Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: makeself-maven-plugin

com.github.hazendaz.maven:makeself-maven-plugin:1.6.2

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
checker-qual-3.42.0.jarpkg:maven/org.checkerframework/checker-qual@3.42.0 046
commons-compress-1.26.0.jarcpe:2.3:a:apache:commons_compress:1.26.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.26.0 0Highest109
commons-io-2.15.1.jarcpe:2.3:a:apache:commons_io:2.15.1:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.15.1 0Highest125
commons-lang3-3.14.0.jarpkg:maven/org.apache.commons/commons-lang3@3.14.0 0145
error_prone_annotations-2.24.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.24.0 029
failureaccess-1.0.1.jarpkg:maven/com.google.guava/failureaccess@1.0.1 028
guava-33.0.0-jre.jarcpe:2.3:a:google:guava:33.0.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@33.0.0-jre 0Highest27
guice-5.1.0.jarpkg:maven/com.google.inject/guice@5.1.0 034
hibernate-validator-annotation-processor-6.2.5.Final.jarcpe:2.3:a:redhat:hibernate_validator:6.2.5:*:*:*:*:*:*:*pkg:maven/org.hibernate.validator/hibernate-validator-annotation-processor@6.2.5.Final 0Highest29
j2objc-annotations-2.8.jarpkg:maven/com.google.j2objc/j2objc-annotations@2.8 024
javax.annotation-api-1.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.2 046
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
lombok-1.18.30.jar: mavenEcjBootstrapAgent.jar 07
lombok-1.18.30.jarpkg:maven/org.projectlombok/lombok@1.18.30 036
maven-artifact-3.9.6.jarpkg:maven/org.apache.maven/maven-artifact@3.9.6 026
maven-builder-support-3.9.6.jarpkg:maven/org.apache.maven/maven-builder-support@3.9.6 024
maven-core-3.9.6.jarcpe:2.3:a:apache:maven:3.9.6:*:*:*:*:*:*:*pkg:maven/org.apache.maven/maven-core@3.9.6 0Highest24
maven-model-3.9.6.jarpkg:maven/org.apache.maven/maven-model@3.9.6 026
maven-model-builder-3.9.6.jarpkg:maven/org.apache.maven/maven-model-builder@3.9.6 032
maven-plugin-annotations-3.11.0.jarpkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.11.0 026
maven-plugin-api-3.9.6.jarpkg:maven/org.apache.maven/maven-plugin-api@3.9.6 026
maven-repository-metadata-3.9.6.jarpkg:maven/org.apache.maven/maven-repository-metadata@3.9.6 026
maven-resolver-api-1.9.18.jarpkg:maven/org.apache.maven.resolver/maven-resolver-api@1.9.18 034
maven-resolver-impl-1.9.18.jarpkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.9.18 032
maven-resolver-named-locks-1.9.18.jarpkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.9.18 033
maven-resolver-provider-3.9.6.jarpkg:maven/org.apache.maven/maven-resolver-provider@3.9.6 026
maven-resolver-spi-1.9.18.jarpkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.9.18 032
maven-resolver-util-1.9.18.jarpkg:maven/org.apache.maven.resolver/maven-resolver-util@1.9.18 036
maven-settings-3.9.6.jarpkg:maven/org.apache.maven/maven-settings@3.9.6 026
maven-settings-builder-3.9.6.jarpkg:maven/org.apache.maven/maven-settings-builder@3.9.6 026
maven-shared-utils-3.4.2.jarcpe:2.3:a:apache:maven_shared_utils:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.4.2:*:*:*:*:*:*:*		pkg:maven/org.apache.maven.shared/maven-shared-utils@3.4.2 0Highest29
modernizer-maven-annotations-2.7.0.jarpkg:maven/org.gaul/modernizer-maven-annotations@2.7.0 019
org.eclipse.sisu.inject-0.9.0.M2.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M2 032
org.eclipse.sisu.plexus-0.9.0.M2.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M2 029
plexus-cipher-2.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-cipher@2.0HIGH2Highest20
plexus-classworlds-2.7.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.7.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-classworlds@2.7.0HIGH2Highest28
plexus-component-annotations-2.1.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.1.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-component-annotations@2.1.0HIGH2Highest27
plexus-interpolation-1.26.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.26:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-interpolation@1.26HIGH2Highest25
plexus-sec-dispatcher-2.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sec_project:sec:2.0:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0HIGH2Highest20
plexus-utils-4.0.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:plexus-utils_project:plexus-utils:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:4.0.0:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-utils@4.0.0 0Highest24
plexus-xml-3.0.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:3.0.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-xml@3.0.0HIGH2Highest24
slf4j-api-2.0.12.jarpkg:maven/org.slf4j/slf4j-api@2.0.12 029
spotbugs-annotations-4.8.3.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 053

Dependencies (vulnerable)

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: C:\Users\Jeremy\.m2\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: makeself-maven-plugin:provided
aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

checker-qual-3.42.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: C:\Users\Jeremy\.m2\repository\org\checkerframework\checker-qual\3.42.0\checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256:ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: makeself-maven-plugin:provided
checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

commons-compress-1.26.0.jar

Description:

Apache Commons Compress defines an API for working with
compression and archive formats. These include bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar
MD5: cbc0bb8eca12b747ca21bf998d736e60
SHA1: 659feffdd12280201c8aacb8f7be94f9a883c824
SHA256:051aceb8bbcc62d0f5b2b8ac72c53767f9c59bfbd050151e65bef6f51c8ed9c9
Referenced In Project/Scope: makeself-maven-plugin:compile
commons-compress-1.26.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

commons-io-2.15.1.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar
MD5: 84351f7991a0e6722f00e96a4ccc376f
SHA1: f11560da189ab563a5c8e351941415430e9304ea
SHA256:a58af12ee1b68cfd2ebb0c27caef164f084381a00ec81a48cc275fd7ea54e154
Referenced In Project/Scope: makeself-maven-plugin:compile
commons-io-2.15.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

commons-lang3-3.14.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar
MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f
SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae
SHA256:7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c
Referenced In Project/Scope: makeself-maven-plugin:compile
commons-lang3-3.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

error_prone_annotations-2.24.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\errorprone\error_prone_annotations\2.24.0\error_prone_annotations-2.24.0.jar
MD5: f816bc67aa465617b44aa5cf3fbc0820
SHA1: 29dca9118b577ad24533e563438feb8fad51427e
SHA256:a88bd88124c8d4c9851ab823adc3a8f04b0a13af15c9d80b5ecf49f5a7a321d2
Referenced In Project/Scope: makeself-maven-plugin:provided
error_prone_annotations-2.24.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

failureaccess-1.0.1.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes is conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope: makeself-maven-plugin:compile
failureaccess-1.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

guava-33.0.0-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava\33.0.0-jre\guava-33.0.0-jre.jar
MD5: 5d8aefac09131c3a74d6dab4b01bcff6
SHA1: 161ba27964a62f241533807a46b8711b13c1d94b
SHA256:f4d85c3e4d411694337cb873abea09b242b664bb013320be6105327c45991537
Referenced In Project/Scope: makeself-maven-plugin:compile
guava-33.0.0-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

guice-5.1.0.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\inject\guice\5.1.0\guice-5.1.0.jar
MD5: 2560169296aa94492af34af2115e9511
SHA1: da25056c694c54ba16e78e4fc35f17fc60f0d1b4
SHA256:4130e50bfac48099c860f0d903b91860c81a249c90f38245f8fed58fc817bc26
Referenced In Project/Scope: makeself-maven-plugin:provided
guice-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

hibernate-validator-annotation-processor-6.2.5.Final.jar

File Path: C:\Users\Jeremy\.m2\repository\org\hibernate\validator\hibernate-validator-annotation-processor\6.2.5.Final\hibernate-validator-annotation-processor-6.2.5.Final.jar
MD5: 9f2a3168a0e9da5c6b0fc6fa5a29525a
SHA1: 845f834671380ef9c4c93e3f638bd88f6a4abba7
SHA256:6ad006443f769860af1886cc805d28c3d75c6253a2817f175c6bc7e2b359f55c
Referenced In Project/Scope: makeself-maven-plugin:provided
hibernate-validator-annotation-processor-6.2.5.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

j2objc-annotations-2.8.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\j2objc\j2objc-annotations\2.8\j2objc-annotations-2.8.jar
MD5: c50af69b704dc91050efb98e0dff66d1
SHA1: c85270e307e7b822f1086b93689124b89768e273
SHA256:f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed
Referenced In Project/Scope: makeself-maven-plugin:provided
j2objc-annotations-2.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

javax.annotation-api-1.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\javax\annotation\javax.annotation-api\1.2\javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope: makeself-maven-plugin:provided
javax.annotation-api-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\javax\inject\javax.inject\1\javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: makeself-maven-plugin:provided
javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: makeself-maven-plugin:compile
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.0.0-jre

Identifiers

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\listenablefuture\9999.0-empty-to-avoid-conflict-with-guava\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope: makeself-maven-plugin:compile
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.0.0-jre

Identifiers

lombok-1.18.30.jar: mavenEcjBootstrapAgent.jar

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.30\lombok-1.18.30.jar\lombok\launch\mavenEcjBootstrapAgent.jar
MD5: 2bc7812d729aa7f761f721c6f0620848
SHA1: e67209a53266080be85e8848c01fd15af98700c7
SHA256:63da6c6457ba6bfb61867cf644542464783adc57bbf36a7f0843c2822c288169
Referenced In Project/Scope: makeself-maven-plugin:provided

Identifiers

  • None

lombok-1.18.30.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.30\lombok-1.18.30.jar
MD5: 14e90bb14cac804c1a6e2024e78f436d
SHA1: f195ee86e6c896ea47a1d39defbe20eb59cd149d
SHA256:14151b47582d570b4de16a147ece3bdbd19ace4aee5bde3a5578c87db9ecb998
Referenced In Project/Scope: makeself-maven-plugin:provided
lombok-1.18.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

maven-artifact-3.9.6.jar

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-artifact\3.9.6\maven-artifact-3.9.6.jar
MD5: 96a7982d9a46c5c19696b4558be1bbd2
SHA1: fb0979832c10c1a25d038a33ca862bef055fcdc8
SHA256:ad7a0fb408f8e47585ccc0d0011e0b501d93bfc9888d369bbd4a043d19475073
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-artifact-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-builder-support-3.9.6.jar

Description:

Support for descriptor builders (model, setting, toolchains)

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-builder-support\3.9.6\maven-builder-support-3.9.6.jar
MD5: e004677a88ec086ba79a6a646b120f06
SHA1: bcfc9d8175eaba21111edf21e0355a8523461abc
SHA256:e1f4d2784459ce8a34b9dae1829a1999b569e483e21ee9faa7368691e729296e
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-builder-support-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-core-3.9.6.jar

Description:

Maven Core classes.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-core\3.9.6\maven-core-3.9.6.jar
MD5: 0d872ce50d16e02ca72e348b9f7b3487
SHA1: 674ab3337566d493df8f95eddfda90e41002d214
SHA256:c1327590398759da1918dbf356eb6d63f8fce7192a805cb3c8e336fbb1155dc0
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-core-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

maven-model-3.9.6.jar

Description:

Model for Maven POM (Project Object Model)

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-model\3.9.6\maven-model-3.9.6.jar
MD5: ac8747986567850914e2c7f0e85599b3
SHA1: ac9a1c8a8cfa36f3a5489837e653ec0cd530d576
SHA256:4f8f07fdb6b8701fa89a23a2edf830808fd65892d90cce40c0e6df7c8f2fcb62
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-model-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-model-builder-3.9.6.jar

Description:

The effective model builder, with inheritance, profile activation, interpolation, ...

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-model-builder\3.9.6\maven-model-builder-3.9.6.jar
MD5: 8b1aa0b78ffdb501dd4a6cbc0cbeff68
SHA1: 983ce00d50a9f78ad1b805e21e4fd71807fa6ebf
SHA256:5f96dafbc411ee4b1e8426368d0d31d05ab5a4dace69808143142a0017598721
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-model-builder-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-plugin-annotations-3.11.0.jar

Description:

Java annotations to use in Mojos

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugin-tools\maven-plugin-annotations\3.11.0\maven-plugin-annotations-3.11.0.jar
MD5: 8182135d00fb5f440608fe17a88489f1
SHA1: b38718cb50fa187f4b168034c120704be7e1c3a3
SHA256:ec1f1741f529b289090cd34799e69be43b6cc37e26a69b5db70789f10af7b7b0
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-plugin-annotations-3.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

maven-plugin-api-3.9.6.jar

Description:

The API for plugins - Mojos - development.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-api\3.9.6\maven-plugin-api-3.9.6.jar
MD5: d554ff9d1f948ef4ad67dd590e0eb299
SHA1: 64c127e31d9329928c72c403408a01f1871b6733
SHA256:3fd664f7e511463561bc343822347618b8ca0952db85da785809166f0a762411
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-plugin-api-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

maven-repository-metadata-3.9.6.jar

Description:

Per-directory local and remote repository metadata.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-repository-metadata\3.9.6\maven-repository-metadata-3.9.6.jar
MD5: 58a684bcc774fb44e4f73fa7466dc44d
SHA1: 497cda3149f3c661113f9a663e0270ce2566cc95
SHA256:e047a67b204c434994253e2ab5bdff5fe8cb7ada9316ac3e754c39f900ea847b
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-repository-metadata-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-resolver-api-1.9.18.jar

Description:

The application programming interface for the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-api\1.9.18\maven-resolver-api-1.9.18.jar
MD5: 43a87208b9585a61f268843f6a0931ec
SHA1: 0cd5174d6e80175398debe4869d484169c0abbf8
SHA256:ebfb9e1dfeea3c2017905184581e007874b4eaac9d28bfffcfe5133d70ac6339
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-resolver-api-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-resolver-impl-1.9.18.jar

Description:

An implementation of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-impl\1.9.18\maven-resolver-impl-1.9.18.jar
MD5: 0204f7788eb26200ff419d4abe21072b
SHA1: e928b128d1e52e6299f94431ce3df74647bc8c26
SHA256:6bb9c90d007098004749c867da2eaf5785fc1139907718749c1097bdb2929bf8
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-resolver-impl-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-resolver-named-locks-1.9.18.jar

Description:

A synchronization utility implementation using Named locks.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-named-locks\1.9.18\maven-resolver-named-locks-1.9.18.jar
MD5: e6da3cfadecd128a47814dfc661163dc
SHA1: 31f948d89dcb3d9739e70d5e1000ebd68eb4405d
SHA256:098de7bbc5b0b26c3eff74ac30ffba6680fdab9bf4aebab95c3f5e2fe9eaeea8
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-resolver-named-locks-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-resolver-provider-3.9.6.jar

Description:

Extensions to Maven Resolver for utilizing Maven POM and repository metadata.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-resolver-provider\3.9.6\maven-resolver-provider-3.9.6.jar
MD5: 74c2e9695842a46c2c2c1cd5179266c4
SHA1: 848c45d334f6cc5c8dd602b0e58fd4482964eddc
SHA256:73b00b244b7b9e285654a45e765892bf5d369da77d42b5b4b5429122ed198a33
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-resolver-provider-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

maven-resolver-spi-1.9.18.jar

Description:

The service provider interface for repository system implementations and repository connectors.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-spi\1.9.18\maven-resolver-spi-1.9.18.jar
MD5: b99c631156da02290d0c95cf40c4917b
SHA1: 7fa176b3353ef6d78d02db39e025f3c27a983158
SHA256:d364fce9a17b0e0b073c26efa92af95b29c00c42943dced4a1168a7923fd3fe1
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-resolver-spi-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-resolver-util-1.9.18.jar

Description:

A collection of utility classes to ease usage of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-util\1.9.18\maven-resolver-util-1.9.18.jar
MD5: 0e6aa5f372550f4239361df35a53b4a1
SHA1: 5ae9406f188ae4a999c353fce3fd77273797a216
SHA256:2eb0ea667bc489384478231dda7516407d4b5b22a138077229871de9362a7ae2
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-resolver-util-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-settings-3.9.6.jar

Description:

Maven Settings model.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-settings\3.9.6\maven-settings-3.9.6.jar
MD5: 144dfb04d530da655c5f96d80adb4ef4
SHA1: 7687311690b68c935753c55dd3f016d8c4a7820f
SHA256:0d200fd3b354d653d2a02cdba6a39b6dc2744a8539ff36ea423fe62cac736799
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-settings-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-settings-builder-3.9.6.jar

Description:

The effective settings builder, with inheritance and password decryption.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-settings-builder\3.9.6\maven-settings-builder-3.9.6.jar
MD5: 5480ba40c9ae1cac6931abf16f7e8b81
SHA1: 2b75954b6f0c7eef38f388d97b91ce1ae3229f21
SHA256:e97cc245e4ef833c589fce0b5a8a4d77e3a0e01e619c57b5342c5e16d37a791d
Referenced In Project/Scope: makeself-maven-plugin:provided
maven-settings-builder-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

maven-shared-utils-3.4.2.jar

Description:

Shared utilities for use by Maven core and plugins

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-utils\3.4.2\maven-shared-utils-3.4.2.jar
MD5: 53a038f77a81cb5816ad2b1c7daa8711
SHA1: bfa28296272a5915b08de9f11f34a94b0a818fd0
SHA256:b613357e1bad4dfc1dead801691c9460f9585fe7c6b466bc25186212d7d18487
Referenced In Project/Scope: makeself-maven-plugin:compile
maven-shared-utils-3.4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

modernizer-maven-annotations-2.7.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\gaul\modernizer-maven-annotations\2.7.0\modernizer-maven-annotations-2.7.0.jar
MD5: 0af0d3c9187c7dc13fcbcb7257c0fd5b
SHA1: 25fb27f1a54d193b52b5baa7dee26ef0ba6c03fe
SHA256:9e8340d07c2226e28a8f5d115418b2e2ab02139f2f3966dcd9163fa5902e267f
Referenced In Project/Scope: makeself-maven-plugin:provided
modernizer-maven-annotations-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

org.eclipse.sisu.inject-0.9.0.M2.jar

Description:

JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring

License:

"Eclipse Public License, Version 1.0";link="http://www.eclipse.org/legal/epl-v10.html"
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.inject\0.9.0.M2\org.eclipse.sisu.inject-0.9.0.M2.jar
MD5: eb805c5b2e22c8002877f0caadc6a87c
SHA1: 5ace70e1ea696d156f5034a42a615df13a52003a
SHA256:9b62bcfc352a2ec87da8b01e37c952a54d358bbb1af3f212648aeafe7ab2dbb5
Referenced In Project/Scope: makeself-maven-plugin:provided
org.eclipse.sisu.inject-0.9.0.M2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

org.eclipse.sisu.plexus-0.9.0.M2.jar

Description:

Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

License:

"Eclipse Public License, Version 1.0";link="http://www.eclipse.org/legal/epl-v10.html"
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.plexus\0.9.0.M2\org.eclipse.sisu.plexus-0.9.0.M2.jar
MD5: 98e320df2caac742b2ae33d938c69df8
SHA1: 31456dd2293197bb282c03168f6767acca3dec96
SHA256:9500d303ce467e26d129dda8559c3f3a91277d41ab49d2c4b4a5779536a62fc1
Referenced In Project/Scope: makeself-maven-plugin:provided
org.eclipse.sisu.plexus-0.9.0.M2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

plexus-cipher-2.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-cipher\2.0\plexus-cipher-2.0.jar
MD5: 55d612839faf248cbe3e273969c002c2
SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651b
SHA256:9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203a
Referenced In Project/Scope: makeself-maven-plugin:provided
plexus-cipher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-classworlds-2.7.0.jar

Description:

A class loader framework

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-classworlds\2.7.0\plexus-classworlds-2.7.0.jar
MD5: 6ed852b1a004288c44438381e6aaee1e
SHA1: fe6f1acefd1a302dd4bc6d9d7f15358828d2a44d
SHA256:c60ae538ba66adbc06aae205fbe2306211d3d213ab6df3239ec03cdde2458ad6
Referenced In Project/Scope: makeself-maven-plugin:provided
plexus-classworlds-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-component-annotations-2.1.0.jar

Description:

    Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
    standard annotations instead of javadoc annotations.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-component-annotations\2.1.0\plexus-component-annotations-2.1.0.jar
MD5: 141fd7a2ae613cb17d25ecd54b43eb3f
SHA1: 2f2147a6cc6a119a1b51a96f31d45c557f6244b9
SHA256:bde3617ce9b5bcf9584126046080043af6a4b3baea40a3b153f02e7bbc32acac
Referenced In Project/Scope: makeself-maven-plugin:provided
plexus-component-annotations-2.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-interpolation-1.26.jar

Description:

The Plexus project provides a full software stack for creating and executing software projects.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-interpolation\1.26\plexus-interpolation-1.26.jar
MD5: 1049ae9f5cd8cf618abf5bc5805e6b94
SHA1: 25b919c664b79795ccde0ede5cee0fd68b544197
SHA256:b3b5412ce17889103ea564bcdfcf9fb3dfa540344ffeac6b538a73c9d7182662
Referenced In Project/Scope: makeself-maven-plugin:provided
plexus-interpolation-1.26.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-sec-dispatcher-2.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-sec-dispatcher\2.0\plexus-sec-dispatcher-2.0.jar
MD5: e68635a721630177ac70173e441336b6
SHA1: f89c5080614ffd0764e49861895dbedde1b47237
SHA256:873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfceb
Referenced In Project/Scope: makeself-maven-plugin:provided
plexus-sec-dispatcher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-utils-4.0.0.jar

Description:

A collection of various utility classes to ease working with strings, files, command lines and
    more.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-utils\4.0.0\plexus-utils-4.0.0.jar
MD5: 16481d9d3af602d73a6355e79d2de889
SHA1: ff00a04ba971655ed10e9fb93bce0ed3014e9477
SHA256:270cd703b48c6e5c8c691f1875f22d62d22cfe072c73ae2f5814d83d68c1da0b
Referenced In Project/Scope: makeself-maven-plugin:provided
plexus-utils-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

plexus-xml-3.0.0.jar

Description:

A collection of various utility classes to ease working with XML in Maven 3.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-xml\3.0.0\plexus-xml-3.0.0.jar
MD5: cccca4a03a8367cd20e4efaead5fba0b
SHA1: d16b91678bc3734276886132923d6919c935c9f7
SHA256:d2622dc9339b16f5b8c9cad2add440e965831d0e16f19ae1de24e1202b0de536
Referenced In Project/Scope: makeself-maven-plugin:provided
plexus-xml-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

slf4j-api-2.0.12.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-api\2.0.12\slf4j-api-2.0.12.jar
MD5: 86eb051f2e2d6497a3a57810c963a9d6
SHA1: 48f109a2a6d8f446c794f3e3fa0d86df0cdfa312
SHA256:a79502b8abdfbd722846a27691226a4088682d6d35654f9b80e2a9ccacf7ed47
Referenced In Project/Scope: makeself-maven-plugin:compile
slf4j-api-2.0.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers

spotbugs-annotations-4.8.3.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: C:\Users\Jeremy\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.8.3\spotbugs-annotations-4.8.3.jar
MD5: cd5917b77643c3a7ba5420aea78f940c
SHA1: 05d2dc4ca5b632976371155252499819aea372ed
SHA256:e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
Referenced In Project/Scope: makeself-maven-plugin:provided
spotbugs-annotations-4.8.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/makeself-maven-plugin@1.6.2

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.