Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 8.3.1Report Generated On : Sat, 12 Aug 2023 00:18:21 GMTDependencies Scanned : 168 (167 unique)Vulnerable Dependencies : 12 Vulnerabilities Found : 15Vulnerabilities Suppressed : 0 ... NVD CVE Checked : 2023-08-12T00:17:40NVD CVE Modified : 2023-08-12T00:00:05VersionCheckOn : 2023-08-12T00:18:01kev.checked : 1691799482Summary Display:
Showing Vulnerable Dependencies (click to show all) aether-api-1.0.0.v20140518.jarDescription:
The application programming interface for the repository system.
License:
http://www.eclipse.org/legal/epl-v10.html File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.eclipse.aether/aether-api/1.0.0.v20140518/be68e917f454dcd841865ad7cf9b7615b26a51f7/aether-api-1.0.0.v20140518.jar
MD5: b05ef5410dad83a4e9ba50e08e0dbbf4
SHA1: be68e917f454dcd841865ad7cf9b7615b26a51f7
SHA256: 84b98521684ab22f9528470fa6d8ab68a230e1b211623c989ba7016c306eb773
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath aether-api-1.0.0.v20140518.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name aether-api High Vendor gradle artifactid aether-api Highest Vendor gradle groupid org.eclipse.aether Highest Vendor jar package name aether Highest Vendor jar package name eclipse Highest Vendor jar package name repository Highest Vendor Manifest bundle-docurl http://www.eclipse.org/aether/aether-api/ Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.eclipse.aether.api Medium Vendor pom artifactid aether-api Low Vendor pom groupid org.eclipse.aether Highest Vendor pom name Aether API High Vendor pom parent-artifactid aether Low Product file name aether-api High Product gradle artifactid aether-api Highest Product jar package name aether Highest Product jar package name eclipse Highest Product jar package name repository Highest Product Manifest bundle-docurl http://www.eclipse.org/aether/aether-api/ Low Product Manifest Bundle-Name Aether API Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.eclipse.aether.api Medium Product pom artifactid aether-api Highest Product pom groupid org.eclipse.aether Highest Product pom name Aether API High Product pom parent-artifactid aether Medium Version file version 1.0.0.v20140518 High Version gradle version 1.0.0.v20140518 Highest Version Manifest Bundle-Version 1.0.0.v20140518 High Version pom version 1.0.0.v20140518 Highest
aether-impl-1.0.0.v20140518.jarDescription:
An implementation of the repository system.
License:
http://www.eclipse.org/legal/epl-v10.html File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.eclipse.aether/aether-impl/1.0.0.v20140518/a5ee67be2c99dfb95ad61235d749c92ae09c926e/aether-impl-1.0.0.v20140518.jar
MD5: 819d1c095629b2bd9ed0980395c91b7d
SHA1: a5ee67be2c99dfb95ad61235d749c92ae09c926e
SHA256: 9a9b60e685385225f08e662cb9f60d96610b0987f0f47bbf3f0c92df8a897d00
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath aether-impl-1.0.0.v20140518.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name aether-impl High Vendor gradle artifactid aether-impl Highest Vendor gradle groupid org.eclipse.aether Highest Vendor jar package name aether Highest Vendor jar package name eclipse Highest Vendor jar package name impl Highest Vendor Manifest bundle-docurl http://www.eclipse.org/aether/aether-impl/ Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.eclipse.aether.impl Medium Vendor pom artifactid aether-impl Low Vendor pom groupid org.eclipse.aether Highest Vendor pom name Aether Implementation High Vendor pom parent-artifactid aether Low Product file name aether-impl High Product gradle artifactid aether-impl Highest Product jar package name aether Highest Product jar package name eclipse Highest Product jar package name impl Highest Product Manifest bundle-docurl http://www.eclipse.org/aether/aether-impl/ Low Product Manifest Bundle-Name Aether Implementation Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.eclipse.aether.impl Medium Product pom artifactid aether-impl Highest Product pom groupid org.eclipse.aether Highest Product pom name Aether Implementation High Product pom parent-artifactid aether Medium Version file version 1.0.0.v20140518 High Version gradle version 1.0.0.v20140518 Highest Version Manifest Bundle-Version 1.0.0.v20140518 High Version pom version 1.0.0.v20140518 Highest
aether-spi-1.0.0.v20140518.jarDescription:
The service provider interface for repository system implementations and repository connectors.
License:
http://www.eclipse.org/legal/epl-v10.html File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.eclipse.aether/aether-spi/1.0.0.v20140518/985a9a12b904fb3bafd4dc6b49f6a084845703a1/aether-spi-1.0.0.v20140518.jar
MD5: 51c5870c01f48af3231ce6499464827a
SHA1: 985a9a12b904fb3bafd4dc6b49f6a084845703a1
SHA256: a3266d127a4e9f4aa9c4fa0986e31eec784e866f79112e1840d1667e17c10fb2
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath aether-spi-1.0.0.v20140518.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name aether-spi High Vendor gradle artifactid aether-spi Highest Vendor gradle groupid org.eclipse.aether Highest Vendor jar package name aether Highest Vendor jar package name eclipse Highest Vendor jar package name spi Highest Vendor Manifest bundle-docurl http://www.eclipse.org/aether/aether-spi/ Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.eclipse.aether.spi Medium Vendor pom artifactid aether-spi Low Vendor pom groupid org.eclipse.aether Highest Vendor pom name Aether SPI High Vendor pom parent-artifactid aether Low Product file name aether-spi High Product gradle artifactid aether-spi Highest Product jar package name aether Highest Product jar package name eclipse Highest Product jar package name spi Highest Product Manifest bundle-docurl http://www.eclipse.org/aether/aether-spi/ Low Product Manifest Bundle-Name Aether SPI Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.eclipse.aether.spi Medium Product pom artifactid aether-spi Highest Product pom groupid org.eclipse.aether Highest Product pom name Aether SPI High Product pom parent-artifactid aether Medium Version file version 1.0.0.v20140518 High Version gradle version 1.0.0.v20140518 Highest Version Manifest Bundle-Version 1.0.0.v20140518 High Version pom version 1.0.0.v20140518 Highest
aether-util-1.0.0.v20140518.jarDescription:
A collection of utility classes to ease usage of the repository system.
License:
http://www.eclipse.org/legal/epl-v10.html File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.eclipse.aether/aether-util/1.0.0.v20140518/7df5ba98ce8b78985d75fdd8c2981fe69234ef85/aether-util-1.0.0.v20140518.jar
MD5: 08495ee7ecf90f0b528e7d65471532af
SHA1: 7df5ba98ce8b78985d75fdd8c2981fe69234ef85
SHA256: aff0951639837c4e3a4699a421fa79f410032f603f5c6a5bba435e98531f3984
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath aether-util-1.0.0.v20140518.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name aether-util High Vendor gradle artifactid aether-util Highest Vendor gradle groupid org.eclipse.aether Highest Vendor jar package name aether Highest Vendor jar package name eclipse Highest Vendor jar package name repository Highest Vendor jar package name util Highest Vendor Manifest bundle-docurl http://www.eclipse.org/aether/aether-util/ Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.eclipse.aether.util Medium Vendor pom artifactid aether-util Low Vendor pom groupid org.eclipse.aether Highest Vendor pom name Aether Utilities High Vendor pom parent-artifactid aether Low Product file name aether-util High Product gradle artifactid aether-util Highest Product jar package name aether Highest Product jar package name eclipse Highest Product jar package name repository Highest Product jar package name util Highest Product Manifest bundle-docurl http://www.eclipse.org/aether/aether-util/ Low Product Manifest Bundle-Name Aether Utilities Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.eclipse.aether.util Medium Product pom artifactid aether-util Highest Product pom groupid org.eclipse.aether Highest Product pom name Aether Utilities High Product pom parent-artifactid aether Medium Version file version 1.0.0.v20140518 High Version gradle version 1.0.0.v20140518 Highest Version Manifest Bundle-Version 1.0.0.v20140518 High Version pom version 1.0.0.v20140518 Highest
annotations-13.0.jarDescription:
A set of annotations used for code inspection support and code documentation. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains/annotations/13.0/919f0dfe192fb4e063e7dacadee7f8bb9a2672a9/annotations-13.0.jar
MD5: f4fb462172517b46b6cd90003508515a
SHA1: 919f0dfe192fb4e063e7dacadee7f8bb9a2672a9
SHA256: ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478
Referenced In Projects/Scopes: documentation:javadocClasspath quicktype-plugin:kotlinCompilerPluginClasspathMain maven-plugin-plugin:compileClasspath okhttp-plugin:runtimeClasspath quicktype-plugin:apiDependenciesMetadata quicktype-plugin:kotlinKlibCommonizerClasspath maven-plugin-plugin:runtimeClasspath okhttp-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata quicktype-plugin:runtimeClasspath github-plugin:compileClasspath quicktype-plugin:kotlinCompilerPluginClasspathTest quicktype-plugin:compileClasspath github-plugin:runtimeClasspath maven-plugin:compileClasspath maven-plugin:runtimeClasspath quicktype-plugin:kotlinCompilerClasspath annotations-13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.8.20 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/org.jetbrains.kotlin/kotlin-compiler-embeddable@1.8.20 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.8.20 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 Evidence Type Source Name Value Confidence Vendor file name annotations High Vendor gradle artifactid annotations Highest Vendor gradle groupid org.jetbrains Highest Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name intellij Highest Vendor jar package name intellij Low Vendor jar package name jetbrains Highest Vendor jar package name lang Low Vendor pom artifactid annotations Low Vendor pom developer id JetBrains Medium Vendor pom developer name JetBrains Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL http://www.jetbrains.com Medium Vendor pom groupid org.jetbrains Highest Vendor pom name IntelliJ IDEA Annotations High Vendor pom url http://www.jetbrains.org Highest Product file name annotations High Product gradle artifactid annotations Highest Product jar package name annotations Highest Product jar package name annotations Low Product jar package name intellij Highest Product jar package name jetbrains Highest Product jar package name lang Low Product pom artifactid annotations Highest Product pom developer id JetBrains Low Product pom developer name JetBrains Team Low Product pom developer org JetBrains Low Product pom developer org URL http://www.jetbrains.com Low Product pom groupid org.jetbrains Highest Product pom name IntelliJ IDEA Annotations High Product pom url http://www.jetbrains.org Medium Version file version 13.0 High Version gradle version 13.0 Highest Version pom version 13.0 Highest
aopalliance-1.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/aopalliance/aopalliance/1.0/235ba8b489512805ac13a8f9ea77a1ca5ebe3e8/aopalliance-1.0.jarMD5: 04177054e180d09e3998808efa0401c7SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8SHA256: 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath aopalliance-1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name aopalliance High Vendor gradle artifactid aopalliance Highest Vendor gradle groupid aopalliance Highest Vendor jar package name aopalliance Low Vendor jar package name intercept Low Product file name aopalliance High Product gradle artifactid aopalliance Highest Product jar package name intercept Low Version file name aopalliance Medium Version file version 1.0 High Version gradle version 1.0 Highest
apiguardian-api-1.1.2.jarDescription:
@API Guardian File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apiguardian/apiguardian-api/1.1.2/a231e0d844d2721b0fa1b238006d15c6ded6842a/apiguardian-api-1.1.2.jarMD5: 8c7de3f82037fa4a2e8be2a2f13092afSHA1: a231e0d844d2721b0fa1b238006d15c6ded6842aSHA256: b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38Referenced In Project/Scope: test-common:compileClasspathapiguardian-api-1.1.2.jar is in the transitive dependency tree of the listed items. Included by:
pkg:maven/org.junit/junit-bom@5.10.0 pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.0 Evidence Type Source Name Value Confidence Vendor file name apiguardian-api High Vendor gradle artifactid apiguardian-api Highest Vendor gradle groupid org.apiguardian Highest Vendor jar package name api Low Vendor jar package name apiguardian Highest Vendor jar package name apiguardian Low Vendor Manifest build-date 2021-06-27 Low Vendor Manifest build-revision aa952a1b9d5b4e9cc0af853e2c140c2455b397be Low Vendor Manifest build-time 14:53:10.089+0200 Low Vendor Manifest bundle-docurl https://github.com/apiguardian-team/apiguardian Low Vendor Manifest bundle-symbolicname org.apiguardian.api Medium Vendor Manifest Implementation-Vendor apiguardian.org High Vendor Manifest specification-vendor apiguardian.org Low Product file name apiguardian-api High Product gradle artifactid apiguardian-api Highest Product jar package name api Highest Product jar package name api Low Product jar package name apiguardian Highest Product Manifest build-date 2021-06-27 Low Product Manifest build-revision aa952a1b9d5b4e9cc0af853e2c140c2455b397be Low Product Manifest build-time 14:53:10.089+0200 Low Product Manifest bundle-docurl https://github.com/apiguardian-team/apiguardian Low Product Manifest Bundle-Name apiguardian-api Medium Product Manifest bundle-symbolicname org.apiguardian.api Medium Product Manifest Implementation-Title apiguardian-api High Product Manifest specification-title apiguardian-api Medium Version file version 1.1.2 High Version Manifest Implementation-Version 1.1.2 High
asm-9.5.jarLicense:
BSD-3-Clause;link=https://asm.ow2.io/LICENSE.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.ow2.asm/asm/9.5/dc6ea1875f4d64fbc85e1691c95b96a3d8569c90/asm-9.5.jar
MD5: 29721ee4b5eacf0a34b204c345c8bc69
SHA1: dc6ea1875f4d64fbc85e1691c95b96a3d8569c90
SHA256: b62e84b5980729751b0458c534cf1366f727542bb8d158621335682a460f0353
Referenced In Projects/Scopes: quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAnt maven-plugin-plugin:compileClasspath aspectj-plugin:jacocoAnt jacoco-plugin:jacocoAnt maven-plugin-plugin:runtimeClasspath plugin-utils:jacocoAnt maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath mkdocs-plugin:jacocoAnt plantuml-plugin:jacocoAnt github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt lombok-plugin:jacocoAnt test-common:jacocoAnt test-code-generator:jacocoAnt code-generator-plugin:jacocoAnt git-plugin:jacocoAnt asm-9.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 Evidence Type Source Name Value Confidence Vendor file name asm High Vendor gradle artifactid asm Highest Vendor gradle groupid org.ow2.asm Highest Vendor jar package name asm Highest Vendor jar package name asm Low Vendor jar package name objectweb Highest Vendor jar package name objectweb Low Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Product file name asm High Product gradle artifactid asm Highest Product jar package name asm Highest Product jar package name asm Low Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm Medium Product Manifest Implementation-Title ASM, a very small and fast Java bytecode manipulation framework High Version file version 9.5 High Version Manifest Implementation-Version 9.5 High
asm-analysis-9.5.jarLicense:
BSD-3-Clause;link=https://asm.ow2.io/LICENSE.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.ow2.asm/asm-analysis/9.5/490bacc77de7cbc0be1a30bb3471072d705be4a4/asm-analysis-9.5.jar
MD5: 4df0adafc78ebba404d4037987d36b61
SHA1: 490bacc77de7cbc0be1a30bb3471072d705be4a4
SHA256: 39f1cf1791335701c3b02cae7b2bc21057ec9a55b2240789cb6d552b2b2c62fa
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath asm-analysis-9.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 Evidence Type Source Name Value Confidence Vendor file name asm-analysis High Vendor gradle artifactid asm-analysis Highest Vendor gradle groupid org.ow2.asm Highest Vendor jar package name analysis Highest Vendor jar package name asm Highest Vendor jar package name asm Low Vendor jar package name objectweb Highest Vendor jar package name objectweb Low Vendor jar package name tree Highest Vendor jar package name tree Low Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.tree.analysis Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true Low Product file name asm-analysis High Product gradle artifactid asm-analysis Highest Product jar package name analysis Highest Product jar package name analysis Low Product jar package name asm Highest Product jar package name asm Low Product jar package name objectweb Highest Product jar package name tree Highest Product jar package name tree Low Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.tree.analysis Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.tree.analysis Medium Product Manifest Implementation-Title Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true Low Version file version 9.5 High Version Manifest Implementation-Version 9.5 High
asm-commons-9.5.jarLicense:
BSD-3-Clause;link=https://asm.ow2.io/LICENSE.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.ow2.asm/asm-commons/9.5/19ab5b5800a3910d30d3a3e64fdb00fd0cb42de0/asm-commons-9.5.jar
MD5: 7d1fce986192f71722b19754e4cb9e61
SHA1: 19ab5b5800a3910d30d3a3e64fdb00fd0cb42de0
SHA256: 72eee9fbafb9de8d9463f20dd584a48ceeb7e5152ad4c987bfbe17dd4811c9ae
Referenced In Projects/Scopes: quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAnt maven-plugin-plugin:compileClasspath aspectj-plugin:jacocoAnt jacoco-plugin:jacocoAnt maven-plugin-plugin:runtimeClasspath plugin-utils:jacocoAnt maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath mkdocs-plugin:jacocoAnt plantuml-plugin:jacocoAnt github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt lombok-plugin:jacocoAnt test-common:jacocoAnt test-code-generator:jacocoAnt code-generator-plugin:jacocoAnt git-plugin:jacocoAnt asm-commons-9.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 Evidence Type Source Name Value Confidence Vendor file name asm-commons High Vendor gradle artifactid asm-commons Highest Vendor gradle groupid org.ow2.asm Highest Vendor jar package name asm Highest Vendor jar package name asm Low Vendor jar package name commons Highest Vendor jar package name commons Low Vendor jar package name objectweb Highest Vendor jar package name objectweb Low Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.commons Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true Low Product file name asm-commons High Product gradle artifactid asm-commons Highest Product jar package name asm Highest Product jar package name asm Low Product jar package name commons Highest Product jar package name commons Low Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.commons Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.commons Medium Product Manifest Implementation-Title Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true Low Version file version 9.5 High Version Manifest Implementation-Version 9.5 High
asm-tree-9.5.jarLicense:
BSD-3-Clause;link=https://asm.ow2.io/LICENSE.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.ow2.asm/asm-tree/9.5/fd33c8b6373abaa675be407082fdfda35021254a/asm-tree-9.5.jar
MD5: 44755681b7d6fa7143afbb438e55c20c
SHA1: fd33c8b6373abaa675be407082fdfda35021254a
SHA256: 3c33a648191079aeaeaeb7c19a49b153952f9e40fe86fbac5205554ddd9acd94
Referenced In Projects/Scopes: quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAnt maven-plugin-plugin:compileClasspath aspectj-plugin:jacocoAnt jacoco-plugin:jacocoAnt maven-plugin-plugin:runtimeClasspath plugin-utils:jacocoAnt maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath mkdocs-plugin:jacocoAnt plantuml-plugin:jacocoAnt github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt lombok-plugin:jacocoAnt test-common:jacocoAnt test-code-generator:jacocoAnt code-generator-plugin:jacocoAnt git-plugin:jacocoAnt asm-tree-9.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 Evidence Type Source Name Value Confidence Vendor file name asm-tree High Vendor gradle artifactid asm-tree Highest Vendor gradle groupid org.ow2.asm Highest Vendor jar package name asm Highest Vendor jar package name asm Low Vendor jar package name objectweb Highest Vendor jar package name objectweb Low Vendor jar package name tree Highest Vendor jar package name tree Low Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.tree Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true Low Product file name asm-tree High Product gradle artifactid asm-tree Highest Product jar package name asm Highest Product jar package name asm Low Product jar package name objectweb Highest Product jar package name tree Highest Product jar package name tree Low Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.tree Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.tree Medium Product Manifest Implementation-Title Tree API of ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true Low Version file version 9.5 High Version Manifest Implementation-Version 9.5 High
asm-util-9.5.jarLicense:
BSD-3-Clause;link=https://asm.ow2.io/LICENSE.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.ow2.asm/asm-util/9.5/64b5a1fc8c1b15ed2efd6a063e976bc8d3dc5ffe/asm-util-9.5.jar
MD5: ad0016249fb68bb9196babefd47b80dc
SHA1: 64b5a1fc8c1b15ed2efd6a063e976bc8d3dc5ffe
SHA256: c467f1bb3c08888f47243e2d475209b34a772d627e44fca06752e18bb038bd74
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath asm-util-9.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 Evidence Type Source Name Value Confidence Vendor file name asm-util High Vendor gradle artifactid asm-util Highest Vendor gradle groupid org.ow2.asm Highest Vendor jar package name asm Highest Vendor jar package name asm Low Vendor jar package name objectweb Highest Vendor jar package name objectweb Low Vendor jar package name util Highest Vendor jar package name util Low Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.util Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Product file name asm-util High Product gradle artifactid asm-util Highest Product jar package name asm Highest Product jar package name asm Low Product jar package name objectweb Highest Product jar package name util Highest Product jar package name util Low Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.util Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.util Medium Product Manifest Implementation-Title Utilities for ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Version file version 9.5 High Version Manifest Implementation-Version 9.5 High
aspectj-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/aspectj-plugin/build/libs/aspectj-plugin-8.2.2.jarMD5: 5150603daf79adb5e89ef62ae3ab46d8SHA1: 82f91f29a77295bbf834e67f41e8fc3f527b1acfSHA256: 707f896bde9783a8a8be9db53497195c41cb8f0b76b4c2e60211b2418c6246b7Referenced In Project/Scope: documentation:javadocClasspathaspectj-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name aspectj-plugin High Vendor gradle artifactid aspectj-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name aspectj-plugin High Product gradle artifactid aspectj-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
assertj-core-3.24.2.jarDescription:
Rich and fluent assertions for testing in Java License:
"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.assertj/assertj-core/3.24.2/ebbf338e33f893139459ce5df023115971c2786f/assertj-core-3.24.2.jar
MD5: b596a91049e6ce526bc5595c1bebea2c
SHA1: ebbf338e33f893139459ce5df023115971c2786f
SHA256: df3d0b348f1fe806bdddcb10fa4ae63c6679e9888d4bc7055f09848517976aa3
Referenced In Projects/Scopes: documentation:javadocClasspath test-common:compileClasspath test-common:runtimeClasspath assertj-core-3.24.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/io.freefair.gradle/test-common@8.2.2 Evidence Type Source Name Value Confidence Vendor file name assertj-core High Vendor gradle artifactid assertj-core Highest Vendor gradle groupid org.assertj Highest Vendor jar package name assertions Highest Vendor jar package name assertj Highest Vendor jar package name core Highest Vendor Manifest bundle-developers joel-costigliola;email="joel.costigliola at gmail.com";name="Joel Costigliola";roles="Owner,Developer",scordio;name="Stefano Cordio";roles=Developer,PascalSchumacher;name="Pascal Schumacher";roles=Developer,epeee;name="Erhard Pointl";roles=Developer,croesch;name="Christian Rösch";roles=Developer,VanRoy;name="Julien Roy";roles=Developer,regis1512;name="Régis Pouiller";roles=Developer,fbiville;name="Florent Biville";roles=Developer,Patouche;name="Patrick Allain";roles=Developer Low Vendor Manifest bundle-docurl https://assertj.github.io/doc/#assertj-core Low Vendor Manifest bundle-symbolicname assertj-core Medium Vendor Manifest multi-release true Low Vendor pom artifactid assertj-core Low Vendor pom groupid org.assertj Highest Vendor pom name AssertJ Core High Vendor pom parent-artifactid assertj-parent Low Vendor pom url # Highest Product file name assertj-core High Product gradle artifactid assertj-core Highest Product jar package name assertions Highest Product jar package name assertj Highest Product jar package name core Highest Product Manifest bundle-developers joel-costigliola;email="joel.costigliola at gmail.com";name="Joel Costigliola";roles="Owner,Developer",scordio;name="Stefano Cordio";roles=Developer,PascalSchumacher;name="Pascal Schumacher";roles=Developer,epeee;name="Erhard Pointl";roles=Developer,croesch;name="Christian Rösch";roles=Developer,VanRoy;name="Julien Roy";roles=Developer,regis1512;name="Régis Pouiller";roles=Developer,fbiville;name="Florent Biville";roles=Developer,Patouche;name="Patrick Allain";roles=Developer Low Product Manifest bundle-docurl https://assertj.github.io/doc/#assertj-core Low Product Manifest Bundle-Name AssertJ Core Medium Product Manifest bundle-symbolicname assertj-core Medium Product Manifest multi-release true Low Product pom artifactid assertj-core Highest Product pom groupid org.assertj Highest Product pom name AssertJ Core High Product pom parent-artifactid assertj-parent Medium Product pom url # Medium Version file version 3.24.2 High Version gradle version 3.24.2 Highest Version Manifest Bundle-Version 3.24.2 High Version pom version 3.24.2 Highest
byte-buddy-1.12.21.jarDescription:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/net.bytebuddy/byte-buddy/1.12.21/1a257bbdb9288f2558d3767cc2cc22b499d5091c/byte-buddy-1.12.21.jar
MD5: 50a7c31e5a3b01c15df6a5415e7b3cdb
SHA1: 1a257bbdb9288f2558d3767cc2cc22b499d5091c
SHA256: f6f45c2237a7f132c16745ad2a52c4cdde58028b11ee80b09f0d422f4930d685
Referenced In Projects/Scopes: documentation:javadocClasspath test-common:compileClasspath test-common:runtimeClasspath byte-buddy-1.12.21.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/org.assertj/assertj-core@3.24.2 pkg:maven/org.assertj/assertj-core@3.24.2 Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor gradle artifactid byte-buddy Highest Vendor gradle groupid net.bytebuddy Highest Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product gradle artifactid byte-buddy Highest Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.12.21 High Version gradle version 1.12.21 Highest Version Manifest Bundle-Version 1.12.21 High Version pom version 1.12.21 Highest
cdi-api-1.2.jarDescription:
APIs for CDI (Contexts and Dependency Injection for Java EE) License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/runner/.gradle/caches/modules-2/files-2.1/javax.enterprise/cdi-api/1.2/53bba91dc3968adf411e076df020cf207283d7dc/cdi-api-1.2.jar
MD5: 2a8c973affa178efb89e6c50f78d79da
SHA1: 53bba91dc3968adf411e076df020cf207283d7dc
SHA256: cc5ce2cbc62fe96bf59af00bba00bde823a1094462b4364747863510b76c0518
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath cdi-api-1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name cdi-api High Vendor gradle artifactid cdi-api Highest Vendor gradle groupid javax.enterprise Highest Vendor jar package name enterprise Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl http://jboss.org Low Vendor Manifest bundle-symbolicname javax.enterprise.cdi-api Medium Vendor Manifest implementation-url http://cdi-spec.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat, Inc. High Vendor Manifest specification-vendor JBoss by Red Hat, Inc. Low Vendor pom artifactid cdi-api Low Vendor pom developer email asd[at]redhat[dot]com Low Vendor pom developer email jhartinger[at]redhat[dot]com Low Vendor pom developer email mkouba[at]redhat[dot]com Low Vendor pom developer email pmuir[at]redhat[dot]com Low Vendor pom developer email struberg[at]yahoo[dot]de Low Vendor pom developer id asabotdu Medium Vendor pom developer id jhartinger Medium Vendor pom developer id mkouba Medium Vendor pom developer id mstruberg Medium Vendor pom developer id pmuir Medium Vendor pom developer name Antoine Sabot-Durand Medium Vendor pom developer name Jozef Hartinger Medium Vendor pom developer name Mark Struberg Medium Vendor pom developer name Martin Kouba Medium Vendor pom developer name Pete Muir Medium Vendor pom developer org Red Hat Inc. Medium Vendor pom groupid javax.enterprise Highest Vendor pom name CDI APIs High Vendor pom organization name JBoss by Red Hat, Inc. High Vendor pom organization url http://jboss.org Medium Vendor pom parent-artifactid weld-parent Low Vendor pom parent-groupid org.jboss.weld Medium Vendor pom url http://cdi-spec.org Highest Product file name cdi-api High Product gradle artifactid cdi-api Highest Product jar package name enterprise Highest Product jar package name javax Highest Product Manifest bundle-docurl http://jboss.org Low Product Manifest Bundle-Name CDI APIs Medium Product Manifest bundle-symbolicname javax.enterprise.cdi-api Medium Product Manifest Implementation-Title CDI APIs High Product Manifest implementation-url http://cdi-spec.org Low Product Manifest specification-title CDI APIs Medium Product pom artifactid cdi-api Highest Product pom developer email asd[at]redhat[dot]com Low Product pom developer email jhartinger[at]redhat[dot]com Low Product pom developer email mkouba[at]redhat[dot]com Low Product pom developer email pmuir[at]redhat[dot]com Low Product pom developer email struberg[at]yahoo[dot]de Low Product pom developer id asabotdu Low Product pom developer id jhartinger Low Product pom developer id mkouba Low Product pom developer id mstruberg Low Product pom developer id pmuir Low Product pom developer name Antoine Sabot-Durand Low Product pom developer name Jozef Hartinger Low Product pom developer name Mark Struberg Low Product pom developer name Martin Kouba Low Product pom developer name Pete Muir Low Product pom developer org Red Hat Inc. Low Product pom groupid javax.enterprise Highest Product pom name CDI APIs High Product pom organization name JBoss by Red Hat, Inc. Low Product pom organization url http://jboss.org Low Product pom parent-artifactid weld-parent Medium Product pom parent-groupid org.jboss.weld Medium Product pom url http://cdi-spec.org Medium Version file version 1.2 High Version gradle version 1.2 Highest Version pom parent-version 1.2 Low Version pom version 1.2 Highest
classgraph-4.8.149.jarDescription:
The uber-fast, ultra-lightweight classpath and module scanner for JVM languages. License:
The MIT License (MIT): http://opensource.org/licenses/MIT File Path: /home/runner/.gradle/caches/modules-2/files-2.1/io.github.classgraph/classgraph/4.8.149/4bc2f188bc9001473d4a26ac488c2ae1a3e906de/classgraph-4.8.149.jar
MD5: 7fca2eb70908395af9ac43858b428c35
SHA1: 4bc2f188bc9001473d4a26ac488c2ae1a3e906de
SHA256: ece8abfe1277450a8b95e57fc56991dca1fd42ffefdad88f65fe171ac576f604
Referenced In Projects/Scopes: embedded-sass-plugin:runtimeClasspath embedded-sass-plugin:compileClasspath classgraph-4.8.149.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.webjars/webjars-locator-core@0.53 pkg:maven/org.webjars/webjars-locator-core@0.53 Evidence Type Source Name Value Confidence Vendor file name classgraph High Vendor gradle artifactid classgraph Highest Vendor gradle groupid io.github.classgraph Highest Vendor jar package name classgraph Highest Vendor jar package name github Highest Vendor jar package name io Highest Vendor jar package name scanner Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-category Utilities Low Vendor Manifest bundle-symbolicname io.github.classgraph.classgraph Medium Vendor Manifest multi-release true Low Vendor pom artifactid classgraph Low Vendor pom developer email luke.hutch@gmail.com Low Vendor pom developer name Luke Hutchison Medium Vendor pom developer org ClassGraph Medium Vendor pom developer org URL https://github.com/classgraph Medium Vendor pom groupid io.github.classgraph Highest Vendor pom name ClassGraph High Vendor pom url classgraph/classgraph Highest Product file name classgraph High Product gradle artifactid classgraph Highest Product jar package name classgraph Highest Product jar package name github Highest Product jar package name io Highest Product jar package name scanner Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-category Utilities Low Product Manifest Bundle-Name ClassGraph Medium Product Manifest bundle-symbolicname io.github.classgraph.classgraph Medium Product Manifest Implementation-Title ClassGraph High Product Manifest multi-release true Low Product Manifest specification-title ClassGraph Medium Product pom artifactid classgraph Highest Product pom developer email luke.hutch@gmail.com Low Product pom developer name Luke Hutchison Low Product pom developer org ClassGraph Low Product pom developer org URL https://github.com/classgraph Low Product pom groupid io.github.classgraph Highest Product pom name ClassGraph High Product pom url classgraph/classgraph High Version file version 4.8.149 High Version gradle version 4.8.149 Highest Version Manifest Bundle-Version 4.8.149 High Version Manifest Implementation-Version 4.8.149 High Version pom version 4.8.149 Highest
classgraph-4.8.162.jarDescription:
The uber-fast, ultra-lightweight classpath and module scanner for JVM languages. License:
The MIT License (MIT): http://opensource.org/licenses/MIT File Path: /home/runner/.gradle/caches/modules-2/files-2.1/io.github.classgraph/classgraph/4.8.162/85bc1625bc8aac51ad32971ebb26a3e35cb97356/classgraph-4.8.162.jar
MD5: 3ded56585fa8cb2900b1abc98386553f
SHA1: 85bc1625bc8aac51ad32971ebb26a3e35cb97356
SHA256: ea30b2d5e29e89d52706bcecf7a6ae3b44682d4a1566a5f22b9453f9be2a970c
Referenced In Projects/Scopes: documentation:javadocClasspath code-generator-plugin:compileClasspath code-generator-plugin:runtimeClasspath classgraph-4.8.162.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/code-generator-plugin@8.2.2 pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/code-generator-plugin@8.2.2 pkg:maven/io.freefair.gradle/code-generator-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name classgraph High Vendor gradle artifactid classgraph Highest Vendor gradle groupid io.github.classgraph Highest Vendor jar package name classgraph Highest Vendor jar package name github Highest Vendor jar package name io Highest Vendor jar package name scanner Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-category Utilities Low Vendor Manifest bundle-symbolicname io.github.classgraph.classgraph Medium Vendor Manifest multi-release true Low Vendor pom artifactid classgraph Low Vendor pom developer email luke.hutch@gmail.com Low Vendor pom developer name Luke Hutchison Medium Vendor pom developer org ClassGraph Medium Vendor pom developer org URL https://github.com/classgraph Medium Vendor pom groupid io.github.classgraph Highest Vendor pom name ClassGraph High Vendor pom url classgraph/classgraph Highest Product file name classgraph High Product gradle artifactid classgraph Highest Product jar package name classgraph Highest Product jar package name github Highest Product jar package name io Highest Product jar package name scanner Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-category Utilities Low Product Manifest Bundle-Name ClassGraph Medium Product Manifest bundle-symbolicname io.github.classgraph.classgraph Medium Product Manifest Implementation-Title ClassGraph High Product Manifest multi-release true Low Product Manifest specification-title ClassGraph Medium Product pom artifactid classgraph Highest Product pom developer email luke.hutch@gmail.com Low Product pom developer name Luke Hutchison Low Product pom developer org ClassGraph Low Product pom developer org URL https://github.com/classgraph Low Product pom groupid io.github.classgraph Highest Product pom name ClassGraph High Product pom url classgraph/classgraph High Version file version 4.8.162 High Version gradle version 4.8.162 Highest Version Manifest Bundle-Version 4.8.162 High Version Manifest Implementation-Version 4.8.162 High Version pom version 4.8.162 Highest
code-generator-api-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/code-generator-api/build/libs/code-generator-api-8.2.2.jarMD5: 69422261505f972198d1e34afc6560a0SHA1: 0288750ae7ad8390b640121167f49c4285a155e3SHA256: 2c6980ffd4f98b21008ae87a4edef5a946a969352ca01c852d83485a5f17f868Referenced In Projects/Scopes:
documentation:javadocClasspath code-generator-plugin:compileClasspath test-code-generator:compileClasspath test-code-generator:runtimeClasspath code-generator-plugin:runtimeClasspath code-generator-api-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/code-generator-plugin@8.2.2 pkg:maven/io.freefair.gradle/test-code-generator@8.2.2 pkg:maven/io.freefair.gradle/documentation@8.2.2 pkg:maven/io.freefair.gradle/code-generator-plugin@8.2.2 pkg:maven/io.freefair.gradle/code-generator-plugin@8.2.2 pkg:maven/io.freefair.gradle/test-code-generator@8.2.2 pkg:maven/io.freefair.gradle/test-code-generator@8.2.2 Evidence Type Source Name Value Confidence Vendor file name code-generator-api High Vendor gradle artifactid code-generator-api Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name code-generator-api High Product gradle artifactid code-generator-api Highest Product jar package name codegenerator Low Product jar package name freefair Low Product jar package name gradle Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
code-generator-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/code-generator-plugin/build/libs/code-generator-plugin-8.2.2.jarMD5: 23610260b7ab8d9fb1d80375720f45b6SHA1: 7a6abe1ab7f7bff71030d3e16490e60a29c8f8ecSHA256: 9a6a8520eded1798b488033de03458dee43e11bcc9e8ba71373644d60cbad56dReferenced In Project/Scope: documentation:javadocClasspathcode-generator-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name code-generator-plugin High Vendor gradle artifactid code-generator-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name code-generator-plugin High Product gradle artifactid code-generator-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugin Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
commons-codec-1.11.jarDescription:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/commons-codec/commons-codec/1.11/3acb4705652e16236558f0f4f2192cc33c3bd189/commons-codec-1.11.jar
MD5: 567159b1ae257a43e1391a8f59d24cfe
SHA1: 3acb4705652e16236558f0f4f2192cc33c3bd189
SHA256: e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath commons-codec-1.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name commons-codec High Vendor gradle artifactid commons-codec Highest Vendor gradle groupid commons-codec Highest Vendor jar package name apache Highest Vendor jar package name codec Highest Vendor jar package name commons Highest Vendor jar package name encoder Highest Vendor Manifest automatic-module-name org.apache.commons.codec Medium Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium Vendor Manifest implementation-url http://commons.apache.org/proper/commons-codec/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id commons-codec Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-codec Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jon@collab.net Low Vendor pom developer email julius@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email tn@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dgraham Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jon Medium Vendor pom developer id julius Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name David Graham Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jon S. Stevens Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org URL http://juliusdavies.ca/ Medium Vendor pom groupid commons-codec Highest Vendor pom name Apache Commons Codec High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest Product file name commons-codec High Product gradle artifactid commons-codec Highest Product jar package name apache Highest Product jar package name codec Highest Product jar package name commons Highest Product jar package name encoder Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest bundle-symbolicname org.apache.commons.codec Medium Product Manifest Implementation-Title Apache Commons Codec High Product Manifest implementation-url http://commons.apache.org/proper/commons-codec/ Low Product Manifest specification-title Apache Commons Codec Medium Product pom artifactid commons-codec Highest Product pom developer email bayard@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jon@collab.net Low Product pom developer email julius@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email tn@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id bayard Low Product pom developer id dgraham Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jon Low Product pom developer id julius Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Daniel Rall Low Product pom developer name David Graham Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jon S. Stevens Low Product pom developer name Julius Davies Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim OBrien Low Product pom developer org URL http://juliusdavies.ca/ Low Product pom groupid commons-codec Highest Product pom name Apache Commons Codec High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-codec/ Medium Version file version 1.11 High Version gradle version 1.11 Highest Version Manifest Implementation-Version 1.11 High Version pom parent-version 1.11 Low Version pom version 1.11 Highest
commons-collections-3.2.1.jarDescription:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/commons-collections/commons-collections/3.2.1/761ea405b9b37ced573d2df0d1e3a4e0f9edc668/commons-collections-3.2.1.jar
MD5: 13bc641afd7fd95e09b260f69c1e4c91
SHA1: 761ea405b9b37ced573d2df0d1e3a4e0f9edc668
SHA256: 87363a4c94eaabeefd8b930cb059f66b64c9f7d632862f23de3012da7660047b
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath commons-collections-3.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name commons-collections High Vendor gradle artifactid commons-collections Highest Vendor gradle groupid commons-collections Highest Vendor jar package name apache Highest Vendor jar package name collections Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-collections Low Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id craigmcc Medium Vendor pom developer id geirm Medium Vendor pom developer id jcarman Medium Vendor pom developer id matth Medium Vendor pom developer id morgand Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid commons-collections Highest Vendor pom name Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/collections/ Highest Product file name commons-collections High Product gradle artifactid commons-collections Highest Product jar package name apache Highest Product jar package name collections Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product Manifest Bundle-Name Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product Manifest Implementation-Title Commons Collections High Product Manifest specification-title Commons Collections Medium Product pom artifactid commons-collections Highest Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id craigmcc Low Product pom developer id geirm Low Product pom developer id jcarman Low Product pom developer id matth Low Product pom developer id morgand Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom groupid commons-collections Highest Product pom name Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/collections/ Medium Version file version 3.2.1 High Version gradle version 3.2.1 Highest Version Manifest Bundle-Version 3.2.1 High Version Manifest Implementation-Version 3.2.1 High Version pom parent-version 3.2.1 Low Version pom version 3.2.1 Highest
CVE-2015-6420 suppress
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
commons-compress-1.23.0.jarDescription:
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-compress/1.23.0/4af2060ea9b0c8b74f1854c6cafe4d43cfc161fc/commons-compress-1.23.0.jar
MD5: 96b88349958aeaa15cdf6e5e877bdced
SHA1: 4af2060ea9b0c8b74f1854c6cafe4d43cfc161fc
SHA256: c267f17160e9ef662b4d78b7f29dca7c82b15c5cff2cb6a9865ef4ab3dd5b787
Referenced In Projects/Scopes: documentation:javadocClasspath compress-plugin:compileClasspath compress-plugin:runtimeClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath commons-compress-1.23.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name commons-compress High Vendor gradle artifactid commons-compress Highest Vendor gradle groupid org.apache.commons Highest Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name compress Highest Vendor Manifest automatic-module-name org.apache.commons.compress Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-compress/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-compress Medium Vendor Manifest extension-name org.apache.commons.compress Medium Vendor Manifest implementation-build release@r${buildNumber}; 2023-03-18 17:42:20+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-compress Low Vendor pom developer email bodewig at apache.org Low Vendor pom developer email chtompki at apache.org Low Vendor pom developer email damjan at apache.org Low Vendor pom developer email ebourg at apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email grobmeier at apache.org Low Vendor pom developer email julius at apache.org Low Vendor pom developer email peterlee at apache.org Low Vendor pom developer email sebb at apache.org Low Vendor pom developer email tcurdt at apache.org Low Vendor pom developer id bodewig Medium Vendor pom developer id chtompki Medium Vendor pom developer id damjan Medium Vendor pom developer id ebourg Medium Vendor pom developer id ggregory Medium Vendor pom developer id grobmeier Medium Vendor pom developer id julius Medium Vendor pom developer id peterlee Medium Vendor pom developer id sebb Medium Vendor pom developer id tcurdt Medium Vendor pom developer name Christian Grobmeier Medium Vendor pom developer name Damjan Jovanovic Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Peter Alfred Lee Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Stefan Bodewig Medium Vendor pom developer name Torsten Curdt Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Compress High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-compress/ Highest Product file name commons-compress High Product gradle artifactid commons-compress Highest Product jar package name apache Highest Product jar package name commons Highest Product jar package name compress Highest Product Manifest automatic-module-name org.apache.commons.compress Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-compress/ Low Product Manifest Bundle-Name Apache Commons Compress Medium Product Manifest bundle-symbolicname org.apache.commons.commons-compress Medium Product Manifest extension-name org.apache.commons.compress Medium Product Manifest implementation-build release@r${buildNumber}; 2023-03-18 17:42:20+0000 Low Product Manifest Implementation-Title Apache Commons Compress High Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Product Manifest specification-title Apache Commons Compress Medium Product pom artifactid commons-compress Highest Product pom developer email bodewig at apache.org Low Product pom developer email chtompki at apache.org Low Product pom developer email damjan at apache.org Low Product pom developer email ebourg at apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email grobmeier at apache.org Low Product pom developer email julius at apache.org Low Product pom developer email peterlee at apache.org Low Product pom developer email sebb at apache.org Low Product pom developer email tcurdt at apache.org Low Product pom developer id bodewig Low Product pom developer id chtompki Low Product pom developer id damjan Low Product pom developer id ebourg Low Product pom developer id ggregory Low Product pom developer id grobmeier Low Product pom developer id julius Low Product pom developer id peterlee Low Product pom developer id sebb Low Product pom developer id tcurdt Low Product pom developer name Christian Grobmeier Low Product pom developer name Damjan Jovanovic Low Product pom developer name Emmanuel Bourg Low Product pom developer name Gary Gregory Low Product pom developer name Julius Davies Low Product pom developer name Peter Alfred Lee Low Product pom developer name Rob Tompkins Low Product pom developer name Sebastian Bazley Low Product pom developer name Stefan Bodewig Low Product pom developer name Torsten Curdt Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Compress High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-compress/ Medium Version file version 1.23.0 High Version gradle version 1.23.0 Highest Version Manifest Bundle-Version 1.23.0 High Version Manifest Implementation-Version 1.23.0 High Version pom parent-version 1.23.0 Low Version pom version 1.23.0 Highest
commons-io-2.11.0.jarDescription:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/commons-io/commons-io/2.11.0/a2503f302b11ebde7ebc3df41daebe0e4eea3689/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256: 961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath commons-io-2.11.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 Evidence Type Source Name Value Confidence Vendor file name commons-io High Vendor gradle artifactid commons-io Highest Vendor gradle groupid commons-io Highest Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name file Highest Vendor jar package name io Highest Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-io Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-io Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jeremias@apache.org Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email krosenvold@apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email matth@apache.org Low Vendor pom developer email nicolaken@apache.org Low Vendor pom developer email roxspring@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dion Medium Vendor pom developer id ggregory Medium Vendor pom developer id jeremias Medium Vendor pom developer id jochen Medium Vendor pom developer id jukka Medium Vendor pom developer id krosenvold Medium Vendor pom developer id martinc Medium Vendor pom developer id matth Medium Vendor pom developer id niallp Medium Vendor pom developer id nicolaken Medium Vendor pom developer id roxspring Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jeremias Maerki Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name Jukka Zitting Medium Vendor pom developer name Kristian Rosenvold Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nicola Ken Barozzi Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-io Highest Vendor pom name Apache Commons IO High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-io/ Highest Product file name commons-io High Product gradle artifactid commons-io Highest Product jar package name apache Highest Product jar package name commons Highest Product jar package name file Highest Product jar package name io Highest Product Manifest automatic-module-name org.apache.commons.io Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest bundle-symbolicname org.apache.commons.commons-io Medium Product Manifest Implementation-Title Apache Commons IO High Product Manifest specification-title Apache Commons IO Medium Product pom artifactid commons-io Highest Product pom developer email bayard@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email jeremias@apache.org Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email krosenvold@apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email matth@apache.org Low Product pom developer email nicolaken@apache.org Low Product pom developer email roxspring@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer id bayard Low Product pom developer id dion Low Product pom developer id ggregory Low Product pom developer id jeremias Low Product pom developer id jochen Low Product pom developer id jukka Low Product pom developer id krosenvold Low Product pom developer id martinc Low Product pom developer id matth Low Product pom developer id niallp Low Product pom developer id nicolaken Low Product pom developer id roxspring Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jeremias Maerki Low Product pom developer name Jochen Wiedmann Low Product pom developer name Jukka Zitting Low Product pom developer name Kristian Rosenvold Low Product pom developer name Martin Cooper Low Product pom developer name Matthew Hawthorne Low Product pom developer name Niall Pemberton Low Product pom developer name Nicola Ken Barozzi Low Product pom developer name Rob Oxspring Low Product pom developer name Scott Sanders Low Product pom developer name Stephen Colebourne Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-io Highest Product pom name Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-io/ Medium Version file version 2.11.0 High Version gradle version 2.11.0 Highest Version Manifest Bundle-Version 2.11.0 High Version Manifest Implementation-Version 2.11.0 High Version pom parent-version 2.11.0 Low Version pom version 2.11.0 Highest
commons-lang-2.4.jarDescription:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/commons-lang/commons-lang/2.4/16313e02a793435009f1e458fa4af5d879f6fb11/commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath commons-lang-2.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name commons-lang High Vendor gradle artifactid commons-lang Highest Vendor gradle groupid commons-lang Highest Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang Highest Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@seagullsw.com Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email phil@steitz.com Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org Seagull Software Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom groupid commons-lang Highest Vendor pom name Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/lang/ Highest Product file name commons-lang High Product gradle artifactid commons-lang Highest Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang Highest Product Manifest bundle-docurl http://commons.apache.org/lang/ Low Product Manifest Bundle-Name Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang Medium Product Manifest Implementation-Title Commons Lang High Product Manifest specification-title Commons Lang Medium Product pom artifactid commons-lang Highest Product pom developer email bayard@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@seagullsw.com Low Product pom developer email jcarman@apache.org Low Product pom developer email phil@steitz.com Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Daniel Rall Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary D. Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org Seagull Software Low Product pom developer org SITA ATS Ltd Low Product pom groupid commons-lang Highest Product pom name Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/lang/ Medium Version file version 2.4 High Version gradle version 2.4 Highest Version Manifest Bundle-Version 2.4 High Version Manifest Implementation-Version 2.4 High Version pom parent-version 2.4 Low Version pom version 2.4 Highest
commons-logging-1.2.jarDescription:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/commons-logging/commons-logging/1.2/4bfc12adfe4842bf07b657f0369c4cb522955686/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath commons-logging-1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name commons-logging High Vendor gradle artifactid commons-logging Highest Vendor gradle groupid commons-logging Highest Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rsitze@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer id tn Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-logging Highest Vendor pom name Apache Commons Logging High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Product file name commons-logging High Product gradle artifactid commons-logging Highest Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest Implementation-Title Apache Commons Logging High Product Manifest specification-title Apache Commons Logging Medium Product pom artifactid commons-logging Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rsitze@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email tn@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer id tn Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Thomas Neidhart Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-logging Highest Product pom name Apache Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-logging/ Medium Version file version 1.2 High Version gradle version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
compress-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/compress-plugin/build/libs/compress-plugin-8.2.2.jarMD5: 5297b56356cc684d64a13538b3201b79SHA1: a2a32330ffa34678e2a4c7af121a06ea7b4c5aa5SHA256: b0a2b6e666badd7c6a15a259294f47b933e09f89790ba934d2ae4f640cc1aa96Referenced In Project/Scope: documentation:javadocClasspathcompress-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name compress-plugin High Vendor gradle artifactid compress-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name compress-plugin High Product gradle artifactid compress-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
converter-gson-2.9.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.squareup.retrofit2/converter-gson/2.9.0/fc93484fc67ab52b1e0ccbdaa3922d8a6678e097/converter-gson-2.9.0.jarMD5: a4d032098e196d2735c1cff92968ab20SHA1: fc93484fc67ab52b1e0ccbdaa3922d8a6678e097SHA256: 32aa206b9a29c9df5eda93a092cfb3b0b9133e232c062baa882f0319f0e79f0eReferenced In Projects/Scopes:
documentation:javadocClasspath github-plugin:compileClasspath github-plugin:runtimeClasspath converter-gson-2.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name converter-gson High Vendor gradle artifactid converter-gson Highest Vendor gradle groupid com.squareup.retrofit2 Highest Vendor jar package name converter Highest Vendor jar package name converter Low Vendor jar package name gson Highest Vendor jar package name gson Low Vendor jar package name retrofit2 Highest Vendor jar package name retrofit2 Low Vendor Manifest automatic-module-name retrofit2.converter.gson Medium Product file name converter-gson High Product gradle artifactid converter-gson Highest Product jar package name converter Highest Product jar package name converter Low Product jar package name gson Highest Product jar package name gson Low Product jar package name retrofit2 Highest Product Manifest automatic-module-name retrofit2.converter.gson Medium Version file name converter-gson Medium Version file version 2.9.0 High Version gradle version 2.9.0 Highest
dec-0.1.2.jarDescription:
Brotli is a generic-purpose lossless compression algorithm. License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.brotli/dec/0.1.2/c26a897ae0d524809eef1c786cc6183b4ddcc3b/dec-0.1.2.jar
MD5: 4b1cd14cf29733941cc536b27e6aedfa
SHA1: 0c26a897ae0d524809eef1c786cc6183b4ddcc3b
SHA256: 615c0c3efef990d77831104475fba6a1f7971388691d4bad1471ad84101f6d52
Referenced In Projects/Scopes: documentation:javadocClasspath compress-plugin:compileClasspath compress-plugin:runtimeClasspath dec-0.1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name dec High Vendor gradle artifactid dec Highest Vendor gradle groupid org.brotli Highest Vendor jar package name brotli Highest Vendor jar package name dec Highest Vendor Manifest bundle-docurl http://brotli.org/dec Low Vendor Manifest bundle-symbolicname org.brotli.dec Medium Vendor pom artifactid dec Low Vendor pom groupid org.brotli Highest Vendor pom name : High Vendor pom parent-artifactid parent Low Product file name dec High Product gradle artifactid dec Highest Product jar package name brotli Highest Product jar package name dec Highest Product Manifest bundle-docurl http://brotli.org/dec Low Product Manifest Bundle-Name org.brotli:dec Medium Product Manifest bundle-symbolicname org.brotli.dec Medium Product pom artifactid dec Highest Product pom groupid org.brotli Highest Product pom name : High Product pom parent-artifactid parent Medium Version file version 0.1.2 High Version gradle version 0.1.2 Highest Version Manifest Bundle-Version 0.1.2 High Version pom version 0.1.2 Highest
doxia-logging-api-1.11.1.jarDescription:
Doxia Logging API. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.doxia/doxia-logging-api/1.11.1/ee28757cce6ee0215bac550dead25074c97c532d/doxia-logging-api-1.11.1.jarMD5: 6452e33a36b87939630e0b18f8ffcff0SHA1: ee28757cce6ee0215bac550dead25074c97c532dSHA256: 243c66f842cd2b3ded7c6d2c36b177a65c3f5d94800cef988ba3e29ec8cf60c9Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath doxia-logging-api-1.11.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name doxia-logging-api High Vendor gradle artifactid doxia-logging-api Highest Vendor gradle groupid org.apache.maven.doxia Highest Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name logging Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-logging-api Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia :: Logging API High Vendor pom parent-artifactid doxia Low Product file name doxia-logging-api High Product gradle artifactid doxia-logging-api Highest Product jar package name apache Highest Product jar package name doxia Highest Product jar package name logging Highest Product jar package name maven Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia :: Logging API High Product Manifest specification-title Doxia :: Logging API Medium Product pom artifactid doxia-logging-api Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia :: Logging API High Product pom parent-artifactid doxia Medium Version file version 1.11.1 High Version gradle version 1.11.1 Highest Version Manifest Implementation-Version 1.11.1 High Version pom version 1.11.1 Highest
doxia-sink-api-1.11.1.jarDescription:
Doxia Sink API. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.doxia/doxia-sink-api/1.11.1/59c2255f58c78fbbcb7e638e82bd2914e78aec8b/doxia-sink-api-1.11.1.jarMD5: b1bd5c9efde9f14969fa881b87fe709bSHA1: 59c2255f58c78fbbcb7e638e82bd2914e78aec8bSHA256: 39ac38bb7d752ea003be17a0065522e4e1b076a4f7e374bea55259f3e133f28fReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath doxia-sink-api-1.11.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name doxia-sink-api High Vendor gradle artifactid doxia-sink-api Highest Vendor gradle groupid org.apache.maven.doxia Highest Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor jar package name sink Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-sink-api Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia :: Sink API High Vendor pom parent-artifactid doxia Low Product file name doxia-sink-api High Product gradle artifactid doxia-sink-api Highest Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product jar package name sink Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia :: Sink API High Product Manifest specification-title Doxia :: Sink API Medium Product pom artifactid doxia-sink-api Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia :: Sink API High Product pom parent-artifactid doxia Medium Version file version 1.11.1 High Version gradle version 1.11.1 Highest Version Manifest Implementation-Version 1.11.1 High Version pom version 1.11.1 Highest
embedded-sass-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/embedded-sass-plugin/build/libs/embedded-sass-plugin-8.2.2.jarMD5: a1182b1bab424021a3dda2d0adeeb207SHA1: a8f3cd0ceecae2ffcf49d92c3390c0af71155aafSHA256: 35a8e223984d4e60b3bbd7dbe8994e5274ad60befa3ee9ba2985add1d16df2e9Referenced In Project/Scope: documentation:javadocClasspathembedded-sass-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name embedded-sass-plugin High Vendor gradle artifactid embedded-sass-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name embedded-sass-plugin High Product gradle artifactid embedded-sass-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
git-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/git-plugin/build/libs/git-plugin-8.2.2.jarMD5: 7b05cc8b10b0d83e727af22b86570693SHA1: fa10764a139a9bd55737c253f2ca3926e8ae8f49SHA256: e36a7c187866523cf4e5030389d83ed1f63f11f1472a9537cc2b9a5271e1a741Referenced In Project/Scope: documentation:javadocClasspathgit-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name git-plugin High Vendor gradle artifactid git-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name git-plugin High Product gradle artifactid git-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
github-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/github-plugin/build/libs/github-plugin-8.2.2.jarMD5: 02567675b639330c4d3e15bf1fe22c11SHA1: 7b3ec30e62fbd3a83694be634abbd14ab780cd51SHA256: 7141d592e16b5cc077aacfebec4286bf9ee4f42b094042fcd4887c1026373bd6Referenced In Project/Scope: documentation:javadocClasspathgithub-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name github-plugin High Vendor gradle artifactid github-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name github-plugin High Product gradle artifactid github-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
gradle-node-plugin-5.0.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.github.node-gradle/gradle-node-plugin/5.0.0/32619fc6128b09ceaf9554453066fc3b97b89f0d/gradle-node-plugin-5.0.0.jarMD5: de5da9f0a35e64a1d0a80a2f65c28540SHA1: 32619fc6128b09ceaf9554453066fc3b97b89f0dSHA256: 5453ac9499de195c290f46e17d6d1776697bc35142334b479fb2f7b118ddb7f4Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata gradle-node-plugin-5.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name gradle-node-plugin High Vendor gradle artifactid gradle-node-plugin Highest Vendor gradle groupid com.github.node-gradle Highest Vendor jar package name github Low Vendor jar package name gradle Low Vendor jar package name node Low Product file name gradle-node-plugin High Product gradle artifactid gradle-node-plugin Highest Product jar package name gradle Low Product jar package name node Low Version file name gradle-node-plugin Medium Version file version 5.0.0 High Version gradle version 5.0.0 Highest
gson-2.8.5.jarDescription:
Gson JSON library File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.google.code.gson/gson/2.8.5/f645ed69d595b24d4cf8b3fbb64cc505bede8829/gson-2.8.5.jarMD5: 089104cb90d8b4e1aa00b1f5faef0742SHA1: f645ed69d595b24d4cf8b3fbb64cc505bede8829SHA256: 233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81Referenced In Projects/Scopes:
documentation:javadocClasspath github-plugin:compileClasspath github-plugin:runtimeClasspath gson-2.8.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 Evidence Type Source Name Value Confidence Vendor file name gson High Vendor gradle artifactid gson Highest Vendor gradle groupid com.google.code.gson Highest Vendor jar package name google Highest Vendor jar package name gson Highest Vendor Manifest bundle-contactaddress https://github.com/google/gson Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Vendor Manifest bundle-symbolicname com.google.gson Medium Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product file name gson High Product gradle artifactid gson Highest Product jar package name google Highest Product jar package name gson Highest Product Manifest bundle-contactaddress https://github.com/google/gson Low Product Manifest Bundle-Name Gson Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Product Manifest bundle-symbolicname com.google.gson Medium Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version file version 2.8.5 High Version gradle version 2.8.5 Highest Version Manifest Bundle-Version 2.8.5 High Version pom version 2.8.5 Highest
CVE-2022-25647 suppress
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
guava-16.0.1.jarDescription:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/16.0.1/5fa98cd1a63c99a44dd8d3b77e4762b066a5d0c5/guava-16.0.1.jar
MD5: a68693df58191585d9af914cfbe6067a
SHA1: 5fa98cd1a63c99a44dd8d3b77e4762b066a5d0c5
SHA256: a896857d07845d38c7dc5bbc0457b6d9b0f62ecffda010e5e9ec12d561f676d3
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath guava-16.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name guava High Vendor gradle artifactid guava Highest Vendor gradle groupid com.google.guava Highest Vendor jar package name google Highest Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product file name guava High Product gradle artifactid guava Highest Product jar package name google Highest Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product Manifest bundle-symbolicname com.google.guava Medium Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Version file version 16.0.1 High Version gradle version 16.0.1 Highest Version Manifest Bundle-Version 16.0.1 High Version pom version 16.0.1 Highest
CVE-2023-2976 suppress
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties
CVSSv3:
Base Score: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion CONFIRM - https://security.netapp.com/advisory/ntap-20220629-0008/ MISC - https://www.oracle.com/security-alerts/cpujan2021.html MISC - https://www.oracle.com/security-alerts/cpujul2020.html MISC - https://www.oracle.com/security-alerts/cpuoct2021.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities MLIST - [samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes MLIST - [storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] CWE-770: Allocation of Resources Without Limits or Throttling OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10237 OSSIndex - https://blog.sonatype.com/2018/11/welcome-back-to-nexus-intelligence-insights/ OSSIndex - https://github.com/google/guava/wiki/CVE-2018-10237 OSSIndex - https://www.securityfocus.com/bid/104133/references REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
httpclient-4.5.14.jarDescription:
Apache HttpComponents Client
File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.5.14/1194890e6f56ec29177673f2f12d0b8e627dec98/httpclient-4.5.14.jarMD5: 2cb357c4b763f47e58af6cad47df6ba3SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98SHA256: c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath httpclient-4.5.14.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name httpclient High Vendor gradle artifactid httpclient Highest Vendor gradle groupid org.apache.httpcomponents Highest Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name httpclient Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client-ga Highest Product file name httpclient High Product gradle artifactid httpclient Highest Product jar package name apache Highest Product jar package name client Highest Product jar package name http Highest Product jar package name httpclient Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Product Manifest Implementation-Title Apache HttpClient High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client-ga Low Product Manifest specification-title Apache HttpClient Medium Product pom artifactid httpclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client-ga Medium Version file version 4.5.14 High Version gradle version 4.5.14 Highest Version Manifest Implementation-Version 4.5.14 High Version pom version 4.5.14 Highest
httpcore-4.4.16.jarDescription:
Apache HttpComponents Core (blocking I/O)
File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpcore/4.4.16/51cf043c87253c9f58b539c9f7e44c8894223850/httpcore-4.4.16.jarMD5: 28d2cd9bf8789fd2ec774fb88436ebd1SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850SHA256: 6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464fReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath httpcore-4.4.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name httpcore High Vendor gradle artifactid httpcore Highest Vendor gradle groupid org.apache.httpcomponents Highest Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2022-11-26 09:44:32+0000 Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom artifactid httpcore Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore High Product gradle artifactid httpcore Highest Product jar package name apache Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2022-11-26 09:44:32+0000 Low Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title HttpComponents Apache HttpCore Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom artifactid httpcore Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.16 High Version gradle version 4.4.16 Highest Version Manifest Implementation-Version 4.4.16 High Version pom version 4.4.16 Highest
jackson-annotations-2.14.2.jarDescription:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-annotations/2.14.2/a7aae9525864930723e3453ab799521fdfd9d873/jackson-annotations-2.14.2.jar
MD5: 10d19982a8890f6eb37557af2f58e272
SHA1: a7aae9525864930723e3453ab799521fdfd9d873
SHA256: 2c6869d505cf60dc066734b7d50339f975bd3adc635e26a78abb71acb4473c0d
Referenced In Project/Scope: quicktype-plugin:runtimeClasspath
jackson-annotations-2.14.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.node-gradle/gradle-node-plugin@5.0.0
Evidence Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor gradle artifactid jackson-annotations Highest Vendor gradle groupid com.fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-annotations High Product gradle artifactid jackson-annotations Highest Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest Implementation-Title Jackson-annotations High Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.14.2 High Version gradle version 2.14.2 Highest Version Manifest Bundle-Version 2.14.2 High Version Manifest Implementation-Version 2.14.2 High Version pom parent-version 2.14.2 Low Version pom version 2.14.2 Highest
jackson-annotations-2.15.2.jarDescription:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-annotations/2.15.2/4724a65ac8e8d156a24898d50fd5dbd3642870b8/jackson-annotations-2.15.2.jar
MD5: 71dabcaac955a8bd17b5bba6580aac5b
SHA1: 4724a65ac8e8d156a24898d50fd5dbd3642870b8
SHA256: 04e21f94dcfee4b078fa5a5f53047b785aaba69d19de392f616e7a7fe5d3882f
Referenced In Project/Scope: documentation:javadocClasspath
jackson-annotations-2.15.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor gradle artifactid jackson-annotations Highest Vendor gradle groupid com.fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-annotations High Product gradle artifactid jackson-annotations Highest Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest Implementation-Title Jackson-annotations High Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.15.2 High Version gradle version 2.15.2 Highest Version Manifest Bundle-Version 2.15.2 High Version Manifest Implementation-Version 2.15.2 High Version pom parent-version 2.15.2 Low Version pom version 2.15.2 Highest
jackson-core-2.14.2.jarDescription:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.14.2/f804090e6399ce0cf78242db086017512dd71fcc/jackson-core-2.14.2.jar
MD5: 6ee422ee4c481b2d5aacb2b5e36a7dc0
SHA1: f804090e6399ce0cf78242db086017512dd71fcc
SHA256: b5d37a77c88277b97e3593c8740925216c06df8e4172bbde058528df04ad3e7a
Referenced In Project/Scope: quicktype-plugin:runtimeClasspath
jackson-core-2.14.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.node-gradle/gradle-node-plugin@5.0.0
Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor gradle artifactid jackson-core Highest Vendor gradle groupid com.fasterxml.jackson.core Highest Vendor jar package name base Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product gradle artifactid jackson-core Highest Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.14.2 High Version gradle version 2.14.2 Highest Version Manifest Bundle-Version 2.14.2 High Version Manifest Implementation-Version 2.14.2 High Version pom version 2.14.2 Highest
jackson-core-2.15.2.jarDescription:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.15.2/a6fe1836469a69b3ff66037c324d75fc66ef137c/jackson-core-2.15.2.jar
MD5: e51fdee85b48e6637ad9e85ee76b58df
SHA1: a6fe1836469a69b3ff66037c324d75fc66ef137c
SHA256: 303c99e82b1faa91a0bae5d8fbeb56f7e2adf9b526a900dd723bf140d62bd4b4
Referenced In Projects/Scopes: documentation:javadocClasspath embedded-sass-plugin:runtimeClasspath embedded-sass-plugin:compileClasspath jackson-core-2.15.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.webjars/webjars-locator-core@0.53 pkg:maven/org.webjars/webjars-locator-core@0.53 Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor gradle artifactid jackson-core Highest Vendor gradle groupid com.fasterxml.jackson.core Highest Vendor jar package name base Highest Vendor jar package name com Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product gradle artifactid jackson-core Highest Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name com Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.15.2 High Version gradle version 2.15.2 Highest Version Manifest Bundle-Version 2.15.2 High Version Manifest Implementation-Version 2.15.2 High Version pom version 2.15.2 Highest
jackson-databind-2.14.2.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.14.2/1e71fddbc80bb86f71a6345ac1e8ab8a00e7134/jackson-databind-2.14.2.jar
MD5: c1b12dd14734cd1986132bf55042dd7e
SHA1: 01e71fddbc80bb86f71a6345ac1e8ab8a00e7134
SHA256: 501d3abce4d18dcc381058ec593c5b94477906bba6efbac14dae40a642f77424
Referenced In Project/Scope: quicktype-plugin:runtimeClasspath
jackson-databind-2.14.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.node-gradle/gradle-node-plugin@5.0.0
Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor gradle artifactid jackson-databind Highest Vendor gradle groupid com.fasterxml.jackson.core Highest Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product gradle artifactid jackson-databind Highest Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.14.2 High Version gradle version 2.14.2 Highest Version Manifest Bundle-Version 2.14.2 High Version Manifest Implementation-Version 2.14.2 High Version pom version 2.14.2 Highest
CVE-2023-35116 suppress
** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
jackson-databind-2.15.2.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.15.2/9353b021f10c307c00328f52090de2bdb4b6ff9c/jackson-databind-2.15.2.jar
MD5: 20ac0d0526a456274409fa852eb74087
SHA1: 9353b021f10c307c00328f52090de2bdb4b6ff9c
SHA256: 0eb2fdad6e40ab8832a78c9b22f58196dd970594e8d3d5a26ead87847c4f3a96
Referenced In Project/Scope: documentation:javadocClasspath
jackson-databind-2.15.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor gradle artifactid jackson-databind Highest Vendor gradle groupid com.fasterxml.jackson.core Highest Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product gradle artifactid jackson-databind Highest Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.15.2 High Version gradle version 2.15.2 Highest Version Manifest Bundle-Version 2.15.2 High Version Manifest Implementation-Version 2.15.2 High Version pom version 2.15.2 Highest
CVE-2023-35116 suppress
** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
jacoco-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/jacoco-plugin/build/libs/jacoco-plugin-8.2.2.jarMD5: 219056d45430d7a5456a15759042acf6SHA1: 8c76faf86d4d218dc3fcd77046fbe1ab2b3710acSHA256: 8023f6a13a14adcc0668fe65531c71c0a2a5f5384d6b00182c35b6f9810a5222Referenced In Project/Scope: documentation:javadocClasspathjacoco-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name jacoco-plugin High Vendor gradle artifactid jacoco-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name jacoco-plugin High Product gradle artifactid jacoco-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
javapoet-1.13.0.jarDescription:
Use beautiful Java code to generate beautiful Java code. License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.squareup/javapoet/1.13.0/d6562d385049f35eb50403fa86bb11cce76b866a/javapoet-1.13.0.jar
MD5: 8d9a3cbeaa83e6700478b73c33a1b4fe
SHA1: d6562d385049f35eb50403fa86bb11cce76b866a
SHA256: 4c7517e848a71b36d069d12bb3bf46a70fd4cda3105d822b0ed2e19c00b69291
Referenced In Projects/Scopes: documentation:javadocClasspath test-common:compileClasspath test-common:runtimeClasspath javapoet-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/io.freefair.gradle/test-common@8.2.2 Evidence Type Source Name Value Confidence Vendor file name javapoet High Vendor gradle artifactid javapoet Highest Vendor gradle groupid com.squareup Highest Vendor jar package name javapoet Highest Vendor jar package name squareup Highest Vendor Manifest automatic-module-name com.squareup.javapoet Medium Vendor pom artifactid javapoet Low Vendor pom groupid com.squareup Highest Vendor pom name JavaPoet High Vendor pom organization name Square, Inc. High Vendor pom organization url http://squareup.com Medium Vendor pom url http://github.com/square/javapoet/ Highest Product file name javapoet High Product gradle artifactid javapoet Highest Product jar package name javapoet Highest Product jar package name squareup Highest Product Manifest automatic-module-name com.squareup.javapoet Medium Product pom artifactid javapoet Highest Product pom groupid com.squareup Highest Product pom name JavaPoet High Product pom organization name Square, Inc. Low Product pom organization url http://squareup.com Low Product pom url http://github.com/square/javapoet/ Medium Version file version 1.13.0 High Version gradle version 1.13.0 Highest Version pom version 1.13.0 Highest
javax.annotation-api-1.2.jarDescription:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.gradle/caches/modules-2/files-2.1/javax.annotation/javax.annotation-api/1.2/479c1e06db31c432330183f5cae684163f186146/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256: 5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath javax.annotation-api-1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name javax.annotation-api High Vendor gradle artifactid javax.annotation-api Highest Vendor gradle groupid javax.annotation Highest Vendor jar package name annotation Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor Manifest extension-name javax.annotation Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.annotation-api Low Vendor pom developer id mode Medium Vendor pom developer name Rajiv Mordani Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid javax.annotation Highest Vendor pom name API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://glassfish.java.net Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Product file name javax.annotation-api High Product gradle artifactid javax.annotation-api Highest Product jar package name annotation Highest Product jar package name javax Highest Product Manifest bundle-docurl https://glassfish.java.net Low Product Manifest Bundle-Name javax.annotation API Medium Product Manifest bundle-symbolicname javax.annotation-api Medium Product Manifest extension-name javax.annotation Medium Product pom artifactid javax.annotation-api Highest Product pom developer id mode Low Product pom developer name Rajiv Mordani Low Product pom developer org Oracle, Inc. Low Product pom groupid javax.annotation Highest Product pom name API High Product pom organization name GlassFish Community Low Product pom organization url https://glassfish.java.net Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Version file version 1.2 High Version gradle version 1.2 Highest Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
javax.inject-1.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/javax.inject/javax.inject/1/6975da39a7040257bd51d21a231b76c915872d38/javax.inject-1.jarMD5: 289075e48b909e9e74e6c915b3631d2eSHA1: 6975da39a7040257bd51d21a231b76c915872d38SHA256: 91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ffReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath javax.inject-1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name javax.inject-1 High Vendor gradle artifactid javax.inject Highest Vendor gradle groupid javax.inject Highest Vendor jar package name inject Low Vendor jar package name javax Low Product file name javax.inject-1 High Product gradle artifactid javax.inject Highest Product jar package name inject Low Version file name javax.inject-1 Medium Version file version 1 Medium Version gradle version 1 Highest
jna-5.6.0.jarDescription:
JNA Library File Path: /home/runner/.gradle/caches/modules-2/files-2.1/net.java.dev.jna/jna/5.6.0/330f2244e9030119ab3030fc3fededc86713d9cc/jna-5.6.0.jarMD5: 56892d6f4d27019833fd53b7cc57ec86SHA1: 330f2244e9030119ab3030fc3fededc86713d9ccSHA256: 5557e235a8aa2f9766d5dc609d67948f2a8832c2d796cea9ef1d6cbe0b3b7eafReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinKlibCommonizerClasspath quicktype-plugin:kotlinCompilerClasspath jna-5.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-compiler-embeddable@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name jna High Vendor gradle artifactid jna Highest Vendor gradle groupid net.java.dev.jna Highest Vendor jar package name jna Highest Vendor jar package name jna Low Vendor jar package name sun Highest Vendor jar package name sun Low Vendor jar (hint) package name oracle Highest Vendor jar (hint) package name oracle Low Vendor Manifest automatic-module-name com.sun.jna Medium Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-category jni Low Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin/libjnidispatch.jnilib; osname=macosx;processor=x86;processor=x86-64;processor=ppc Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Product file name jna High Product gradle artifactid jna Highest Product jar package name jna Highest Product jar package name jna Low Product jar package name library Highest Product jar package name native Highest Product jar package name sun Highest Product jar package name win32 Highest Product Manifest automatic-module-name com.sun.jna Medium Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna Medium Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin/libjnidispatch.jnilib; osname=macosx;processor=x86;processor=x86-64;processor=ppc Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.sun.jna Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest specification-title Java Native Access (JNA) Medium Version file name jna Medium Version file version 5.6.0 High Version gradle version 5.6.0 Highest Version jar package name jna Highest Version jar package name sun Highest Version jar package name win32 Highest Version Manifest Bundle-Version 5.6.0 High Version Manifest Implementation-Version 5.6.0 (b0) High
jsoup-1.16.1.jarDescription:
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do. License:
The MIT License: https://jsoup.org/license File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jsoup/jsoup/1.16.1/ae551410a16433984cd4a8603622fafa9d8299f0/jsoup-1.16.1.jar
MD5: ed35af29909c856c8ee4c4001d660e0f
SHA1: ae551410a16433984cd4a8603622fafa9d8299f0
SHA256: 1f115726540ddf71958c14bc517ebfc49cf481e91cd917b0face84f01272e901
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath jsoup-1.16.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name jsoup High Vendor gradle artifactid jsoup Highest Vendor gradle groupid org.jsoup Highest Vendor jar package name jsoup Highest Vendor jar package name parser Highest Vendor Manifest automatic-module-name org.jsoup Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://jsoup.org/ Low Vendor Manifest bundle-symbolicname org.jsoup Medium Vendor Manifest Implementation-Vendor Jonathan Hedley High Vendor pom artifactid jsoup Low Vendor pom developer email jonathan@hedley.net Low Vendor pom developer id jhy Medium Vendor pom developer name Jonathan Hedley Medium Vendor pom groupid org.jsoup Highest Vendor pom name jsoup Java HTML Parser High Vendor pom organization name Jonathan Hedley High Vendor pom organization url https://jhy.io/ Medium Vendor pom url https://jsoup.org/ Highest Product file name jsoup High Product gradle artifactid jsoup Highest Product jar package name jsoup Highest Product jar package name parser Highest Product Manifest automatic-module-name org.jsoup Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://jsoup.org/ Low Product Manifest Bundle-Name jsoup Java HTML Parser Medium Product Manifest bundle-symbolicname org.jsoup Medium Product Manifest Implementation-Title jsoup Java HTML Parser High Product pom artifactid jsoup Highest Product pom developer email jonathan@hedley.net Low Product pom developer id jhy Low Product pom developer name Jonathan Hedley Low Product pom groupid org.jsoup Highest Product pom name jsoup Java HTML Parser High Product pom organization name Jonathan Hedley Low Product pom organization url https://jhy.io/ Low Product pom url https://jsoup.org/ Medium Version file version 1.16.1 High Version gradle version 1.16.1 Highest Version Manifest Bundle-Version 1.16.1 High Version Manifest Implementation-Version 1.16.1 High Version pom version 1.16.1 Highest
jtidy-r938.jarDescription:
JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be
used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the
document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.
License:
Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95 File Path: /home/runner/.gradle/caches/modules-2/files-2.1/net.sf.jtidy/jtidy/r938/ab08d87a225a715a69107732b67f21e1da930349/jtidy-r938.jar
MD5: 6a9121561b8f98c0a8fb9b6e57f50e6b
SHA1: ab08d87a225a715a69107732b67f21e1da930349
SHA256: 6fc03e51e73fa884f06e7eae0761e045e56fdeb4e146a4d952e3023cc9e3fb43
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath jtidy-r938.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name jtidy-r938 High Vendor gradle artifactid jtidy Highest Vendor gradle groupid net.sf.jtidy Highest Vendor jar package name parser Highest Vendor jar package name tidy Low Vendor jar package name w3c Low Vendor pom artifactid jtidy Low Vendor pom developer email atripp AT users.sourceforge.net Low Vendor pom developer email fgiust AT users.sourceforge.net Low Vendor pom developer email garypeskin AT users.sourceforge.net Low Vendor pom developer email lempinen AT users.sourceforge.net Low Vendor pom developer email russgold AT users.sourceforge.net Low Vendor pom developer id atripp Medium Vendor pom developer id fgiust Medium Vendor pom developer id garypeskin Medium Vendor pom developer id lempinen Medium Vendor pom developer id russgold Medium Vendor pom developer name Andy Tripp Medium Vendor pom developer name Fabrizio Giustina Medium Vendor pom developer name Gary L Peskin Medium Vendor pom developer name Russell Gold Medium Vendor pom developer name Sami Lempinen Medium Vendor pom developer org Sourceforge Medium Vendor pom groupid net.sf.jtidy Highest Vendor pom name JTidy High Vendor pom organization name sourceforge High Vendor pom organization url http://sourceforge.net Medium Vendor pom url http://jtidy.sourceforge.net Highest Product file name jtidy-r938 High Product gradle artifactid jtidy Highest Product jar package name parser Highest Product jar package name tidy Low Product pom artifactid jtidy Highest Product pom developer email atripp AT users.sourceforge.net Low Product pom developer email fgiust AT users.sourceforge.net Low Product pom developer email garypeskin AT users.sourceforge.net Low Product pom developer email lempinen AT users.sourceforge.net Low Product pom developer email russgold AT users.sourceforge.net Low Product pom developer id atripp Low Product pom developer id fgiust Low Product pom developer id garypeskin Low Product pom developer id lempinen Low Product pom developer id russgold Low Product pom developer name Andy Tripp Low Product pom developer name Fabrizio Giustina Low Product pom developer name Gary L Peskin Low Product pom developer name Russell Gold Low Product pom developer name Sami Lempinen Low Product pom developer org Sourceforge Low Product pom groupid net.sf.jtidy Highest Product pom name JTidy High Product pom organization name sourceforge Low Product pom organization url http://sourceforge.net Low Product pom url http://jtidy.sourceforge.net Medium Version gradle version r938 Highest Version pom version r938 Highest
CVE-2023-34623 suppress
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
junit-jupiter-api-5.10.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.junit.jupiter/junit-jupiter-api/5.10.0/2fe4ba3d31d5067878e468c96aa039005a9134d3/junit-jupiter-api-5.10.0.jarMD5: d976b1d3b22eded7c2e496ea881ed77fSHA1: 2fe4ba3d31d5067878e468c96aa039005a9134d3SHA256: 108088fd7ea46a8e65a0ce7f5d75ae3ff7865606770a078715f5a6e5709e17d8Referenced In Projects/Scopes:
documentation:javadocClasspath test-common:compileClasspath test-common:runtimeClasspath junit-jupiter-api-5.10.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/org.junit/junit-bom@5.10.0 pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.0 pkg:maven/org.junit/junit-bom@5.10.0 pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.0 Evidence Type Source Name Value Confidence Vendor file name junit-jupiter-api High Vendor gradle artifactid junit-jupiter-api Highest Vendor gradle groupid org.junit.jupiter Highest Vendor jar package name api Highest Vendor jar package name api Low Vendor jar package name junit Highest Vendor jar package name junit Low Vendor jar package name jupiter Highest Vendor jar package name jupiter Low Vendor Manifest build-date 2023-07-23 Low Vendor Manifest build-revision 7f619ca7ac9ecd1b20cc01c44a4df98f5fb67804 Low Vendor Manifest build-time 14:51:13.722+0200 Low Vendor Manifest bundle-symbolicname junit-jupiter-api Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest specification-vendor junit.org Low Product file name junit-jupiter-api High Product gradle artifactid junit-jupiter-api Highest Product jar package name api Highest Product jar package name api Low Product jar package name junit Highest Product jar package name jupiter Highest Product jar package name jupiter Low Product Manifest build-date 2023-07-23 Low Product Manifest build-revision 7f619ca7ac9ecd1b20cc01c44a4df98f5fb67804 Low Product Manifest build-time 14:51:13.722+0200 Low Product Manifest Bundle-Name JUnit Jupiter API Medium Product Manifest bundle-symbolicname junit-jupiter-api Medium Product Manifest Implementation-Title junit-jupiter-api High Product Manifest specification-title junit-jupiter-api Medium Version file version 5.10.0 High Version Manifest Implementation-Version 5.10.0 High
junit-platform-commons-1.10.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.junit.platform/junit-platform-commons/1.10.0/d533ff2c286eaf963566f92baf5f8a06628d2609/junit-platform-commons-1.10.0.jarMD5: 0cef49daddba2084397f34eca55502f9SHA1: d533ff2c286eaf963566f92baf5f8a06628d2609SHA256: 6083db08ca11fca1e16099d0dcfede0193d80b3762b276349d80d3da536791b2Referenced In Projects/Scopes:
documentation:javadocClasspath test-common:compileClasspath test-common:runtimeClasspath junit-platform-commons-1.10.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/org.junit/junit-bom@5.10.0 pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.0 pkg:maven/org.junit/junit-bom@5.10.0 pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.0 Evidence Type Source Name Value Confidence Vendor file name junit-platform-commons High Vendor gradle artifactid junit-platform-commons Highest Vendor gradle groupid org.junit.platform Highest Vendor jar package name commons Highest Vendor jar package name commons Low Vendor jar package name junit Highest Vendor jar package name junit Low Vendor jar package name org Highest Vendor jar package name platform Highest Vendor jar package name platform Low Vendor Manifest build-date 2023-07-23 Low Vendor Manifest build-revision 7f619ca7ac9ecd1b20cc01c44a4df98f5fb67804 Low Vendor Manifest build-time 14:51:13.722+0200 Low Vendor Manifest bundle-symbolicname junit-platform-commons Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor junit.org Low Product file name junit-platform-commons High Product gradle artifactid junit-platform-commons Highest Product jar package name commons Highest Product jar package name commons Low Product jar package name junit Highest Product jar package name platform Highest Product jar package name platform Low Product jar package name util Low Product Manifest build-date 2023-07-23 Low Product Manifest build-revision 7f619ca7ac9ecd1b20cc01c44a4df98f5fb67804 Low Product Manifest build-time 14:51:13.722+0200 Low Product Manifest Bundle-Name JUnit Platform Commons Medium Product Manifest bundle-symbolicname junit-platform-commons Medium Product Manifest Implementation-Title junit-platform-commons High Product Manifest multi-release true Low Product Manifest specification-title junit-platform-commons Medium Version file version 1.10.0 High Version Manifest Implementation-Version 1.10.0 High
kotlin-android-extensions-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-android-extensions/1.8.20/6f25b7cf95167fbf487125a71758de4c0aa15da2/kotlin-android-extensions-1.8.20.jarMD5: 2371feea00da6dcb36a5b0d09ca44451SHA1: 6f25b7cf95167fbf487125a71758de4c0aa15da2SHA256: 8b0d485871f09dce9eebf2ab4ea70b08d373011160327d42c8ae0134ecf8268aReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath kotlin-android-extensions-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-android-extensions High Vendor gradle artifactid kotlin-android-extensions Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name android Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-android-extensions High Product gradle artifactid kotlin-android-extensions Highest Product jar package name android Highest Product jar package name android Low Product jar package name extensions Highest Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name synthetic Low Product Manifest Implementation-Title kotlin-android-extensions High Version file name kotlin-android-extensions Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-annotation-processing-gradle-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-annotation-processing-gradle/1.8.20/52361dad4f2c22f4e39c173001b1c4c2b4e61cb6/kotlin-annotation-processing-gradle-1.8.20.jarMD5: 97ca3e187b4022558a91382a0e7ccc9aSHA1: 52361dad4f2c22f4e39c173001b1c4c2b4e61cb6SHA256: 8277ec12cac724a802bee701d5729fa6cbe12ab1520856183104746642d7374bReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath kotlin-annotation-processing-gradle-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-annotation-processing-gradle High Vendor gradle artifactid kotlin-annotation-processing-gradle Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kapt3 Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-annotation-processing-gradle High Product gradle artifactid kotlin-annotation-processing-gradle Highest Product jar package name kapt3 Low Product jar package name kotlin Highest Product jar package name kotlin Low Product Manifest Implementation-Title kotlin-annotation-processing-gradle High Version file name kotlin-annotation-processing-gradle Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-compiler-embeddable-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-compiler-embeddable/1.8.20/78d9baa57f65babf9e0a93e51f62f26f5f35ac3e/kotlin-compiler-embeddable-1.8.20.jarMD5: 13de50e6fde16cef3982f8ef707cde6cSHA1: 78d9baa57f65babf9e0a93e51f62f26f5f35ac3eSHA256: 5655386be55d45a78d887372bbd59d03e06750f7756108d14139e8d7e4b2e179Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinKlibCommonizerClasspath quicktype-plugin:kotlinCompilerClasspath kotlin-compiler-embeddable-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-compiler-embeddable High Vendor gradle artifactid kotlin-compiler-embeddable Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-compiler-embeddable High Product gradle artifactid kotlin-compiler-embeddable Highest Product jar package name compiler Highest Product jar package name kotlin Highest Product jar package name kotlin Low Product Manifest Implementation-Title kotlin-compiler-embeddable High Version file name kotlin-compiler-embeddable Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-compiler-runner-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-compiler-runner/1.8.20/8644ded58287ff9ef568471c4f0aa7078ee4da58/kotlin-compiler-runner-1.8.20.jarMD5: 33988d21b19187a0ae17745501fd5762SHA1: 8644ded58287ff9ef568471c4f0aa7078ee4da58SHA256: 97e43499428f66889bc935c8bd9a836875b75178c61fd396603ce41d6db2f748Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath kotlin-compiler-runner-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-compiler-runner High Vendor gradle artifactid kotlin-compiler-runner Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name compilerrunner Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-compiler-runner High Product gradle artifactid kotlin-compiler-runner Highest Product jar package name compilerrunner Low Product jar package name kotlin Highest Product jar package name kotlin Low Product Manifest Implementation-Title kotlin-compiler-runner High Version file name kotlin-compiler-runner Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-daemon-client-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-daemon-client/1.8.20/b6f15c748f4c2f3aeb1735ce52400ed3c0eae09a/kotlin-daemon-client-1.8.20.jarMD5: ad96b9a349fc182b1783747ea8e3f8b8SHA1: b6f15c748f4c2f3aeb1735ce52400ed3c0eae09aSHA256: 298c910661e624ada4a9fb541e6db74843eb5a9f280c8739d1d4252577a8e80dReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath kotlin-daemon-client-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-daemon-client High Vendor gradle artifactid kotlin-daemon-client Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name daemon Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-daemon-client High Product gradle artifactid kotlin-daemon-client Highest Product jar package name client Highest Product jar package name daemon Highest Product jar package name daemon Low Product jar package name kotlin Highest Product jar package name kotlin Low Product Manifest Implementation-Title kotlin-daemon-client High Version file name kotlin-daemon-client Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-daemon-embeddable-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-daemon-embeddable/1.8.20/c1b808fbe5fee60bd0504a54778120ef40f383d4/kotlin-daemon-embeddable-1.8.20.jarMD5: 43d8672f3e1ffee12aaef620e939a636SHA1: c1b808fbe5fee60bd0504a54778120ef40f383d4SHA256: 4602bd521a708f32deced0921d06c7977056c5887359cdabfc7070e9732cb353Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinKlibCommonizerClasspath quicktype-plugin:kotlinCompilerClasspath kotlin-daemon-embeddable-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-compiler-embeddable@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-daemon-embeddable High Vendor gradle artifactid kotlin-daemon-embeddable Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name daemon Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-daemon-embeddable High Product gradle artifactid kotlin-daemon-embeddable Highest Product jar package name common Low Product jar package name daemon Highest Product jar package name daemon Low Product jar package name kotlin Highest Product jar package name kotlin Low Product Manifest Implementation-Title kotlin-daemon-embeddable High Version file name kotlin-daemon-embeddable Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-gradle-plugin-1.8.20-gradle76.jar (shaded: com.github.gundy:semver4j:0.16.4)Description:
Java implementation of a node-style SemVer expression parser/evaluator License:
MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin/1.8.20/7508a92238a34ef55cdbf9a0a6871a14af23d87f/kotlin-gradle-plugin-1.8.20-gradle76.jar/META-INF/maven/com.github.gundy/semver4j/pom.xml
MD5: b2f793eaa1115b41eaa8bb63080406f8
SHA1: ca8df209029884f283afdcd7b104fb88576a18b1
SHA256: 32001db2443b339dd21f5b79ff29d1ade722d1ba080c214bde819f0f72d1604d
Referenced In Projects/Scopes: documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata Evidence Type Source Name Value Confidence Vendor pom artifactid semver4j Low Vendor pom developer email gundy@acm.org Low Vendor pom developer id gundy Medium Vendor pom developer name David Gundersen Medium Vendor pom groupid com.github.gundy Highest Vendor pom name SemVer4J High Vendor pom url http://github.com/gundy/semver4j Highest Product pom artifactid semver4j Highest Product pom developer email gundy@acm.org Low Product pom developer id gundy Low Product pom developer name David Gundersen Low Product pom groupid com.github.gundy Highest Product pom name SemVer4J High Product pom url http://github.com/gundy/semver4j Medium Version pom version 0.16.4 Highest
kotlin-gradle-plugin-1.8.20-gradle76.jar (shaded: com.google.code.gson:gson:2.8.9)License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin/1.8.20/7508a92238a34ef55cdbf9a0a6871a14af23d87f/kotlin-gradle-plugin-1.8.20-gradle76.jar/META-INF/maven/com.google.code.gson/gson/pom.xml
MD5: 6cddce19473acd4bb9cfe35fad04f802
SHA1: e40b03e4cc2b52efb19af75c07596e9d15a52d82
SHA256: afded6e6a690fbf3ad4ae65ada397f0a90a5f630b303d1b741b9c97926fdd4de
Referenced In Projects/Scopes: documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata Evidence Type Source Name Value Confidence Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version pom version 2.8.9 Highest
kotlin-gradle-plugin-1.8.20-gradle76.jar (shaded: com.google.guava:guava:29.0-jre)Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin/1.8.20/7508a92238a34ef55cdbf9a0a6871a14af23d87f/kotlin-gradle-plugin-1.8.20-gradle76.jar/META-INF/maven/com.google.guava/guava/pom.xmlMD5: d1ed8d2bec41bdbdee173c0545b0a238SHA1: e40cdee0d70244df1e963daac53a16241aea4585SHA256: 9027e934098903d287f1ba61c8b65f01d1d1e1da7a6fbcc04bf3de0544014426Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata Evidence Type Source Name Value Confidence Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Version pom version 29.0-jre Highest
CVE-2023-2976 suppress
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties
CVSSv3:
Base Score: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
kotlin-gradle-plugin-1.8.20-gradle76.jar (shaded: org.antlr:antlr4-runtime:4.5.2-1)Description:
The ANTLR 4 Runtime File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin/1.8.20/7508a92238a34ef55cdbf9a0a6871a14af23d87f/kotlin-gradle-plugin-1.8.20-gradle76.jar/META-INF/maven/org.antlr/antlr4-runtime/pom.xmlMD5: be6f8b9c66278c52274a8e6ba6fe351aSHA1: 6c4013c6b772dd3e8cc00837ccf5edd7619e8d21SHA256: 93bac9b6bc714d559904ed43242782a8cbe543cebf0104bb3ecc1786a9cb661eReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata Evidence Type Source Name Value Confidence Vendor pom artifactid antlr4-runtime Low Vendor pom groupid org.antlr Highest Vendor pom name ANTLR 4 Runtime High Vendor pom parent-artifactid antlr4-master Low Product pom artifactid antlr4-runtime Highest Product pom groupid org.antlr Highest Product pom name ANTLR 4 Runtime High Product pom parent-artifactid antlr4-master Medium Version pom version 4.5.2-1 Highest
kotlin-gradle-plugin-1.8.20-gradle76.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin/1.8.20/7508a92238a34ef55cdbf9a0a6871a14af23d87f/kotlin-gradle-plugin-1.8.20-gradle76.jarMD5: c74bf28b9b5812e39e33a63fc5c915c2SHA1: 7508a92238a34ef55cdbf9a0a6871a14af23d87fSHA256: 4445babba17729ecadd13ffc5e6e84bf988f52c4da4dfde39450d4310fd8c103Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-gradle-plugin-1.8.20-gradle76.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-gradle-plugin High Vendor gradle artifactid kotlin-gradle-plugin Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name gradle Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-gradle-plugin High Product gradle artifactid kotlin-gradle-plugin Highest Product jar package name gradle Highest Product jar package name gradle Low Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name plugin Highest Product Manifest Implementation-Title kotlin-gradle-plugin High Version file name kotlin-gradle-plugin Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-gradle-plugin-annotations-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin-annotations/1.8.20/e4254b95d5b4abe86ba97afb6214877f9fc76a05/kotlin-gradle-plugin-annotations-1.8.20.jarMD5: e7a47837dc25576526de67febaa557c9SHA1: e4254b95d5b4abe86ba97afb6214877f9fc76a05SHA256: 32baa93f157652b6d3a870a41c967fc09195261110d4b7acf9fb53409ef0cf1cReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath aspectj-plugin:compileClasspath aspectj-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-gradle-plugin-annotations-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-gradle-plugin-annotations High Vendor gradle artifactid kotlin-gradle-plugin-annotations Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name gradle Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-gradle-plugin-annotations High Product gradle artifactid kotlin-gradle-plugin-annotations Highest Product jar package name gradle Highest Product jar package name gradle Low Product jar package name kotlin Highest Product jar package name kotlin Low Product Manifest Implementation-Title kotlin-gradle-plugin-annotations High Version file name kotlin-gradle-plugin-annotations Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-gradle-plugin-api-1.8.20-gradle76.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin-api/1.8.20/1d909998b74b7873ac71bd04ce5f145f3d68bcfd/kotlin-gradle-plugin-api-1.8.20-gradle76.jarMD5: e41beab7bd327fae951a5df163809f94SHA1: 1d909998b74b7873ac71bd04ce5f145f3d68bcfdSHA256: ac52bc66abff67f46c39002759559a4d8fce79a3104e8301555f201a105e9512Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath aspectj-plugin:compileClasspath aspectj-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-gradle-plugin-api-1.8.20-gradle76.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-gradle-plugin-api High Vendor gradle artifactid kotlin-gradle-plugin-api Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name gradle Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-gradle-plugin-api High Product gradle artifactid kotlin-gradle-plugin-api Highest Product jar package name gradle Highest Product jar package name gradle Low Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name plugin Highest Product jar package name plugin Low Product Manifest Implementation-Title kotlin-gradle-plugin-api High Version file name kotlin-gradle-plugin-api Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
Related Dependencies kotlin-gradle-plugin-api-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin-api/1.8.20/1d909998b74b7873ac71bd04ce5f145f3d68bcfd/kotlin-gradle-plugin-api-1.8.20.jar MD5: e41beab7bd327fae951a5df163809f94 SHA1: 1d909998b74b7873ac71bd04ce5f145f3d68bcfd SHA256: ac52bc66abff67f46c39002759559a4d8fce79a3104e8301555f201a105e9512 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 kotlin-gradle-plugin-idea-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin-idea/1.8.20/13317df8a0bde5c9ff11de6bfc24ca47466786a9/kotlin-gradle-plugin-idea-1.8.20.jarMD5: 4d469aa75f5e297285ebf27d3a1267d4SHA1: 13317df8a0bde5c9ff11de6bfc24ca47466786a9SHA256: 503049a1dfc2830a2347dd1bf298d2727e99d2e9673b15c2884e208553dd6adbReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath kotlin-gradle-plugin-idea-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-gradle-plugin-idea High Vendor gradle artifactid kotlin-gradle-plugin-idea Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name gradle Low Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Product file name kotlin-gradle-plugin-idea High Product gradle artifactid kotlin-gradle-plugin-idea Highest Product jar package name gradle Low Product jar package name idea Low Product jar package name kotlin Low Version file name kotlin-gradle-plugin-idea Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest
kotlin-gradle-plugin-idea-proto-1.8.20.jar (shaded: com.google.protobuf:protobuf-java:3.21.9)Description:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin-idea-proto/1.8.20/69552a6b5dc117659cbd54cabd3dae8efd6c66aa/kotlin-gradle-plugin-idea-proto-1.8.20.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xmlMD5: a2dfabfa0f929c53986cf63a10619aaeSHA1: bd038b83cdb28c8102b00f2163f908e23bc3eb61SHA256: 66b34002eee26fd0e3d9387ef7d8e70021cf049ad93b083eb8f7143bbd176d29Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom artifactid protobuf-java Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Core] High Vendor pom parent-artifactid protobuf-parent Low Product pom artifactid protobuf-java Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Core] High Product pom parent-artifactid protobuf-parent Medium Version pom version 3.21.9 Highest
kotlin-gradle-plugin-idea-proto-1.8.20.jar (shaded: com.google.protobuf:protobuf-kotlin:3.21.9)Description:
Kotlin core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin-idea-proto/1.8.20/69552a6b5dc117659cbd54cabd3dae8efd6c66aa/kotlin-gradle-plugin-idea-proto-1.8.20.jar/META-INF/maven/com.google.protobuf/protobuf-kotlin/pom.xmlMD5: af12eecad210f41ac71b549f62e38a7bSHA1: 222361a7e9f4f7bb1291ea81e57c615a3d6082bdSHA256: 74408f909e1d9c3969055c431ac013485f5aa75c71214e9a933ee58f98853123Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom artifactid protobuf-kotlin Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Kotlin-Core] High Vendor pom parent-artifactid protobuf-parent Low Product pom artifactid protobuf-kotlin Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Kotlin-Core] High Product pom parent-artifactid protobuf-parent Medium Version pom version 3.21.9 Highest
kotlin-gradle-plugin-idea-proto-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin-idea-proto/1.8.20/69552a6b5dc117659cbd54cabd3dae8efd6c66aa/kotlin-gradle-plugin-idea-proto-1.8.20.jarMD5: be6e436be3aeff03a33a965120a711d0SHA1: 69552a6b5dc117659cbd54cabd3dae8efd6c66aaSHA256: a9bd6d04aab7d74bffc60a9485f90c0f4524d1e94a2ee6fc0f78ee8d56f2aeebReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath kotlin-gradle-plugin-idea-proto-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-gradle-plugin-idea-proto High Vendor gradle artifactid kotlin-gradle-plugin-idea-proto Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name gradle Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-gradle-plugin-idea-proto High Product gradle artifactid kotlin-gradle-plugin-idea-proto Highest Product jar package name gradle Highest Product jar package name gradle Low Product jar package name idea Highest Product jar package name idea Low Product jar package name kotlin Highest Product jar package name kotlin Low Product Manifest Implementation-Title kotlin-gradle-plugin-idea-proto High Version file name kotlin-gradle-plugin-idea-proto Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-gradle-plugin-model-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-gradle-plugin-model/1.8.20/3355c8a7b895f1bd9b5fdf18e89971152518a93b/kotlin-gradle-plugin-model-1.8.20.jarMD5: 4875d2ee0e8842a0f7c2072cc46da77fSHA1: 3355c8a7b895f1bd9b5fdf18e89971152518a93bSHA256: ae8b0092380fbf74dcffe3ce1e29fe18178e1abd31134d971dea3617b5357a39Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-gradle-plugin-model-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-gradle-plugin-model High Vendor gradle artifactid kotlin-gradle-plugin-model Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name gradle Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-gradle-plugin-model High Product gradle artifactid kotlin-gradle-plugin-model Highest Product jar package name gradle Highest Product jar package name gradle Low Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name model Highest Product jar package name model Low Product Manifest Implementation-Title kotlin-gradle-plugin-model High Version file name kotlin-gradle-plugin-model Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-klib-commonizer-api-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-klib-commonizer-api/1.8.20/3f0bd627c3b7de32cced0d24fad29539ba432bc4/kotlin-klib-commonizer-api-1.8.20.jarMD5: 008cc8cf57d5ebcf179c9d02d151e022SHA1: 3f0bd627c3b7de32cced0d24fad29539ba432bc4SHA256: 9a93d99b26044f648ca8aa0491b53b14b3415cbc7e05b43ce12b031a22a27040Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath kotlin-klib-commonizer-api-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-klib-commonizer-api High Vendor gradle artifactid kotlin-klib-commonizer-api Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name commonizer Low Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-klib-commonizer-api High Product gradle artifactid kotlin-klib-commonizer-api Highest Product jar package name commonizer Highest Product jar package name commonizer Low Product jar package name kotlin Highest Product jar package name kotlin Low Product Manifest Implementation-Title kotlin-klib-commonizer-api High Version file name kotlin-klib-commonizer-api Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-klib-commonizer-embeddable-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable/1.8.20/7031468409e4d2b7eba586c100158bf38f7b19a2/kotlin-klib-commonizer-embeddable-1.8.20.jarMD5: d9c35d4c31b7a468cf7c1998922ccad8SHA1: 7031468409e4d2b7eba586c100158bf38f7b19a2SHA256: 3803e9b9f9f77f239fdcc82d677b8ae62326b3245bc443d256e64d55c7e647c0Referenced In Project/Scope: quicktype-plugin:kotlinKlibCommonizerClasspathkotlin-klib-commonizer-embeddable-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2
Evidence Type Source Name Value Confidence Vendor file name kotlin-klib-commonizer-embeddable High Vendor gradle artifactid kotlin-klib-commonizer-embeddable Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name internal Low Vendor jar package name jetbrains Highest Vendor jar package name kotlinx Low Vendor jar package name metadata Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-klib-commonizer-embeddable High Product gradle artifactid kotlin-klib-commonizer-embeddable Highest Product jar package name commonizer Highest Product jar package name internal Low Product jar package name klib Highest Product jar package name kotlin Highest Product jar package name metadata Low Product Manifest Implementation-Title kotlin-klib-commonizer-embeddable High Version file name kotlin-klib-commonizer-embeddable Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-native-utils-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-native-utils/1.8.20/d490644e215629f7f23f1c9ba5eb8bf96f4b8504/kotlin-native-utils-1.8.20.jarMD5: 941181f73cd0a0f1ccb75aa0ded967f8SHA1: d490644e215629f7f23f1c9ba5eb8bf96f4b8504SHA256: a2eca6b8b5b3cf40b8c0482d2cf5631272ddd945d76082eb67a6e8e71f0a855eReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath aspectj-plugin:compileClasspath aspectj-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-native-utils-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-native-utils High Vendor gradle artifactid kotlin-native-utils Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name konan Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-native-utils High Product gradle artifactid kotlin-native-utils Highest Product jar package name konan Low Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name target Low Product Manifest Implementation-Title kotlin-native-utils High Version file name kotlin-native-utils Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-project-model-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-project-model/1.8.20/1c22ceafd66b8e1dcd9e9c662a1bbb276528d4c7/kotlin-project-model-1.8.20.jarMD5: 09d2ab98ca592291b0ac6c5818d0a9b6SHA1: 1c22ceafd66b8e1dcd9e9c662a1bbb276528d4c7SHA256: 46cf347746096cfa156c7da8f335f6adaacabf9881c164400a387a4819248984Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath aspectj-plugin:compileClasspath aspectj-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-project-model-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-project-model High Vendor gradle artifactid kotlin-project-model Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor jar package name project Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-project-model High Product gradle artifactid kotlin-project-model Highest Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name model Highest Product jar package name model Low Product jar package name project Highest Product jar package name project Low Product Manifest Implementation-Title kotlin-project-model High Version file name kotlin-project-model Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-reflect-1.6.10.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-reflect/1.6.10/1cbe9c92c12a94eea200d23c2bbaedaf3daf5132/kotlin-reflect-1.6.10.jarMD5: a22187e3070e39a1cdb6a53970fa714dSHA1: 1cbe9c92c12a94eea200d23c2bbaedaf3daf5132SHA256: 3277ac102ae17aad10a55abec75ff5696c8d109790396434b496e75087854203Referenced In Projects/Scopes:
quicktype-plugin:kotlinKlibCommonizerClasspath quicktype-plugin:kotlinCompilerClasspath kotlin-reflect-1.6.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable@1.8.20 Evidence Type Source Name Value Confidence Vendor file name kotlin-reflect High Vendor gradle artifactid kotlin-reflect Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jvm Low Vendor jar package name kotlin Low Vendor jar package name reflect Low Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Product file name kotlin-reflect High Product gradle artifactid kotlin-reflect Highest Product jar package name internal Low Product jar package name jvm Low Product jar package name kotlin Highest Product jar package name reflect Highest Product jar package name reflect Low Product Manifest Implementation-Title kotlin-reflect High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Version file name kotlin-reflect Medium Version file version 1.6.10 High Version gradle version 1.6.10 Highest Version Manifest Implementation-Version 1.6.10-release-923(1.6.10) High
kotlin-reflect-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-reflect/1.8.20/ea6ffe3c1bb1229f4d9279ae51395c54e7132d53/kotlin-reflect-1.8.20.jarMD5: 83da750e2159ed3369e5c0d3661146b7SHA1: ea6ffe3c1bb1229f4d9279ae51395c54e7132d53SHA256: 531e3c3f9b0c45f9a21f1642174453066a1066bec0190254a6331b331814ab8bReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-reflect-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-reflect High Vendor gradle artifactid kotlin-reflect Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jvm Low Vendor jar package name kotlin Low Vendor jar package name reflect Low Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Product file name kotlin-reflect High Product gradle artifactid kotlin-reflect Highest Product jar package name internal Low Product jar package name jvm Low Product jar package name kotlin Highest Product jar package name reflect Highest Product jar package name reflect Low Product Manifest Implementation-Title kotlin-reflect High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Version file name kotlin-reflect Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-script-runtime-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-script-runtime/1.8.20/c850771e723701f9d63dbcf641429c0f29290074/kotlin-script-runtime-1.8.20.jarMD5: f4095be9ce8faf5994eb911c25f0c87fSHA1: c850771e723701f9d63dbcf641429c0f29290074SHA256: 4bddc06cad20bb843fbd24094b1dc3c31f55508c6918885e8b548f2ebaa8a93eReferenced In Projects/Scopes:
quicktype-plugin:kotlinCompilerPluginClasspathTest quicktype-plugin:kotlinCompilerPluginClasspathMain quicktype-plugin:kotlinKlibCommonizerClasspath quicktype-plugin:kotlinCompilerClasspath kotlin-script-runtime-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 Evidence Type Source Name Value Confidence Vendor file name kotlin-script-runtime High Vendor gradle artifactid kotlin-script-runtime Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name kotlin Low Vendor jar package name script Low Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Product file name kotlin-script-runtime High Product gradle artifactid kotlin-script-runtime Highest Product jar package name dependencies Low Product jar package name kotlin Highest Product jar package name script Highest Product jar package name script Low Product Manifest Implementation-Title kotlin-script-runtime High Product Manifest kotlin-runtime-component Main Low Version file name kotlin-script-runtime Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-scripting-common-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-scripting-common/1.8.20/f19996e3a40658541fe2108c483fd3301c4a3416/kotlin-scripting-common-1.8.20.jarMD5: 689c0b29921e5204e2b7e88adf33a923SHA1: f19996e3a40658541fe2108c483fd3301c4a3416SHA256: a1c6cf4bb49db97a7082bc461acfdf3e163af1b625ab9baa5d7e3e5f9648badcReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinCompilerPluginClasspathTest quicktype-plugin:kotlinCompilerPluginClasspathMain kotlin-scripting-common-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-scripting-common High Vendor gradle artifactid kotlin-scripting-common Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name experimental Low Vendor jar package name kotlin Low Vendor jar package name script Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-scripting-common High Product gradle artifactid kotlin-scripting-common Highest Product jar package name api Low Product jar package name experimental Low Product jar package name kotlin Highest Product jar package name script Low Product Manifest Implementation-Title kotlin-scripting-common High Version file name kotlin-scripting-common Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-scripting-compiler-embeddable-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable/1.8.20/3c8fdcb527dd400398ec8e2985c89dba4af8871e/kotlin-scripting-compiler-embeddable-1.8.20.jarMD5: 53c6b29b13776985fbb8e026f1513637SHA1: 3c8fdcb527dd400398ec8e2985c89dba4af8871eSHA256: 67c4bbe4d58f2c76aa4249ab9b8b36e95023d318d33f8a2a1e8fe743b4b1f32aReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinCompilerPluginClasspathTest quicktype-plugin:kotlinCompilerPluginClasspathMain kotlin-scripting-compiler-embeddable-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-scripting-compiler-embeddable High Vendor gradle artifactid kotlin-scripting-compiler-embeddable Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor jar package name scripting Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-scripting-compiler-embeddable High Product gradle artifactid kotlin-scripting-compiler-embeddable Highest Product jar package name compiler Highest Product jar package name compiler Low Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name scripting Highest Product jar package name scripting Low Product Manifest Implementation-Title kotlin-scripting-compiler-embeddable High Version file name kotlin-scripting-compiler-embeddable Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-scripting-compiler-impl-embeddable-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-scripting-compiler-impl-embeddable/1.8.20/3b1ec379939d04bc0e1264b695ed949bc5c9bea3/kotlin-scripting-compiler-impl-embeddable-1.8.20.jarMD5: bdd4f9f743bc9a40a50187d66861e816SHA1: 3b1ec379939d04bc0e1264b695ed949bc5c9bea3SHA256: e789192f39357dbdf4c8a94cd2fafe860de0c0530d34bf1c2c634b75b880f4a2Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinCompilerPluginClasspathTest quicktype-plugin:kotlinCompilerPluginClasspathMain kotlin-scripting-compiler-impl-embeddable-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-scripting-compiler-impl-embeddable High Vendor gradle artifactid kotlin-scripting-compiler-impl-embeddable Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor jar package name scripting Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-scripting-compiler-impl-embeddable High Product gradle artifactid kotlin-scripting-compiler-impl-embeddable Highest Product jar package name definitions Low Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name scripting Highest Product jar package name scripting Low Product Manifest Implementation-Title kotlin-scripting-compiler-impl-embeddable High Version file name kotlin-scripting-compiler-impl-embeddable Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-scripting-jvm-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-scripting-jvm/1.8.20/51c8efbe177ebcaa89c82d01663c60060a120dd2/kotlin-scripting-jvm-1.8.20.jarMD5: ecc01a18aeb825fa3f3e72a0fcdf88a9SHA1: 51c8efbe177ebcaa89c82d01663c60060a120dd2SHA256: 2e1889c89c785440ac126935187baaa83a6fc66deeb530491f943a38bf3bc8c0Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinCompilerPluginClasspathTest quicktype-plugin:kotlinCompilerPluginClasspathMain kotlin-scripting-jvm-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-scripting-jvm High Vendor gradle artifactid kotlin-scripting-jvm Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name experimental Low Vendor jar package name kotlin Low Vendor jar package name script Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-scripting-jvm High Product gradle artifactid kotlin-scripting-jvm Highest Product jar package name experimental Low Product jar package name jvm Highest Product jar package name jvm Low Product jar package name kotlin Highest Product jar package name script Low Product Manifest Implementation-Title kotlin-scripting-jvm High Version file name kotlin-scripting-jvm Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-stdlib-1.6.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.6.20/6cedc143badbb4f1c6b7f5a340b04edff1743208/kotlin-stdlib-1.6.20.jarMD5: a843670513e4890c9e080b51fd8dc9baSHA1: 6cedc143badbb4f1c6b7f5a340b04edff1743208SHA256: eeb51c2b67b26233fd81d0bc4f8044ec849718890905763ceffd84a31e2cb799Referenced In Projects/Scopes:
github-plugin:compileClasspath github-plugin:runtimeClasspath maven-plugin-plugin:compileClasspath okhttp-plugin:runtimeClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath okhttp-plugin:compileClasspath maven-plugin:runtimeClasspath kotlin-stdlib-1.6.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib High Vendor gradle artifactid kotlin-stdlib Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Product file name kotlin-stdlib High Product gradle artifactid kotlin-stdlib Highest Product jar package name kotlin Highest Product Manifest Implementation-Title kotlin-stdlib High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Version file name kotlin-stdlib Medium Version file version 1.6.20 High Version gradle version 1.6.20 Highest Version Manifest Implementation-Version 1.6.20-release-275(1.6.20) High
kotlin-stdlib-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.8.20/e72fc5e03ec6c064c678a6bd0d955c88d55b0c4a/kotlin-stdlib-1.8.20.jarMD5: 2b3d65e24952649bf7534017c64b435eSHA1: e72fc5e03ec6c064c678a6bd0d955c88d55b0c4aSHA256: 4395647b1961d9fb730a34e8dbe56c293157bc0759004cca63d9b5ee6653e5c7Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinCompilerPluginClasspathTest quicktype-plugin:compileClasspath quicktype-plugin:kotlinCompilerPluginClasspathMain quicktype-plugin:apiDependenciesMetadata quicktype-plugin:kotlinKlibCommonizerClasspath quicktype-plugin:kotlinCompilerClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-stdlib-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-compiler-embeddable@1.8.20 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.8.20 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib High Vendor gradle artifactid kotlin-stdlib Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Product file name kotlin-stdlib High Product gradle artifactid kotlin-stdlib Highest Product jar package name kotlin Highest Product Manifest Implementation-Title kotlin-stdlib High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Version file name kotlin-stdlib Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-stdlib-common-1.6.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib-common/1.6.20/27b4562b6713d70f458c6d7ea39aadacb8e6a92b/kotlin-stdlib-common-1.6.20.jarMD5: 2067bd14cd5efaa4721e7fc224bd52adSHA1: 27b4562b6713d70f458c6d7ea39aadacb8e6a92bSHA256: 8da40a2520d30dcb1012176fe93d24e82d08a3e346c37e0343b0fb6f64f6be01Referenced In Projects/Scopes:
github-plugin:compileClasspath github-plugin:runtimeClasspath maven-plugin-plugin:compileClasspath okhttp-plugin:runtimeClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath okhttp-plugin:compileClasspath maven-plugin:runtimeClasspath kotlin-stdlib-common-1.6.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib-common High Vendor gradle artifactid kotlin-stdlib-common Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Product file name kotlin-stdlib-common High Product gradle artifactid kotlin-stdlib-common Highest Product Manifest Implementation-Title kotlin-stdlib-common High Product Manifest kotlin-runtime-component Main Low Version file name kotlin-stdlib-common Medium Version file version 1.6.20 High Version gradle version 1.6.20 Highest Version Manifest Implementation-Version 1.6.20-release-275(1.6.20) High
kotlin-stdlib-common-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib-common/1.8.20/5eddaaf234c8c49d03eebeb6a14feb7f90faca71/kotlin-stdlib-common-1.8.20.jarMD5: af45a8873880f027f47d573e1483a6dcSHA1: 5eddaaf234c8c49d03eebeb6a14feb7f90faca71SHA256: fa20188abaa8ecf1d0035e93a969b071f10e45a1c8378c314521eade73f75fd5Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinCompilerPluginClasspathTest quicktype-plugin:compileClasspath quicktype-plugin:kotlinCompilerPluginClasspathMain quicktype-plugin:apiDependenciesMetadata quicktype-plugin:kotlinKlibCommonizerClasspath quicktype-plugin:kotlinCompilerClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-stdlib-common-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-compiler-embeddable@1.8.20 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.8.20 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-scripting-compiler-embeddable@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib-common High Vendor gradle artifactid kotlin-stdlib-common Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Product file name kotlin-stdlib-common High Product gradle artifactid kotlin-stdlib-common Highest Product Manifest Implementation-Title kotlin-stdlib-common High Product Manifest kotlin-runtime-component Main Low Version file name kotlin-stdlib-common Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-stdlib-jdk7-1.6.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.6.20/f8629f336bad4001c89e9cffa5ef3d4b5d0f5e22/kotlin-stdlib-jdk7-1.6.20.jarMD5: 663de4333c8de50827423fdd50dbdc28SHA1: f8629f336bad4001c89e9cffa5ef3d4b5d0f5e22SHA256: aa2fa2e81355c4d98dd97da2169bf401f842261378f5b1cbea1aa11855d67620Referenced In Projects/Scopes:
github-plugin:compileClasspath github-plugin:runtimeClasspath maven-plugin-plugin:compileClasspath okhttp-plugin:runtimeClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath okhttp-plugin:compileClasspath maven-plugin:runtimeClasspath kotlin-stdlib-jdk7-1.6.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib-jdk7 High Vendor gradle artifactid kotlin-stdlib-jdk7 Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name io Low Vendor jar package name kotlin Low Vendor jar package name path Low Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Product file name kotlin-stdlib-jdk7 High Product gradle artifactid kotlin-stdlib-jdk7 Highest Product jar package name io Low Product jar package name jdk7 Highest Product jar package name kotlin Highest Product jar package name path Low Product Manifest Implementation-Title kotlin-stdlib-jdk7 High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Version file name kotlin-stdlib-jdk7 Medium Version file version 1.6.20 High Version gradle version 1.6.20 Highest Version Manifest Implementation-Version 1.6.20-release-275(1.6.20) High
kotlin-stdlib-jdk7-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.20/3aa51faf20aae8b31e1a4bc54f8370673d7b7df4/kotlin-stdlib-jdk7-1.8.20.jarMD5: da3588af3bb0c9122dbae3d733dddf53SHA1: 3aa51faf20aae8b31e1a4bc54f8370673d7b7df4SHA256: af1ec40c3b951afdcc0c2a0173c7b81763c5281c2d5bafbf0a8544a24c5dcc0cReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:apiDependenciesMetadata quicktype-plugin:implementationDependenciesMetadata kotlin-stdlib-jdk7-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.20 Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib-jdk7 High Vendor gradle artifactid kotlin-stdlib-jdk7 Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name meta-inf Low Vendor jar package name versions Low Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Product file name kotlin-stdlib-jdk7 High Product gradle artifactid kotlin-stdlib-jdk7 Highest Product jar package name module-info Low Product jar package name versions Low Product Manifest Implementation-Title kotlin-stdlib-jdk7 High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Version file name kotlin-stdlib-jdk7 Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-stdlib-jdk8-1.6.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.6.20/dab8089bca6ac0e394c37281ea8cff2f99acd421/kotlin-stdlib-jdk8-1.6.20.jarMD5: fed044b594860fabbec6e2c951f16467SHA1: dab8089bca6ac0e394c37281ea8cff2f99acd421SHA256: fdab1bf120e2b5e7ab6d7888e9ebc024ec6b8ca729361296395dab634b213695Referenced In Projects/Scopes:
github-plugin:compileClasspath github-plugin:runtimeClasspath maven-plugin-plugin:compileClasspath okhttp-plugin:runtimeClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath okhttp-plugin:compileClasspath maven-plugin:runtimeClasspath kotlin-stdlib-jdk8-1.6.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib-jdk8 High Vendor gradle artifactid kotlin-stdlib-jdk8 Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jdk8 Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Product file name kotlin-stdlib-jdk8 High Product gradle artifactid kotlin-stdlib-jdk8 Highest Product jar package name jdk8 Highest Product jar package name jdk8 Low Product jar package name kotlin Highest Product Manifest Implementation-Title kotlin-stdlib-jdk8 High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Version file name kotlin-stdlib-jdk8 Medium Version file version 1.6.20 High Version gradle version 1.6.20 Highest Version Manifest Implementation-Version 1.6.20-release-275(1.6.20) High
kotlin-stdlib-jdk8-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.20/73576ddf378c5b4f1f6b449fe6b119b8183fc078/kotlin-stdlib-jdk8-1.8.20.jarMD5: 2097cb28602f5a6320bcc1bd74914db9SHA1: 73576ddf378c5b4f1f6b449fe6b119b8183fc078SHA256: e398b67977622718bf18ff99b739c7d9da060f33fb458a2e25203221c16af010Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:apiDependenciesMetadata quicktype-plugin:implementationDependenciesMetadata kotlin-stdlib-jdk8-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib-jdk8 High Vendor gradle artifactid kotlin-stdlib-jdk8 Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name meta-inf Low Vendor jar package name versions Low Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Product file name kotlin-stdlib-jdk8 High Product gradle artifactid kotlin-stdlib-jdk8 Highest Product jar package name module-info Low Product jar package name versions Low Product Manifest Implementation-Title kotlin-stdlib-jdk8 High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Version file name kotlin-stdlib-jdk8 Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-tooling-core-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-tooling-core/1.8.20/6ab3d6c8e8d13c2748ecf0b74978fbd191def027/kotlin-tooling-core-1.8.20.jarMD5: b9b9d52aa6a68a0f75445b37fd625d81SHA1: 6ab3d6c8e8d13c2748ecf0b74978fbd191def027SHA256: 7a412677e73a59588cdad4cb9c7f8e3bb70bae5db66933b4b3f3ece0071b4cadReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath aspectj-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-tooling-core-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-tooling-core High Vendor gradle artifactid kotlin-tooling-core Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor jar package name tooling Low Product file name kotlin-tooling-core High Product gradle artifactid kotlin-tooling-core Highest Product jar package name core Low Product jar package name kotlin Low Product jar package name tooling Low Version file name kotlin-tooling-core Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest
kotlin-util-io-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-util-io/1.8.20/845b590111343b11034db2a6febeac83102a8cbb/kotlin-util-io-1.8.20.jarMD5: faf2d012f163201a497dafc6c5c7a2b4SHA1: 845b590111343b11034db2a6febeac83102a8cbbSHA256: 2d251d7a48bde1e1ec816969275473a044bb341bfe1c08593a0b51f1ef3f8b7bReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath aspectj-plugin:compileClasspath aspectj-plugin:runtimeClasspath quicktype-plugin:compileClasspath quicktype-plugin:implementationDependenciesMetadata kotlin-util-io-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin-api@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-util-io High Vendor gradle artifactid kotlin-util-io Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name konan Low Vendor jar package name kotlin Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-util-io High Product gradle artifactid kotlin-util-io Highest Product jar package name konan Low Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name util Highest Product Manifest Implementation-Title kotlin-util-io High Version file name kotlin-util-io Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlin-util-klib-1.8.20.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-util-klib/1.8.20/762b166115f504dbae778aa06eaf33b4cccc0cd2/kotlin-util-klib-1.8.20.jarMD5: 5bbd4ce26d752a00e27e12d7c81bd33fSHA1: 762b166115f504dbae778aa06eaf33b4cccc0cd2SHA256: 51bc74326401b4d3fa4e784f89c51c7932ee52998b619271e88f175dead82242Referenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath kotlin-util-klib-1.8.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlin-util-klib High Vendor gradle artifactid kotlin-util-klib Highest Vendor gradle groupid org.jetbrains.kotlin Highest Vendor jar package name jetbrains Highest Vendor jar package name jetbrains Low Vendor jar package name kotlin Low Vendor jar package name library Low Vendor Manifest Implementation-Vendor JetBrains High Product file name kotlin-util-klib High Product gradle artifactid kotlin-util-klib Highest Product jar package name impl Low Product jar package name kotlin Highest Product jar package name kotlin Low Product jar package name library Low Product Manifest Implementation-Title kotlin-util-klib High Version file name kotlin-util-klib Medium Version file version 1.8.20 High Version gradle version 1.8.20 Highest Version Manifest Implementation-Version 1.8.20-release-327(1.8.20) High
kotlinx-coroutines-core-jvm-1.5.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlinx/kotlinx-coroutines-core-jvm/1.5.0/d8cebccdcddd029022aa8646a5a953ff88b13ac8/kotlinx-coroutines-core-jvm-1.5.0.jarMD5: 0a0d2e63b7d71b97778cbd41bb3dfce0SHA1: d8cebccdcddd029022aa8646a5a953ff88b13ac8SHA256: 78d6cc7135f84d692ff3752fcfd1fa1bbe0940d7df70652e4f1eaeec0c78afbbReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath kotlinx-coroutines-core-jvm-1.5.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name kotlinx-coroutines-core-jvm High Vendor gradle artifactid kotlinx-coroutines-core-jvm Highest Vendor gradle groupid org.jetbrains.kotlinx Highest Vendor jar package name coroutines Low Vendor jar package name kotlinx Low Vendor Manifest can-retransform-classes true Low Product file name kotlinx-coroutines-core-jvm High Product gradle artifactid kotlinx-coroutines-core-jvm Highest Product jar package name coroutines Low Product Manifest can-retransform-classes true Low Version file name kotlinx-coroutines-core-jvm Medium Version file version 1.5.0 High Version gradle version 1.5.0 Highest
logging-interceptor-4.11.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/logging-interceptor/4.11.0/87fa769912b1f738f3c2dd87e3bca4d1d7f0e666/logging-interceptor-4.11.0.jarMD5: 7452d90e84c3421511c66d43ddef1197SHA1: 87fa769912b1f738f3c2dd87e3bca4d1d7f0e666SHA256: b99f2d488fce9ac5aebf75783a7848f83fa7a7aac143820c4ebd49db8499db8cReferenced In Projects/Scopes:
documentation:javadocClasspath github-plugin:compileClasspath github-plugin:runtimeClasspath maven-plugin-plugin:compileClasspath okhttp-plugin:runtimeClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath okhttp-plugin:compileClasspath maven-plugin:runtimeClasspath logging-interceptor-4.11.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 Evidence Type Source Name Value Confidence Vendor file name logging-interceptor High Vendor gradle artifactid logging-interceptor Highest Vendor gradle groupid com.squareup.okhttp3 Highest Vendor jar package name logging Highest Vendor jar package name logging Low Vendor jar package name okhttp3 Highest Vendor jar package name okhttp3 Low Vendor Manifest automatic-module-name okhttp3.logging Medium Product file name logging-interceptor High Product gradle artifactid logging-interceptor Highest Product jar package name logging Highest Product jar package name logging Low Product jar package name okhttp3 Highest Product Manifest automatic-module-name okhttp3.logging Medium Version file name logging-interceptor Medium Version file version 4.11.0 High Version gradle version 4.11.0 Highest
lombok-1.18.28.jar lombok-1.18.28.jar: mavenEcjBootstrapAgent.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.projectlombok/lombok/1.18.28/a2ff5da8bcd8b1b26f36b806ced63213362c6dcc/lombok-1.18.28.jar/lombok/launch/mavenEcjBootstrapAgent.jarMD5: a1d753fe8aaf60ad853aa91a66c2995fSHA1: 322bba74fc2f92977a1cb37423a3ec278db13726SHA256: 347036133d49df4fd1d625fa4e7906ddd968291cef7590bb2f8398dd2413d4e4Referenced In Projects/Scopes:
plugin-utils:lombok test-common:annotationProcessor maven-plugin:annotationProcessor mkdocs-plugin:annotationProcessor code-generator-plugin:annotationProcessor jacoco-plugin:lombok code-generator-plugin:compileClasspath lombok-plugin:compileClasspath quicktype-plugin:lombok quicktype-plugin:annotationProcessor github-plugin:compileClasspath okhttp-plugin:lombok test-code-generator:annotationProcessor git-plugin:annotationProcessor test-code-generator:lombok git-plugin:lombok code-generator-api:annotationProcessor settings-plugin:annotationProcessor embedded-sass-plugin:annotationProcessor code-generator-api:lombok lombok-plugin:lombok okhttp-plugin:compileClasspath aspectj-plugin:lombok git-plugin:compileClasspath code-generator-api:compileClasspath embedded-sass-plugin:lombok okhttp-plugin:annotationProcessor plugin-utils:compileClasspath test-common:lombok mkdocs-plugin:lombok settings-plugin:lombok maven-plugin:lombok maven-plugin-plugin:compileClasspath compress-plugin:lombok settings-plugin:compileClasspath lombok-plugin:annotationProcessor aspectj-plugin:compileClasspath compress-plugin:compileClasspath maven-plugin:compileClasspath test-common:compileClasspath embedded-sass-plugin:compileClasspath github-plugin:lombok plantuml-plugin:annotationProcessor jacoco-plugin:annotationProcessor plugin-utils:annotationProcessor aspectj-plugin:annotationProcessor mkdocs-plugin:compileClasspath maven-plugin-plugin:annotationProcessor quicktype-plugin:compileOnlyDependenciesMetadata jacoco-plugin:compileClasspath compress-plugin:annotationProcessor maven-plugin-plugin:lombok plantuml-plugin:compileClasspath plantuml-plugin:lombok quicktype-plugin:compileClasspath github-plugin:annotationProcessor test-code-generator:compileClasspath code-generator-plugin:lombok Evidence Type Source Name Value Confidence Vendor file name mavenEcjBootstrapAgent High Vendor jar package name launch Low Vendor jar package name lombok Low Vendor Manifest can-redefine-classes true Low Product file name mavenEcjBootstrapAgent High Product jar package name launch Low Product Manifest can-redefine-classes true Low
lombok-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/lombok-plugin/build/libs/lombok-plugin-8.2.2.jarMD5: 8086d77c0e4545592a61fb75540f3cbeSHA1: 4acb1fe3caca5b64fe84b0da4bf12facc84191c2SHA256: 3e7abae8faf1d1e8067d3edfa8ed3cb6425771ec8f91ca32b6c5831b13bd9956Referenced In Project/Scope: documentation:javadocClasspathlombok-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name lombok-plugin High Vendor gradle artifactid lombok-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name lombok-plugin High Product gradle artifactid lombok-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
maven-aether-provider-3.2.5.jarDescription:
Extensions to Aether for utilizing Maven POM and repository metadata. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-aether-provider/3.2.5/dfddf469d20b877b184dda5d6e60f0c75f558a72/maven-aether-provider-3.2.5.jarMD5: 5b6cc79c8c8abc3c92ae7d57c4cbb078SHA1: dfddf469d20b877b184dda5d6e60f0c75f558a72SHA256: 703944b922d5351aad53b842f7dd38439b7213425f13c6c7f034b8b699b7d578Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-aether-provider-3.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-aether-provider High Vendor gradle artifactid maven-aether-provider Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name repository Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-aether-provider Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Aether Provider High Vendor pom parent-artifactid maven Low Product file name maven-aether-provider High Product gradle artifactid maven-aether-provider Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name repository Highest Product Manifest Implementation-Title Maven Aether Provider High Product Manifest specification-title Maven Aether Provider Medium Product pom artifactid maven-aether-provider Highest Product pom groupid org.apache.maven Highest Product pom name Maven Aether Provider High Product pom parent-artifactid maven Medium Version file version 3.2.5 High Version gradle version 3.2.5 Highest Version Manifest Implementation-Version 3.2.5 High Version pom version 3.2.5 Highest
maven-artifact-3.2.5.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-artifact/3.2.5/bf5ce89d5f7ff57f2a33e78067ba97e62bae007d/maven-artifact-3.2.5.jarMD5: 6ca73ba6de24218f238a45d8a06e519bSHA1: bf5ce89d5f7ff57f2a33e78067ba97e62bae007dSHA256: 270385907ecfbcb256fe5afb883869fd57a5c021b5242693743ef787605c6335Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-artifact-3.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-artifact High Vendor gradle artifactid maven-artifact Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name artifact Highest Vendor jar package name maven Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-artifact Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Artifact High Vendor pom parent-artifactid maven Low Product file name maven-artifact High Product gradle artifactid maven-artifact Highest Product jar package name apache Highest Product jar package name artifact Highest Product jar package name maven Highest Product Manifest Implementation-Title Maven Artifact High Product Manifest specification-title Maven Artifact Medium Product pom artifactid maven-artifact Highest Product pom groupid org.apache.maven Highest Product pom name Maven Artifact High Product pom parent-artifactid maven Medium Version file version 3.2.5 High Version gradle version 3.2.5 Highest Version Manifest Implementation-Version 3.2.5 High Version pom version 3.2.5 Highest
maven-core-3.2.5.jarDescription:
Maven Core classes. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-core/3.2.5/fbec7cf0df4fbc2896a6768ae59053877c05c241/maven-core-3.2.5.jarMD5: 0988ce2795bb72277a0199179154d398SHA1: fbec7cf0df4fbc2896a6768ae59053877c05c241SHA256: 4f1a0af8997e1daf778b91c5ae9e973f92df699439d909fdec7fc6055c09de12Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-core-3.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-core High Vendor gradle artifactid maven-core Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-core Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Core High Vendor pom parent-artifactid maven Low Product file name maven-core High Product gradle artifactid maven-core Highest Product jar package name apache Highest Product jar package name maven Highest Product Manifest Implementation-Title Maven Core High Product Manifest specification-title Maven Core Medium Product pom artifactid maven-core Highest Product pom groupid org.apache.maven Highest Product pom name Maven Core High Product pom parent-artifactid maven Medium Version file version 3.2.5 High Version gradle version 3.2.5 Highest Version Manifest Implementation-Version 3.2.5 High Version pom version 3.2.5 Highest
CVE-2021-26291 suppress
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html CWE-346 Origin Validation Error
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions: (show all )
maven-model-3.2.5.jarDescription:
Model for Maven POM (Project Object Model) File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-model/3.2.5/ced305476a43e8a042a59e94ef38b3291d9ce1e7/maven-model-3.2.5.jarMD5: 16ceccebac412654c427dcd66df4f6f9SHA1: ced305476a43e8a042a59e94ef38b3291d9ce1e7SHA256: 8d439cc1661349dab1c69eed0f831336d187e162cc6d68aa4deefcff57ee0624Referenced In Project/Scope: maven-plugin-plugin:compileClasspathmaven-model-3.2.5.jar is in the transitive dependency tree of the listed items. Included by:
pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-model High Vendor gradle artifactid maven-model Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name model Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-model Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Model High Vendor pom parent-artifactid maven Low Product file name maven-model High Product gradle artifactid maven-model Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name model Highest Product Manifest Implementation-Title Maven Model High Product Manifest specification-title Maven Model Medium Product pom artifactid maven-model Highest Product pom groupid org.apache.maven Highest Product pom name Maven Model High Product pom parent-artifactid maven Medium Version file version 3.2.5 High Version gradle version 3.2.5 Highest Version Manifest Implementation-Version 3.2.5 High Version pom version 3.2.5 Highest
maven-model-3.9.4.jarDescription:
Model for Maven POM (Project Object Model) File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-model/3.9.4/5b79d873cf6d13b3fc4020eac04e2a62ebbfa0aa/maven-model-3.9.4.jarMD5: d507b64e6608681ce809307a9e669316SHA1: 5b79d873cf6d13b3fc4020eac04e2a62ebbfa0aaSHA256: 7931dc8dda878eef46988d9fd07c4ade3c91892d7fb3208c742cb9457135bb15Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath maven-plugin:runtimeClasspath maven-model-3.9.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-model High Vendor gradle artifactid maven-model Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name model Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-model Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Model High Vendor pom parent-artifactid maven Low Product file name maven-model High Product gradle artifactid maven-model Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name model Highest Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Maven Model High Product Manifest specification-title Maven Model Medium Product pom artifactid maven-model Highest Product pom groupid org.apache.maven Highest Product pom name Maven Model High Product pom parent-artifactid maven Medium Version file version 3.9.4 High Version gradle version 3.9.4 Highest Version Manifest Implementation-Version 3.9.4 High Version pom version 3.9.4 Highest
maven-model-builder-3.2.5.jarDescription:
The effective model builder, with inheritance, profile activation, interpolation, ... File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-model-builder/3.2.5/7a32f3966fab463df9cdae95fd6df8c2e561e3ae/maven-model-builder-3.2.5.jarMD5: a216c67dae851a4cedb4b431a674eba2SHA1: 7a32f3966fab463df9cdae95fd6df8c2e561e3aeSHA256: cc5321269d080ad6694458f53186be5391a21c488ab3a7d6dd73123c7681879dReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-model-builder-3.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-model-builder High Vendor gradle artifactid maven-model-builder Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name inheritance Highest Vendor jar package name interpolation Highest Vendor jar package name maven Highest Vendor jar package name model Highest Vendor jar package name profile Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-model-builder Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Model Builder High Vendor pom parent-artifactid maven Low Product file name maven-model-builder High Product gradle artifactid maven-model-builder Highest Product jar package name apache Highest Product jar package name inheritance Highest Product jar package name interpolation Highest Product jar package name maven Highest Product jar package name model Highest Product jar package name profile Highest Product Manifest Implementation-Title Maven Model Builder High Product Manifest specification-title Maven Model Builder Medium Product pom artifactid maven-model-builder Highest Product pom groupid org.apache.maven Highest Product pom name Maven Model Builder High Product pom parent-artifactid maven Medium Version file version 3.2.5 High Version gradle version 3.2.5 Highest Version Manifest Implementation-Version 3.2.5 High Version pom version 3.2.5 Highest
maven-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/maven-plugin/build/libs/maven-plugin-8.2.2.jarMD5: 87f9d7afe1e85b56de9dd72e24885f75SHA1: ab09510c6fd1e06555c2deb55e41b9ce5cd94891SHA256: 0607dec306c919946cea34cf13074f93a921d68ca5ff26b0500cdd8a9c36071fReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/documentation@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name maven-plugin High Vendor gradle artifactid maven-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name maven-plugin High Product gradle artifactid maven-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
maven-plugin-annotations-3.9.0.jarDescription:
Java annotations to use in Mojos File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.plugin-tools/maven-plugin-annotations/3.9.0/a24f7830b2f8811e4bfd5c4c569f13198db261f/maven-plugin-annotations-3.9.0.jarMD5: 43a9454b4318c740c27a5c2f2d8079b3SHA1: 0a24f7830b2f8811e4bfd5c4c569f13198db261fSHA256: 6518bbac60808e1b74927bdc15a9f2a58073d23fa525d24032c229b426431585Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-plugin-annotations-3.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-plugin-annotations High Vendor gradle artifactid maven-plugin-annotations Highest Vendor gradle groupid org.apache.maven.plugin-tools Highest Vendor jar package name annotations Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-annotations Low Vendor pom groupid org.apache.maven.plugin-tools Highest Vendor pom name Maven Plugin Tools Java Annotations High Vendor pom parent-artifactid maven-plugin-tools Low Product file name maven-plugin-annotations High Product gradle artifactid maven-plugin-annotations Highest Product jar package name annotations Highest Product jar package name apache Highest Product jar package name maven Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Maven Plugin Tools Java Annotations High Product Manifest specification-title Maven Plugin Tools Java Annotations Medium Product pom artifactid maven-plugin-annotations Highest Product pom groupid org.apache.maven.plugin-tools Highest Product pom name Maven Plugin Tools Java Annotations High Product pom parent-artifactid maven-plugin-tools Medium Version file version 3.9.0 High Version gradle version 3.9.0 Highest Version Manifest Implementation-Version 3.9.0 High Version pom version 3.9.0 Highest
maven-plugin-api-3.2.5.jarDescription:
The API for plugins - Mojos - development. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-plugin-api/3.2.5/5c6893f4ac5425d07c4053f3c4e27b2a3b37c516/maven-plugin-api-3.2.5.jarMD5: 11a402fb287811b6a249a553e9af5383SHA1: 5c6893f4ac5425d07c4053f3c4e27b2a3b37c516SHA256: 194a6f0ce889ed3b0d8a9bc4d3c79541e878098b7e303e4ac76c1031850772c3Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-plugin-api-3.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-plugin-api High Vendor gradle artifactid maven-plugin-api Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name plugin Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-api Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Plugin API High Vendor pom parent-artifactid maven Low Product file name maven-plugin-api High Product gradle artifactid maven-plugin-api Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name plugin Highest Product Manifest Implementation-Title Maven Plugin API High Product Manifest specification-title Maven Plugin API Medium Product pom artifactid maven-plugin-api Highest Product pom groupid org.apache.maven Highest Product pom name Maven Plugin API High Product pom parent-artifactid maven Medium Version file version 3.2.5 High Version gradle version 3.2.5 Highest Version Manifest Implementation-Version 3.2.5 High Version pom version 3.2.5 Highest
maven-plugin-plugin-3.9.0.jarDescription:
The Plugin Plugin is used to create a Maven plugin descriptor for any Mojo's found in the source tree,
to include in the JAR. It is also used to generate Xdoc files for the Mojos as well as the artifact metadata
and a generic help goal. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.plugins/maven-plugin-plugin/3.9.0/c3b9cc33d875a0025cfe301c74c639ff84319174/maven-plugin-plugin-3.9.0.jarMD5: fe640d03c2ea7206d014c47ce802ca83SHA1: c3b9cc33d875a0025cfe301c74c639ff84319174SHA256: 814df814d2132e4f264b158b7eaba812f4e2c39af4f9b49a1e3f1e2457573d55Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin-3.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name maven-plugin-plugin High Vendor gradle artifactid maven-plugin-plugin Highest Vendor gradle groupid org.apache.maven.plugins Highest Vendor jar package name apache Highest Vendor jar package name artifact Highest Vendor jar package name maven Highest Vendor jar package name plugin Highest Vendor jar package name plugins Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-plugin Low Vendor pom groupid org.apache.maven.plugins Highest Vendor pom name Maven Plugin Plugin High Vendor pom parent-artifactid maven-plugin-tools Low Vendor pom parent-groupid org.apache.maven.plugin-tools Medium Product file name maven-plugin-plugin High Product gradle artifactid maven-plugin-plugin Highest Product jar package name apache Highest Product jar package name artifact Highest Product jar package name maven Highest Product jar package name plugin Highest Product jar package name plugins Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Maven Plugin Plugin High Product Manifest specification-title Maven Plugin Plugin Medium Product pom artifactid maven-plugin-plugin Highest Product pom groupid org.apache.maven.plugins Highest Product pom name Maven Plugin Plugin High Product pom parent-artifactid maven-plugin-tools Medium Product pom parent-groupid org.apache.maven.plugin-tools Medium Version file version 3.9.0 High Version gradle version 3.9.0 Highest Version Manifest Implementation-Version 3.9.0 High Version pom version 3.9.0 Highest
maven-plugin-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/maven-plugin-plugin/build/libs/maven-plugin-plugin-8.2.2.jarMD5: 023b8246443928295569d0c90fc00a3fSHA1: 53355b030883c8ad94a1c689a280a55f206ce12fSHA256: b0a5a025190a91baae1661262f6c5492871046713d4e044fad841c5e23981477Referenced In Project/Scope: documentation:javadocClasspathmaven-plugin-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name maven-plugin-plugin High Vendor gradle artifactid maven-plugin-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name maven-plugin-plugin High Product gradle artifactid maven-plugin-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
maven-plugin-tools-annotations-3.9.0.jarDescription:
Descriptor extractor for plugins written in Java with Java annotations. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.plugin-tools/maven-plugin-tools-annotations/3.9.0/7012d67976aa048276a82f33cfa0aa2e69782a8e/maven-plugin-tools-annotations-3.9.0.jarMD5: ae7923369b37d593fe5b8c59975abe8aSHA1: 7012d67976aa048276a82f33cfa0aa2e69782a8eSHA256: 15f8867e39d4b2df09c5d9e38efec9c81dfa8c6834bf8d3ebcb16f7f72013fafReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-plugin-tools-annotations-3.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name maven-plugin-tools-annotations High Vendor gradle artifactid maven-plugin-tools-annotations Highest Vendor gradle groupid org.apache.maven.plugin-tools Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name plugin Highest Vendor jar package name tools Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-tools-annotations Low Vendor pom groupid org.apache.maven.plugin-tools Highest Vendor pom name Maven Plugin Tool for Java with Annotations High Vendor pom parent-artifactid maven-plugin-tools Low Product file name maven-plugin-tools-annotations High Product gradle artifactid maven-plugin-tools-annotations Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name plugin Highest Product jar package name tools Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Maven Plugin Tool for Java with Annotations High Product Manifest specification-title Maven Plugin Tool for Java with Annotations Medium Product pom artifactid maven-plugin-tools-annotations Highest Product pom groupid org.apache.maven.plugin-tools Highest Product pom name Maven Plugin Tool for Java with Annotations High Product pom parent-artifactid maven-plugin-tools Medium Version file version 3.9.0 High Version gradle version 3.9.0 Highest Version Manifest Implementation-Version 3.9.0 High Version pom version 3.9.0 Highest
maven-plugin-tools-api-3.9.0.jarDescription:
The Maven Plugin Tools Extractor API provides an API to extract descriptor information from Maven Plugins. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.plugin-tools/maven-plugin-tools-api/3.9.0/1b17da59e5ece27aa1c8d44417c45294febb758b/maven-plugin-tools-api-3.9.0.jarMD5: 0964f8ea6012182eba0c6717f3c872a7SHA1: 1b17da59e5ece27aa1c8d44417c45294febb758bSHA256: b0dc0bebf235f99983b7fd8449bae799f00896b17ba1c331654ffe1b2340e5a2Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-plugin-tools-api-3.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-plugin-tools-api High Vendor gradle artifactid maven-plugin-tools-api Highest Vendor gradle groupid org.apache.maven.plugin-tools Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name plugin Highest Vendor jar package name tools Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-tools-api Low Vendor pom groupid org.apache.maven.plugin-tools Highest Vendor pom name Maven Plugin Tools Extractor API High Vendor pom parent-artifactid maven-plugin-tools Low Product file name maven-plugin-tools-api High Product gradle artifactid maven-plugin-tools-api Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name plugin Highest Product jar package name tools Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Maven Plugin Tools Extractor API High Product Manifest specification-title Maven Plugin Tools Extractor API Medium Product pom artifactid maven-plugin-tools-api Highest Product pom groupid org.apache.maven.plugin-tools Highest Product pom name Maven Plugin Tools Extractor API High Product pom parent-artifactid maven-plugin-tools Medium Version file version 3.9.0 High Version gradle version 3.9.0 Highest Version Manifest Implementation-Version 3.9.0 High Version pom version 3.9.0 Highest
maven-plugin-tools-generators-3.9.0.jarDescription:
The Maven Plugin Tools Generators provide content generation (XML descriptor, documentation, help goal) from
plugin descriptor extracted from plugin sources. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.plugin-tools/maven-plugin-tools-generators/3.9.0/ed93fa99dd704d2b180c9871951ce7591e955/maven-plugin-tools-generators-3.9.0.jarMD5: 2fe1ddbcc1df7bc5b67aed31d339a887SHA1: 000ed93fa99dd704d2b180c9871951ce7591e955SHA256: 4c796d7324183d035dd85f3e2de18651ac76cd1f1877a6b84ca9b7cee2ebeb9dReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-plugin-tools-generators-3.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name maven-plugin-tools-generators High Vendor gradle artifactid maven-plugin-tools-generators Highest Vendor gradle groupid org.apache.maven.plugin-tools Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name plugin Highest Vendor jar package name tools Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-tools-generators Low Vendor pom groupid org.apache.maven.plugin-tools Highest Vendor pom name Maven Plugin Tools Generators High Vendor pom parent-artifactid maven-plugin-tools Low Product file name maven-plugin-tools-generators High Product gradle artifactid maven-plugin-tools-generators Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name plugin Highest Product jar package name tools Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Maven Plugin Tools Generators High Product Manifest specification-title Maven Plugin Tools Generators Medium Product pom artifactid maven-plugin-tools-generators Highest Product pom groupid org.apache.maven.plugin-tools Highest Product pom name Maven Plugin Tools Generators High Product pom parent-artifactid maven-plugin-tools Medium Version file version 3.9.0 High Version gradle version 3.9.0 Highest Version Manifest Implementation-Version 3.9.0 High Version pom version 3.9.0 Highest
maven-plugin-tools-java-3.9.0.jarDescription:
Descriptor extractor for plugins written in Java annotated with Mojo Javadoc Tags. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.plugin-tools/maven-plugin-tools-java/3.9.0/400bf051f22c2dfc309df99becd2e5413a5e1e14/maven-plugin-tools-java-3.9.0.jarMD5: d904c92bccb488b3d29f423013f3893fSHA1: 400bf051f22c2dfc309df99becd2e5413a5e1e14SHA256: d7f2ee639772285d3972cc6ecb04c4a3506c708faef06a125e6a72998259056dReferenced In Project/Scope: documentation:javadocClasspathmaven-plugin-tools-java-3.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0
Evidence Type Source Name Value Confidence Vendor file name maven-plugin-tools-java High Vendor gradle artifactid maven-plugin-tools-java Highest Vendor gradle groupid org.apache.maven.plugin-tools Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name plugin Highest Vendor jar package name tools Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-tools-java Low Vendor pom groupid org.apache.maven.plugin-tools Highest Vendor pom name Maven Plugin Tool for Java with Javadoc Tags High Vendor pom parent-artifactid maven-plugin-tools Low Product file name maven-plugin-tools-java High Product gradle artifactid maven-plugin-tools-java Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name plugin Highest Product jar package name tools Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Maven Plugin Tool for Java with Javadoc Tags High Product Manifest specification-title Maven Plugin Tool for Java with Javadoc Tags Medium Product pom artifactid maven-plugin-tools-java Highest Product pom groupid org.apache.maven.plugin-tools Highest Product pom name Maven Plugin Tool for Java with Javadoc Tags High Product pom parent-artifactid maven-plugin-tools Medium Version file version 3.9.0 High Version gradle version 3.9.0 Highest Version Manifest Implementation-Version 3.9.0 High Version pom version 3.9.0 Highest
maven-reporting-api-3.1.1.jarDescription:
API to manage report generation. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.reporting/maven-reporting-api/3.1.1/74ca00a13e46d065071cdf6376d7d231e0208916/maven-reporting-api-3.1.1.jarMD5: 1e1e0b2f189c861995e33a2a746501bbSHA1: 74ca00a13e46d065071cdf6376d7d231e0208916SHA256: 25be6603c97d28fa3dcd122073054271c8fcaf667d220dce7a26a61a6f3cffd1Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-reporting-api-3.1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-reporting-api High Vendor gradle artifactid maven-reporting-api Highest Vendor gradle groupid org.apache.maven.reporting Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name reporting Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-reporting-api Low Vendor pom developer email vincent.siveton@gmail.com Low Vendor pom developer id vsiveton Medium Vendor pom developer name Vincent Siveton Medium Vendor pom groupid org.apache.maven.reporting Highest Vendor pom name Apache Maven Reporting API High Vendor pom parent-artifactid maven-shared-components Low Vendor pom parent-groupid org.apache.maven.shared Medium Product file name maven-reporting-api High Product gradle artifactid maven-reporting-api Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name reporting Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Apache Maven Reporting API High Product Manifest specification-title Apache Maven Reporting API Medium Product pom artifactid maven-reporting-api Highest Product pom developer email vincent.siveton@gmail.com Low Product pom developer id vsiveton Low Product pom developer name Vincent Siveton Low Product pom groupid org.apache.maven.reporting Highest Product pom name Apache Maven Reporting API High Product pom parent-artifactid maven-shared-components Medium Product pom parent-groupid org.apache.maven.shared Medium Version file version 3.1.1 High Version gradle version 3.1.1 Highest Version Manifest Implementation-Version 3.1.1 High Version pom parent-version 3.1.1 Low Version pom version 3.1.1 Highest
maven-repository-metadata-3.2.5.jarDescription:
Per-directory local and remote repository metadata. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-repository-metadata/3.2.5/17049c63ce63654c112eeb82797edee49f8a4601/maven-repository-metadata-3.2.5.jarMD5: bda12e2d6070d417a6118c6ba769fd4fSHA1: 17049c63ce63654c112eeb82797edee49f8a4601SHA256: 62b517b77f24edebdee0e382ecddb44bb6632b7c08c528d625aed7d2980df12bReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-repository-metadata-3.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-repository-metadata High Vendor gradle artifactid maven-repository-metadata Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name repository Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-repository-metadata Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Repository Metadata Model High Vendor pom parent-artifactid maven Low Product file name maven-repository-metadata High Product gradle artifactid maven-repository-metadata Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name repository Highest Product Manifest Implementation-Title Maven Repository Metadata Model High Product Manifest specification-title Maven Repository Metadata Model Medium Product pom artifactid maven-repository-metadata Highest Product pom groupid org.apache.maven Highest Product pom name Maven Repository Metadata Model High Product pom parent-artifactid maven Medium Version file version 3.2.5 High Version gradle version 3.2.5 Highest Version Manifest Implementation-Version 3.2.5 High Version pom version 3.2.5 Highest
maven-settings-3.2.5.jarDescription:
Maven Settings model. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-settings/3.2.5/52179da78893ed7afea98d980c55e658fb04d9b4/maven-settings-3.2.5.jarMD5: 9f78e75d76e2f92c08cbbc859bf6e272SHA1: 52179da78893ed7afea98d980c55e658fb04d9b4SHA256: 1874d4ee660b935675a60bdb2ef63e0ff5a81769f4fc04a035fa9d4c4e238224Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-settings-3.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-settings High Vendor gradle artifactid maven-settings Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name settings Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-settings Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Settings High Vendor pom parent-artifactid maven Low Product file name maven-settings High Product gradle artifactid maven-settings Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name settings Highest Product Manifest Implementation-Title Maven Settings High Product Manifest specification-title Maven Settings Medium Product pom artifactid maven-settings Highest Product pom groupid org.apache.maven Highest Product pom name Maven Settings High Product pom parent-artifactid maven Medium Version file version 3.2.5 High Version gradle version 3.2.5 Highest Version Manifest Implementation-Version 3.2.5 High Version pom version 3.2.5 Highest
CVE-2021-26291 (OSSINDEX) suppress
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html CWE-346 Origin Validation Error
CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.maven:maven-settings:3.2.5:*:*:*:*:*:*:* maven-settings-builder-3.2.5.jarDescription:
The effective settings builder, with inheritance and password decryption. File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven/maven-settings-builder/3.2.5/7fd98de76398a3ff5c1d9a7b85f26cb65a862578/maven-settings-builder-3.2.5.jarMD5: c48b8a83cd03a5672f07b559ca1a5307SHA1: 7fd98de76398a3ff5c1d9a7b85f26cb65a862578SHA256: 9c5a014ceb8abb55e997dcc41d17bbe0ae145db574be6b7186e75950c241269fReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-settings-builder-3.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name maven-settings-builder High Vendor gradle artifactid maven-settings-builder Highest Vendor gradle groupid org.apache.maven Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name settings Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-settings-builder Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Settings Builder High Vendor pom parent-artifactid maven Low Product file name maven-settings-builder High Product gradle artifactid maven-settings-builder Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name settings Highest Product Manifest Implementation-Title Maven Settings Builder High Product Manifest specification-title Maven Settings Builder Medium Product pom artifactid maven-settings-builder Highest Product pom groupid org.apache.maven Highest Product pom name Maven Settings Builder High Product pom parent-artifactid maven Medium Version file version 3.2.5 High Version gradle version 3.2.5 Highest Version Manifest Implementation-Version 3.2.5 High Version pom version 3.2.5 Highest
mkdocs-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/mkdocs-plugin/build/libs/mkdocs-plugin-8.2.2.jarMD5: 465ba8a8ce6fdbd669ef278130b859afSHA1: 93388d162873f2e99d4b7e7bd6d359f1a81afb97SHA256: 93fc0c983e87aaffc4092656a64bd8363e0312e8639a5836341fbdc38a20e003Referenced In Project/Scope: documentation:javadocClasspathmkdocs-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name mkdocs-plugin High Vendor gradle artifactid mkdocs-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name mkdocs-plugin High Product gradle artifactid mkdocs-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
okhttp-4.11.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/4.11.0/436932d695b2c43f2c86b8111c596179cd133d56/okhttp-4.11.0.jarMD5: 8f53e26319679de3ea22261b1899a99cSHA1: 436932d695b2c43f2c86b8111c596179cd133d56SHA256: ee8f6bd6cd1257013d748330f4ca147638a9fbcb52fb388d5ac93cf53408745dReferenced In Projects/Scopes:
documentation:javadocClasspath github-plugin:compileClasspath github-plugin:runtimeClasspath maven-plugin-plugin:compileClasspath okhttp-plugin:runtimeClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath okhttp-plugin:compileClasspath maven-plugin:runtimeClasspath okhttp-4.11.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 Evidence Type Source Name Value Confidence Vendor file name okhttp High Vendor gradle artifactid okhttp Highest Vendor gradle groupid com.squareup.okhttp3 Highest Vendor jar package name internal Low Vendor jar package name okhttp3 Highest Vendor jar package name okhttp3 Low Vendor Manifest automatic-module-name okhttp3 Medium Product file name okhttp High Product gradle artifactid okhttp Highest Product jar package name internal Low Product jar package name okhttp3 Highest Product Manifest automatic-module-name okhttp3 Medium Version file name okhttp Medium Version file version 4.11.0 High Version gradle version 4.11.0 Highest
okhttp-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/okhttp-plugin/build/libs/okhttp-plugin-8.2.2.jarMD5: 6e02783950fa855fb283caf8fc57d937SHA1: 3bc70bfce0b0cf13cd0328177f35d7c26e3e9b2dSHA256: 9d36c8ea35d32b6c2b07a40c814217383bd9bba4a99ff46edd04036f37b04a58Referenced In Projects/Scopes:
documentation:javadocClasspath github-plugin:compileClasspath github-plugin:runtimeClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath maven-plugin:runtimeClasspath okhttp-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/documentation@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name okhttp-plugin High Vendor gradle artifactid okhttp-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name okhttp-plugin High Product gradle artifactid okhttp-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
okio-jvm-3.2.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio-jvm/3.2.0/332d1c5dc82b0241cb1d35bb0901d28470cc89ca/okio-jvm-3.2.0.jarMD5: 93417dbcbbb0e56d272b7ad5b28afedeSHA1: 332d1c5dc82b0241cb1d35bb0901d28470cc89caSHA256: b642baef4c570055de4cb3d1667b2b16dced901ff8066345a063691aa06025a4Referenced In Projects/Scopes:
documentation:javadocClasspath github-plugin:compileClasspath github-plugin:runtimeClasspath maven-plugin-plugin:compileClasspath okhttp-plugin:runtimeClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath okhttp-plugin:compileClasspath maven-plugin:runtimeClasspath okio-jvm-3.2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/retrofit@2.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp@4.11.0 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/com.squareup.okhttp3/okhttp-bom@4.11.0 pkg:maven/com.squareup.okhttp3/logging-interceptor@4.11.0 Evidence Type Source Name Value Confidence Vendor file name okio-jvm High Vendor gradle artifactid okio-jvm Highest Vendor gradle groupid com.squareup.okio Highest Vendor jar package name okio Highest Vendor jar package name okio Low Vendor Manifest automatic-module-name okio Medium Vendor Manifest bundle-symbolicname com.squareup.okio Medium Product file name okio-jvm High Product gradle artifactid okio-jvm Highest Product jar package name okio Highest Product Manifest automatic-module-name okio Medium Product Manifest Bundle-Name com.squareup.okio Medium Product Manifest bundle-symbolicname com.squareup.okio Medium Version file name okio-jvm Medium Version file version 3.2.0 High Version gradle version 3.2.0 Highest Version Manifest Bundle-Version 3.2.0 High
CVE-2023-3635 suppress
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CWE-681 Incorrect Conversion between Numeric Types
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
opentest4j-1.3.0.jarLicense:
The Apache License, Version 2.0 File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.opentest4j/opentest4j/1.3.0/152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e/opentest4j-1.3.0.jar
MD5: 03c404f727531f3fd3b4c73997899327
SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e
SHA256: 48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b
Referenced In Projects/Scopes: documentation:javadocClasspath test-common:compileClasspath test-common:runtimeClasspath opentest4j-1.3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/org.junit/junit-bom@5.10.0 pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.0 pkg:maven/org.junit/junit-bom@5.10.0 pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.0 Evidence Type Source Name Value Confidence Vendor file name opentest4j High Vendor gradle artifactid opentest4j Highest Vendor gradle groupid org.opentest4j Highest Vendor jar package name opentest4j Highest Vendor jar package name opentest4j Low Vendor Manifest build-date 2023-07-06 Low Vendor Manifest build-revision 214973bfa4e7e9be7d04e623202cc4147c7036d2 Low Vendor Manifest build-time 14:25:06.116+0200 Low Vendor Manifest bundle-symbolicname org.opentest4j Medium Vendor Manifest Implementation-Vendor opentest4j.org High Vendor Manifest specification-vendor opentest4j.org Low Product file name opentest4j High Product gradle artifactid opentest4j Highest Product jar package name opentest4j Highest Product Manifest build-date 2023-07-06 Low Product Manifest build-revision 214973bfa4e7e9be7d04e623202cc4147c7036d2 Low Product Manifest build-time 14:25:06.116+0200 Low Product Manifest Bundle-Name opentest4j Medium Product Manifest bundle-symbolicname org.opentest4j Medium Product Manifest Implementation-Title opentest4j High Product Manifest specification-title opentest4j Medium Version file version 1.3.0 High Version Manifest Implementation-Version 1.3.0 High
org.eclipse.sisu.inject-0.3.5.jarLicense:
http://www.eclipse.org/legal/epl-v10.html File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.eclipse.sisu/org.eclipse.sisu.inject/0.3.5/d4265dd4f0f1d7a06d80df5a5f475d5ff9c17140/org.eclipse.sisu.inject-0.3.5.jar
MD5: 1b296b0ddd911ed3750b3df93b395cd5
SHA1: d4265dd4f0f1d7a06d80df5a5f475d5ff9c17140
SHA256: c5994010bcdce1d2bd603a4d50c47191ddbd7875d1157b23aaa26d33c82fda13
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath org.eclipse.sisu.inject-0.3.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name org.eclipse.sisu.inject High Vendor gradle artifactid org.eclipse.sisu.inject Highest Vendor gradle groupid org.eclipse.sisu Highest Vendor jar package name eclipse Highest Vendor jar package name eclipse Low Vendor jar package name inject Highest Vendor jar package name sisu Highest Vendor jar package name sisu Low Vendor Manifest bundle-copyright Copyright (c) 2010, 2015 Sonatype, Inc. and others Low Vendor Manifest bundle-docurl http://www.eclipse.org/sisu/ Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname org.eclipse.sisu.inject;singleton:=true Medium Product file name org.eclipse.sisu.inject High Product gradle artifactid org.eclipse.sisu.inject Highest Product jar package name eclipse Highest Product jar package name inject Highest Product jar package name sisu Highest Product jar package name sisu Low Product jar package name sonatype Highest Product Manifest bundle-copyright Copyright (c) 2010, 2015 Sonatype, Inc. and others Low Product Manifest bundle-docurl http://www.eclipse.org/sisu/ Low Product Manifest Bundle-Name Sisu-Inject (Incubation) Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname org.eclipse.sisu.inject;singleton:=true Medium Version file name org.eclipse.sisu.inject Medium Version file version 0.3.5 High Version gradle version 0.3.5 Highest Version jar package name eclipse Highest Version jar package name sisu Highest Version jar package name sonatype Highest Version Manifest bundle-copyright 2015 Low Version Manifest Bundle-Version 0.3.5 High
org.eclipse.sisu.plexus-0.3.5.jarLicense:
http://www.eclipse.org/legal/epl-v10.html File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.eclipse.sisu/org.eclipse.sisu.plexus/0.3.5/d71996bb2e536f966b3b70e647067fff3b73d32f/org.eclipse.sisu.plexus-0.3.5.jar
MD5: 30c4a9fa2137698ed66c8542f1be196a
SHA1: d71996bb2e536f966b3b70e647067fff3b73d32f
SHA256: 7e4c61096d70826f20f7a7d55c59a5528e7aa5ad247ee2dfe544e4dd25f6a784
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath org.eclipse.sisu.plexus-0.3.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name org.eclipse.sisu.plexus High Vendor gradle artifactid org.eclipse.sisu.plexus Highest Vendor gradle groupid org.eclipse.sisu Highest Vendor jar package name codehaus Low Vendor jar package name eclipse Highest Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor jar package name sisu Highest Vendor Manifest bundle-copyright Copyright (c) 2010, 2015 Sonatype, Inc. and others Low Vendor Manifest bundle-docurl http://www.eclipse.org/sisu/ Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname org.eclipse.sisu.plexus;singleton:=true Medium Product file name org.eclipse.sisu.plexus High Product gradle artifactid org.eclipse.sisu.plexus Highest Product jar package name eclipse Highest Product jar package name plexus Highest Product jar package name plexus Low Product jar package name sisu Highest Product Manifest bundle-copyright Copyright (c) 2010, 2015 Sonatype, Inc. and others Low Product Manifest bundle-docurl http://www.eclipse.org/sisu/ Low Product Manifest Bundle-Name Sisu-Plexus (Incubation) Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname org.eclipse.sisu.plexus;singleton:=true Medium Version file name org.eclipse.sisu.plexus Medium Version file version 0.3.5 High Version gradle version 0.3.5 Highest Version jar package name eclipse Highest Version jar package name sisu Highest Version Manifest bundle-copyright 2015 Low Version Manifest Bundle-Version 0.3.5 High
org.jacoco.agent-0.8.9.jarDescription:
JaCoCo Agent License:
https://www.eclipse.org/legal/epl-2.0/ File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jacoco/org.jacoco.agent/0.8.9/9af6e948fe6611437a691c4052cc7ff59cfa9a87/org.jacoco.agent-0.8.9.jar
MD5: b09c7ffaede51aeb5f351b32ed942082
SHA1: 9af6e948fe6611437a691c4052cc7ff59cfa9a87
SHA256: c067e29a49063220e75215eff1bc234584ad002e747afdf13a69662be5b0e07d
Referenced In Projects/Scopes: quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAgent jacoco-plugin:jacocoAnt maven-plugin:jacocoAgent mkdocs-plugin:jacocoAgent settings-plugin:jacocoAgent plantuml-plugin:jacocoAnt git-plugin:jacocoAgent github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt aspectj-plugin:jacocoAgent test-code-generator:jacocoAnt git-plugin:jacocoAnt github-plugin:jacocoAgent maven-plugin-plugin:jacocoAgent test-common:jacocoAgent code-generator-plugin:jacocoAgent okhttp-plugin:jacocoAnt aspectj-plugin:jacocoAnt compress-plugin:jacocoAgent plugin-utils:jacocoAnt plantuml-plugin:jacocoAgent maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath quicktype-plugin:jacocoAgent plugin-utils:jacocoAgent code-generator-api:jacocoAgent mkdocs-plugin:jacocoAnt test-code-generator:jacocoAgent lombok-plugin:jacocoAgent embedded-sass-plugin:jacocoAgent lombok-plugin:jacocoAnt test-common:jacocoAnt jacoco-plugin:jacocoAgent code-generator-plugin:jacocoAnt org.jacoco.agent-0.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/code-generator-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/jacoco-plugin@8.2.2 pkg:maven/io.freefair.gradle/mkdocs-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/code-generator-api@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/lombok-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/git-plugin@8.2.2 pkg:maven/io.freefair.gradle/settings-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/plugin-utils@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/plantuml-plugin@8.2.2 pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/io.freefair.gradle/test-common@8.2.2 pkg:maven/io.freefair.gradle/test-code-generator@8.2.2 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 Evidence Type Source Name Value Confidence Vendor file name org.jacoco.agent High Vendor gradle artifactid org.jacoco.agent Highest Vendor gradle groupid org.jacoco Highest Vendor jar package name agent Highest Vendor jar package name jacoco Highest Vendor Manifest automatic-module-name org.jacoco.agent Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.jacoco.agent Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid jacoco.agent Low Vendor pom groupid org.jacoco Highest Vendor pom name JaCoCo :: Agent High Vendor pom parent-artifactid org.jacoco.build Low Product file name org.jacoco.agent High Product gradle artifactid org.jacoco.agent Highest Product jar package name agent Highest Product jar package name jacoco Highest Product Manifest automatic-module-name org.jacoco.agent Medium Product Manifest Bundle-Name JaCoCo Agent Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.jacoco.agent Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid jacoco.agent Highest Product pom groupid org.jacoco Highest Product pom name JaCoCo :: Agent High Product pom parent-artifactid org.jacoco.build Medium Version file version 0.8.9 High Version gradle version 0.8.9 Highest Version pom version 0.8.9 Highest
org.jacoco.agent-0.8.9.jar: jacocoagent.jar (shaded: org.jacoco:org.jacoco.agent.rt:0.8.9)Description:
JaCoCo Java Agent File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jacoco/org.jacoco.agent/0.8.9/9af6e948fe6611437a691c4052cc7ff59cfa9a87/org.jacoco.agent-0.8.9.jar/jacocoagent.jar/META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xmlMD5: 06f8be91bf1dee590f62342c16f4cb5eSHA1: b76c6513056458a597ff2fee17812306d1517b1dSHA256: d1e4d1e96612c192aa62af1e4fb053720b74b890d38b5cec03bc4a0fa62b58b2Referenced In Projects/Scopes:
quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAgent jacoco-plugin:jacocoAnt maven-plugin:jacocoAgent mkdocs-plugin:jacocoAgent settings-plugin:jacocoAgent plantuml-plugin:jacocoAnt git-plugin:jacocoAgent github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt aspectj-plugin:jacocoAgent test-code-generator:jacocoAnt git-plugin:jacocoAnt github-plugin:jacocoAgent maven-plugin-plugin:jacocoAgent test-common:jacocoAgent code-generator-plugin:jacocoAgent okhttp-plugin:jacocoAnt aspectj-plugin:jacocoAnt compress-plugin:jacocoAgent plugin-utils:jacocoAnt plantuml-plugin:jacocoAgent maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath quicktype-plugin:jacocoAgent plugin-utils:jacocoAgent code-generator-api:jacocoAgent mkdocs-plugin:jacocoAnt test-code-generator:jacocoAgent lombok-plugin:jacocoAgent embedded-sass-plugin:jacocoAgent lombok-plugin:jacocoAnt test-common:jacocoAnt jacoco-plugin:jacocoAgent code-generator-plugin:jacocoAnt Evidence Type Source Name Value Confidence Vendor pom artifactid jacoco.agent.rt Low Vendor pom groupid org.jacoco Highest Vendor pom name JaCoCo :: Agent RT High Vendor pom parent-artifactid org.jacoco.build Low Product pom artifactid jacoco.agent.rt Highest Product pom groupid org.jacoco Highest Product pom name JaCoCo :: Agent RT High Product pom parent-artifactid org.jacoco.build Medium Version pom version 0.8.9 Highest
org.jacoco.agent-0.8.9.jar: jacocoagent.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jacoco/org.jacoco.agent/0.8.9/9af6e948fe6611437a691c4052cc7ff59cfa9a87/org.jacoco.agent-0.8.9.jar/jacocoagent.jarMD5: e852c5e07bc13ffdc6a68303799f80adSHA1: ad836d1c585c7e1dbf5cf828efa34528d9700303SHA256: 191734a0b7ef97606e6a09ae584c4acab47eb30fcb4c555d3d440d4e0d71d73dReferenced In Projects/Scopes:
quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAgent jacoco-plugin:jacocoAnt maven-plugin:jacocoAgent mkdocs-plugin:jacocoAgent settings-plugin:jacocoAgent plantuml-plugin:jacocoAnt git-plugin:jacocoAgent github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt aspectj-plugin:jacocoAgent test-code-generator:jacocoAnt git-plugin:jacocoAnt github-plugin:jacocoAgent maven-plugin-plugin:jacocoAgent test-common:jacocoAgent code-generator-plugin:jacocoAgent okhttp-plugin:jacocoAnt aspectj-plugin:jacocoAnt compress-plugin:jacocoAgent plugin-utils:jacocoAnt plantuml-plugin:jacocoAgent maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath quicktype-plugin:jacocoAgent plugin-utils:jacocoAgent code-generator-api:jacocoAgent mkdocs-plugin:jacocoAnt test-code-generator:jacocoAgent lombok-plugin:jacocoAgent embedded-sass-plugin:jacocoAgent lombok-plugin:jacocoAnt test-common:jacocoAnt jacoco-plugin:jacocoAgent code-generator-plugin:jacocoAnt Evidence Type Source Name Value Confidence Vendor file name jacocoagent High Vendor jar package name agent Highest Vendor jar package name agent Low Vendor jar package name jacoco Highest Vendor jar package name jacoco Low Vendor jar package name rt Highest Vendor jar package name rt Low Vendor Manifest automatic-module-name org.jacoco.agent.rt Medium Vendor Manifest Implementation-Vendor Mountainminds GmbH & Co. KG High Product file name jacocoagent High Product jar package name agent Highest Product jar package name agent Low Product jar package name internal_4481564 Low Product jar package name jacoco Highest Product jar package name rt Highest Product jar package name rt Low Product Manifest automatic-module-name org.jacoco.agent.rt Medium Product Manifest Implementation-Title JaCoCo Java Agent High Version Manifest Implementation-Version 0.8.9 High
org.jacoco.ant-0.8.9.jarDescription:
JaCoCo Ant Tasks License:
https://www.eclipse.org/legal/epl-2.0/ File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jacoco/org.jacoco.ant/0.8.9/4b48634d95f05a435a4ad10d1c4d71d07bbf95a1/org.jacoco.ant-0.8.9.jar
MD5: d1fb6d2b6dda5d08ccb585310824e16a
SHA1: 4b48634d95f05a435a4ad10d1c4d71d07bbf95a1
SHA256: 5695ecd24f04c421b12a74f4b44042857b16eed0bc049ff38dd6dc40abca7bef
Referenced In Projects/Scopes: quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAnt aspectj-plugin:jacocoAnt jacoco-plugin:jacocoAnt plugin-utils:jacocoAnt maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath mkdocs-plugin:jacocoAnt plantuml-plugin:jacocoAnt github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt lombok-plugin:jacocoAnt test-common:jacocoAnt test-code-generator:jacocoAnt code-generator-plugin:jacocoAnt git-plugin:jacocoAnt org.jacoco.ant-0.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/test-code-generator@8.2.2 pkg:maven/io.freefair.gradle/plantuml-plugin@8.2.2 pkg:maven/io.freefair.gradle/plugin-utils@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 pkg:maven/io.freefair.gradle/documentation@8.2.2 pkg:maven/io.freefair.gradle/jacoco-plugin@8.2.2 pkg:maven/io.freefair.gradle/lombok-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/settings-plugin@8.2.2 pkg:maven/io.freefair.gradle/okhttp-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 pkg:maven/io.freefair.gradle/code-generator-api@8.2.2 pkg:maven/io.freefair.gradle/mkdocs-plugin@8.2.2 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/io.freefair.gradle/code-generator-plugin@8.2.2 pkg:maven/io.freefair.gradle/git-plugin@8.2.2 pkg:maven/io.freefair.gradle/jacoco-plugin@8.2.2 pkg:maven/io.freefair.gradle/test-common@8.2.2 Evidence Type Source Name Value Confidence Vendor file name org.jacoco.ant High Vendor gradle artifactid org.jacoco.ant Highest Vendor gradle groupid org.jacoco Highest Vendor jar package name ant Highest Vendor jar package name jacoco Highest Vendor Manifest automatic-module-name org.jacoco.ant Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.jacoco.ant Medium Vendor Manifest require-bundle org.apache.ant;bundle-version="[1.7.0,2.0.0)" Low Vendor pom artifactid jacoco.ant Low Vendor pom groupid org.jacoco Highest Vendor pom name JaCoCo :: Ant High Vendor pom parent-artifactid org.jacoco.build Low Product file name org.jacoco.ant High Product gradle artifactid org.jacoco.ant Highest Product jar package name ant Highest Product jar package name jacoco Highest Product Manifest automatic-module-name org.jacoco.ant Medium Product Manifest Bundle-Name JaCoCo Ant Tasks Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.jacoco.ant Medium Product Manifest require-bundle org.apache.ant;bundle-version="[1.7.0,2.0.0)" Low Product pom artifactid jacoco.ant Highest Product pom groupid org.jacoco Highest Product pom name JaCoCo :: Ant High Product pom parent-artifactid org.jacoco.build Medium Version file version 0.8.9 High Version gradle version 0.8.9 Highest Version pom version 0.8.9 Highest
org.jacoco.core-0.8.9.jarDescription:
JaCoCo Core License:
https://www.eclipse.org/legal/epl-2.0/ File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jacoco/org.jacoco.core/0.8.9/60b6ad6c57a4822b571bec969ebe7182b7b43397/org.jacoco.core-0.8.9.jar
MD5: 2cdb1eae0b33f537d72bc39b0f3ae43a
SHA1: 60b6ad6c57a4822b571bec969ebe7182b7b43397
SHA256: a33e041dd97530ea57d6dde0e2635ea51680827d2dc0de372d3ccc45b51e68c7
Referenced In Projects/Scopes: quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAnt aspectj-plugin:jacocoAnt jacoco-plugin:jacocoAnt plugin-utils:jacocoAnt maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath mkdocs-plugin:jacocoAnt plantuml-plugin:jacocoAnt github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt lombok-plugin:jacocoAnt test-common:jacocoAnt test-code-generator:jacocoAnt code-generator-plugin:jacocoAnt git-plugin:jacocoAnt org.jacoco.core-0.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 Evidence Type Source Name Value Confidence Vendor file name org.jacoco.core High Vendor gradle artifactid org.jacoco.core Highest Vendor gradle groupid org.jacoco Highest Vendor jar package name core Highest Vendor jar package name jacoco Highest Vendor Manifest automatic-module-name org.jacoco.core Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.jacoco.core Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid jacoco.core Low Vendor pom groupid org.jacoco Highest Vendor pom name JaCoCo :: Core High Vendor pom parent-artifactid org.jacoco.build Low Product file name org.jacoco.core High Product gradle artifactid org.jacoco.core Highest Product jar package name core Highest Product jar package name jacoco Highest Product Manifest automatic-module-name org.jacoco.core Medium Product Manifest Bundle-Name JaCoCo Core Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.jacoco.core Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid jacoco.core Highest Product pom groupid org.jacoco Highest Product pom name JaCoCo :: Core High Product pom parent-artifactid org.jacoco.build Medium Version file version 0.8.9 High Version gradle version 0.8.9 Highest Version pom version 0.8.9 Highest
org.jacoco.report-0.8.9.jarDescription:
JaCoCo Report License:
https://www.eclipse.org/legal/epl-2.0/ File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jacoco/org.jacoco.report/0.8.9/1d06d0cc1d25d32d519486b527f57c943cf87dca/org.jacoco.report-0.8.9.jar
MD5: 1c1b753d6cdde063e931f53ba147ed99
SHA1: 1d06d0cc1d25d32d519486b527f57c943cf87dca
SHA256: 0d36b87cdea59f98c8cf26367003b4735d5c3187411d4649ddfefdeed387b63e
Referenced In Projects/Scopes: quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAnt aspectj-plugin:jacocoAnt jacoco-plugin:jacocoAnt plugin-utils:jacocoAnt maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath mkdocs-plugin:jacocoAnt plantuml-plugin:jacocoAnt github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt lombok-plugin:jacocoAnt test-common:jacocoAnt test-code-generator:jacocoAnt code-generator-plugin:jacocoAnt git-plugin:jacocoAnt org.jacoco.report-0.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 pkg:maven/org.jacoco/org.jacoco.ant@0.8.9 Evidence Type Source Name Value Confidence Vendor file name org.jacoco.report High Vendor gradle artifactid org.jacoco.report Highest Vendor gradle groupid org.jacoco Highest Vendor jar package name jacoco Highest Vendor jar package name report Highest Vendor Manifest automatic-module-name org.jacoco.report Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.jacoco.report Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid jacoco.report Low Vendor pom groupid org.jacoco Highest Vendor pom name JaCoCo :: Report High Vendor pom parent-artifactid org.jacoco.build Low Product file name org.jacoco.report High Product gradle artifactid org.jacoco.report Highest Product jar package name jacoco Highest Product jar package name report Highest Product Manifest automatic-module-name org.jacoco.report Medium Product Manifest Bundle-Name JaCoCo Report Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.jacoco.report Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid jacoco.report Highest Product pom groupid org.jacoco Highest Product pom name JaCoCo :: Report High Product pom parent-artifactid org.jacoco.build Medium Version file version 0.8.9 High Version gradle version 0.8.9 Highest Version pom version 0.8.9 Highest
org.jacoco.report-0.8.9.jar: prettify.jsFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jacoco/org.jacoco.report/0.8.9/1d06d0cc1d25d32d519486b527f57c943cf87dca/org.jacoco.report-0.8.9.jar/org/jacoco/report/internal/html/resources/prettify.jsMD5: 4b337aaa3c606cfc1a6ff1986db2c8cbSHA1: 290093755739da933c180ae7e7ebf283724dad1dSHA256: 743c6c4cab9499cd0bfe18a5a62281eccce843f47ec75eedb32eeb29c755aa68Referenced In Projects/Scopes:
quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAnt aspectj-plugin:jacocoAnt jacoco-plugin:jacocoAnt plugin-utils:jacocoAnt maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath mkdocs-plugin:jacocoAnt plantuml-plugin:jacocoAnt github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt lombok-plugin:jacocoAnt test-common:jacocoAnt test-code-generator:jacocoAnt code-generator-plugin:jacocoAnt git-plugin:jacocoAnt Evidence Type Source Name Value Confidence
org.jacoco.report-0.8.9.jar: sort.jsFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jacoco/org.jacoco.report/0.8.9/1d06d0cc1d25d32d519486b527f57c943cf87dca/org.jacoco.report-0.8.9.jar/org/jacoco/report/internal/html/resources/sort.jsMD5: d101d06d26e7deaf2b224e0d2137509aSHA1: 2c715325b546adf5beff3d624ce002a7256e3efeSHA256: 7ff293dabc89d68e33d5611f2de0dbbbcfed7e0177726fab5f9dcc0b91f593afReferenced In Projects/Scopes:
quicktype-plugin:jacocoAnt code-generator-api:jacocoAnt compress-plugin:jacocoAnt documentation:javadocClasspath maven-plugin-plugin:jacocoAnt okhttp-plugin:jacocoAnt aspectj-plugin:jacocoAnt jacoco-plugin:jacocoAnt plugin-utils:jacocoAnt maven-plugin:jacocoAnt settings-plugin:jacocoAnt jacoco-plugin:compileClasspath mkdocs-plugin:jacocoAnt plantuml-plugin:jacocoAnt github-plugin:jacocoAnt embedded-sass-plugin:jacocoAnt lombok-plugin:jacocoAnt test-common:jacocoAnt test-code-generator:jacocoAnt code-generator-plugin:jacocoAnt git-plugin:jacocoAnt Evidence Type Source Name Value Confidence
packageurl-java-1.4.1.jarDescription:
The official Java implementation of the PackageURL specification. PackageURL (purl) is a minimal
specification for describing a package via a "mostly universal" URL.
License:
MIT: https://opensource.org/licenses/MIT File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.github.package-url/packageurl-java/1.4.1/a0d1009191c1cf6b04f40d26e4717596f3a90e0/packageurl-java-1.4.1.jar
MD5: f8b3a23e6402d317b612251c83d292e7
SHA1: 0a0d1009191c1cf6b04f40d26e4717596f3a90e0
SHA256: 8e23280221afd1e6561d433dfb133252cd287167acb0eca5a991667118ff10a2
Referenced In Projects/Scopes: documentation:javadocClasspath github-plugin:compileClasspath github-plugin:runtimeClasspath packageurl-java-1.4.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name packageurl-java High Vendor gradle artifactid packageurl-java Highest Vendor gradle groupid com.github.package-url Highest Vendor jar package name github Highest Vendor jar package name packageurl Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid packageurl-java Low Vendor pom developer email Steve.Springett@owasp.org Low Vendor pom developer name Steve Springett Medium Vendor pom developer org OWASP Medium Vendor pom developer org URL http://www.owasp.org/ Medium Vendor pom groupid com.github.package-url Highest Vendor pom name Package URL High Vendor pom url package-url/packageurl-java Highest Product file name packageurl-java High Product gradle artifactid packageurl-java Highest Product jar package name github Highest Product jar package name packageurl Highest Product Manifest build-jdk-spec 1.8 Low Product pom artifactid packageurl-java Highest Product pom developer email Steve.Springett@owasp.org Low Product pom developer name Steve Springett Low Product pom developer org OWASP Low Product pom developer org URL http://www.owasp.org/ Low Product pom groupid com.github.package-url Highest Product pom name Package URL High Product pom url package-url/packageurl-java High Version file version 1.4.1 High Version gradle version 1.4.1 Highest Version pom version 1.4.1 Highest
plantuml-1.2023.10.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/net.sourceforge.plantuml/plantuml/1.2023.10/37be9cbf937581133a256da0b239529bcf657557/plantuml-1.2023.10.jarMD5: 28f9d76ebed6db091f80cd6487a5dd86SHA1: 37be9cbf937581133a256da0b239529bcf657557SHA256: 5a6d114409be4b2a03f2c9d86a50c61f17201537e676c8dc9f0f302036204610Referenced In Projects/Scopes:
documentation:javadocClasspath plantuml-plugin:compileClasspath plantuml-1.2023.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/plantuml-plugin@8.2.2 pkg:maven/io.freefair.gradle/documentation@8.2.2 Evidence Type Source Name Value Confidence Vendor file name plantuml High Vendor gradle artifactid plantuml Highest Vendor gradle groupid net.sourceforge.plantuml Highest Vendor jar package name net Highest Vendor jar package name net Low Vendor jar package name plantuml Highest Vendor jar package name plantuml Low Vendor jar package name sourceforge Highest Vendor jar package name sourceforge Low Vendor Manifest automatic-module-name net.sourceforge.plantuml Medium Vendor Manifest build-jdk-spec 17 Low Product file name plantuml High Product gradle artifactid plantuml Highest Product jar package name net Highest Product jar package name plantuml Highest Product jar package name plantuml Low Product jar package name sourceforge Highest Product jar package name sourceforge Low Product Manifest automatic-module-name net.sourceforge.plantuml Medium Product Manifest build-jdk-spec 17 Low Version file version 1.2023.10 High Version Manifest Implementation-Version 1.2023.10 High
plantuml-1.2023.10.jar: default.jsFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/net.sourceforge.plantuml/plantuml/1.2023.10/37be9cbf937581133a256da0b239529bcf657557/plantuml-1.2023.10.jar/svg/default.jsMD5: 2ea3fc778111da6c287c742fd32023d9SHA1: 419024dadbaa67f19ee5b8956eefa701ed3c068bSHA256: b12967a940ebb3b3914dfe765b9b72916897f3f6a86a497f1ffa308d17da1f3eReferenced In Projects/Scopes:
documentation:javadocClasspath plantuml-plugin:compileClasspath Evidence Type Source Name Value Confidence
plantuml-1.2023.10.jar: onmouseinteractivefooter.jsFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/net.sourceforge.plantuml/plantuml/1.2023.10/37be9cbf937581133a256da0b239529bcf657557/plantuml-1.2023.10.jar/svg/onmouseinteractivefooter.jsMD5: a62b900322928cc1922cc3ee48d6f300SHA1: 5ba41a8018b018ac566db6abf0d8d4b1ca51d1b6SHA256: 9088fe529d7a1f2468c476b106fcefff67a929f91b7759641b871f95dff13489Referenced In Projects/Scopes:
documentation:javadocClasspath plantuml-plugin:compileClasspath Evidence Type Source Name Value Confidence
plantuml-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/plantuml-plugin/build/libs/plantuml-plugin-8.2.2.jarMD5: c58f53ce92a29819007e73e2db1d79afSHA1: 3eeffd1816fb2958d833a877edaeefacb3373bd2SHA256: 80e37b3fd084eeee6ae666ce185dab8f99b356dfe00385ae27bfdf51c7f63a88Referenced In Project/Scope: documentation:javadocClasspathplantuml-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name plantuml-plugin High Vendor gradle artifactid plantuml-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name plantuml-plugin High Product gradle artifactid plantuml-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
plexus-archiver-4.7.1.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.codehaus.plexus/plexus-archiver/4.7.1/b9ef00eb7f3df17f1a4b8804aff1f34241513283/plexus-archiver-4.7.1.jarMD5: dd0a71c59268dc98624a841a068e97c1SHA1: b9ef00eb7f3df17f1a4b8804aff1f34241513283SHA256: 0147f87bc617d9af51f56175a8625cfecbdd6cd6bc21d7ecb5e0b1f70e6dca98Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath plexus-archiver-4.7.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-archiver High Vendor gradle artifactid plexus-archiver Highest Vendor gradle groupid org.codehaus.plexus Highest Vendor jar package name archiver Highest Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid plexus-archiver Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Archiver Component High Vendor pom parent-artifactid plexus Low Product file name plexus-archiver High Product gradle artifactid plexus-archiver Highest Product jar package name archiver Highest Product jar package name codehaus Highest Product jar package name plexus Highest Product Manifest build-jdk-spec 11 Low Product pom artifactid plexus-archiver Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Archiver Component High Product pom parent-artifactid plexus Medium Version file version 4.7.1 High Version gradle version 4.7.1 Highest Version pom parent-version 4.7.1 Low Version pom version 4.7.1 Highest
CVE-2023-37460 suppress
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-61 UNIX Symbolic Link (Symlink) Following
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
plexus-build-api-0.0.7.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.sonatype.plexus/plexus-build-api/0.0.7/e6ba5cd4bfd8de00235af936e7f63eb24ed436e6/plexus-build-api-0.0.7.jarMD5: 49f0f8c6bdf2687e358870a4fc1559c6SHA1: e6ba5cd4bfd8de00235af936e7f63eb24ed436e6SHA256: 934171640fbd3d2495c50b79b0d9adb11e2c83e65bad157df8fe34bcac0ff798Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath plexus-build-api-0.0.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-build-api High Vendor gradle artifactid plexus-build-api Highest Vendor gradle groupid org.sonatype.plexus Highest Vendor jar package name build Highest Vendor jar package name build Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor jar package name sonatype Highest Vendor jar package name sonatype Low Vendor pom artifactid plexus-build-api Low Vendor pom groupid org.sonatype.plexus Highest Vendor pom parent-artifactid spice-parent Low Vendor pom parent-groupid org.sonatype.spice Medium Product file name plexus-build-api High Product gradle artifactid plexus-build-api Highest Product jar package name build Highest Product jar package name build Low Product jar package name incremental Low Product jar package name plexus Highest Product jar package name plexus Low Product jar package name sonatype Highest Product pom artifactid plexus-build-api Highest Product pom groupid org.sonatype.plexus Highest Product pom parent-artifactid spice-parent Medium Product pom parent-groupid org.sonatype.spice Medium Version file version 0.0.7 High Version gradle version 0.0.7 Highest Version pom parent-version 0.0.7 Low Version pom version 0.0.7 Highest
plexus-cipher-1.4.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.sonatype.plexus/plexus-cipher/1.4/50ade46f23bb38cd984b4ec560c46223432aac38/plexus-cipher-1.4.jarMD5: 7b2d6fcf0d5800d5b1ce09d98d98dcafSHA1: 50ade46f23bb38cd984b4ec560c46223432aac38SHA256: 5a15fdba22669e0fdd06e10dcce6320879e1f7398fbc910cd0677b50672a78c4Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath plexus-cipher-1.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-cipher High Vendor gradle artifactid plexus-cipher Highest Vendor gradle groupid org.sonatype.plexus Highest Vendor jar package name cipher Highest Vendor jar package name components Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor jar package name sonatype Highest Vendor jar package name sonatype Low Vendor pom artifactid plexus-cipher Low Vendor pom groupid org.sonatype.plexus Highest Vendor pom name Plexus Cipher: encryption/decryption Component High Vendor pom parent-artifactid spice-parent Low Vendor pom parent-groupid org.sonatype.spice Medium Vendor pom url http://spice.sonatype.org/ Highest Product file name plexus-cipher High Product gradle artifactid plexus-cipher Highest Product jar package name cipher Highest Product jar package name cipher Low Product jar package name components Low Product jar package name plexus Highest Product jar package name plexus Low Product jar package name sonatype Highest Product pom artifactid plexus-cipher Highest Product pom groupid org.sonatype.plexus Highest Product pom name Plexus Cipher: encryption/decryption Component High Product pom parent-artifactid spice-parent Medium Product pom parent-groupid org.sonatype.spice Medium Product pom url http://spice.sonatype.org/ Medium Version file version 1.4 High Version gradle version 1.4 Highest Version pom parent-version 1.4 Low Version pom version 1.4 Highest
plexus-classworlds-2.5.2.jarDescription:
A class loader framework License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.codehaus.plexus/plexus-classworlds/2.5.2/4abb111bfdace5b8167db4c0ef74644f3f88f142/plexus-classworlds-2.5.2.jar
MD5: 53b54feee8cef6b843bd6748bda4bfa7
SHA1: 4abb111bfdace5b8167db4c0ef74644f3f88f142
SHA256: b2931d41740490a8d931cbe0cfe9ac20deb66cca606e679f52522f7f534c9fd7
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath plexus-classworlds-2.5.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-classworlds High Vendor gradle artifactid plexus-classworlds Highest Vendor gradle groupid org.codehaus.plexus Highest Vendor jar package name classworlds Highest Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor Manifest bundle-docurl http://www.codehaus.org/ Low Vendor Manifest bundle-symbolicname org.codehaus.plexus.classworlds Medium Vendor pom artifactid plexus-classworlds Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Classworlds High Vendor pom parent-artifactid plexus Low Product file name plexus-classworlds High Product gradle artifactid plexus-classworlds Highest Product jar package name classworlds Highest Product jar package name codehaus Highest Product jar package name plexus Highest Product Manifest bundle-docurl http://www.codehaus.org/ Low Product Manifest Bundle-Name Plexus Classworlds Medium Product Manifest bundle-symbolicname org.codehaus.plexus.classworlds Medium Product pom artifactid plexus-classworlds Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Classworlds High Product pom parent-artifactid plexus Medium Version file version 2.5.2 High Version gradle version 2.5.2 Highest Version Manifest Bundle-Version 2.5.2 High Version pom parent-version 2.5.2 Low Version pom version 2.5.2 Highest
plexus-component-annotations-1.5.5.jarDescription:
Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
standard annotations instead of javadoc annotations.
File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.codehaus.plexus/plexus-component-annotations/1.5.5/c72f2660d0cbed24246ddb55d7fdc4f7374d2078/plexus-component-annotations-1.5.5.jarMD5: ef37dcdb84030422db428b63c4354e5bSHA1: c72f2660d0cbed24246ddb55d7fdc4f7374d2078SHA256: 4df7a6a7be64b35bbccf60b5c115697f9ea3421d22674ae67135dde375fcca1fReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath plexus-component-annotations-1.5.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-component-annotations High Vendor gradle artifactid plexus-component-annotations Highest Vendor gradle groupid org.codehaus.plexus Highest Vendor jar package name annotations Highest Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name component Highest Vendor jar package name component Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor pom artifactid plexus-component-annotations Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus :: Component Annotations High Vendor pom parent-artifactid plexus-containers Low Product file name plexus-component-annotations High Product gradle artifactid plexus-component-annotations Highest Product jar package name annotations Highest Product jar package name annotations Low Product jar package name codehaus Highest Product jar package name component Highest Product jar package name component Low Product jar package name plexus Highest Product jar package name plexus Low Product pom artifactid plexus-component-annotations Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus :: Component Annotations High Product pom parent-artifactid plexus-containers Medium Version file version 1.5.5 High Version gradle version 1.5.5 Highest Version pom version 1.5.5 Highest
plexus-interpolation-1.21.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.codehaus.plexus/plexus-interpolation/1.21/f92de59d295f16868001644acc21720f3ec9eb15/plexus-interpolation-1.21.jarMD5: 6629656495f4e5eac4f244fe3b252ea1SHA1: f92de59d295f16868001644acc21720f3ec9eb15SHA256: aba7980581027ad5fc74a27ee4d64aad74932fdb32694967242d03fc50290d1fReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath plexus-interpolation-1.21.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-interpolation High Vendor gradle artifactid plexus-interpolation Highest Vendor gradle groupid org.codehaus.plexus Highest Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name interpolation Highest Vendor jar package name interpolation Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor pom artifactid plexus-interpolation Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Interpolation API High Vendor pom parent-artifactid plexus-components Low Product file name plexus-interpolation High Product gradle artifactid plexus-interpolation Highest Product jar package name codehaus Highest Product jar package name interpolation Highest Product jar package name interpolation Low Product jar package name plexus Highest Product jar package name plexus Low Product pom artifactid plexus-interpolation Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Interpolation API High Product pom parent-artifactid plexus-components Medium Version file version 1.21 High Version gradle version 1.21 Highest Version pom parent-version 1.21 Low Version pom version 1.21 Highest
plexus-io-3.4.1.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.codehaus.plexus/plexus-io/3.4.1/e9dc0280372501917a124af943dcb709f73577a2/plexus-io-3.4.1.jarMD5: 7921fc78e18b1dc3dabe8ca5e3558657SHA1: e9dc0280372501917a124af943dcb709f73577a2SHA256: ac3be07c2968f98656604ddb8fdf08f1cfc560bc7b329fd17847f151510dc2c4Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath plexus-io-3.4.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-io High Vendor gradle artifactid plexus-io Highest Vendor gradle groupid org.codehaus.plexus Highest Vendor jar package name codehaus Highest Vendor jar package name components Highest Vendor jar package name io Highest Vendor jar package name plexus Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid plexus-io Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus IO Components High Vendor pom parent-artifactid plexus Low Product file name plexus-io High Product gradle artifactid plexus-io Highest Product jar package name codehaus Highest Product jar package name components Highest Product jar package name io Highest Product jar package name plexus Highest Product Manifest build-jdk-spec 1.8 Low Product pom artifactid plexus-io Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus IO Components High Product pom parent-artifactid plexus Medium Version file version 3.4.1 High Version gradle version 3.4.1 Highest Version pom parent-version 3.4.1 Low Version pom version 3.4.1 Highest
plexus-java-1.1.2.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.codehaus.plexus/plexus-java/1.1.2/aa761869ff6c4b7624923a850b05fd9342a931d6/plexus-java-1.1.2.jarMD5: 1c196172a9c28f441b8e3c73639fe1a2SHA1: aa761869ff6c4b7624923a850b05fd9342a931d6SHA256: 83659e0d3fa0eda61dc4e8d78ea5a5fe05b7985f88b8557716c295409e64b7f5Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath plexus-java-1.1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-java High Vendor gradle artifactid plexus-java Highest Vendor gradle groupid org.codehaus.plexus Highest Vendor jar package name codehaus Highest Vendor jar package name java Highest Vendor jar package name languages Highest Vendor jar package name org Highest Vendor jar package name plexus Highest Vendor Manifest build-jdk-spec 19 Low Vendor Manifest multi-release true Low Vendor pom artifactid plexus-java Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Languages :: Java High Vendor pom parent-artifactid plexus-languages Low Product file name plexus-java High Product gradle artifactid plexus-java Highest Product jar package name codehaus Highest Product jar package name java Highest Product jar package name languages Highest Product jar package name org Highest Product jar package name plexus Highest Product Manifest build-jdk-spec 19 Low Product Manifest multi-release true Low Product pom artifactid plexus-java Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Languages :: Java High Product pom parent-artifactid plexus-languages Medium Version file version 1.1.2 High Version gradle version 1.1.2 Highest Version pom version 1.1.2 Highest
plexus-sec-dispatcher-1.3.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.sonatype.plexus/plexus-sec-dispatcher/1.3/dedc02034fb8fcd7615d66593228cb71709134b4/plexus-sec-dispatcher-1.3.jarMD5: 53160199f5667de3fca69b723173639bSHA1: dedc02034fb8fcd7615d66593228cb71709134b4SHA256: 3b0559bb8432f28937efe6ca193ef54a8506d0075d73fd7406b9b116c6a11063Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath plexus-sec-dispatcher-1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-sec-dispatcher High Vendor gradle artifactid plexus-sec-dispatcher Highest Vendor gradle groupid org.sonatype.plexus Highest Vendor jar package name components Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor jar package name sec Highest Vendor jar package name sonatype Highest Vendor jar package name sonatype Low Vendor pom artifactid plexus-sec-dispatcher Low Vendor pom groupid org.sonatype.plexus Highest Vendor pom name Plexus Security Dispatcher Component High Vendor pom parent-artifactid spice-parent Low Vendor pom parent-groupid org.sonatype.spice Medium Vendor pom url http://spice.sonatype.org/ Highest Product file name plexus-sec-dispatcher High Product gradle artifactid plexus-sec-dispatcher Highest Product jar package name components Low Product jar package name plexus Highest Product jar package name plexus Low Product jar package name sec Highest Product jar package name sec Low Product jar package name sonatype Highest Product pom artifactid plexus-sec-dispatcher Highest Product pom groupid org.sonatype.plexus Highest Product pom name Plexus Security Dispatcher Component High Product pom parent-artifactid spice-parent Medium Product pom parent-groupid org.sonatype.spice Medium Product pom url http://spice.sonatype.org/ Medium Version file version 1.3 High Version gradle version 1.3 Highest Version pom parent-version 1.3 Low Version pom version 1.3 Highest
plexus-utils-3.5.1.jarDescription:
A collection of various utility classes to ease working with strings, files, command lines, XML and
more.
File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.codehaus.plexus/plexus-utils/3.5.1/c6bfb17c97ecc8863e88778ea301be742c62b06d/plexus-utils-3.5.1.jarMD5: cdec471a77f52e687d0df4c43f392a71SHA1: c6bfb17c97ecc8863e88778ea301be742c62b06dSHA256: 86e0255d4c879c61b4833ed7f13124e8bb679df47debb127326e7db7dd49a07bReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath maven-plugin:compileClasspath maven-plugin:runtimeClasspath plexus-utils-3.5.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven/maven-model@3.9.4 pkg:maven/org.apache.maven/maven-model@3.9.4 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/io.freefair.gradle/maven-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-utils High Vendor gradle artifactid plexus-utils Highest Vendor gradle groupid org.codehaus.plexus Highest Vendor jar package name codehaus Highest Vendor jar package name org Highest Vendor jar package name plexus Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest multi-release true Low Vendor pom artifactid plexus-utils Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Common Utilities High Vendor pom parent-artifactid plexus Low Product file name plexus-utils High Product gradle artifactid plexus-utils Highest Product jar package name 11 Highest Product jar package name codehaus Highest Product jar package name org Highest Product jar package name plexus Highest Product jar package name xml Highest Product Manifest build-jdk-spec 11 Low Product Manifest multi-release true Low Product pom artifactid plexus-utils Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Common Utilities High Product pom parent-artifactid plexus Medium Version file version 3.5.1 High Version gradle version 3.5.1 Highest Version pom parent-version 3.5.1 Low Version pom version 3.5.1 Highest
plexus-velocity-1.2.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.codehaus.plexus/plexus-velocity/1.2/1331b9d6bbf99ead362c68c2f318ebe5fedda598/plexus-velocity-1.2.jarMD5: 7d7805136e8165f53c944612a809f1a6SHA1: 1331b9d6bbf99ead362c68c2f318ebe5fedda598SHA256: b4c4a0dbeacad54306a1ae230eff5ab45d58e3ab88c86ab7245d3a0772be57abReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath plexus-velocity-1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name plexus-velocity High Vendor gradle artifactid plexus-velocity Highest Vendor gradle groupid org.codehaus.plexus Highest Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor jar package name velocity Highest Vendor jar package name velocity Low Vendor pom artifactid plexus-velocity Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Velocity Component High Vendor pom parent-artifactid plexus-components Low Product file name plexus-velocity High Product gradle artifactid plexus-velocity Highest Product jar package name codehaus Highest Product jar package name plexus Highest Product jar package name plexus Low Product jar package name velocity Highest Product jar package name velocity Low Product pom artifactid plexus-velocity Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Velocity Component High Product pom parent-artifactid plexus-components Medium Version file version 1.2 High Version gradle version 1.2 Highest Version pom parent-version 1.2 Low Version pom version 1.2 Highest
plugin-utils-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/plugin-utils/build/libs/plugin-utils-8.2.2.jarMD5: df2d7468198ff081464da15e2e592bbfSHA1: 18092ee5dbdf964c2a7c15a78cd1b6ef2fd273fdSHA256: ed4ca6acda0a1b31a4446d97a605c3166d878c72d311270acc1b0854bd240e34Referenced In Projects/Scopes:
documentation:javadocClasspath aspectj-plugin:compileClasspath aspectj-plugin:runtimeClasspath git-plugin:compileClasspath git-plugin:runtimeClasspath github-plugin:compileClasspath github-plugin:runtimeClasspath plugin-utils-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/git-plugin@8.2.2 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 pkg:maven/io.freefair.gradle/git-plugin@8.2.2 pkg:maven/io.freefair.gradle/documentation@8.2.2 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 pkg:maven/io.freefair.gradle/git-plugin@8.2.2 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name plugin-utils High Vendor gradle artifactid plugin-utils Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name plugin-utils High Product gradle artifactid plugin-utils Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name util Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
protobuf-java-3.23.4.jarDescription:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. License:
https://opensource.org/licenses/BSD-3-Clause File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.23.4/5cc1be17aed4e1e396c6b5359518f369a42ebc37/protobuf-java-3.23.4.jar
MD5: 2ba07863c839f3584938a1ef7e594e33
SHA1: 5cc1be17aed4e1e396c6b5359518f369a42ebc37
SHA256: 2fc98a20224d88c8c3dd9a403a8c3930ce0e275aa847ad3734fcbb2db012498b
Referenced In Projects/Scopes: documentation:javadocClasspath embedded-sass-plugin:runtimeClasspath embedded-sass-plugin:compileClasspath protobuf-java-3.23.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/de.larsgrefer.sass/sass-embedded-host@1.15.2 pkg:maven/de.larsgrefer.sass/sass-embedded-host@1.15.2 Evidence Type Source Name Value Confidence Vendor file name protobuf-java High Vendor gradle artifactid protobuf-java Highest Vendor gradle groupid com.google.protobuf Highest Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name protobuf Highest Vendor jar package name protobuf Low Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Vendor Manifest bundle-symbolicname com.google.protobuf Medium Vendor Manifest target-label //java/core:lite_runtime_only Low Product file name protobuf-java High Product gradle artifactid protobuf-java Highest Product jar package name google Highest Product jar package name protobuf Highest Product jar package name protobuf Low Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Product Manifest Bundle-Name Protocol Buffers [Core] Medium Product Manifest bundle-symbolicname com.google.protobuf Medium Product Manifest target-label //java/core:lite_runtime_only Low Version file name protobuf-java Medium Version file version 3.23.4 High Version gradle version 3.23.4 Highest Version jar package name google Highest Version Manifest Bundle-Version 3.23.4 High
qdox-2.0.3.jarDescription:
QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.qdox/qdox/2.0.3/d70143d2a58e7b16a8ec73a495508d43a085d83b/qdox-2.0.3.jar
MD5: 1a599568ea16556d01a008d9e062ac89
SHA1: d70143d2a58e7b16a8ec73a495508d43a085d83b
SHA256: ff70c10165714fe9546c418a65d74ecd5d57623ba408cecde9428f0a609b5d1c
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath qdox-2.0.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name qdox High Vendor gradle artifactid qdox Highest Vendor gradle groupid com.thoughtworks.qdox Highest Vendor jar package name parser Highest Vendor jar package name qdox Highest Vendor jar package name thoughtworks Highest Vendor jar package name tools Highest Vendor Manifest automatic-module-name com.thoughtworks.qdox Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid qdox Low Vendor pom developer id joe Medium Vendor pom developer id mauro Medium Vendor pom developer id mdub Medium Vendor pom developer id paul Medium Vendor pom developer id rfscholte Medium Vendor pom developer id rinkrank Medium Vendor pom developer name Aslak Hellesoy Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name Mauro Talevi Medium Vendor pom developer name Mike Williams Medium Vendor pom developer name Paul Hammant Medium Vendor pom developer name Robert Scholte Medium Vendor pom groupid com.thoughtworks.qdox Highest Vendor pom name QDox High Vendor pom url paul-hammant/qdox Highest Product file name qdox High Product gradle artifactid qdox Highest Product jar package name parser Highest Product jar package name qdox Highest Product jar package name thoughtworks Highest Product jar package name tools Highest Product Manifest automatic-module-name com.thoughtworks.qdox Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid qdox Highest Product pom developer id joe Low Product pom developer id mauro Low Product pom developer id mdub Low Product pom developer id paul Low Product pom developer id rfscholte Low Product pom developer id rinkrank Low Product pom developer name Aslak Hellesoy Low Product pom developer name Joe Walnes Low Product pom developer name Mauro Talevi Low Product pom developer name Mike Williams Low Product pom developer name Paul Hammant Low Product pom developer name Robert Scholte Low Product pom groupid com.thoughtworks.qdox Highest Product pom name QDox High Product pom url paul-hammant/qdox High Version file version 2.0.3 High Version gradle version 2.0.3 Highest Version pom version 2.0.3 Highest
quicktype-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/quicktype-plugin/build/libs/quicktype-plugin-8.2.2.jarMD5: 7f6fc30834ebc45db7f61d3ca822991fSHA1: ea725ebb3f6b057624d6189be0d31d540ec759eaSHA256: ada4454e14a304388ad2ca9df58ca5ec7b3ee9c5819146de83eec083c621bd6dReferenced In Project/Scope: documentation:javadocClasspathquicktype-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name quicktype-plugin High Vendor gradle artifactid quicktype-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name quicktype-plugin High Product gradle artifactid quicktype-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
retrofit-2.9.0.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.squareup.retrofit2/retrofit/2.9.0/d8fdfbd5da952141a665a403348b74538efc05ff/retrofit-2.9.0.jarMD5: 890d951895e6d080185377c741526002SHA1: d8fdfbd5da952141a665a403348b74538efc05ffSHA256: e6ea1929c46852f5bec66ab3357da383476cef4e8d1deefdbf195b79cc4d6581Referenced In Projects/Scopes:
documentation:javadocClasspath github-plugin:compileClasspath github-plugin:runtimeClasspath retrofit-2.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/io.freefair.gradle/github-plugin@8.2.2 pkg:maven/com.squareup.retrofit2/converter-gson@2.9.0 Evidence Type Source Name Value Confidence Vendor file name retrofit High Vendor gradle artifactid retrofit Highest Vendor gradle groupid com.squareup.retrofit2 Highest Vendor jar package name retrofit2 Highest Vendor jar package name retrofit2 Low Vendor Manifest automatic-module-name retrofit2 Medium Product file name retrofit High Product gradle artifactid retrofit Highest Product jar package name retrofit2 Highest Product Manifest automatic-module-name retrofit2 Medium Version file name retrofit Medium Version file version 2.9.0 High Version gradle version 2.9.0 Highest
sass-embedded-host-1.15.2.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/de.larsgrefer.sass/sass-embedded-host/1.15.2/f9c25001cc8e4935f9dd10b78f2c2dc529bf8fb6/sass-embedded-host-1.15.2.jarMD5: 83705b8520620853a571221da6275088SHA1: f9c25001cc8e4935f9dd10b78f2c2dc529bf8fb6SHA256: f2c06c74055cffd4f8ad214dff6579d5716d2a2aec3d89a0d0b50f4b4bcfc296Referenced In Projects/Scopes:
documentation:javadocClasspath embedded-sass-plugin:runtimeClasspath embedded-sass-plugin:compileClasspath sass-embedded-host-1.15.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name sass-embedded-host High Vendor gradle artifactid sass-embedded-host Highest Vendor gradle groupid de.larsgrefer.sass Highest Vendor jar package name de Low Vendor jar package name larsgrefer Low Vendor jar package name sass Low Vendor Manifest implementation-url https://github.com/larsgrefer/dart-sass-java Low Product file name sass-embedded-host High Product gradle artifactid sass-embedded-host Highest Product jar package name embedded Highest Product jar package name embedded Low Product jar package name larsgrefer Highest Product jar package name larsgrefer Low Product jar package name sass Highest Product jar package name sass Low Product Manifest Implementation-Title SASS Embedded Host High Product Manifest implementation-url https://github.com/larsgrefer/dart-sass-java Low Version file version 1.15.2 High Version Manifest Implementation-Version 1.15.2 High
sass-embedded-protocol-1.15.2.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/de.larsgrefer.sass/sass-embedded-protocol/1.15.2/986e92de7fe7e8602a6253101b10a0fc8632dbbf/sass-embedded-protocol-1.15.2.jarMD5: 8f1aba8632c626a2b70cfd337b36ce57SHA1: 986e92de7fe7e8602a6253101b10a0fc8632dbbfSHA256: 884cbd8478dd53cf2625ef33ae9280336d2637dae5363ecb7a0ad211d26337d8Referenced In Projects/Scopes:
documentation:javadocClasspath embedded-sass-plugin:runtimeClasspath embedded-sass-plugin:compileClasspath sass-embedded-protocol-1.15.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/de.larsgrefer.sass/sass-embedded-host@1.15.2 pkg:maven/de.larsgrefer.sass/sass-embedded-host@1.15.2 Evidence Type Source Name Value Confidence Vendor file name sass-embedded-protocol High Vendor gradle artifactid sass-embedded-protocol Highest Vendor gradle groupid de.larsgrefer.sass Highest Vendor jar package name embedded_protocol Low Vendor jar package name sass Low Vendor Manifest implementation-url https://github.com/larsgrefer/dart-sass-java Low Vendor Manifest specification-vendor Google LLC Low Product file name sass-embedded-protocol High Product gradle artifactid sass-embedded-protocol Highest Product jar package name embedded_protocol Low Product jar package name sass Highest Product Manifest Implementation-Title SASS Embedded Protocol High Product Manifest implementation-url https://github.com/larsgrefer/dart-sass-java Low Version file version 1.15.2 High Version Manifest Implementation-Version 1.15.2 High
settings-plugin-8.2.2.jarFile Path: /home/runner/work/gradle-plugins/gradle-plugins/settings-plugin/build/libs/settings-plugin-8.2.2.jarMD5: 22370371d25e6860b050a9c705fa859fSHA1: e5f58addd93977b9085ee32366b3b30322b8fac4SHA256: fd24997f7dcfde62c09a6a8477ccb06f37e5d46ee42b76bcae3c34b578068ddeReferenced In Project/Scope: documentation:javadocClasspathsettings-plugin-8.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/documentation@8.2.2
Evidence Type Source Name Value Confidence Vendor file name settings-plugin High Vendor gradle artifactid settings-plugin Highest Vendor gradle groupid io.freefair.gradle Highest Vendor jar package name freefair Low Vendor jar package name gradle Low Vendor jar package name io Low Product file name settings-plugin High Product gradle artifactid settings-plugin Highest Product jar package name freefair Low Product jar package name gradle Low Product jar package name plugins Low Version file version 8.2.2 High Version Manifest Implementation-Version 8.2.2 High
sisu-guice-3.2.3-no_aop.jarDescription:
Patched build of Guice: a lightweight dependency injection framework for Java 6 and above License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.sonatype.sisu/sisu-guice/3.2.3/6b8262f32ff7b60881aed3e7aa9d81fdb48330e9/sisu-guice-3.2.3-no_aop.jar
MD5: 733be430711a32f2b9ba72da565cab2f
SHA1: 6b8262f32ff7b60881aed3e7aa9d81fdb48330e9
SHA256: 004af7012b6d11ab585ae841130ff091dcad6531d7bf13db4d7deac91589eef4
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath sisu-guice-3.2.3-no_aop.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name sisu-guice High Vendor gradle artifactid sisu-guice Highest Vendor gradle groupid org.sonatype.sisu Highest Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name guice Highest Vendor jar package name inject Low Vendor jar package name internal Low Vendor Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Vendor Manifest bundle-docurl https://github.com/google/guice Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname org.sonatype.sisu.guice Medium Vendor Manifest eclipse-extensibleapi true Low Vendor Manifest Implementation-Vendor Google, Inc. High Vendor Manifest Implementation-Vendor-Id org.sonatype.sisu Medium Product file name sisu-guice High Product gradle artifactid sisu-guice Highest Product jar package name dependency Highest Product jar package name google Highest Product jar package name guice Highest Product jar package name inject Low Product jar package name internal Low Product Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Product Manifest bundle-docurl https://github.com/google/guice Low Product Manifest Bundle-Name sisu-guice (no_aop) Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname org.sonatype.sisu.guice Medium Product Manifest eclipse-extensibleapi true Low Product Manifest Implementation-Title Sisu Guice - Core Library High Product Manifest specification-title Sisu Guice - Core Library Medium Version file version 3.2.3 High Version Manifest Implementation-Version 3.2.3 High
slf4j-api-1.7.36.jarDescription:
The slf4j API File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-api/1.7.36/6c62681a2f655b49963a5983b8b0950a6120ae14/slf4j-api-1.7.36.jarMD5: 872da51f5de7f3923da4de871d57fd85SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14SHA256: d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0Referenced In Projects/Scopes:
maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor gradle artifactid slf4j-api Highest Vendor gradle groupid org.slf4j Highest Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.slf4j Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product gradle artifactid slf4j-api Highest Product jar package name slf4j Highest Product Manifest automatic-module-name org.slf4j Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.36 High Version gradle version 1.7.36 Highest Version Manifest Bundle-Version 1.7.36 High Version Manifest Implementation-Version 1.7.36 High Version pom version 1.7.36 Highest
slf4j-api-2.0.7.jarDescription:
The slf4j API License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-api/2.0.7/41eb7184ea9d556f23e18b5cb99cad1f8581fc00/slf4j-api-2.0.7.jar
MD5: 403dffa46cdd2e3c82da19df4f394a4c
SHA1: 41eb7184ea9d556f23e18b5cb99cad1f8581fc00
SHA256: 5d6298b93a1905c32cda6478808ac14c2d4a47e91535e53c41f7feeb85d946f4
Referenced In Projects/Scopes: documentation:javadocClasspath embedded-sass-plugin:runtimeClasspath embedded-sass-plugin:compileClasspath slf4j-api-2.0.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/de.larsgrefer.sass/sass-embedded-host@1.15.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.webjars/webjars-locator-core@0.53 pkg:maven/org.webjars/webjars-locator-core@0.53 pkg:maven/de.larsgrefer.sass/sass-embedded-host@1.15.2 Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor gradle artifactid slf4j-api Highest Vendor gradle groupid org.slf4j Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 19 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product gradle artifactid slf4j-api Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 19 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.7 High Version gradle version 2.0.7 Highest Version Manifest Bundle-Version 2.0.7 High Version Manifest Implementation-Version 2.0.7 High Version pom version 2.0.7 Highest
snappy-0.4.jarDescription:
Port of Snappy to Java License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.iq80.snappy/snappy/0.4/a42b2d92a89efd35bb14738000dabcac6bd07a8d/snappy-0.4.jar
MD5: f0792d1dbe7f90d8b34c7c19961e0073
SHA1: a42b2d92a89efd35bb14738000dabcac6bd07a8d
SHA256: 46a0c87d504ce9d6063e1ff6e4d20738feb49d8abf85b5071a7d18df4f11bac9
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath snappy-0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 Evidence Type Source Name Value Confidence Vendor file name snappy High Vendor gradle artifactid snappy Highest Vendor gradle groupid org.iq80.snappy Highest Vendor jar package name iq80 Highest Vendor jar package name iq80 Low Vendor jar package name snappy Highest Vendor jar package name snappy Low Vendor pom artifactid snappy Low Vendor pom developer email dain@iq80.com Low Vendor pom developer email david@acz.org Low Vendor pom developer id dain Medium Vendor pom developer id electrum Medium Vendor pom developer name Dain Sundstrom Medium Vendor pom developer name David Phillips Medium Vendor pom groupid org.iq80.snappy Highest Vendor pom name snappy High Vendor pom url http://github.com/dain/snappy Highest Product file name snappy High Product gradle artifactid snappy Highest Product jar package name iq80 Highest Product jar package name snappy Highest Product jar package name snappy Low Product pom artifactid snappy Highest Product pom developer email dain@iq80.com Low Product pom developer email david@acz.org Low Product pom developer id dain Low Product pom developer id electrum Low Product pom developer name Dain Sundstrom Low Product pom developer name David Phillips Low Product pom groupid org.iq80.snappy Highest Product pom name snappy High Product pom url http://github.com/dain/snappy Medium Version file version 0.4 High Version gradle version 0.4 Highest Version pom version 0.4 Highest
trove4j-1.0.20200330.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.jetbrains.intellij.deps/trove4j/1.0.20200330/3afb14d5f9ceb459d724e907a21145e8ff394f02/trove4j-1.0.20200330.jarMD5: bb75697e375d588a9d3f8f2653b30f77SHA1: 3afb14d5f9ceb459d724e907a21145e8ff394f02SHA256: c5fd725bffab51846bf3c77db1383c60aaaebfe1b7fe2f00d23fe1b7df0a439dReferenced In Projects/Scopes:
documentation:javadocClasspath quicktype-plugin:runtimeClasspath quicktype-plugin:kotlinKlibCommonizerClasspath quicktype-plugin:kotlinCompilerClasspath trove4j-1.0.20200330.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jetbrains.kotlin/kotlin-compiler-embeddable@1.8.20 pkg:maven/io.freefair.gradle/quicktype-plugin@8.2.2 pkg:maven/org.jetbrains.kotlin/kotlin-gradle-plugin@1.8.20 pkg:maven/org.jetbrains.kotlin/kotlin-klib-commonizer-embeddable@1.8.20 pkg:maven/io.freefair.gradle/aspectj-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name trove4j High Vendor gradle artifactid trove4j Highest Vendor gradle groupid org.jetbrains.intellij.deps Highest Vendor jar package name gnu Low Vendor jar package name trove Low Product file name trove4j High Product gradle artifactid trove4j Highest Product jar package name trove Low Version file name trove4j Medium Version file version 1.0.20200330 High Version gradle version 1.0.20200330 Highest
velocity-1.7.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.velocity/velocity/1.7/2ceb567b8f3f21118ecdec129fe1271dbc09aa7a/velocity-1.7.jarMD5: 3692dd72f8367cb35fb6280dc2916725SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7aSHA256: ec92dae810034f4b46dbb16ef4364a4013b0efb24a8c5dd67435cae46a290d8eReferenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath velocity-1.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name velocity High Vendor gradle artifactid velocity Highest Vendor gradle groupid org.apache.velocity Highest Vendor jar package name apache Highest Vendor jar package name apache Low Vendor jar package name runtime Low Vendor jar package name velocity Highest Vendor jar package name velocity Low Vendor Manifest bundle-symbolicname org.apache.velocity Medium Vendor Manifest extension-name velocity Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor Apache Software Foundation Low Product file name velocity High Product gradle artifactid velocity Highest Product jar package name apache Highest Product jar package name runtime Low Product jar package name template Highest Product jar package name velocity Highest Product jar package name velocity Low Product Manifest Bundle-Name Apache Velocity Medium Product Manifest bundle-symbolicname org.apache.velocity Medium Product Manifest extension-name velocity Medium Product Manifest Implementation-Title org.apache.velocity High Product Manifest specification-title Velocity is a Java-based template engine Medium Version file version 1.7 High Version Manifest Implementation-Version 1.7 High
CVE-2020-13936 suppress
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
wagon-provider-api-2.4.jarDescription:
Maven Wagon API that defines the contract between different Wagon implementations File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.apache.maven.wagon/wagon-provider-api/2.4/e40429d9dd849c5fe0bdf97062b1d9358d99826d/wagon-provider-api-2.4.jarMD5: 882add48c16ceb068eacb5a19e636c1eSHA1: e40429d9dd849c5fe0bdf97062b1d9358d99826dSHA256: f65d8d59d71bca18ffa259b5a6de67697bc65b9ff1142c7bb4417ab4b1cacd92Referenced In Projects/Scopes:
documentation:javadocClasspath maven-plugin-plugin:compileClasspath maven-plugin-plugin:runtimeClasspath wagon-provider-api-2.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.9.0 Evidence Type Source Name Value Confidence Vendor file name wagon-provider-api High Vendor gradle artifactid wagon-provider-api Highest Vendor gradle groupid org.apache.maven.wagon Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name wagon Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.maven.wagon Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid wagon-provider-api Low Vendor pom groupid org.apache.maven.wagon Highest Vendor pom name Apache Maven Wagon :: API High Vendor pom parent-artifactid wagon Low Product file name wagon-provider-api High Product gradle artifactid wagon-provider-api Highest Product jar package name apache Highest Product jar package name maven Highest Product jar package name wagon Highest Product Manifest Implementation-Title Apache Maven Wagon :: API High Product Manifest specification-title Apache Maven Wagon :: API Medium Product pom artifactid wagon-provider-api Highest Product pom groupid org.apache.maven.wagon Highest Product pom name Apache Maven Wagon :: API High Product pom parent-artifactid wagon Medium Version file version 2.4 High Version gradle version 2.4 Highest Version Manifest Implementation-Version 2.4 High Version pom version 2.4 Highest
webjars-locator-core-0.53.jarDescription:
WebJar Locator Core functionality License:
MIT: https://github.com/webjars/webjars-locator-core/blob/master/LICENSE.md File Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.webjars/webjars-locator-core/0.53/6c1a5163ee8dd317913000ede5084b192f5f0dd9/webjars-locator-core-0.53.jar
MD5: d7a31a9288744a81b40aae304cc129e7
SHA1: 6c1a5163ee8dd317913000ede5084b192f5f0dd9
SHA256: 0ca3694f2d2226add8d67e10ef8c43487f75271caa317fd367626055c1f0f608
Referenced In Projects/Scopes: documentation:javadocClasspath embedded-sass-plugin:runtimeClasspath embedded-sass-plugin:compileClasspath webjars-locator-core-0.53.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 pkg:maven/io.freefair.gradle/embedded-sass-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name webjars-locator-core High Vendor gradle artifactid webjars-locator-core Highest Vendor gradle groupid org.webjars Highest Vendor jar package name webjars Highest Vendor Manifest build-jdk-spec 19 Low Vendor pom artifactid webjars-locator-core Low Vendor pom developer email james@jamesward.org Low Vendor pom developer id jamesward Medium Vendor pom developer name James Ward Medium Vendor pom groupid org.webjars Highest Vendor pom name webjars-locator-core High Vendor pom url http://webjars.org Highest Product file name webjars-locator-core High Product gradle artifactid webjars-locator-core Highest Product jar package name webjars Highest Product Manifest build-jdk-spec 19 Low Product pom artifactid webjars-locator-core Highest Product pom developer email james@jamesward.org Low Product pom developer id jamesward Low Product pom developer name James Ward Low Product pom groupid org.webjars Highest Product pom name webjars-locator-core High Product pom url http://webjars.org Medium Version file version 0.53 High Version gradle version 0.53 Highest Version pom version 0.53 Highest
xz-1.9.jarFile Path: /home/runner/.gradle/caches/modules-2/files-2.1/org.tukaani/xz/1.9/1ea4bec1a921180164852c65006d928617bd2caf/xz-1.9.jarMD5: 57c2fbfeb55e307ccae52e5322082e02SHA1: 1ea4bec1a921180164852c65006d928617bd2cafSHA256: 211b306cfc44f8f96df3a0a3ddaf75ba8c5289eed77d60d72f889bb855f535e5Referenced In Projects/Scopes:
documentation:javadocClasspath compress-plugin:compileClasspath compress-plugin:runtimeClasspath maven-plugin-plugin:runtimeClasspath xz-1.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 pkg:maven/io.freefair.gradle/compress-plugin@8.2.2 Evidence Type Source Name Value Confidence Vendor file name xz High Vendor gradle artifactid xz Highest Vendor gradle groupid org.tukaani Highest Vendor jar package name tukaani Highest Vendor jar package name tukaani Low Vendor jar package name xz Highest Vendor jar package name xz Low Vendor Manifest bundle-docurl https://tukaani.org/xz/java.html Low Vendor Manifest bundle-symbolicname org.tukaani.xz Medium Vendor Manifest implementation-url https://tukaani.org/xz/java.html Low Vendor Manifest multi-release true Low Product file name xz High Product gradle artifactid xz Highest Product jar package name tukaani Highest Product jar package name xz Highest Product jar package name xz Low Product Manifest bundle-docurl https://tukaani.org/xz/java.html Low Product Manifest Bundle-Name XZ data compression Medium Product Manifest bundle-symbolicname org.tukaani.xz Medium Product Manifest Implementation-Title XZ data compression High Product Manifest implementation-url https://tukaani.org/xz/java.html Low Product Manifest multi-release true Low Version file version 1.9 High Version Manifest Implementation-Version 1.9 High
zstd-jni-1.5.5-2.jarDescription:
JNI bindings for Zstd native library that provides fast and high compression lossless algorithm for Java and all JVM languages. License:
https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License File Path: /home/runner/.gradle/caches/modules-2/files-2.1/com.github.luben/zstd-jni/1.5.5-2/33cb577c70dae09e7d6d2942100ca1ef9512e856/zstd-jni-1.5.5-2.jar
MD5: 725b09a13c090777763ef14b40a3dd29
SHA1: 33cb577c70dae09e7d6d2942100ca1ef9512e856
SHA256: 284c0c8b648f17c22da6b70605a73044f1f6b6ab5862900a37e1f107771a825b
Referenced In Projects/Scopes: documentation:javadocClasspath maven-plugin-plugin:runtimeClasspath zstd-jni-1.5.5-2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugins/maven-plugin-plugin@3.9.0 pkg:maven/io.freefair.gradle/maven-plugin-plugin@8.2.2 pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-annotations@3.9.0 Evidence Type Source Name Value Confidence Vendor file name zstd-jni High Vendor gradle artifactid zstd-jni Highest Vendor gradle groupid com.github.luben Highest Vendor jar package name github Highest Vendor jar package name github Low Vendor jar package name luben Highest Vendor jar package name luben Low Vendor jar package name zstd Highest Vendor jar package name zstd Low Vendor Manifest automatic-module-name com.github.luben.zstd_jni Medium Vendor Manifest bundle-nativecode darwin/x86_64/libzstd-jni-1.5.5-2.dylib;osname=MacOS;osname=MacOSX;processor=x86_64, darwin/aarch64/libzstd-jni-1.5.5-2.dylib;osname=MacOS;osname=MacOSX;processor=aarch64, freebsd/amd64/libzstd-jni-1.5.5-2.so;osname=FreeBSD;processor=amd64, freebsd/i386/libzstd-jni-1.5.5-2.so;osname=FreeBSD;processor=i386, linux/aarch64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=aarch64, linux/amd64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=amd64, linux/arm/libzstd-jni-1.5.5-2.so;osname=Linux;processor=arm, linux/i386/libzstd-jni-1.5.5-2.so;osname=Linux;processor=i386, linux/mips64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=mips64, linux/loongarch64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=loongarch64, linux/ppc64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=ppc64, linux/ppc64le/libzstd-jni-1.5.5-2.so;osname=Linux;processor=ppc64le, linux/s390x/libzstd-jni-1.5.5-2.so;osname=Linux;processor=s390x, win/amd64/libzstd-jni-1.5.5-2.dll;osname=Win32;processor=amd64, win/x86/libzstd-jni-1.5.5-2.dll;osname=Win32;processor=x86 Low Vendor Manifest bundle-symbolicname com.github.luben.zstd-jni Medium Vendor Manifest Implementation-Vendor com.github.luben High Vendor Manifest Implementation-Vendor-Id com.github.luben Medium Vendor Manifest specification-vendor com.github.luben Low Product file name zstd-jni High Product gradle artifactid zstd-jni Highest Product jar package name github Highest Product jar package name luben Highest Product jar package name luben Low Product jar package name zstd Highest Product jar package name zstd Low Product Manifest automatic-module-name com.github.luben.zstd_jni Medium Product Manifest Bundle-Name zstd-jni Medium Product Manifest bundle-nativecode darwin/x86_64/libzstd-jni-1.5.5-2.dylib;osname=MacOS;osname=MacOSX;processor=x86_64, darwin/aarch64/libzstd-jni-1.5.5-2.dylib;osname=MacOS;osname=MacOSX;processor=aarch64, freebsd/amd64/libzstd-jni-1.5.5-2.so;osname=FreeBSD;processor=amd64, freebsd/i386/libzstd-jni-1.5.5-2.so;osname=FreeBSD;processor=i386, linux/aarch64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=aarch64, linux/amd64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=amd64, linux/arm/libzstd-jni-1.5.5-2.so;osname=Linux;processor=arm, linux/i386/libzstd-jni-1.5.5-2.so;osname=Linux;processor=i386, linux/mips64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=mips64, linux/loongarch64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=loongarch64, linux/ppc64/libzstd-jni-1.5.5-2.so;osname=Linux;processor=ppc64, linux/ppc64le/libzstd-jni-1.5.5-2.so;osname=Linux;processor=ppc64le, linux/s390x/libzstd-jni-1.5.5-2.so;osname=Linux;processor=s390x, win/amd64/libzstd-jni-1.5.5-2.dll;osname=Win32;processor=amd64, win/x86/libzstd-jni-1.5.5-2.dll;osname=Win32;processor=x86 Low Product Manifest bundle-symbolicname com.github.luben.zstd-jni Medium Product Manifest Implementation-Title zstd-jni High Product Manifest specification-title zstd-jni Medium Version file version 1.5.5.2 High Version Manifest Implementation-Version 1.5.5-2 High