Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: smartsprites-maven-plugin

com.github.hazendaz.maven:smartsprites-maven-plugin:2.2.0

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
args4j-2.33.jarpkg:maven/args4j/args4j@2.33 022
checker-qual-3.42.0.jarpkg:maven/org.checkerframework/checker-qual@3.42.0 046
commons-io-2.15.1.jarcpe:2.3:a:apache:commons_io:2.15.1:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.15.1 0Highest125
commons-lang3-3.12.0.jarpkg:maven/org.apache.commons/commons-lang3@3.12.0 0139
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0134
error_prone_annotations-2.24.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.24.0 029
failureaccess-1.0.2.jarpkg:maven/com.google.guava/failureaccess@1.0.2 032
guava-33.0.0-jre.jarcpe:2.3:a:google:guava:33.0.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@33.0.0-jre 0Highest27
hibernate-validator-annotation-processor-6.2.5.Final.jarcpe:2.3:a:redhat:hibernate_validator:6.2.5:*:*:*:*:*:*:*pkg:maven/org.hibernate.validator/hibernate-validator-annotation-processor@6.2.5.Final 0Highest29
j2objc-annotations-2.8.jarpkg:maven/com.google.j2objc/j2objc-annotations@2.8 024
javax.annotation-api-1.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.2 046
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
lombok-1.18.30.jar: mavenEcjBootstrapAgent.jar 07
lombok-1.18.30.jarpkg:maven/org.projectlombok/lombok@1.18.30 036
maven-artifact-3.9.6.jarpkg:maven/org.apache.maven/maven-artifact@3.9.6 026
maven-model-3.9.6.jarpkg:maven/org.apache.maven/maven-model@3.9.6 026
maven-plugin-annotations-3.11.0.jarpkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.11.0 026
maven-plugin-api-3.9.6.jarpkg:maven/org.apache.maven/maven-plugin-api@3.9.6 026
modernizer-maven-annotations-2.7.0.jarpkg:maven/org.gaul/modernizer-maven-annotations@2.7.0 019
org.eclipse.sisu.inject-0.9.0.M2.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M2 032
org.eclipse.sisu.plexus-0.9.0.M2.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M2 029
plexus-classworlds-2.7.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.7.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-classworlds@2.7.0HIGH2Highest28
plexus-component-annotations-2.1.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.1.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-component-annotations@2.1.0HIGH2Highest27
plexus-utils-4.0.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:plexus-utils_project:plexus-utils:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:4.0.0:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-utils@4.0.0 0Highest24
plexus-xml-3.0.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:3.0.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-xml@3.0.0HIGH2Highest24
smartsprites-0.3.0.jarpkg:maven/com.github.hazendaz/smartsprites@0.3.0 053
spotbugs-annotations-4.8.3.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 053

Dependencies (vulnerable)

args4j-2.33.jar

Description:

args4j : Java command line arguments parser

License:

http://www.opensource.org/licenses/mit-license.php
File Path: C:\Users\Jeremy\.m2\repository\args4j\args4j\2.33\args4j-2.33.jar
MD5: 0a6d515f76b15d29e3cd529de9319739
SHA1: bd87a75374a6d6523de82fef51fc3cfe9baf9fc9
SHA256:91ddeaba0b24adce72291c618c00bbdce1c884755f6c4dba9c5c46e871c69ed6
Referenced In Project/Scope: smartsprites-maven-plugin:compile
args4j-2.33.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.3.0

Identifiers

checker-qual-3.42.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: C:\Users\Jeremy\.m2\repository\org\checkerframework\checker-qual\3.42.0\checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256:ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: smartsprites-maven-plugin:provided
checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

commons-io-2.15.1.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar
MD5: 84351f7991a0e6722f00e96a4ccc376f
SHA1: f11560da189ab563a5c8e351941415430e9304ea
SHA256:a58af12ee1b68cfd2ebb0c27caef164f084381a00ec81a48cc275fd7ea54e154
Referenced In Project/Scope: smartsprites-maven-plugin:compile
commons-io-2.15.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.3.0

Identifiers

commons-lang3-3.12.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-lang3\3.12.0\commons-lang3-3.12.0.jar
MD5: 19fe50567358922bdad277959ea69545
SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
SHA256:d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e
Referenced In Project/Scope: smartsprites-maven-plugin:provided
commons-lang3-3.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-math3\3.6.1\commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope: smartsprites-maven-plugin:compile
commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.3.0

Identifiers

error_prone_annotations-2.24.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\errorprone\error_prone_annotations\2.24.0\error_prone_annotations-2.24.0.jar
MD5: f816bc67aa465617b44aa5cf3fbc0820
SHA1: 29dca9118b577ad24533e563438feb8fad51427e
SHA256:a88bd88124c8d4c9851ab823adc3a8f04b0a13af15c9d80b5ecf49f5a7a321d2
Referenced In Project/Scope: smartsprites-maven-plugin:provided
error_prone_annotations-2.24.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

failureaccess-1.0.2.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes are conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\failureaccess\1.0.2\failureaccess-1.0.2.jar
MD5: 3f75955b49b6758fd6d1e1bd9bf777b3
SHA1: c4a06a64e650562f30b7bf9aaec1bfed43aca12b
SHA256:8a8f81cf9b359e3f6dfa691a1e776985c061ef2f223c9b2c80753e1b458e8064
Referenced In Project/Scope: smartsprites-maven-plugin:compile
failureaccess-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.3.0

Identifiers

guava-33.0.0-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava\33.0.0-jre\guava-33.0.0-jre.jar
MD5: 5d8aefac09131c3a74d6dab4b01bcff6
SHA1: 161ba27964a62f241533807a46b8711b13c1d94b
SHA256:f4d85c3e4d411694337cb873abea09b242b664bb013320be6105327c45991537
Referenced In Project/Scope: smartsprites-maven-plugin:compile
guava-33.0.0-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.3.0

Identifiers

hibernate-validator-annotation-processor-6.2.5.Final.jar

File Path: C:\Users\Jeremy\.m2\repository\org\hibernate\validator\hibernate-validator-annotation-processor\6.2.5.Final\hibernate-validator-annotation-processor-6.2.5.Final.jar
MD5: 9f2a3168a0e9da5c6b0fc6fa5a29525a
SHA1: 845f834671380ef9c4c93e3f638bd88f6a4abba7
SHA256:6ad006443f769860af1886cc805d28c3d75c6253a2817f175c6bc7e2b359f55c
Referenced In Project/Scope: smartsprites-maven-plugin:provided
hibernate-validator-annotation-processor-6.2.5.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

j2objc-annotations-2.8.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\j2objc\j2objc-annotations\2.8\j2objc-annotations-2.8.jar
MD5: c50af69b704dc91050efb98e0dff66d1
SHA1: c85270e307e7b822f1086b93689124b89768e273
SHA256:f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed
Referenced In Project/Scope: smartsprites-maven-plugin:provided
j2objc-annotations-2.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

javax.annotation-api-1.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\javax\annotation\javax.annotation-api\1.2\javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope: smartsprites-maven-plugin:provided
javax.annotation-api-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: smartsprites-maven-plugin:compile
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3

Identifiers

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\listenablefuture\9999.0-empty-to-avoid-conflict-with-guava\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope: smartsprites-maven-plugin:compile
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.3.0

Identifiers

lombok-1.18.30.jar: mavenEcjBootstrapAgent.jar

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.30\lombok-1.18.30.jar\lombok\launch\mavenEcjBootstrapAgent.jar
MD5: 2bc7812d729aa7f761f721c6f0620848
SHA1: e67209a53266080be85e8848c01fd15af98700c7
SHA256:63da6c6457ba6bfb61867cf644542464783adc57bbf36a7f0843c2822c288169
Referenced In Project/Scope: smartsprites-maven-plugin:provided

Identifiers

  • None

lombok-1.18.30.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.30\lombok-1.18.30.jar
MD5: 14e90bb14cac804c1a6e2024e78f436d
SHA1: f195ee86e6c896ea47a1d39defbe20eb59cd149d
SHA256:14151b47582d570b4de16a147ece3bdbd19ace4aee5bde3a5578c87db9ecb998
Referenced In Project/Scope: smartsprites-maven-plugin:provided
lombok-1.18.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

maven-artifact-3.9.6.jar

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-artifact\3.9.6\maven-artifact-3.9.6.jar
MD5: 96a7982d9a46c5c19696b4558be1bbd2
SHA1: fb0979832c10c1a25d038a33ca862bef055fcdc8
SHA256:ad7a0fb408f8e47585ccc0d0011e0b501d93bfc9888d369bbd4a043d19475073
Referenced In Project/Scope: smartsprites-maven-plugin:provided
maven-artifact-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Identifiers

maven-model-3.9.6.jar

Description:

Model for Maven POM (Project Object Model)

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-model\3.9.6\maven-model-3.9.6.jar
MD5: ac8747986567850914e2c7f0e85599b3
SHA1: ac9a1c8a8cfa36f3a5489837e653ec0cd530d576
SHA256:4f8f07fdb6b8701fa89a23a2edf830808fd65892d90cce40c0e6df7c8f2fcb62
Referenced In Project/Scope: smartsprites-maven-plugin:provided
maven-model-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Identifiers

maven-plugin-annotations-3.11.0.jar

Description:

Java annotations to use in Mojos

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugin-tools\maven-plugin-annotations\3.11.0\maven-plugin-annotations-3.11.0.jar
MD5: 8182135d00fb5f440608fe17a88489f1
SHA1: b38718cb50fa187f4b168034c120704be7e1c3a3
SHA256:ec1f1741f529b289090cd34799e69be43b6cc37e26a69b5db70789f10af7b7b0
Referenced In Project/Scope: smartsprites-maven-plugin:provided
maven-plugin-annotations-3.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

maven-plugin-api-3.9.6.jar

Description:

The API for plugins - Mojos - development.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-api\3.9.6\maven-plugin-api-3.9.6.jar
MD5: d554ff9d1f948ef4ad67dd590e0eb299
SHA1: 64c127e31d9329928c72c403408a01f1871b6733
SHA256:3fd664f7e511463561bc343822347618b8ca0952db85da785809166f0a762411
Referenced In Project/Scope: smartsprites-maven-plugin:provided
maven-plugin-api-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

modernizer-maven-annotations-2.7.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\gaul\modernizer-maven-annotations\2.7.0\modernizer-maven-annotations-2.7.0.jar
MD5: 0af0d3c9187c7dc13fcbcb7257c0fd5b
SHA1: 25fb27f1a54d193b52b5baa7dee26ef0ba6c03fe
SHA256:9e8340d07c2226e28a8f5d115418b2e2ab02139f2f3966dcd9163fa5902e267f
Referenced In Project/Scope: smartsprites-maven-plugin:provided
modernizer-maven-annotations-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

org.eclipse.sisu.inject-0.9.0.M2.jar

Description:

JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring

License:

"Eclipse Public License, Version 1.0";link="http://www.eclipse.org/legal/epl-v10.html"
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.inject\0.9.0.M2\org.eclipse.sisu.inject-0.9.0.M2.jar
MD5: eb805c5b2e22c8002877f0caadc6a87c
SHA1: 5ace70e1ea696d156f5034a42a615df13a52003a
SHA256:9b62bcfc352a2ec87da8b01e37c952a54d358bbb1af3f212648aeafe7ab2dbb5
Referenced In Project/Scope: smartsprites-maven-plugin:provided
org.eclipse.sisu.inject-0.9.0.M2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Identifiers

org.eclipse.sisu.plexus-0.9.0.M2.jar

Description:

Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

License:

"Eclipse Public License, Version 1.0";link="http://www.eclipse.org/legal/epl-v10.html"
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.plexus\0.9.0.M2\org.eclipse.sisu.plexus-0.9.0.M2.jar
MD5: 98e320df2caac742b2ae33d938c69df8
SHA1: 31456dd2293197bb282c03168f6767acca3dec96
SHA256:9500d303ce467e26d129dda8559c3f3a91277d41ab49d2c4b4a5779536a62fc1
Referenced In Project/Scope: smartsprites-maven-plugin:provided
org.eclipse.sisu.plexus-0.9.0.M2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Identifiers

plexus-classworlds-2.7.0.jar

Description:

A class loader framework

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-classworlds\2.7.0\plexus-classworlds-2.7.0.jar
MD5: 6ed852b1a004288c44438381e6aaee1e
SHA1: fe6f1acefd1a302dd4bc6d9d7f15358828d2a44d
SHA256:c60ae538ba66adbc06aae205fbe2306211d3d213ab6df3239ec03cdde2458ad6
Referenced In Project/Scope: smartsprites-maven-plugin:provided
plexus-classworlds-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-component-annotations-2.1.0.jar

Description:

    Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
    standard annotations instead of javadoc annotations.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-component-annotations\2.1.0\plexus-component-annotations-2.1.0.jar
MD5: 141fd7a2ae613cb17d25ecd54b43eb3f
SHA1: 2f2147a6cc6a119a1b51a96f31d45c557f6244b9
SHA256:bde3617ce9b5bcf9584126046080043af6a4b3baea40a3b153f02e7bbc32acac
Referenced In Project/Scope: smartsprites-maven-plugin:provided
plexus-component-annotations-2.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-utils-4.0.0.jar

Description:

A collection of various utility classes to ease working with strings, files, command lines and
    more.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-utils\4.0.0\plexus-utils-4.0.0.jar
MD5: 16481d9d3af602d73a6355e79d2de889
SHA1: ff00a04ba971655ed10e9fb93bce0ed3014e9477
SHA256:270cd703b48c6e5c8c691f1875f22d62d22cfe072c73ae2f5814d83d68c1da0b
Referenced In Project/Scope: smartsprites-maven-plugin:compile
plexus-utils-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

plexus-xml-3.0.0.jar

Description:

A collection of various utility classes to ease working with XML in Maven 3.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-xml\3.0.0\plexus-xml-3.0.0.jar
MD5: cccca4a03a8367cd20e4efaead5fba0b
SHA1: d16b91678bc3734276886132923d6919c935c9f7
SHA256:d2622dc9339b16f5b8c9cad2add440e965831d0e16f19ae1de24e1202b0de536
Referenced In Project/Scope: smartsprites-maven-plugin:compile
plexus-xml-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

smartsprites-0.3.0.jar

Description:

CSS Sprites Generator Done Right. SmartSprites maintains CSS sprites in your designs,
    fully automatically. No tedious copying and pasting to your CSS when adding or changing
    sprited images.

License:

BSD license: https://opensource.org/license/bsd-2-clause
File Path: C:\Users\Jeremy\.m2\repository\com\github\hazendaz\smartsprites\0.3.0\smartsprites-0.3.0.jar
MD5: 1ffde68e79f5095acedf2316fd21151d
SHA1: 91aaf926db5b75956222412b8626cd7397b1bb8d
SHA256:cac0629bed15bfd6f2fababdde9e925120edddad7f92d750ec30da197b2d7f19
Referenced In Project/Scope: smartsprites-maven-plugin:compile
smartsprites-0.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers

spotbugs-annotations-4.8.3.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: C:\Users\Jeremy\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.8.3\spotbugs-annotations-4.8.3.jar
MD5: cd5917b77643c3a7ba5420aea78f940c
SHA1: 05d2dc4ca5b632976371155252499819aea372ed
SHA256:e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
Referenced In Project/Scope: smartsprites-maven-plugin:provided
spotbugs-annotations-4.8.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.2.0

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.