer name Jeff Dik Medium Vendor pom developer name Jess Martin Medium Vendor pom developer name Joel Holdbrooks Medium Vendor pom developer name Joel Martin Medium Vendor pom developer name John Li Medium Vendor pom developer name Jonas De Vuyst Medium Vendor pom developer name Jonas Enlund Medium Vendor pom developer name Jonathan Boston Medium Vendor pom developer name Jozef Wagner Medium Vendor pom developer name Juergen Hoetzel Medium Vendor pom developer name Juho Teperi Medium Vendor pom developer name Julian Eluard Medium Vendor pom developer name Justin Tirrell Medium Vendor pom developer name Kevin J. Lynagh Medium Vendor pom developer name Kovas Boguta Medium Vendor pom developer name Laszlo Toeroek Medium Vendor pom developer name Leon Grapenthin Medium Vendor pom developer name Luke VanderHart Medium Vendor pom developer name Maria Geller Medium Vendor pom developer name Martin Klepsch Medium Vendor pom developer name Matjaz Gregoric Medium Vendor pom developer name Max Gonzih Medium Vendor pom developer name Max Penet Medium Vendor pom developer name Max Veytsman Medium Vendor pom developer name Michael Ballantyne Medium Vendor pom developer name Michael Fogus Medium Vendor pom developer name Michael Glaesemann Medium Vendor pom developer name Michael Griffiths Medium Vendor pom developer name Michael O. Church Medium Vendor pom developer name MichaÅ‚ Marczyk Medium Vendor pom developer name Michiel Borkent Medium Vendor pom developer name Mike Fikes Medium Vendor pom developer name Moritz Ulrich Medium Vendor pom developer name Murphy McMahon Medium Vendor pom developer name Nelson Morris Medium Vendor pom developer name Nicola Mometto Medium Vendor pom developer name Nikita Prokopov Medium Vendor pom developer name Osbert Feng Medium Vendor pom developer name Paul deGrandis Medium Vendor pom developer name Paul Michael Bauer Medium Vendor pom developer name Peter Schuck Medium Vendor pom developer name Peter Stephens Medium Vendor pom developer name Peter Taoussanis Medium Vendor pom developer name Pieter van Prooijen Medium Vendor pom developer name Raphaël Amiard Medium Vendor pom developer name Raymond Huang Medium Vendor pom developer name Rich Hickey Medium Vendor pom developer name Roman Gonzalez Medium Vendor pom developer name Roman Scherer Medium Vendor pom developer name Rupa Shankar Medium Vendor pom developer name Russ Olsen Medium Vendor pom developer name Sam Umbach Medium Vendor pom developer name Samuel Miller Medium Vendor pom developer name Sean Grove Medium Vendor pom developer name Sean LeBron Medium Vendor pom developer name Sebastien Bensusan Medium Vendor pom developer name Steven Kallstrom Medium Vendor pom developer name Stuart Halloway Medium Vendor pom developer name Stuart Mitchell Medium Vendor pom developer name Stuart Sierra Medium Vendor pom developer name Takahiro Hozumi Medium Vendor pom developer name Thomas Heller Medium Vendor pom developer name Thomas Scheiblauer Medium Vendor pom developer name Tim Griesser Medium Vendor pom developer name Timothy Pratley Medium Vendor pom developer name Toby Crawley Medium Vendor pom developer name Tom Hickey Medium Vendor pom developer name Tom Jack Medium Vendor pom developer name Tom Marble Medium Vendor pom developer name Travis Thieman Medium Vendor pom developer name Travis Vachon Medium Vendor pom developer name Wilkes Joiner Medium Vendor pom developer name Zach Oakes Medium Vendor pom developer name Zachary Allaun Medium Vendor pom developer name Zubair Quraishi Medium Vendor pom groupid org.clojure Highest Vendor pom name ClojureScript High Vendor pom url clojure/clojurescript Highest Product file name clojurescript High Product pom artifactid clojurescript Highest Product pom developer name Aaron Bedra Low Product pom developer name Alan Dipert Low Product pom developer name Alan Malloy Low Product pom developer name Alen Ribic Low Product pom developer name Alex Dowad Low Product pom developer name Alex Redington Low Product pom developer name Ambrose Bonnaire-Sergeant Low Product pom developer name Andrew Rosa Low Product pom developer name Antonin Hildebrand Low Product pom developer name Ben Moss Low Product pom developer name Benjamin Meyer Low Product pom developer name Bo Jeanes Low Product pom developer name Bobby Calderwood Low Product pom developer name Brandon Bloom Low Product pom developer name Brenton Ashworth Low Product pom developer name Brian Jenkins Low Product pom developer name Brian Kim Low Product pom developer name Brian Taylor Low Product pom developer name Bruce Hauman Low Product pom developer name Chad Taylor Low Product pom developer name Charles Duffy Low Product pom developer name Chas Emerick Low Product pom developer name Chris Granger Low Product pom developer name Chris Houser Low Product pom developer name Chris Pickard Low Product pom developer name Chris Truter Low Product pom developer name Christopher Redinger Low Product pom developer name Colin Jones Low Product pom developer name Creighton Kirkendall Low Product pom developer name Daniel Compton Low Product pom developer name Daniel Skarda Low Product pom developer name Dave Sann Low Product pom developer name David Nolen Low Product pom developer name Devin Walters Low Product pom developer name Dylan Butman Low Product pom developer name Edward Tsech Low Product pom developer name Eric Normand Low Product pom developer name Eric Thorsen Low Product pom developer name Erik Ouchterlony Low Product pom developer name Evan Mezeske Low Product pom developer name Francis Avila Low Product pom developer name Francoise De Serre Low Product pom developer name Frank Failla Low Product pom developer name Gary Fredericks Low Product pom developer name Gary Trakhman Low Product pom developer name Herwig Hochleitner Low Product pom developer name Hubert Iwaniuk Low Product pom developer name Hugo Duncan Low Product pom developer name Immo Heikkinen Low Product pom developer name Ivan Willig Low Product pom developer name J. Pablo Fernandez Low Product pom developer name Jamie Brandon Low Product pom developer name Jeff Dik Low Product pom developer name Jess Martin Low Product pom developer name Joel Holdbrooks Low Product pom developer name Joel Martin Low Product pom developer name John Li Low Product pom developer name Jonas De Vuyst Low Product pom developer name Jonas Enlund Low Product pom developer name Jonathan Boston Low Product pom developer name Jozef Wagner Low Product pom developer name Juergen Hoetzel Low Product pom developer name Juho Teperi Low Product pom developer name Julian Eluard Low Product pom developer name Justin Tirrell Low Product pom developer name Kevin J. Lynagh Low Product pom developer name Kovas Boguta Low Product pom developer name Laszlo Toeroek Low Product pom developer name Leon Grapenthin Low Product pom developer name Luke VanderHart Low Product pom developer name Maria Geller Low Product pom developer name Martin Klepsch Low Product pom developer name Matjaz Gregoric Low Product pom developer name Max Gonzih Low Product pom developer name Max Penet Low Product pom developer name Max Veytsman Low Product pom developer name Michael Ballantyne Low Product pom developer name Michael Fogus Low Product pom developer name Michael Glaesemann Low Product pom developer name Michael Griffiths Low Product pom developer name Michael O. Church Low Product pom developer name MichaÅ‚ Marczyk Low Product pom developer name Michiel Borkent Low Product pom developer name Mike Fikes Low Product pom developer name Moritz Ulrich Low Product pom developer name Murphy McMahon Low Product pom developer name Nelson Morris Low Product pom developer name Nicola Mometto Low Product pom developer name Nikita Prokopov Low Product pom developer name Osbert Feng Low Product pom developer name Paul deGrandis Low Product pom developer name Paul Michael Bauer Low Product pom developer name Peter Schuck Low Product pom developer name Peter Stephens Low Product pom developer name Peter Taoussanis Low Product pom developer name Pieter van Prooijen Low Product pom developer name Raphaël Amiard Low Product pom developer name Raymond Huang Low Product pom developer name Rich Hickey Low Product pom developer name Roman Gonzalez Low Product pom developer name Roman Scherer Low Product pom developer name Rupa Shankar Low Product pom developer name Russ Olsen Low Product pom developer name Sam Umbach Low Product pom developer name Samuel Miller Low Product pom developer name Sean Grove Low Product pom developer name Sean LeBron Low Product pom developer name Sebastien Bensusan Low Product pom developer name Steven Kallstrom Low Product pom developer name Stuart Halloway Low Product pom developer name Stuart Mitchell Low Product pom developer name Stuart Sierra Low Product pom developer name Takahiro Hozumi Low Product pom developer name Thomas Heller Low Product pom developer name Thomas Scheiblauer Low Product pom developer name Tim Griesser Low Product pom developer name Timothy Pratley Low Product pom developer name Toby Crawley Low Product pom developer name Tom Hickey Low Product pom developer name Tom Jack Low Product pom developer name Tom Marble Low Product pom developer name Travis Thieman Low Product pom developer name Travis Vachon Low Product pom developer name Wilkes Joiner Low Product pom developer name Zach Oakes Low Product pom developer name Zachary Allaun Low Product pom developer name Zubair Quraishi Low Product pom groupid org.clojure Highest Product pom name ClojureScript High Product pom url clojure/clojurescript High Version file version 1.9.293 High Version pom version 1.9.293 Highest
pkg:maven/org.clojure/clojurescript@1.9.293
(Confidence :High)
cpe:2.3:a:alex_project:alex:1.9.293:*:*:*:*:*:*:*
(Confidence :Low)
suppress
cpe:2.3:a:bloom_project:bloom:1.9.293:*:*:*:*:*:*:*
(Confidence :Low)
suppress
CVE-2023-0247 suppress
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.
CWE-427 Uncontrolled Search Path Element
CVSSv3:
Base Score: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
File Path: /home/runner/.m2/repository/com/google/javascript/closure-compiler-externs/v20160911/closure-compiler-externs-v20160911.jarMD5: 6b75cafae44cdee9617c59d070336444SHA1: 3186e2c9a2018bb49547947d2919b0e6998a1fe2SHA256: 17c643badb57f696aa0df7a7aa32d554bc2c982e5a1c9d5343ae74c9c29307b7
Evidence
Type Source Name Value Confidence Vendor file name closure-compiler-externs-v20160911 High Vendor pom artifactid closure-compiler-externs Low Vendor pom groupid com.google.javascript Highest Vendor pom name Closure Compiler Externs High Vendor pom parent-artifactid closure-compiler-parent Low Product file name closure-compiler-externs-v20160911 High Product pom artifactid closure-compiler-externs Highest Product pom groupid com.google.javascript Highest Product pom name Closure Compiler Externs High Product pom parent-artifactid closure-compiler-parent Medium Version pom version v20160911 Highest
pkg:maven/com.google.javascript/closure-compiler-externs@v20160911
(Confidence :High)
Description:
Closure Compiler is a JavaScript optimizing compiler. It parses your
JavaScript, analyzes it, removes dead code and rewrites and minimizes
what's left. It also checks syntax, variable references, and types, and
warns about common JavaScript pitfalls. It is used in many of Google's
JavaScript apps, including Gmail, Google Web Search, Google Maps, and
Google Docs.
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/runner/.m2/repository/com/google/javascript/closure-compiler-unshaded/v20160911/closure-compiler-unshaded-v20160911.jar
MD5: 8a9c356db7759e05637aa14ef0e927d8
SHA1: 96ac7a8c32377690555ac93310498bebea3e26ef
SHA256: 2a84364bf454525baaae523986d2d5b5d6904144f763f87180cfa4b21a0b2d68
Evidence
Type Source Name Value Confidence Vendor file name closure-compiler-unshaded-v20160911 High Vendor jar package name compiler Highest Vendor jar package name google Highest Vendor jar package name javascript Highest Vendor Manifest bundle-docurl http://www.google.com Low Vendor Manifest bundle-symbolicname com.google.javascript.closure-compiler-unshaded Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid closure-compiler-unshaded Low Vendor pom groupid com.google.javascript Highest Vendor pom name Closure Compiler Unshaded High Vendor pom parent-artifactid closure-compiler-main Low Vendor pom url https://developers.google.com/closure/compiler/ Highest Product file name closure-compiler-unshaded-v20160911 High Product jar package name compiler Highest Product jar package name google Highest Product jar package name javascript Highest Product Manifest bundle-docurl http://www.google.com Low Product Manifest Bundle-Name Closure Compiler Unshaded Medium Product Manifest bundle-symbolicname com.google.javascript.closure-compiler-unshaded Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid closure-compiler-unshaded Highest Product pom groupid com.google.javascript Highest Product pom name Closure Compiler Unshaded High Product pom parent-artifactid closure-compiler-main Medium Product pom url https://developers.google.com/closure/compiler/ Medium Version pom version v20160911 Highest
pkg:maven/com.google.javascript/closure-compiler-unshaded@v20160911
(Confidence :High)
Description:
Klipse theme for codox
File Path: /home/runner/.m2/repository/viebel/codox-klipse-theme/0.0.1/codox-klipse-theme-0.0.1.jarMD5: 6f5d908c6d9c890584158b9ebe8f2fedSHA1: 09af0b348e6253dcf9fd567d0d22ffebdea46176SHA256: 806f94716f77585c66deb553d35481a0a66542328409466ffdd34d4f978fe2e1
Evidence
Type Source Name Value Confidence Vendor file name codox-klipse-theme High Vendor pom artifactid codox-klipse-theme Low Vendor pom groupid viebel Highest Vendor pom name codox-klipse-theme High Vendor pom url viebel/codox-klipse-theme Highest Product file name codox-klipse-theme High Product pom artifactid codox-klipse-theme Highest Product pom groupid viebel Highest Product pom name codox-klipse-theme High Product pom url viebel/codox-klipse-theme High Version file version 0.0.1 High Version pom version 0.0.1 Highest
pkg:maven/viebel/codox-klipse-theme@0.0.1
(Confidence :High)
Description:
The Apache Commons Codec component contains encoder and decoders for
various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256: ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Evidence
Type Source Name Value Confidence Vendor file name commons-codec High Vendor jar package name apache Highest Vendor jar package name codec Highest Vendor jar package name commons Highest Vendor jar package name digest Highest Vendor jar package name encoder Highest Vendor Manifest automatic-module-name org.apache.commons.codec Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-codec Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jon@collab.net Low Vendor pom developer email julius@apache.org Low Vendor pom developer email mattsicker@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email tn@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id chtompki Medium Vendor pom developer id dgraham Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jon Medium Vendor pom developer id julius Medium Vendor pom developer id mattsicker Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name David Graham Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jon S. Stevens Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Matt Sicker Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL http://juliusdavies.ca/ Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-codec Highest Vendor pom name Apache Commons Codec High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-codec/ Highest Product file name commons-codec High Product jar package name apache Highest Product jar package name codec Highest Product jar package name commons Highest Product jar package name digest Highest Product jar package name encoder Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Product Manifest Implementation-Title Apache Commons Codec High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Codec Medium Product pom artifactid commons-codec Highest Product pom developer email bayard@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jon@collab.net Low Product pom developer email julius@apache.org Low Product pom developer email mattsicker@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email tn@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id bayard Low Product pom developer id chtompki Low Product pom developer id dgraham Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jon Low Product pom developer id julius Low Product pom developer id mattsicker Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Daniel Rall Low Product pom developer name David Graham Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jon S. Stevens Low Product pom developer name Julius Davies Low Product pom developer name Matt Sicker Low Product pom developer name Rob Tompkins Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim OBrien Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL http://juliusdavies.ca/ Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-codec Highest Product pom name Apache Commons Codec High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-codec/ Medium Version file version 1.16.1 High Version Manifest Bundle-Version 1.16.1 High Version Manifest Implementation-Version 1.16.1 High Version pom parent-version 1.16.1 Low Version pom version 1.16.1 Highest
pkg:maven/commons-codec/commons-codec@1.16.1
(Confidence :High)
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-io/commons-io/2.16.1/commons-io-2.16.1.jar
MD5: ed8191a5a217940140001b0acfed18d9
SHA1: 377d592e740dc77124e0901291dbfaa6810a200e
SHA256: f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f
Evidence
Type Source Name Value Confidence Vendor file name commons-io High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name file Highest Vendor jar package name io Highest Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-io Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-io Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jeremias@apache.org Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email krosenvold@apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email matth@apache.org Low Vendor pom developer email nicolaken@apache.org Low Vendor pom developer email roxspring@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dion Medium Vendor pom developer id ggregory Medium Vendor pom developer id jeremias Medium Vendor pom developer id jochen Medium Vendor pom developer id jukka Medium Vendor pom developer id krosenvold Medium Vendor pom developer id martinc Medium Vendor pom developer id matth Medium Vendor pom developer id niallp Medium Vendor pom developer id nicolaken Medium Vendor pom developer id roxspring Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jeremias Maerki Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name Jukka Zitting Medium Vendor pom developer name Kristian Rosenvold Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nicola Ken Barozzi Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-io Highest Vendor pom name Apache Commons IO High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-io/ Highest Product file name commons-io High Product jar package name apache Highest Product jar package name commons Highest Product jar package name file Highest Product jar package name io Highest Product Manifest automatic-module-name org.apache.commons.io Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest bundle-symbolicname org.apache.commons.commons-io Medium Product Manifest Implementation-Title Apache Commons IO High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons IO Medium Product pom artifactid commons-io Highest Product pom developer email bayard@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email jeremias@apache.org Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email krosenvold@apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email matth@apache.org Low Product pom developer email nicolaken@apache.org Low Product pom developer email roxspring@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer id bayard Low Product pom developer id dion Low Product pom developer id ggregory Low Product pom developer id jeremias Low Product pom developer id jochen Low Product pom developer id jukka Low Product pom developer id krosenvold Low Product pom developer id martinc Low Product pom developer id matth Low Product pom developer id niallp Low Product pom developer id nicolaken Low Product pom developer id roxspring Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jeremias Maerki Low Product pom developer name Jochen Wiedmann Low Product pom developer name Jukka Zitting Low Product pom developer name Kristian Rosenvold Low Product pom developer name Martin Cooper Low Product pom developer name Matthew Hawthorne Low Product pom developer name Niall Pemberton Low Product pom developer name Nicola Ken Barozzi Low Product pom developer name Rob Oxspring Low Product pom developer name Scott Sanders Low Product pom developer name Stephen Colebourne Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-io Highest Product pom name Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-io/ Medium Version file version 2.16.1 High Version Manifest Bundle-Version 2.16.1 High Version Manifest Implementation-Version 2.16.1 High Version pom parent-version 2.16.1 Low Version pom version 2.16.1 Highest
Description:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Evidence
Type Source Name Value Confidence Vendor file name commons-logging High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rsitze@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer id tn Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-logging Highest Vendor pom name Apache Commons Logging High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Product file name commons-logging High Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest Implementation-Title Apache Commons Logging High Product Manifest specification-title Apache Commons Logging Medium Product pom artifactid commons-logging Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rsitze@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email tn@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer id tn Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Thomas Neidhart Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-logging Highest Product pom name Apache Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-logging/ Medium Version file version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
pkg:maven/commons-logging/commons-logging@1.2
(Confidence :High)
Description:
Specs for clojure.core
License:
Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/
File Path: /home/runner/.m2/repository/org/clojure/core.specs.alpha/0.4.74/core.specs.alpha-0.4.74.jar
MD5: ebd37b9a3c39e6b769fc1463737cb8d4
SHA1: d56a8d4c666ff8140e6d0a62d41263134be39254
SHA256: eb73ac08cf49ba840c88ba67beef11336ca554333d9408808d78946e0feb9ddb
Evidence
Type Source Name Value Confidence Vendor file name core.specs.alpha High Vendor pom artifactid core.specs.alpha Low Vendor pom developer id puredanger Medium Vendor pom developer name Alex Miller Medium Vendor pom groupid org.clojure Highest Vendor pom name core.specs.alpha High Vendor pom parent-artifactid pom.contrib Low Product file name core.specs.alpha High Product pom artifactid core.specs.alpha Highest Product pom developer id puredanger Low Product pom developer name Alex Miller Low Product pom groupid org.clojure Highest Product pom name core.specs.alpha High Product pom parent-artifactid pom.contrib Medium Version file version 0.4.74 High Version pom parent-version 0.4.74 Low Version pom version 0.4.74 Highest
pkg:maven/org.clojure/core.specs.alpha@0.4.74
(Confidence :High)
cpe:2.3:a:alex_project:alex:0.4.74:*:*:*:*:*:*:*
(Confidence :Low)
suppress
Description:
Generating/parsing JSON from/to Clojure data structures
File Path: /home/runner/.m2/repository/org/clojure/data.json/0.2.6/data.json-0.2.6.jarMD5: 75475cdb5e8b3d36e633e922a5c94eabSHA1: ac3437a78d08f9db3dac7debe5a069edac282d95SHA256: 7f62619dcc6777521b6ee29eab69b29d71f826fff0d707ab37675eb22a229974
Evidence
Type Source Name Value Confidence Vendor file name data.json High Vendor pom artifactid data.json Low Vendor pom developer email mail@stuartsierra.com Low Vendor pom developer name Stuart Sierra Medium Vendor pom groupid org.clojure Highest Vendor pom name ${artifactId} High Vendor pom name data.json High Vendor pom parent-artifactid pom.contrib Low Vendor pom url clojure/data.json Highest Product file name data.json High Product pom artifactid data.json Highest Product pom developer email mail@stuartsierra.com Low Product pom developer name Stuart Sierra Low Product pom groupid org.clojure Highest Product pom name ${artifactId} High Product pom name data.json High Product pom parent-artifactid pom.contrib Medium Product pom url clojure/data.json High Version file version 0.2.6 High Version pom parent-version 0.2.6 Low Version pom version 0.2.6 Highest
pkg:maven/org.clojure/data.json@0.2.6
(Confidence :High)
Description:
The Google Closure Library is a collection of JavaScript code
designed for use with the Google Closure JavaScript Compiler.
This non-official distribution was prepared by the ClojureScript
team at http://clojure.org/
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/runner/.m2/repository/org/clojure/google-closure-library/0.0-20160609-f42b4a24/google-closure-library-0.0-20160609-f42b4a24.jar
MD5: f68473159ff1a17e4636e908762d5500
SHA1: f5585ba44bdd8981eeaf24dfd7a16921f9278b8d
SHA256: 1285381f5ff1433cd6a1e6fe8b01a86263d7717ef20a7375c5b646879c05e659
Evidence
Type Source Name Value Confidence Vendor file name google-closure-library High Vendor pom artifactid google-closure-library Low Vendor pom developer email amattie@gmail.com Low Vendor pom developer email bjorn.tipling@gmail.com Low Vendor pom developer email guido.tapia@gmail.com Low Vendor pom developer email hello@mohamedmansour.com Low Vendor pom developer email help@samegoal.com Low Vendor pom developer email ibmirkin@gmail.com Low Vendor pom developer email ivan.kozik@gmail.com Low Vendor pom developer email rich@rd.gen.nz Low Vendor pom developer name Andrew Mattie Medium Vendor pom developer name Bjorn Tipling Medium Vendor pom developer name Google, Inc. Medium Vendor pom developer name Guido Tapia Medium Vendor pom developer name Ilia Mirkin Medium Vendor pom developer name Ivan Kozik Medium Vendor pom developer name Mohamed Mansour Medium Vendor pom developer name Rich Dougherty Medium Vendor pom developer name SameGoal LLC Medium Vendor pom groupid org.clojure Highest Vendor pom name Google Closure Library High Vendor pom organization name Google High Vendor pom organization url http://www.google.com Medium Vendor pom url http://code.google.com/p/closure-library/ Highest Product file name google-closure-library High Product pom artifactid google-closure-library Highest Product pom developer email amattie@gmail.com Low Product pom developer email bjorn.tipling@gmail.com Low Product pom developer email guido.tapia@gmail.com Low Product pom developer email hello@mohamedmansour.com Low Product pom developer email help@samegoal.com Low Product pom developer email ibmirkin@gmail.com Low Product pom developer email ivan.kozik@gmail.com Low Product pom developer email rich@rd.gen.nz Low Product pom developer name Andrew Mattie Low Product pom developer name Bjorn Tipling Low Product pom developer name Google, Inc. Low Product pom developer name Guido Tapia Low Product pom developer name Ilia Mirkin Low Product pom developer name Ivan Kozik Low Product pom developer name Mohamed Mansour Low Product pom developer name Rich Dougherty Low Product pom developer name SameGoal LLC Low Product pom groupid org.clojure Highest Product pom name Google Closure Library High Product pom organization name Google Low Product pom organization url http://www.google.com Low Product pom url http://code.google.com/p/closure-library/ Medium Version pom version 0.0-20160609-f42b4a24 Highest
Related Dependencies
google-closure-library-third-party-0.0-20160609-f42b4a24.jar
File Path: /home/runner/.m2/repository/org/clojure/google-closure-library-third-party/0.0-20160609-f42b4a24/google-closure-library-third-party-0.0-20160609-f42b4a24.jar
MD5: 94d0b56f8afb549a6f74c8a67233bc3d
SHA1: 93ee501d8b971532e39c91af103e4e69988edbf8
SHA256: b1b8c8791eef324277f9a47c672cac812201a90d2509c9572d071cf29ffc0afa
pkg:maven/org.clojure/google-closure-library-third-party@0.0-20160609-f42b4a24
CVE-2020-8910 suppress
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
CWE-625 Permissive Regular Expression, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Google Gson library
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/gson/gson/2.2.4/gson-2.2.4.jar
MD5: 2f54fc24807a4cad7297012dd8cebf3d
SHA1: a60a5e993c98c864010053cb901b7eab25306568
SHA256: c0328cd07ca9e363a5acd00c1cf4afe8cf554bd6d373834981ba05cebec687fb
Evidence
Type Source Name Value Confidence Vendor file name gson High Vendor jar package name google Highest Vendor jar package name gson Highest Vendor Manifest bundle-contactaddress http://code.google.com/p/google-gson/ Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname com.google.gson Medium Vendor pom artifactid gson Low Vendor pom developer name Inderjeet Singh Medium Vendor pom developer name Jesse Wilson Medium Vendor pom developer name Joel Leitch Medium Vendor pom developer org Google Inc. Medium Vendor pom developer org Square Inc. Medium Vendor pom developer org Trymph Inc. Medium Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom organization name Google, Inc. High Vendor pom organization url http://www.google.com Medium Vendor pom url http://code.google.com/p/google-gson/ Highest Product file name gson High Product jar package name google Highest Product jar package name gson Highest Product Manifest bundle-contactaddress http://code.google.com/p/google-gson/ Low Product Manifest Bundle-Name Gson Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname com.google.gson Medium Product pom artifactid gson Highest Product pom developer name Inderjeet Singh Low Product pom developer name Jesse Wilson Low Product pom developer name Joel Leitch Low Product pom developer org Google Inc. Low Product pom developer org Square Inc. Low Product pom developer org Trymph Inc. Low Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom organization name Google, Inc. Low Product pom organization url http://www.google.com Low Product pom url http://code.google.com/p/google-gson/ Medium Version file version 2.2.4 High Version Manifest Bundle-Version 2.2.4 High Version pom version 2.2.4 Highest
CVE-2022-25647 suppress
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P References:
Vulnerable Software & Versions: (show all )
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/guava/guava/19.0/guava-19.0.jar
MD5: 43bfc49bdc7324f6daaa60c1ee9f3972
SHA1: 6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9
SHA256: 58d4cc2e05ebb012bbac568b032f75623be1cb6fb096f3c60c72a86f7f057de4
Evidence
Type Source Name Value Confidence Vendor file name guava High Vendor jar package name google Highest Vendor Manifest bundle-docurl https://guava-libraries.googlecode.com/ Low Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product file name guava High Product jar package name google Highest Product Manifest bundle-docurl https://guava-libraries.googlecode.com/ Low Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product Manifest bundle-symbolicname com.google.guava Medium Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Version file version 19.0 High Version pom version 19.0 Highest
CVE-2023-2976 suppress
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties
CVSSv3:
Base Score: HIGH (7.1)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv3:
Base Score: LOW (3.3)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N References:
af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,PATCH,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
cve-coordination@google.com - EXPLOIT,PATCH,THIRD_PARTY_ADVISORY
cve-coordination@google.com - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY
cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
cve-coordination@google.com - THIRD_PARTY_ADVISORY
Vulnerable Software & Versions: (show all )
Description:
HTML as Data
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/hickory/hickory/0.7.1/hickory-0.7.1.jar
MD5: 9610efdaad19f8d866059fc81f3144fd
SHA1: d9e6114592c434ca1df6022bbf4d5e97714666ee
SHA256: bf93934ae5f7ee17be851f34ca2e955b05f5bda4c650578daa41200056782a08
Evidence
Type Source Name Value Confidence Vendor file name hickory High Vendor pom artifactid hickory Low Vendor pom groupid hickory Highest Vendor pom name hickory High Vendor pom url http://github.com/davidsantiago/hickory Highest Product file name hickory High Product pom artifactid hickory Highest Product pom groupid hickory Highest Product pom name hickory High Product pom url http://github.com/davidsantiago/hickory Medium Version file version 0.7.1 High Version pom version 0.7.1 Highest
pkg:maven/hickory/hickory@0.7.1
(Confidence :High)
Description:
Apache HttpComponents AsyncClient
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpasyncclient/4.1.5/httpasyncclient-4.1.5.jarMD5: 5346c547bfd0da64eb3dc54be9380d65SHA1: cd18227f1eb8e9a263286c1d7362ceb24f6f9b32SHA256: 0c1877489a9d1ba4fa50f6cfcab11d1123618858cb31d56afaab5afdd5064d99
Evidence
Type Source Name Value Confidence Vendor file name httpasyncclient High Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpasyncclient Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-asyncclient Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpasyncclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpAsyncClient High Vendor pom parent-artifactid httpcomponents-asyncclient Low Vendor pom url http://hc.apache.org/httpcomponents-asyncclient Highest Product file name httpasyncclient High Product jar package name apache Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpasyncclient Medium Product Manifest Implementation-Title Apache HttpAsyncClient High Product Manifest implementation-url http://hc.apache.org/httpcomponents-asyncclient Low Product Manifest specification-title Apache HttpAsyncClient Medium Product pom artifactid httpasyncclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpAsyncClient High Product pom parent-artifactid httpcomponents-asyncclient Medium Product pom url http://hc.apache.org/httpcomponents-asyncclient Medium Version file version 4.1.5 High Version Manifest Implementation-Version 4.1.5 High Version pom version 4.1.5 Highest
Description:
Apache HttpComponents Client
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jarMD5: 2cb357c4b763f47e58af6cad47df6ba3SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98SHA256: c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6
Evidence
Type Source Name Value Confidence Vendor file name httpclient High Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name httpclient Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client-ga Highest Product file name httpclient High Product jar package name apache Highest Product jar package name client Highest Product jar package name http Highest Product jar package name httpclient Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Product Manifest Implementation-Title Apache HttpClient High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client-ga Low Product Manifest specification-title Apache HttpClient Medium Product pom artifactid httpclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client-ga Medium Version file version 4.5.14 High Version Manifest Implementation-Version 4.5.14 High Version pom version 4.5.14 Highest
Related Dependencies
httpclient-cache-4.5.14.jar
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpclient-cache/4.5.14/httpclient-cache-4.5.14.jar
MD5: 87617651f0293bdfe5203e710a20ca21
SHA1: 17e68860da010d0002c2cd05349d6013ef67ab64
SHA256: 5324d2cbc2d311c9f91b82bcbc746ec2a29f1f5b744395a50ff3afb873db1cee
pkg:maven/org.apache.httpcomponents/httpclient-cache@4.5.14
Description:
Apache HttpComponents Core (blocking I/O)
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jarMD5: 28d2cd9bf8789fd2ec774fb88436ebd1SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850SHA256: 6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f
Evidence
Type Source Name Value Confidence Vendor file name httpcore High Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2022-11-26 09:44:32+0000 Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom artifactid httpcore Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore High Product jar package name apache Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2022-11-26 09:44:32+0000 Low Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title HttpComponents Apache HttpCore Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom artifactid httpcore Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.16 High Version Manifest Implementation-Version 4.4.16 High Version pom version 4.4.16 Highest
pkg:maven/org.apache.httpcomponents/httpcore@4.4.16
(Confidence :High)
Description:
Apache HttpComponents Core (non-blocking I/O)
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpcore-nio/4.4.15/httpcore-nio-4.4.15.jarMD5: 295da715492b1f7d4e38711f820e42a0SHA1: 85d2b6825d42db909a1474f0ffbd6328429b7a32SHA256: 44ee3edb7d5e96d3e6d00263c838af23dd2ce67554129714ea30ae447ba95b92
Evidence
Type Source Name Value Confidence Vendor file name httpcore-nio High Vendor jar package name apache Highest Vendor jar package name nio Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore.nio Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpcore-nio Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore NIO High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore-nio High Product jar package name apache Highest Product jar package name http Highest Product jar package name nio Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore.nio Medium Product Manifest Implementation-Title Apache HttpCore NIO High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title Apache HttpCore NIO Medium Product pom artifactid httpcore-nio Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore NIO High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.15 High Version Manifest Implementation-Version 4.4.15 High Version pom version 4.4.15 Highest
pkg:maven/org.apache.httpcomponents/httpcore-nio@4.4.15
(Confidence :High)
Description:
Apache HttpComponents HttpClient - MIME coded entities
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpmime/4.5.14/httpmime-4.5.14.jarMD5: 714c4ae31c40e6633c0bcaa4e6264153SHA1: 6662758a1f1cb1149cf916bdac28332e0902ec44SHA256: d401243d5c6eae928a37121b6e819158c8c32ea0584793e7285bb489ab2a3d17
Evidence
Type Source Name Value Confidence Vendor file name httpmime High Vendor jar package name apache Highest Vendor jar package name mime Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpmime Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient Mime High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client-ga Highest Product file name httpmime High Product jar package name apache Highest Product jar package name http Highest Product jar package name mime Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Product Manifest Implementation-Title Apache HttpClient Mime High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client-ga Low Product Manifest specification-title Apache HttpClient Mime Medium Product pom artifactid httpmime Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient Mime High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client-ga Medium Version file version 4.5.14 High Version Manifest Implementation-Version 4.5.14 High Version pom version 4.5.14 Highest
pkg:maven/org.apache.httpcomponents/httpmime@4.5.14
(Confidence :High)
File Path: /home/runner/.m2/repository/com/google/jsinterop/jsinterop-annotations/1.0.0/jsinterop-annotations-1.0.0.jarMD5: 93302e3d0cc146097ecd08039dc1de52SHA1: 23c3a3c060ffe4817e67673cc8294e154b0a4a95SHA256: e5c1e0ceef98fb65a3d382641bcc1faab97649da1b422bbfc60e21b47345c854
Evidence
Type Source Name Value Confidence Vendor file name jsinterop-annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name jsinterop Highest Vendor jar package name jsinterop Low Vendor pom artifactid jsinterop-annotations Low Vendor pom groupid com.google.jsinterop Highest Vendor pom parent-artifactid jsinterop Low Product file name jsinterop-annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name jsinterop Highest Product pom artifactid jsinterop-annotations Highest Product pom groupid com.google.jsinterop Highest Product pom parent-artifactid jsinterop Medium Version file version 1.0.0 High Version pom version 1.0.0 Highest
pkg:maven/com.google.jsinterop/jsinterop-annotations@1.0.0
(Confidence :High)
Description:
jsoup is a Java library that simplifies working with real-world HTML and XML. It offers an easy-to-use API for URL fetching, data parsing, extraction, and manipulation using DOM API methods, CSS, and xpath selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers.
License:
The MIT License: https://jsoup.org/license
File Path: /home/runner/.m2/repository/org/jsoup/jsoup/1.22.1/jsoup-1.22.1.jar
MD5: 650c793f2362dd13d13355e558ea56f0
SHA1: 9085290f1032d8bdd4ab0a279d176a4bd9e282ca
SHA256: cfd3298d8720cddfb0545109ccc6ea0ef39eff7e9c40a10ad95c93a65f01c916
Evidence
Type Source Name Value Confidence Vendor file name jsoup High Vendor jar package name jsoup Highest Vendor jar package name org Highest Vendor jar package name parser Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://jsoup.org/ Low Vendor Manifest bundle-symbolicname org.jsoup Medium Vendor Manifest Implementation-Vendor Jonathan Hedley High Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor pom artifactid jsoup Low Vendor pom developer email jonathan@hedley.net Low Vendor pom developer id jhy Medium Vendor pom developer name Jonathan Hedley Medium Vendor pom groupid org.jsoup Highest Vendor pom name jsoup Java HTML Parser High Vendor pom organization name Jonathan Hedley High Vendor pom organization url https://jhedley.com/ Medium Vendor pom url https://jsoup.org/ Highest Product file name jsoup High Product jar package name jsoup Highest Product jar package name org Highest Product jar package name parser Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://jsoup.org/ Low Product Manifest Bundle-Name jsoup Java HTML Parser Medium Product Manifest bundle-symbolicname org.jsoup Medium Product Manifest Implementation-Title jsoup Java HTML Parser High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product pom artifactid jsoup Highest Product pom developer email jonathan@hedley.net Low Product pom developer id jhy Low Product pom developer name Jonathan Hedley Low Product pom groupid org.jsoup Highest Product pom name jsoup Java HTML Parser High Product pom organization name Jonathan Hedley Low Product pom organization url https://jhedley.com/ Low Product pom url https://jsoup.org/ Medium Version file version 1.22.1 High Version Manifest Bundle-Version 1.22.1 High Version Manifest Implementation-Version 1.22.1 High Version pom version 1.22.1 Highest
Description:
JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
SHA256: 905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed
Evidence
Type Source Name Value Confidence Vendor file name jsr305 High Vendor jar package name annotation Low Vendor jar package name javax Low Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product jar package name annotation Low Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 1.3.9 High Version pom version 1.3.9 Highest
pkg:maven/com.google.code.findbugs/jsr305@1.3.9
(Confidence :High)
Description:
Some useful facades.
License:
MIT License
File Path: /home/runner/.m2/repository/potemkin/potemkin/0.4.7/potemkin-0.4.7.jar
MD5: 1f35526c3cd74f6bb47421c03f8bcfc4
SHA1: 5daf7733d60148213807f6e07c1a6f95a2b279f4
SHA256: b98fb8d7e79bfc3ace0f2154c853973a5831a312168845f970475aa193cb1195
Evidence
Type Source Name Value Confidence Vendor file name potemkin High Vendor jar package name potemkin Highest Vendor Manifest leiningen-project-artifactid potemkin Low Vendor Manifest leiningen-project-groupid potemkin Low Vendor pom artifactid potemkin Low Vendor pom groupid potemkin Highest Vendor pom name potemkin High Product file name potemkin High Product jar package name potemkin Highest Product Manifest leiningen-project-artifactid potemkin Low Product Manifest leiningen-project-groupid potemkin Low Product pom artifactid potemkin Highest Product pom groupid potemkin Highest Product pom name potemkin High Version file version 0.4.7 High Version Manifest leiningen-project-version 0.4.7 Medium Version pom version 0.4.7 Highest
pkg:maven/potemkin/potemkin@0.4.7
(Confidence :High)
Description:
Protocol Buffers are a way of encoding structured data in an efficient yet
extensible format.
License:
New BSD license: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/runner/.m2/repository/com/google/protobuf/protobuf-java/2.5.0/protobuf-java-2.5.0.jar
MD5: a44473b98947e2a54c54e0db1387d137
SHA1: a10732c76bfacdbd633a7eb0f7968b1059a65dfa
SHA256: e0c1c64575c005601725e7c6a02cebf9e1285e888f756b2a1d73ffa8d725cc74
Evidence
Type Source Name Value Confidence Vendor file name protobuf-java High Vendor jar package name google Highest Vendor jar package name protobuf Highest Vendor Manifest bundle-docurl http://code.google.com/p/protobuf Low Vendor Manifest bundle-symbolicname com.google.protobuf Medium Vendor pom artifactid protobuf-java Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffer Java API High Vendor pom parent-artifactid google Low Vendor pom parent-groupid com.google Medium Vendor pom url http://code.google.com/p/protobuf Highest Product file name protobuf-java High Product jar package name google Highest Product jar package name protobuf Highest Product Manifest bundle-docurl http://code.google.com/p/protobuf Low Product Manifest Bundle-Name Protocol Buffer Java API Medium Product Manifest bundle-symbolicname com.google.protobuf Medium Product pom artifactid protobuf-java Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffer Java API High Product pom parent-artifactid google Medium Product pom parent-groupid com.google Medium Product pom url http://code.google.com/p/protobuf Medium Version file version 2.5.0 High Version Manifest Bundle-Version 2.5.0 High Version pom parent-version 2.5.0 Low Version pom version 2.5.0 Highest
CVE-2024-7254 suppress
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
CWE-400 Uncontrolled Resource Consumption, CWE-787 Out-of-bounds Write, CWE-674 Uncontrolled Recursion
CVSSv4:
Base Score: HIGH (8.7)
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-3171 suppress
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
CWE-20 Improper Input Validation, NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22569 suppress
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
NVD-CWE-noinfo, CWE-696 Incorrect Behavior Order
CVSSv3:
Base Score: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P References:
af854a3a-2127-422b-91ae-364da2661108 - https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html
af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,ISSUE_TRACKING,MAILING_LIST,VENDOR_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - VENDOR_ADVISORY
cve-coordination@google.com - https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html
cve-coordination@google.com - EXPLOIT,ISSUE_TRACKING,MAILING_LIST,VENDOR_ADVISORY
cve-coordination@google.com - MAILING_LIST,THIRD_PARTY_ADVISORY
cve-coordination@google.com - MAILING_LIST,THIRD_PARTY_ADVISORY
cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
cve-coordination@google.com - VENDOR_ADVISORY
Vulnerable Software & Versions: (show all )
Description:
Template engine support and utilities
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/quoin/quoin/0.1.2/quoin-0.1.2.jar
MD5: 28fed3a5e6b218208e3d42768e354053
SHA1: 0dbbb28df3e337233f934468915eb327ff488172
SHA256: 655d5b6ba4057cdbbeeab163c00cdaede8d72880db4b80e8c5e8bd555960b92c
Evidence
Type Source Name Value Confidence Vendor file name quoin High Vendor pom artifactid quoin Low Vendor pom groupid quoin Highest Vendor pom name quoin High Vendor pom url http://github.com/davidsantiago/quoin Highest Product file name quoin High Product pom artifactid quoin Highest Product pom groupid quoin Highest Product pom name quoin High Product pom url http://github.com/davidsantiago/quoin Medium Version file version 0.1.2 High Version pom version 0.1.2 Highest
pkg:maven/quoin/quoin@0.1.2
(Confidence :High)
Description:
Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically
embedded into Java applications to provide scripting to end users.
License:
Mozilla Public License, Version 2.0: http://www.mozilla.org/MPL/2.0/index.txt
File Path: /home/runner/.m2/repository/org/mozilla/rhino/1.7R5/rhino-1.7R5.jar
MD5: 515233bd8a534c0468f6e397fc6b1925
SHA1: 95f0003cea7ebf26aef5ed64c77c05fcd1ff9648
SHA256: e00e09a71abc4677e17dd8d42b0755b59a9e9ab09b60fd8b1abb45e4c80409c0
Evidence
Type Source Name Value Confidence Vendor file name rhino High Vendor jar package name javascript Highest Vendor jar package name mozilla Highest Vendor Manifest implementation-url http://www.mozilla.org/rhino Low Vendor Manifest Implementation-Vendor Mozilla Foundation High Vendor pom artifactid rhino Low Vendor pom groupid org.mozilla Highest Vendor pom name Mozilla Rhino High Vendor pom organization name The Mozilla Foundation High Vendor pom organization url http://www.mozilla.org Medium Vendor pom url https://developer.mozilla.org/en/Rhino Highest Product file name rhino High Product jar package name javascript Highest Product jar package name mozilla Highest Product Manifest Implementation-Title Mozilla Rhino 1.7R5 High Product Manifest implementation-url http://www.mozilla.org/rhino Low Product pom artifactid rhino Highest Product pom groupid org.mozilla Highest Product pom name Mozilla Rhino High Product pom organization name The Mozilla Foundation Low Product pom organization url http://www.mozilla.org Low Product pom url https://developer.mozilla.org/en/Rhino Medium Version Manifest Implementation-Version 1.7R5 High Version pom version 1.7R5 Highest
pkg:maven/org.mozilla/rhino@1.7R5
(Confidence :High)
Description:
code-walking without caveats
License:
MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/riddley/riddley/0.1.12/riddley-0.1.12.jar
MD5: c13a93e1a748f6d0b775e576e523cb42
SHA1: 033bd1610a8ef50a6347cd571eaef76182ca50b0
SHA256: 398f61fa4825b8f86c916ae580c7e133b7c477d0b72a7d3b298d381032740bae
Evidence
Type Source Name Value Confidence Vendor file name riddley High Vendor jar package name riddley Highest Vendor jar package name riddley Low Vendor pom artifactid riddley Low Vendor pom groupid riddley Highest Vendor pom name riddley High Product file name riddley High Product jar package name riddley Highest Product jar package name util Low Product pom artifactid riddley Highest Product pom groupid riddley Highest Product pom name riddley High Version file version 0.1.12 High Version pom version 0.1.12 Highest
pkg:maven/riddley/riddley@0.1.12
(Confidence :High)
Description:
Enhanced throw, try, leveraging Clojure's capabilities
License:
Eclipse Public License 1.0: https://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/slingshot/slingshot/0.12.2/slingshot-0.12.2.jar
MD5: 4793bec2229ccc655d62fcc5b47cbd77
SHA1: be4aed05849752f9ac5d09691755dec3dd8ed5f3
SHA256: a68ac22bf2ea3cd54ce34db70fd69844d631ef549f6450c278c30e6f79df63f3
Evidence
Type Source Name Value Confidence Vendor file name slingshot High Vendor pom artifactid slingshot Low Vendor pom groupid slingshot Highest Vendor pom name slingshot High Vendor pom url scgilardi/slingshot Highest Product file name slingshot High Product pom artifactid slingshot Highest Product pom groupid slingshot Highest Product pom name slingshot High Product pom url scgilardi/slingshot High Version file version 0.12.2 High Version pom version 0.12.2 Highest
pkg:maven/slingshot/slingshot@0.12.2
(Confidence :High)
Description:
Specification of data and functions
License:
Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/
File Path: /home/runner/.m2/repository/org/clojure/spec.alpha/0.5.238/spec.alpha-0.5.238.jar
MD5: 9f5ea5239dc04d6a8115add1e4f5f23a
SHA1: 4eb5dea521c4e6e1f68c2c47517f14a922003e60
SHA256: 94cd99b6ea639641f37af4860a643b6ed399ee5a8be5d717cff0b663c8d75077
Evidence
Type Source Name Value Confidence Vendor file name spec.alpha High Vendor jar package name alpha Highest Vendor jar package name clojure Highest Vendor jar package name clojure Low Vendor jar package name spec Highest Vendor jar package name spec Low Vendor pom artifactid spec.alpha Low Vendor pom developer id richhickey Medium Vendor pom developer name Rich Hickey Medium Vendor pom groupid org.clojure Highest Vendor pom name spec.alpha High Vendor pom parent-artifactid pom.contrib Low Product file name spec.alpha High Product jar package name alpha Highest Product jar package name clojure Highest Product jar package name spec Highest Product jar package name spec Low Product pom artifactid spec.alpha Highest Product pom developer id richhickey Low Product pom developer name Rich Hickey Low Product pom groupid org.clojure Highest Product pom name spec.alpha High Product pom parent-artifactid pom.contrib Medium Version file version 0.5.238 High Version pom parent-version 0.5.238 Low Version pom version 0.5.238 Highest
pkg:maven/org.clojure/spec.alpha@0.5.238
(Confidence :High)
Description:
A Clojure reader in Clojure
License:
Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php
File Path: /home/runner/.m2/repository/org/clojure/tools.reader/1.0.0-beta3/tools.reader-1.0.0-beta3.jar
MD5: bdd4123ff87e24444f4a59cbe84eb9d9
SHA1: 2551fe91105779f8641ed51d8eb21f1bf50b49e4
SHA256: da123ee25d9515c7b9edc871e11ab0332d58904ca7af854b3ddc2d34332ad7bc
Evidence
Type Source Name Value Confidence Vendor file name tools.reader High Vendor pom artifactid tools.reader Low Vendor pom developer id Bronsa Medium Vendor pom developer name Nicola Mometto Medium Vendor pom groupid org.clojure Highest Vendor pom name ${artifactId} High Vendor pom name tools.reader High Vendor pom parent-artifactid pom.contrib Low Vendor pom url clojure/tools.reader Highest Product file name tools.reader High Product pom artifactid tools.reader Highest Product pom developer id Bronsa Low Product pom developer name Nicola Mometto Low Product pom groupid org.clojure Highest Product pom name ${artifactId} High Product pom name tools.reader High Product pom parent-artifactid pom.contrib Medium Product pom url clojure/tools.reader High Version pom parent-version 1.0.0-beta3 Low Version pom version 1.0.0-beta3 Highest
pkg:maven/org.clojure/tools.reader@1.0.0-beta3
(Confidence :High)