Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Event Processing Maven Plugin

com.tibco.ep:ep-maven-plugin:2.2.1

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
aether-util-0.9.0.M2.jarpkg:maven/org.eclipse.aether/aether-util@0.9.0.M2 026
animal-sniffer-annotations-1.14.jarpkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14 023
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
asm-6.1.1.jarpkg:maven/org.ow2.asm/asm@6.1.1 053
checker-compat-qual-2.0.0.jarpkg:maven/org.checkerframework/checker-compat-qual@2.0.0 074
classworlds-1.1.jarpkg:maven/classworlds/classworlds@1.1 052
commons-codec-1.13.jarpkg:maven/commons-codec/commons-codec@1.13 0109
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest84
commons-compress-1.26.1.jarcpe:2.3:a:apache:commons_compress:1.26.1:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.26.1 0Highest109
commons-io-2.15.1.jarcpe:2.3:a:apache:commons_io:2.15.1:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.15.1 0Highest125
commons-lang-2.6.jarpkg:maven/commons-lang/commons-lang@2.6 0122
commons-lang3-3.8.1.jarpkg:maven/org.apache.commons/commons-lang3@3.8.1 0140
doxia-logging-api-1.4.jarpkg:maven/org.apache.maven.doxia/doxia-logging-api@1.4 027
doxia-sink-api-1.4.jarpkg:maven/org.apache.maven.doxia/doxia-sink-api@1.4 027
error_prone_annotations-2.1.3.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.1.3 024
file-management-3.0.0.jarpkg:maven/org.apache.maven.shared/file-management@3.0.0 026
guava-25.1-android.jarcpe:2.3:a:google:guava:25.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@25.1-androidHIGH2Highest23
guice-4.2.2-no_aop.jarpkg:maven/com.google.inject/guice@4.2.2 032
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 024
j2objc-annotations-1.1.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.1 024
javax.annotation-api-1.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.2 046
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
junit-4.13.2.jarcpe:2.3:a:junit:junit4:4.13.2:*:*:*:*:*:*:*pkg:maven/junit/junit@4.13.2 0Low53
maven-archiver-3.6.1.jarpkg:maven/org.apache.maven/maven-archiver@3.6.1 029
maven-artifact-3.8.8.jarpkg:maven/org.apache.maven/maven-artifact@3.8.8 026
maven-artifact-transfer-0.9.1.jarpkg:maven/org.apache.maven.shared/maven-artifact-transfer@0.9.1 030
maven-assembly-plugin-3.7.1.jarpkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1 029
maven-builder-support-3.8.8.jarpkg:maven/org.apache.maven/maven-builder-support@3.8.8 024
maven-common-artifact-filters-3.3.2.jarpkg:maven/org.apache.maven.shared/maven-common-artifact-filters@3.3.2 029
maven-compat-3.8.8.jarpkg:maven/org.apache.maven/maven-compat@3.8.8 024
maven-core-3.8.8.jarcpe:2.3:a:apache:maven:3.8.8:*:*:*:*:*:*:*pkg:maven/org.apache.maven/maven-core@3.8.8 0Highest24
maven-dependency-analyzer-1.10.jarpkg:maven/org.apache.maven.shared/maven-dependency-analyzer@1.10 030
maven-dependency-plugin-3.1.1.jarpkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1 030
maven-dependency-tree-3.0.1.jarpkg:maven/org.apache.maven.shared/maven-dependency-tree@3.0.1 030
maven-filtering-3.3.2.jarpkg:maven/org.apache.maven.shared/maven-filtering@3.3.2 0563
maven-model-3.8.8.jarpkg:maven/org.apache.maven/maven-model@3.8.8 026
maven-model-builder-3.8.8.jarpkg:maven/org.apache.maven/maven-model-builder@3.8.8 032
maven-plugin-annotations-3.15.0.jarpkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.15.0 026
maven-plugin-api-3.8.8.jarpkg:maven/org.apache.maven/maven-plugin-api@3.8.8 026
maven-repository-metadata-3.8.8.jarpkg:maven/org.apache.maven/maven-repository-metadata@3.8.8 026
maven-resolver-api-1.6.3.jarpkg:maven/org.apache.maven.resolver/maven-resolver-api@1.6.3 034
maven-resolver-impl-1.6.3.jarpkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.6.3 032
maven-resolver-provider-3.8.8.jarpkg:maven/org.apache.maven/maven-resolver-provider@3.8.8 026
maven-resolver-spi-1.6.3.jarpkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.6.3 032
maven-resolver-util-1.6.3.jarpkg:maven/org.apache.maven.resolver/maven-resolver-util@1.6.3 036
maven-settings-3.8.8.jarpkg:maven/org.apache.maven/maven-settings@3.8.8 026
maven-settings-builder-3.8.8.jarpkg:maven/org.apache.maven/maven-settings-builder@3.8.8 026
maven-shared-io-3.0.0.jarpkg:maven/org.apache.maven.shared/maven-shared-io@3.0.0 028
maven-shared-utils-3.2.1.jarcpe:2.3:a:apache:maven_shared_utils:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.2.1:*:*:*:*:*:*:*		pkg:maven/org.apache.maven.shared/maven-shared-utils@3.2.1CRITICAL1Highest30
org.eclipse.sisu.inject-0.3.5.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.3.5 029
org.eclipse.sisu.plexus-0.3.5.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.3.5 028
plexus-archiver-4.9.2.jarcpe:2.3:a:codehaus-plexus:plexus-archiver:4.9.2:*:*:*:*:*:*:*
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:4.9.2:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-archiver@4.9.2 0Highest29
plexus-build-api-0.0.7.jarpkg:maven/org.sonatype.plexus/plexus-build-api@0.0.7 026
plexus-cipher-2.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-cipher@2.0HIGH2Highest20
plexus-classworlds-2.6.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.6.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-classworlds@2.6.0HIGH2Highest26
plexus-component-annotations-2.0.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-component-annotations@2.0.0HIGH2Highest27
plexus-container-default-1.0-alpha-30.jar (shaded: org.codehaus.plexus:plexus-component-api:1.0-alpha-30)cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-30:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-component-api@1.0-alpha-30HIGH2Highest9
plexus-container-default-1.0-alpha-30.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-30:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-30HIGH2Highest23
plexus-interpolation-1.26.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.26:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-interpolation@1.26HIGH2Highest25
plexus-io-3.4.2.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:3.4.2:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-io@3.4.2 0Highest24
plexus-sec-dispatcher-2.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sec_project:sec:2.0:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0HIGH2Highest20
plexus-utils-4.0.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:plexus-utils_project:plexus-utils:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:4.0.0:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-utils@4.0.0 0Highest24
plexus-xml-3.0.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:3.0.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-xml@3.0.0HIGH2Highest24
slf4j-api-1.7.26.jarpkg:maven/org.slf4j/slf4j-api@1.7.26 025
snappy-0.4.jarpkg:maven/org.iq80.snappy/snappy@0.4MEDIUM132
surefire-api-2.4.3.jar (shaded: org.codehaus.plexus:plexus-utils:1.5.1)cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:plexus-utils_project:plexus-utils:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:1.5.1:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-utils@1.5.1CRITICAL3Highest12
surefire-api-2.4.3.jarpkg:maven/org.apache.maven.surefire/surefire-api@2.4.3 025
wagon-provider-api-3.3.3.jarcpe:2.3:a:apache:maven_wagon:3.3.3:*:*:*:*:*:*:*pkg:maven/org.apache.maven.wagon/wagon-provider-api@3.3.3 0Highest27
xz-1.9.jarpkg:maven/org.tukaani/xz@1.9 033
zstd-jni-1.5.5-11.jarpkg:maven/com.github.luben/zstd-jni@1.5.5-11 043
zstd-jni-1.5.5-11.jar: libzstd-jni-1.5.5-11.dll 04
zstd-jni-1.5.5-11.jar: libzstd-jni-1.5.5-11.dll 04
zstd-jni-1.5.5-11.jar: libzstd-jni-1.5.5-11.dll 04

Dependencies (vulnerable)

aether-util-0.9.0.M2.jar

Description:

    A collection of utility classes to ease usage of the repository system.

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar
MD5: fc6315129d2e2063e2f2725e6337587f
SHA1: b957089deb654647da320ad7507b0a4b5ce23813
SHA256:7d62b0fdef90196ec4b2947f5973d750bfd3935785244e77cc06780131c404e9
Referenced In Project/Scope: Event Processing Maven Plugin:compile
aether-util-0.9.0.M2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

animal-sniffer-annotations-1.14.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/mojo/animal-sniffer-annotations/1.14/animal-sniffer-annotations-1.14.jar
MD5: 9d42e46845c874f1710a9f6a741f6c14
SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5
SHA256:2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d
Referenced In Project/Scope: Event Processing Maven Plugin:provided
animal-sniffer-annotations-1.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /Users/rkrajews/.m2/ep-dev-repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: Event Processing Maven Plugin:provided
aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

asm-6.1.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD: http://asm.ow2.org/license.html
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/ow2/asm/asm/6.1.1/asm-6.1.1.jar
MD5: 04b72e489b64c54d5776ab59f330bd23
SHA1: 264754515362d92acd39e8d40395f6b8dee7bc08
SHA256:dd3b546415dd4bade2ebe3b47c7828ab0623ee2336604068e2d81023f9f8d833
Referenced In Project/Scope: Event Processing Maven Plugin:compile
asm-6.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

checker-compat-qual-2.0.0.jar

Description:

        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.  Please
        see artifact:
        org.checkerframework:checker

License:

GNU General Public License, version 2 (GPL2), with the classpath exception: http://www.gnu.org/software/classpath/license.html
The MIT License: http://opensource.org/licenses/MIT
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/checkerframework/checker-compat-qual/2.0.0/checker-compat-qual-2.0.0.jar
MD5: b6fb2610dacd211a3e2c3d8af1b60d0f
SHA1: fc89b03860d11d6213d0154a62bcd1c2f69b9efa
SHA256:a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b
Referenced In Project/Scope: Event Processing Maven Plugin:provided
checker-compat-qual-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

classworlds-1.1.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/classworlds/classworlds/1.1/classworlds-1.1.jar
MD5: c20629baa65f1f2948b37aa393b0310b
SHA1: 60c708f55deeb7c5dfce8a7886ef09cbc1388eca
SHA256:4e3e0ad158ec60917e0de544c550f31cd65d5a97c3af1c1968bf427e4a9df2e4
Referenced In Project/Scope: Event Processing Maven Plugin:compile
classworlds-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

commons-codec-1.13.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/commons-codec/commons-codec/1.13/commons-codec-1.13.jar
MD5: 5085f186156822fa3a02e55bcd5584a8
SHA1: 3f18e1aa31031d89db6f01ba05d501258ce69d2c
SHA256:61f7a3079e92b9fdd605238d0295af5fd11ac411a0a0af48deace1f6c5ffa072
Referenced In Project/Scope: Event Processing Maven Plugin:compile
commons-codec-1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: Event Processing Maven Plugin:compile
commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

commons-compress-1.26.1.jar

Description:

Apache Commons Compress defines an API for working with
compression and archive formats. These include bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/commons/commons-compress/1.26.1/commons-compress-1.26.1.jar
MD5: 7af7d22a7280508327d809b183114a92
SHA1: 44331c1130c370e726a2e1a3e6fba6d2558ef04a
SHA256:27bb5d40f37c3bb7205b4a0540247df057715e9f6cbbd97d626ab8b50318bb04
Referenced In Project/Scope: Event Processing Maven Plugin:compile
commons-compress-1.26.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

commons-io-2.15.1.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/commons-io/commons-io/2.15.1/commons-io-2.15.1.jar
MD5: 84351f7991a0e6722f00e96a4ccc376f
SHA1: f11560da189ab563a5c8e351941415430e9304ea
SHA256:a58af12ee1b68cfd2ebb0c27caef164f084381a00ec81a48cc275fd7ea54e154
Referenced In Project/Scope: Event Processing Maven Plugin:compile
commons-io-2.15.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Project/Scope: Event Processing Maven Plugin:compile
commons-lang-2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

commons-lang3-3.8.1.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
MD5: 540b1256d887a6993ecbef23371a3302
SHA1: 6505a72a097d9270f7a9e7bf42c4238283247755
SHA256:dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68
Referenced In Project/Scope: Event Processing Maven Plugin:compile
commons-lang3-3.8.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

doxia-logging-api-1.4.jar

Description:

Doxia Logging API.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/doxia/doxia-logging-api/1.4/doxia-logging-api-1.4.jar
MD5: 3800c4a113c3f657c5d7653fb5695a53
SHA1: fd0ab30404ac0fca5f672eee70acf5d17a1ea856
SHA256:2c422e154f748d9c1cba6730b6304db48a19de09772aa0b7ca34240e5ec714ac
Referenced In Project/Scope: Event Processing Maven Plugin:compile
doxia-logging-api-1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

doxia-sink-api-1.4.jar

Description:

Doxia Sink API.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/doxia/doxia-sink-api/1.4/doxia-sink-api-1.4.jar
MD5: 4f8f19a149fd8a48ebefedcc5e9aafc1
SHA1: 3cfed174cabb086426a9043da49a70526ff40d16
SHA256:c72be063877e0713b9169231e4db62579f7e93b15eeb5806df8e694fc38a415e
Referenced In Project/Scope: Event Processing Maven Plugin:compile
doxia-sink-api-1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

error_prone_annotations-2.1.3.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/com/google/errorprone/error_prone_annotations/2.1.3/error_prone_annotations-2.1.3.jar
MD5: 97504b36cf871722d81a4b9e114f2a16
SHA1: 39b109f2cd352b2d71b52a3b5a1a9850e1dc304b
SHA256:03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8
Referenced In Project/Scope: Event Processing Maven Plugin:provided
error_prone_annotations-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

file-management-3.0.0.jar

Description:

API to collect files from a given directory using several include/exclude rules.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/shared/file-management/3.0.0/file-management-3.0.0.jar
MD5: 52e384d43eac94eb5111ea3251e06217
SHA1: 065d87e03797af7bb5bb199d4d8b50f83cbea3ce
SHA256:a37db9f4108b019a96b4fee8c6becaea64a3e755d5d21a904a8549501c7fc065
Referenced In Project/Scope: Event Processing Maven Plugin:compile
file-management-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

guava-25.1-android.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/com/google/guava/guava/25.1-android/guava-25.1-android.jar
MD5: b506eaec680c6d92d5f063fa1d57956d
SHA1: bdaab946ca5ad20253502d873ba0c3313d141036
SHA256:f7b8f8fed176b9cf6831b98cb07320d7fbe91d99b29999f752c3821dfe45bdc8
Referenced In Project/Scope: Event Processing Maven Plugin:provided
guava-25.1-android.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

CVE-2023-2976  

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

guice-4.2.2-no_aop.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/com/google/inject/guice/4.2.2/guice-4.2.2-no_aop.jar
MD5: 57d2b333c34d0f834189d54b6e59d1a6
SHA1: fa13659f9128f4c011c8e1d06f137083b4876377
SHA256:0f4f5fb28609a4d2b38b7f7128be7cf9b541f25283d71b4e56066d99683aafff
Referenced In Project/Scope: Event Processing Maven Plugin:provided
guice-4.2.2-no_aop.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Project/Scope: Event Processing Maven Plugin:compile
hamcrest-core-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/junit/junit@4.13.2

Identifiers

j2objc-annotations-1.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
SHA256:2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6
Referenced In Project/Scope: Event Processing Maven Plugin:provided
j2objc-annotations-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

javax.annotation-api-1.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /Users/rkrajews/.m2/ep-dev-repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope: Event Processing Maven Plugin:provided
javax.annotation-api-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.8.8

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: Event Processing Maven Plugin:compile
javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: Event Processing Maven Plugin:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

junit-4.13.2.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /Users/rkrajews/.m2/ep-dev-repository/junit/junit/4.13.2/junit-4.13.2.jar
MD5: d98a9a02a99a9acd22d7653cbcc1f31f
SHA1: 8ac9e16d933b6fb43bc7f576336b8f4d7eb5ba12
SHA256:8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3
Referenced In Project/Scope: Event Processing Maven Plugin:compile
junit-4.13.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

maven-archiver-3.6.1.jar

Description:

Provides utility methods for creating JARs and other archive files from a Maven project.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-archiver/3.6.1/maven-archiver-3.6.1.jar
MD5: a2fdb930b0fd117baa7ebda5742e60f6
SHA1: 7797346a0cfdac37326e0bcd04eca32c0f76b429
SHA256:a5fd6e2121c0a3f5e5cafdf336e21ba2e67a2cf7e781f69e3b8ae28215832823
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-archiver-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

maven-artifact-3.8.8.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-artifact/3.8.8/maven-artifact-3.8.8.jar
MD5: 62c96f80b30e8a0c3e706bc0a27b4384
SHA1: c4324db6f73f14e1327da2a1acec293d75212ae7
SHA256:813233a8485cbaf97b1f9a2c17cef723b068f7260a4319cf4958f221d04b9937
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-artifact-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.8.8

Identifiers

maven-artifact-transfer-0.9.1.jar

Description:

An API to install, deploy and resolving artifacts with Maven 3

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/shared/maven-artifact-transfer/0.9.1/maven-artifact-transfer-0.9.1.jar
MD5: b65e70a00149a44404b54cc2e73754b4
SHA1: b8f0866112547e3f7ea0e683ac50905dae046be0
SHA256:6a2d37c58a6b1b9dd8a5a2e28b5320f63d03245830712f0000342abe3de34ef5
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-artifact-transfer-0.9.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

maven-assembly-plugin-3.7.1.jar

Description:

A Maven plugin to create archives of your project's sources, classes, dependencies etc. from flexible assembly descriptors.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/plugins/maven-assembly-plugin/3.7.1/maven-assembly-plugin-3.7.1.jar
MD5: d77bb9e0c42d8f5e9b8a28e04c21c0c0
SHA1: 59d01f9b253b851821446c76bed9b5b4eaa6adc8
SHA256:1d65f810ae5de6141ff73c659dae6f9db6bad83c76b811d977eb3798a6dc1d0f
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-assembly-plugin-3.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

maven-builder-support-3.8.8.jar

Description:

Support for descriptor builders (model, setting, toolchains)

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-builder-support/3.8.8/maven-builder-support-3.8.8.jar
MD5: 7810b2dca4d628762f6df585f98fdb8e
SHA1: 7cc533b63eb0db3235c17e02d90be6feac957e56
SHA256:c425ca169d67217256a8d1991144691fcf23351e09431890af240bfeed33b902
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-builder-support-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-common-artifact-filters-3.3.2.jar

Description:

A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar
MD5: 5b8bd8a1933dbfa8f9a00029255cf99b
SHA1: c1cb1bc78ae8c6a6e64da833d4a9afbda5e0834a
SHA256:2be8b810cf0937ff4bb7bef8ce78a8faad17ca2182751055ac7df54d5510b908
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-common-artifact-filters-3.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

maven-compat-3.8.8.jar

Description:

Maven2 classes maintained as compatibility layer.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-compat/3.8.8/maven-compat-3.8.8.jar
MD5: 157256564d5e8851e495e8319410ef73
SHA1: 98a1aff8948b3a6301bdaa1f1d527f31339cdd3f
SHA256:02afa75398ef2438f854b91d2a1a31db06af85f5ac1964723885127b5d5a781d
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-compat-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

maven-core-3.8.8.jar

Description:

Maven Core classes.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-core/3.8.8/maven-core-3.8.8.jar
MD5: f39381d6c0e6a5377719283fa80e61cc
SHA1: 6248a474f9dfe20356e822708938b83d850132a6
SHA256:52f00764d26dc97ac9ffaf20b4e99982d568238490f9496bd7b9d5cc10740113
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-core-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

maven-dependency-analyzer-1.10.jar

Description:

    Analyzes the dependencies of a project for undeclared or unused artifacts.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/shared/maven-dependency-analyzer/1.10/maven-dependency-analyzer-1.10.jar
MD5: 8e7f9e272fd68f2d45c89b3b15136e9d
SHA1: 0a7378d4cb2d73e403df605f289197afb1b6a437
SHA256:37c8634fbee43fc1eee7e7a09b2328bcb5523a03d348b8e47154444c14677a81
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-dependency-analyzer-1.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

maven-dependency-plugin-3.1.1.jar

Description:

Provides utility goals to work with dependencies like copying, unpacking, analyzing, resolving and many more.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/plugins/maven-dependency-plugin/3.1.1/maven-dependency-plugin-3.1.1.jar
MD5: a2fac1f3e4ac36699e4473a5c3ac7115
SHA1: e348af6765ac0b96de98983f9ac96df3649f0b69
SHA256:5513748d0fc1ff44b19b7df936b051265dd0357341b37232052c89b89c8ac500
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-dependency-plugin-3.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

maven-dependency-tree-3.0.1.jar

Description:

A tree-based API for resolution of Maven project dependencies

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar
MD5: 5c94d3d8b896f0e9f29295fd46cffaa0
SHA1: e9ae9966f1d3a238004c8b15ca4fd0e03d405424
SHA256:c7d0968a60678fcabd3f6e7ef32812c77f14bb964e66f4ae2b907d4efd675067
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-dependency-tree-3.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

maven-filtering-3.3.2.jar

Description:

A component to assist in filtering of resource files with properties from a Maven project.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/shared/maven-filtering/3.3.2/maven-filtering-3.3.2.jar
MD5: 416dfdda99fabb27e688f9e5008ccbb9
SHA1: 23bc154ea06ccdf2623650e5339ef3aa1c38f2f5
SHA256:96739b6e16cd6b04529f4527553e92909090f42c222e2401e1df7e7da0cd1e50
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-filtering-3.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

maven-model-3.8.8.jar

Description:

Model for Maven POM (Project Object Model)

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-model/3.8.8/maven-model-3.8.8.jar
MD5: 80e2966cd217fa87cec890bc2361acd0
SHA1: f9094a6d900109c8d943390c635d3f1c82e6a680
SHA256:c392548bc1a3f0c6a180f888bd2349602de5b1e30059fe0ec46f81ed4ce14129
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-model-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.8.8

Identifiers

maven-model-builder-3.8.8.jar

Description:

The effective model builder, with inheritance, profile activation, interpolation, ...

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-model-builder/3.8.8/maven-model-builder-3.8.8.jar
MD5: 5b36d32780bd17948504ab177f0be560
SHA1: f512aa9f9a55d89ddee8d14daf329634ab13039b
SHA256:288c29acda1d26138c8a53fff326ee79bbce870c63c9ac876e7fe8c2944044d3
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-model-builder-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-plugin-annotations-3.15.0.jar

Description:

Java annotations to use in Mojos

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/plugin-tools/maven-plugin-annotations/3.15.0/maven-plugin-annotations-3.15.0.jar
MD5: 1f9ec4ed57ee3fd27f3d83b16c496079
SHA1: 979c83420a249a3504fbbba54ef68ff1e8a0049c
SHA256:8aa6b0054bf9240fb89d5def9353b5e274eacf0151fd8d2571b9e803f401660a
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-plugin-annotations-3.15.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

maven-plugin-api-3.8.8.jar

Description:

The API for plugins - Mojos - development.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-plugin-api/3.8.8/maven-plugin-api-3.8.8.jar
MD5: fe4ef5971cadcea71dc9be6eb86d1cb8
SHA1: a5709000fe497efe5f3dc1317eabb15b22a614fb
SHA256:b2c6d153d02b35c1f30d72df2372fc5d23abccec3c1e689be6d60047e1397ecc
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-plugin-api-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

maven-repository-metadata-3.8.8.jar

Description:

Per-directory local and remote repository metadata.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-repository-metadata/3.8.8/maven-repository-metadata-3.8.8.jar
MD5: 71e1f483b3f1824b7c32f77db7415035
SHA1: 3afc94fb7373b7658d96c83b83d534534737e70d
SHA256:b396d3b081b353541ea9a147ab2d3eee5723b460d130ef7cb1d95366aeab7c31
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-repository-metadata-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-resolver-api-1.6.3.jar

Description:

    The application programming interface for the repository system.

License:

"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/resolver/maven-resolver-api/1.6.3/maven-resolver-api-1.6.3.jar
MD5: c1f8b0046b6219ef49dbd73638ce33e2
SHA1: 5ee235aa5ac5994b5dc847f8e78ffe9d77dd55d7
SHA256:d0b28ed944058ba4f9be4b54c25d6d5269cc4f3f3c49aa450d4dc2f7e0d552f6
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-resolver-api-1.6.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-resolver-impl-1.6.3.jar

Description:

    An implementation of the repository system.

License:

"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/resolver/maven-resolver-impl/1.6.3/maven-resolver-impl-1.6.3.jar
MD5: 2145b5eb9ddd8bdf9f3171122c703d4b
SHA1: 2714ffe60bd71259a41b3e4816122504b5f2db93
SHA256:17aaebe6e3e59df8cb5b4ec210196f7084637312b9bc4ff14cb77ad1ae3c381b
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-resolver-impl-1.6.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-resolver-provider-3.8.8.jar

Description:

Extensions to Maven Resolver for utilizing Maven POM and repository metadata.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-resolver-provider/3.8.8/maven-resolver-provider-3.8.8.jar
MD5: f0967ae0c4ee1115a60101a3a584393c
SHA1: 27404d68acc4aba35a57b37a249eec415522f9c0
SHA256:197a8a6e7c7df66dd1fa70bb495ac7616f0e96f43d354d69ff4794d725d47427
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-resolver-provider-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-resolver-spi-1.6.3.jar

Description:

    The service provider interface for repository system implementations and repository connectors.

License:

"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/resolver/maven-resolver-spi/1.6.3/maven-resolver-spi-1.6.3.jar
MD5: 39ccba873cf05b2b5405d24a55133a37
SHA1: 176425f73fe768bf9cdb8b5a742e7a00c1d8d178
SHA256:17441a39045ac19bc4a8068fb7284facebf6337754bf2bf8f26a76b5f98ed108
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-resolver-spi-1.6.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-resolver-util-1.6.3.jar

Description:

    A collection of utility classes to ease usage of the repository system.

License:

"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/resolver/maven-resolver-util/1.6.3/maven-resolver-util-1.6.3.jar
MD5: 71d7fea851a889aae2cfd632e96d01c1
SHA1: 07d5a6879037b34c61c2f527dfcfb59084e86ed0
SHA256:cdcad9355b625743f40e4cead9a96353404e010c39c808d23b044be331afa251
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-resolver-util-1.6.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-settings-3.8.8.jar

Description:

Maven Settings model.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-settings/3.8.8/maven-settings-3.8.8.jar
MD5: 2a779e17152019ca049839b2fc0dd2b9
SHA1: 1e835f080004e81a6646eb5ea123c4c556ea3f74
SHA256:70db5c07425a5e66edceac12af6dd60cf614330978cc195c3009c75c6ff6e47c
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-settings-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-settings-builder-3.8.8.jar

Description:

The effective settings builder, with inheritance and password decryption.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/maven-settings-builder/3.8.8/maven-settings-builder-3.8.8.jar
MD5: 8bf33f251aa930d270adfa2889d556d7
SHA1: fb0f7b5e2474564c2c0f5b456897fa5c06c0a5d9
SHA256:e765b171ad3f0d99c2426abff890b46ac1ac68c785636efab5f61fcd73ecd4ff
Referenced In Project/Scope: Event Processing Maven Plugin:provided
maven-settings-builder-3.8.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

maven-shared-io-3.0.0.jar

Description:

API for I/O support like logging, download or file scanning.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/shared/maven-shared-io/3.0.0/maven-shared-io-3.0.0.jar
MD5: cd048096ba02afa72cebb76d39e4bde0
SHA1: fe598062dbcf95ac9eba77840f86d2ff25d81f55
SHA256:7f9d12b2d569ccde2cacd22a39e301b20f82567b80e21d625c5f4d93dc09c2c7
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-shared-io-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

maven-shared-utils-3.2.1.jar

Description:

Shared utils without any further dependencies

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/shared/maven-shared-utils/3.2.1/maven-shared-utils-3.2.1.jar
MD5: 9c8c48e58b12b4584278c355f6c98bd5
SHA1: 08dd4dfb1d2d8b6969f6462790f82670bcd35ce2
SHA256:3ba9c619893c767db0f9c3e826d5118b57c35229301bcd16d865a89cec16a7e5
Referenced In Project/Scope: Event Processing Maven Plugin:compile
maven-shared-utils-3.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-slf4j-provider@3.8.8

Identifiers

CVE-2022-29599  

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
CWE-116 Improper Encoding or Escaping of Output

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

org.eclipse.sisu.inject-0.3.5.jar

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
MD5: 1b296b0ddd911ed3750b3df93b395cd5
SHA1: d4265dd4f0f1d7a06d80df5a5f475d5ff9c17140
SHA256:c5994010bcdce1d2bd603a4d50c47191ddbd7875d1157b23aaa26d33c82fda13
Referenced In Project/Scope: Event Processing Maven Plugin:provided
org.eclipse.sisu.inject-0.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

org.eclipse.sisu.plexus-0.3.5.jar

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.jar
MD5: 30c4a9fa2137698ed66c8542f1be196a
SHA1: d71996bb2e536f966b3b70e647067fff3b73d32f
SHA256:7e4c61096d70826f20f7a7d55c59a5528e7aa5ad247ee2dfe544e4dd25f6a784
Referenced In Project/Scope: Event Processing Maven Plugin:provided
org.eclipse.sisu.plexus-0.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.8.8

Identifiers

plexus-archiver-4.9.2.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-archiver/4.9.2/plexus-archiver-4.9.2.jar
MD5: 408c466d4a20a02f4a2428a4f003ca13
SHA1: a03ed402ef8468c1d1bda368d7213cad67f16a71
SHA256:a837bd7d73291564dc8e8c826de0fede75896527a35bdcddb77b0545ee656a4c
Referenced In Project/Scope: Event Processing Maven Plugin:compile
plexus-archiver-4.9.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

plexus-build-api-0.0.7.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/sonatype/plexus/plexus-build-api/0.0.7/plexus-build-api-0.0.7.jar
MD5: 49f0f8c6bdf2687e358870a4fc1559c6
SHA1: e6ba5cd4bfd8de00235af936e7f63eb24ed436e6
SHA256:934171640fbd3d2495c50b79b0d9adb11e2c83e65bad157df8fe34bcac0ff798
Referenced In Project/Scope: Event Processing Maven Plugin:compile
plexus-build-api-0.0.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

plexus-cipher-2.0.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-cipher/2.0/plexus-cipher-2.0.jar
MD5: 55d612839faf248cbe3e273969c002c2
SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651b
SHA256:9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203a
Referenced In Project/Scope: Event Processing Maven Plugin:provided
plexus-cipher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-classworlds-2.6.0.jar

Description:

A class loader framework

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.jar
MD5: 67e722b27e3a33b33c1b263b99dd7c43
SHA1: 8587e80fcb38e70b70fae8d5914b6376bfad6259
SHA256:52f77c5ec49f787c9c417ebed5d6efd9922f44a202f217376e4f94c0d74f3549
Referenced In Project/Scope: Event Processing Maven Plugin:compile
plexus-classworlds-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.8.8

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-component-annotations-2.0.0.jar

Description:

    Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
    standard annotations instead of javadoc annotations.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar
MD5: be18d50372002ba958de0ae4850b18a7
SHA1: 6897b9fa8b67c900b52996f845e2d179eea13441
SHA256:405eef6fc9188241ec88579c3e473f5c8997455c69bcd62e142492aca15106bc
Referenced In Project/Scope: Event Processing Maven Plugin:compile
plexus-component-annotations-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-container-default-1.0-alpha-30.jar (shaded: org.codehaus.plexus:plexus-component-api:1.0-alpha-30)

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-container-default/1.0-alpha-30/plexus-container-default-1.0-alpha-30.jar/META-INF/maven/org.codehaus.plexus/plexus-component-api/pom.xml
MD5: 081a9cf2cfc29605fad2110ae2656a1c
SHA1: efb3642d47427637d031258c853618028546dfcc
SHA256:a0f23a7447b705dfd8a92b5b6435938403b9ccdc9a8d769134d41cd571b015c8
Referenced In Project/Scope: Event Processing Maven Plugin:compile

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-container-default-1.0-alpha-30.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-container-default/1.0-alpha-30/plexus-container-default-1.0-alpha-30.jar
MD5: af35f8c80bbf8deaaa382bd530c40939
SHA1: 669d4ba8e898e37987eb5e30b121ed1d62c5b7b8
SHA256:ef5fa49aeb90df9cac923435577dc9c2701a18ba29191b6e407e7870795eea35
Referenced In Project/Scope: Event Processing Maven Plugin:compile
plexus-container-default-1.0-alpha-30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.1.1

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-interpolation-1.26.jar

Description:

The Plexus project provides a full software stack for creating and executing software projects.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar
MD5: 1049ae9f5cd8cf618abf5bc5805e6b94
SHA1: 25b919c664b79795ccde0ede5cee0fd68b544197
SHA256:b3b5412ce17889103ea564bcdfcf9fb3dfa540344ffeac6b538a73c9d7182662
Referenced In Project/Scope: Event Processing Maven Plugin:compile
plexus-interpolation-1.26.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-io-3.4.2.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-io/3.4.2/plexus-io-3.4.2.jar
MD5: 77515ce571e8169c13220c506ad177a4
SHA1: 40deb3076e4597f1ef973dc794f3a510fa3a942d
SHA256:6ba7fb0db6bfa348c248df3f983ae31318e9c14f35a86a932af5ffd7450aa62a
Referenced In Project/Scope: Event Processing Maven Plugin:compile
plexus-io-3.4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

plexus-sec-dispatcher-2.0.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-sec-dispatcher/2.0/plexus-sec-dispatcher-2.0.jar
MD5: e68635a721630177ac70173e441336b6
SHA1: f89c5080614ffd0764e49861895dbedde1b47237
SHA256:873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfceb
Referenced In Project/Scope: Event Processing Maven Plugin:provided
plexus-sec-dispatcher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.8.8

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-utils-4.0.0.jar

Description:

A collection of various utility classes to ease working with strings, files, command lines and
    more.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-utils/4.0.0/plexus-utils-4.0.0.jar
MD5: 16481d9d3af602d73a6355e79d2de889
SHA1: ff00a04ba971655ed10e9fb93bce0ed3014e9477
SHA256:270cd703b48c6e5c8c691f1875f22d62d22cfe072c73ae2f5814d83d68c1da0b
Referenced In Project/Scope: Event Processing Maven Plugin:compile
plexus-utils-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.8.8

Identifiers

plexus-xml-3.0.0.jar

Description:

A collection of various utility classes to ease working with XML in Maven 3.

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.jar
MD5: cccca4a03a8367cd20e4efaead5fba0b
SHA1: d16b91678bc3734276886132923d6919c935c9f7
SHA256:d2622dc9339b16f5b8c9cad2add440e965831d0e16f19ae1de24e1202b0de536
Referenced In Project/Scope: Event Processing Maven Plugin:compile
plexus-xml-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

slf4j-api-1.7.26.jar

Description:

The slf4j API

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/slf4j/slf4j-api/1.7.26/slf4j-api-1.7.26.jar
MD5: 60ec8751be37d54a2aa1b6178f87b968
SHA1: 77100a62c2e6f04b53977b9f541044d7d722693d
SHA256:6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b
Referenced In Project/Scope: Event Processing Maven Plugin:provided
slf4j-api-1.7.26.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

snappy-0.4.jar

Description:

Port of Snappy to Java

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/iq80/snappy/snappy/0.4/snappy-0.4.jar
MD5: f0792d1dbe7f90d8b34c7c19961e0073
SHA1: a42b2d92a89efd35bb14738000dabcac6bd07a8d
SHA256:46a0c87d504ce9d6063e1ff6e4d20738feb49d8abf85b5071a7d18df4f11bac9
Referenced In Project/Scope: Event Processing Maven Plugin:compile
snappy-0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

CVE-2024-36124 (OSSINDEX)  

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.
CWE-125 Out-of-bounds Read

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.iq80.snappy:snappy:0.4:*:*:*:*:*:*:*

surefire-api-2.4.3.jar (shaded: org.codehaus.plexus:plexus-utils:1.5.1)

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/surefire/surefire-api/2.4.3/surefire-api-2.4.3.jar/META-INF/maven/org.codehaus.plexus/plexus-utils/pom.xml
MD5: 4d0ef59ee3f74d8200277cbe592ee585
SHA1: 2a0b3470063440066d3b8a084340ce07dbdbfedc
SHA256:e237bba8d1c65c171b5fe8774a2ff817525df6315b929a2085cf70cff15b1b58
Referenced In Project/Scope: Event Processing Maven Plugin:compile

Identifiers

CVE-2017-1000487  

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

surefire-api-2.4.3.jar

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/surefire/surefire-api/2.4.3/surefire-api-2.4.3.jar
MD5: 6c810bfd0dbdea75d84cfb541e4bd8f4
SHA1: 3716608c23136d71be2efc5dcbcd2ef80e510076
SHA256:34ba3098cd356df55daf2a3d6d486050648777fbcb029e15333f9795cce57362
Referenced In Project/Scope: Event Processing Maven Plugin:compile
surefire-api-2.4.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.tibco.ep/ep-maven-plugin@2.2.1

Identifiers

wagon-provider-api-3.3.3.jar

Description:

Maven Wagon API that defines the contract between different Wagon implementations

File Path: /Users/rkrajews/.m2/ep-dev-repository/org/apache/maven/wagon/wagon-provider-api/3.3.3/wagon-provider-api-3.3.3.jar
MD5: 7bc782d8454eb492805a041ccfa1aa75
SHA1: 4b3b80a58fe499e5b810d635334b1143887b982e
SHA256:1ddf6c055a3d6820357b1f6e87463f8bc3c6a672684c00c6d3158eb56ba4a207
Referenced In Project/Scope: Event Processing Maven Plugin:compile
wagon-provider-api-3.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-compat@3.8.8

Identifiers

xz-1.9.jar

Description:

XZ data compression

License:

Public Domain
File Path: /Users/rkrajews/.m2/ep-dev-repository/org/tukaani/xz/1.9/xz-1.9.jar
MD5: 57c2fbfeb55e307ccae52e5322082e02
SHA1: 1ea4bec1a921180164852c65006d928617bd2caf
SHA256:211b306cfc44f8f96df3a0a3ddaf75ba8c5289eed77d60d72f889bb855f535e5
Referenced In Project/Scope: Event Processing Maven Plugin:runtime
xz-1.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

zstd-jni-1.5.5-11.jar

Description:

JNI bindings for Zstd native library that provides fast and high compression lossless algorithm for Java and all JVM languages.

License:

BSD 2-Clause License: https://opensource.org/licenses/BSD-2-Clause
File Path: /Users/rkrajews/.m2/ep-dev-repository/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.jar
MD5: 00977099d76d2c01a7b19263375ee42e
SHA1: ca6ab366315e179dd80645aad4a60bab959c6523
SHA256:d75b2ced6059f81ad23e021c554259b906b6c4f2991cb772409827569ead4c1a
Referenced In Project/Scope: Event Processing Maven Plugin:runtime
zstd-jni-1.5.5-11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.7.1

Identifiers

zstd-jni-1.5.5-11.jar: libzstd-jni-1.5.5-11.dll

File Path: /Users/rkrajews/.m2/ep-dev-repository/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.jar/win/aarch64/libzstd-jni-1.5.5-11.dll
MD5: 3c42e914725869f2ad90eb3ddb418524
SHA1: fdd7d968eb3a348f6bf562b298b3a165e0e73e4e
SHA256:c368030edfc9f9caf92b89b832e65c84d29757a35df4641decd907e4f0229a59
Referenced In Project/Scope: Event Processing Maven Plugin:runtime

Identifiers

  • None

zstd-jni-1.5.5-11.jar: libzstd-jni-1.5.5-11.dll

File Path: /Users/rkrajews/.m2/ep-dev-repository/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.jar/win/amd64/libzstd-jni-1.5.5-11.dll
MD5: 1521a503cd2ed6d7547e6c7e6abb229c
SHA1: 9330785beba7881cc72c7f68cc87537a9a11cfc9
SHA256:8f753fa694b1c60651e79cedd916268e6c4034e921a61633a8f2ad934817edd2
Referenced In Project/Scope: Event Processing Maven Plugin:runtime

Identifiers

  • None

zstd-jni-1.5.5-11.jar: libzstd-jni-1.5.5-11.dll

File Path: /Users/rkrajews/.m2/ep-dev-repository/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.jar/win/x86/libzstd-jni-1.5.5-11.dll
MD5: f73208a58a031c84e5dee99a15f865ff
SHA1: 8e91341f71ee4a73e1c94b80ae1c846a663e0d61
SHA256:8173736b15a732f2be19137fe0ff2336d416c8c60b914e9600f3a5012584f9d1
Referenced In Project/Scope: Event Processing Maven Plugin:runtime

Identifiers

  • None


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.