Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 6.1.5
Report Generated On: Fri, 2 Apr 2021 06:02:19 GMT
Dependencies Scanned: 6 (5 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE Checked: 2021-04-02T06:00:49
NVD CVE Modified: 2021-04-02T05:02:19
VersionCheckOn: 2021-04-02T06:00:49

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Confidence	Evidence Count
javax.activation-api-1.2.0.jar		pkg:maven/javax.activation/javax.activation-api@1.2.0		38
jaxb-api-2.3.1.jar		pkg:maven/javax.xml.bind/jaxb-api@2.3.1		36
logback-core-1.2.3.jar	cpe:2.3:a:logback:logback:1.2.3:::::::*	pkg:maven/ch.qos.logback/logback-core@1.2.3	Highest	32
slf4j-api-1.7.30.jar		pkg:maven/org.slf4j/slf4j-api@1.7.30		29
validation-api-2.0.1.Final.jar		pkg:maven/javax.validation/validation-api@2.0.1.Final		23

Dependencies

javax.activation-api-1.2.0.jar

Description:

JavaBeans Activation Framework API jar

License:

https://github.com/javaee/activation/blob/master/LICENSE.txt

File Path: /home/runner/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256:43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Project/Scope:Sample Lombok Maven Project:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	javax	Highest
Vendor	Manifest	bundle-symbolicname	javax.activation-api	Medium
Vendor	pom	name	JavaBeans Activation Framework API jar	High
Vendor	Manifest (hint)	specification-vendor	sun	Low
Vendor	file	name	javax.activation-api	High
Vendor	Manifest	originally-created-by	1.8.0_141 (Oracle Corporation)	Low
Vendor	Manifest (hint)	Implementation-Vendor	sun	High
Vendor	pom	parent-artifactid	all	Low
Vendor	Manifest	automatic-module-name	java.activation	Medium
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	pom	groupid	javax.activation	Highest
Vendor	Manifest	Implementation-Vendor	Oracle	High
Vendor	Manifest	bundle-docurl	http://www.oracle.com	Low
Vendor	jar	package name	activation	Highest
Vendor	Manifest	extension-name	javax.activation	Medium
Vendor	Manifest	specification-vendor	Oracle	Low
Vendor	pom	artifactid	javax.activation-api	Low
Vendor	pom	parent-groupid	com.sun.activation	Medium
Product	jar	package name	javax	Highest
Product	Manifest	bundle-symbolicname	javax.activation-api	Medium
Product	pom	name	JavaBeans Activation Framework API jar	High
Product	Manifest	Bundle-Name	JavaBeans Activation Framework API jar	Medium
Product	file	name	javax.activation-api	High
Product	Manifest	Implementation-Title	javax.activation.javax.activation-api	High
Product	Manifest	originally-created-by	1.8.0_141 (Oracle Corporation)	Low
Product	pom	artifactid	javax.activation-api	Highest
Product	Manifest	automatic-module-name	java.activation	Medium
Product	Manifest	bundle-docurl	http://www.oracle.com	Low
Product	pom	groupid	javax.activation	Highest
Product	jar	package name	activation	Highest
Product	Manifest	specification-title	javax.activation.javax.activation-api	Medium
Product	Manifest	extension-name	javax.activation	Medium
Product	pom	parent-artifactid	all	Medium
Product	pom	parent-groupid	com.sun.activation	Medium
Version	Manifest	Bundle-Version	1.2.0	High
Version	Manifest	Implementation-Version	1.2.0	High
Version	pom	version	1.2.0	Highest
Version	file	version	1.2.0	High

Identifiers

pkg:maven/javax.activation/javax.activation-api@1.2.0 (Confidence:High)

jaxb-api-2.3.1.jar

Description:

JAXB (JSR 222) API

License:

https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1

File Path: /home/runner/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256:88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Project/Scope:Sample Lombok Maven Project:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	javax	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	groupid	javax.xml.bind	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))"	Low
Vendor	jar	package name	jaxb	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	extension-name	javax.xml.bind	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	jaxb-api	Low
Vendor	Manifest	bundle-symbolicname	jaxb-api	Medium
Vendor	Manifest	bundle-docurl	http://www.oracle.com/	Low
Vendor	Manifest	implementation-build-id	UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700	Low
Vendor	pom	parent-artifactid	jaxb-api-parent	Low
Vendor	jar	package name	bind	Highest
Vendor	file	name	jaxb-api	High
Vendor	Manifest	Implementation-Vendor	Oracle Corporation	High
Product	pom	artifactid	jaxb-api	Highest
Product	jar	package name	javax	Highest
Product	jar	package name	xml	Highest
Product	Manifest	specification-title	jaxb-api	Medium
Product	pom	groupid	javax.xml.bind	Highest
Product	Manifest	Bundle-Name	jaxb-api	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))"	Low
Product	jar	package name	jaxb	Highest
Product	Manifest	extension-name	javax.xml.bind	Medium
Product	Manifest	multi-release	true	Low
Product	Manifest	bundle-symbolicname	jaxb-api	Medium
Product	pom	parent-artifactid	jaxb-api-parent	Medium
Product	Manifest	bundle-docurl	http://www.oracle.com/	Low
Product	Manifest	implementation-build-id	UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700	Low
Product	jar	package name	bind	Highest
Product	file	name	jaxb-api	High
Version	pom	version	2.3.1	Highest
Version	file	version	2.3.1	High
Version	Manifest	Bundle-Version	2.3.1	High

Identifiers

pkg:maven/javax.xml.bind/jaxb-api@2.3.1 (Confidence:High)

logback-core-1.2.3.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Project/Scope:Sample Lombok Maven Project:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Vendor	jar	package name	core	Highest
Vendor	jar	package name	qos	Highest
Vendor	pom	groupid	ch.qos.logback	Highest
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Vendor	pom	artifactid	logback-core	Low
Vendor	Manifest	bundle-docurl	http://www.qos.ch	Low
Vendor	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Vendor	pom	parent-artifactid	logback-parent	Low
Vendor	file	name	logback-core	High
Vendor	jar	package name	ch	Highest
Vendor	pom	name	Logback Core Module	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	jar	package name	logback	Highest
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Product	jar	package name	core	Highest
Product	jar	package name	qos	Highest
Product	pom	parent-artifactid	logback-parent	Medium
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	pom	groupid	ch.qos.logback	Highest
Product	Manifest	bundle-docurl	http://www.qos.ch	Low
Product	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Product	file	name	logback-core	High
Product	pom	artifactid	logback-core	Highest
Product	jar	package name	ch	Highest
Product	pom	name	Logback Core Module	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	jar	package name	logback	Highest
Product	Manifest	Bundle-Name	Logback Core Module	Medium
Version	Manifest	Bundle-Version	1.2.3	High
Version	file	version	1.2.3	High
Version	pom	version	1.2.3	Highest

Related Dependencies

Identifiers

pkg:maven/ch.qos.logback/logback-core@1.2.3 (Confidence:High)
cpe:2.3:a:logback:logback:1.2.3:*:*:*:*:*:*:* (Confidence:Highest)

slf4j-api-1.7.30.jar

Description:

The slf4j API

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar
MD5: f8be00da99bc4ab64c79ab1e2be7cb7c
SHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922c
SHA256:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57
Referenced In Project/Scope:Sample Lombok Maven Project:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	Manifest	automatic-module-name	org.slf4j	Medium
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	pom	groupid	slf4j	Highest
Vendor	file	name	slf4j-api	High
Vendor	pom	name	SLF4J API Module	High
Vendor	jar	package name	slf4j	Highest
Product	pom	parent-groupid	org.slf4j	Medium
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	automatic-module-name	org.slf4j	Medium
Product	pom	url	http://www.slf4j.org	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	pom	artifactid	slf4j-api	Highest
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	pom	groupid	slf4j	Highest
Product	file	name	slf4j-api	High
Product	pom	name	SLF4J API Module	High
Product	jar	package name	slf4j	Highest
Product	Manifest	Bundle-Name	slf4j-api	Medium
Version	Manifest	Implementation-Version	1.7.30	High
Version	Manifest	Bundle-Version	1.7.30	High
Version	pom	version	1.7.30	Highest
Version	file	version	1.7.30	High

Identifiers

pkg:maven/org.slf4j/slf4j-api@1.7.30 (Confidence:High)

validation-api-2.0.1.Final.jar

Description:

        Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
SHA256:9873b46df1833c9ee8f5bc1ff6853375115dadd8897bcb5a0dffb5848835ee6c
Referenced In Project/Scope:Sample Lombok Maven Project:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	automatic-module-name	java.validation	Medium
Vendor	jar	package name	javax	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	name	Bean Validation API	High
Vendor	Manifest	bundle-symbolicname	javax.validation.api	Medium
Vendor	pom	groupid	javax.validation	Highest
Vendor	pom	artifactid	validation-api	Low
Vendor	file	name	validation-api	High
Vendor	pom	url	http://beanvalidation.org	Highest
Vendor	jar	package name	validation	Highest
Product	Manifest	automatic-module-name	java.validation	Medium
Product	jar	package name	javax	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	name	Bean Validation API	High
Product	Manifest	bundle-symbolicname	javax.validation.api	Medium
Product	pom	groupid	javax.validation	Highest
Product	pom	url	http://beanvalidation.org	Medium
Product	Manifest	Bundle-Name	Bean Validation API	Medium
Product	file	name	validation-api	High
Product	pom	artifactid	validation-api	Highest
Product	jar	package name	validation	Highest
Version	pom	version	2.0.1.Final	Highest
Version	Manifest	Bundle-Version	2.0.1.Final	High

Identifiers

pkg:maven/javax.validation/validation-api@2.0.1.Final (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor

Project: Sample Lombok Maven Project

org.projectlombok.test:test-maven-lombok:1.18.20.0

Summary

Dependencies

javax.activation-api-1.2.0.jar

Evidence

Identifiers

jaxb-api-2.3.1.jar

Evidence

Identifiers

logback-core-1.2.3.jar

Evidence

Related Dependencies

Identifiers

slf4j-api-1.7.30.jar

Evidence

Identifiers

validation-api-2.0.1.Final.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: Sample Lombok Maven Project

org.projectlombok.test:test-maven-lombok:1.18.20.0

Summary

Dependencies

javax.activation-api-1.2.0.jar

Evidence

Identifiers

jaxb-api-2.3.1.jar

Evidence

Identifiers

logback-core-1.2.3.jar

Evidence

Related Dependencies

Identifiers

slf4j-api-1.7.30.jar

Evidence

Identifiers

validation-api-2.0.1.Final.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor