-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
79d3628
commit 8d79c82
Showing
1 changed file
with
1 addition
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| DependencyName,DependencyPath,Description,License,Md5,Sha1,Identifiers,CPE,CVE,CWE,Vulnerability,Source,CVSSv2_Severity,CVSSv2_Score,CVSSv2,CVSSv3_BaseSeverity,CVSSv3_BaseScore,CVSSv3,CPE Confidence,Evidence Count,VendorProject,Product,Name,DateAdded,ShortDescription,RequiredAction,DueDate,Notes | ||
| guava-30.1.1-jre.jar,/home/runner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,"Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more.",http://www.apache.org/licenses/LICENSE-2.0.txt,05374f163d0a4141db672fff9df95b12,87e0fd1df874ea3cbe577702fe6f17068b790fd8,pkg:maven/com.google.guava/guava@30.1.1-jre,cpe:2.3:a:google:guava:30.1.1:*:*:*:*:*:*:*,CVE-2023-2976,CWE-552 Files or Directories Accessible to External Parties,"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.",NVD,,,,HIGH,7.1,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N,HIGH,22,,,,,,,, | ||
| guava-30.1.1-jre.jar,/home/runner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,"Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more.",http://www.apache.org/licenses/LICENSE-2.0.txt,05374f163d0a4141db672fff9df95b12,87e0fd1df874ea3cbe577702fe6f17068b790fd8,pkg:maven/com.google.guava/guava@30.1.1-jre,cpe:2.3:a:google:guava:30.1.1:*:*:*:*:*:*:*,CVE-2020-8908,CWE-379 Creation of Temporary File in Directory with Insecure Permissions,guava - Creation of Temporary File in Directory with Insecure Permissions [CVE-2020-8908] The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.,OSSINDEX,,,,LOW,3.3,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,HIGH,22,,,,,,,, | ||
| jackson-databind-2.14.2.jar,/home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.14.2/jackson-databind-2.14.2.jar,General data-binding functionality for Jackson: works on core streaming API,"The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt",c1b12dd14734cd1986132bf55042dd7e,01e71fddbc80bb86f71a6345ac1e8ab8a00e7134,pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.2,"cpe:2.3:a:fasterxml:jackson-databind:2.14.2:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.14.2:*:*:*:*:*:*:*",CVE-2023-35116,CWE-502 Deserialization of Untrusted Data,** DISPUTED ** An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that the product is not intended for use with untrusted input.,NVD,,,,MEDIUM,4.7,CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H,HIGH,40,,,,,,,, | ||
| jackson-databind-2.14.2.jar,/home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.14.2/jackson-databind-2.14.2.jar,General data-binding functionality for Jackson: works on core streaming API,"The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt",c1b12dd14734cd1986132bf55042dd7e,01e71fddbc80bb86f71a6345ac1e8ab8a00e7134,pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.2,"cpe:2.3:a:fasterxml:jackson-databind:2.14.2:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.14.2:*:*:*:*:*:*:*",CVE-2023-35116,CWE-770 Allocation of Resources Without Limits or Throttling,** DISPUTED ** An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that the product is not intended for use with untrusted input.,NVD,,,,MEDIUM,4.7,CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H,HIGH,40,,,,,,,, |