Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 10.0.4
Report Generated On: Wed, 2 Oct 2024 10:03:02 +0200
Dependencies Scanned: 6 (5 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2024-10-02T10:02:43+02
NVD API Last Modified: 2024-10-02T07:15:03Z

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Confidence	Evidence Count
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		17
log4j-core-2.23.1.jar	cpe:2.3:a:apache:log4j:2.23.1:::::::*	pkg:maven/org.apache.logging.log4j/log4j-core@2.23.1	Highest	40
log4j-slf4j-impl-2.23.1.jar		pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.23.1		36
slf4j-api-1.7.36.jar		pkg:maven/org.slf4j/slf4j-api@1.7.36		29
spotbugs-annotations-4.8.6.jar		pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6		53

Dependencies (vulnerable)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\PowerStat\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: PowerStatsToolbaselineJava:compile
pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	artifactid	jsr305	Highest
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	file	name	jsr305	High
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	com.google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

log4j-core-2.23.1.jar

Description:

The Apache Log4j Implementation

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\PowerStat\.m2\repository\org\apache\logging\log4j\log4j-core\2.23.1\log4j-core-2.23.1.jar
MD5: 34fad2df975cf874a2fdf4b797122f16
SHA1: 905802940e2c78042d75b837c136ac477d2b4e4d
SHA256:7079368005fc34f56248f57f8a8a53361c3a53e9007d556dbc66fc669df081b5
Referenced In Project/Scope: PowerStatsToolbaselineJava:compile
pkg:maven/de.powerstat.toolbaseline/tbl-java-parent@17.2.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	log4j-core	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	log4j	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	org	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	Manifest	bundle-symbolicname	org.apache.logging.log4j.core	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	provide-capability	osgi.service;objectClass:List="javax.annotation.processing.Processor";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.core.util.ContextDataProvider";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.PluginProcessor",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.core.util.ContextDataProvider";register:="org.apache.logging.log4j.core.impl.ThreadContextDataProvider",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";register:="org.apache.logging.log4j.core.message.ExtendedThreadInfoFactory",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.log4j.core.impl.Log4jProvider"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	log4j-core	Highest
Vendor	pom	artifactid	log4j-core	Low
Vendor	pom	groupid	org.apache.logging.log4j	Highest
Vendor	pom	name	Apache Log4j Core	High
Vendor	pom	parent-artifactid	log4j	Low
Product	file	name	log4j-core	High
Product	jar	package name	apache	Highest
Product	jar	package name	core	Highest
Product	jar	package name	log4j	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	org	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	Manifest	Bundle-Name	Apache Log4j Core	Medium
Product	Manifest	bundle-symbolicname	org.apache.logging.log4j.core	Medium
Product	Manifest	Implementation-Title	Apache Log4j Core	High
Product	Manifest	multi-release	true	Low
Product	Manifest	provide-capability	osgi.service;objectClass:List="javax.annotation.processing.Processor";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.core.util.ContextDataProvider";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.PluginProcessor",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.core.util.ContextDataProvider";register:="org.apache.logging.log4j.core.impl.ThreadContextDataProvider",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";register:="org.apache.logging.log4j.core.message.ExtendedThreadInfoFactory",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.log4j.core.impl.Log4jProvider"	Low
Product	Manifest	specification-title	Apache Log4j Core	Medium
Product	pom	artifactid	log4j-core	Highest
Product	pom	groupid	org.apache.logging.log4j	Highest
Product	pom	name	Apache Log4j Core	High
Product	pom	parent-artifactid	log4j	Medium
Version	file	version	2.23.1	High
Version	Manifest	Bundle-Version	2.23.1	High
Version	Manifest	Implementation-Version	2.23.1	High
Version	pom	version	2.23.1	Highest

Related Dependencies

Identifiers

pkg:maven/org.apache.logging.log4j/log4j-core@2.23.1 (Confidence:High)
cpe:2.3:a:apache:log4j:2.23.1:*:*:*:*:*:*:* (Confidence:Highest)

log4j-slf4j-impl-2.23.1.jar

Description:

The Apache Log4j SLF4J API binding to Log4j 2 Core

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\PowerStat\.m2\repository\org\apache\logging\log4j\log4j-slf4j-impl\2.23.1\log4j-slf4j-impl-2.23.1.jar
MD5: c5a27e08e18600d379d0ca72d71838b8
SHA1: 9ef67909a1b4eae999af4c7a211ab2379e4b86c2
SHA256:210742c8fb85b0dcc26a9d74a32fbc828e0429087dee3d2920d4a76b1eb96d91
Referenced In Project/Scope: PowerStatsToolbaselineJava:runtime
pkg:maven/de.powerstat.toolbaseline/tbl-java-parent@17.2.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	log4j-slf4j-impl	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	impl	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	Manifest	bundle-symbolicname	org.apache.logging.log4j.slf4j.impl	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	false	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	log4j-slf4j-impl	Highest
Vendor	pom	artifactid	log4j-slf4j-impl	Low
Vendor	pom	groupid	org.apache.logging.log4j	Highest
Vendor	pom	name	Apache Log4j SLF4J Binding	High
Vendor	pom	parent-artifactid	log4j	Low
Product	file	name	log4j-slf4j-impl	High
Product	jar	package name	apache	Highest
Product	jar	package name	impl	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	slf4j	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	Manifest	Bundle-Name	Apache Log4j SLF4J Binding	Medium
Product	Manifest	bundle-symbolicname	org.apache.logging.log4j.slf4j.impl	Medium
Product	Manifest	Implementation-Title	Apache Log4j SLF4J Binding	High
Product	Manifest	multi-release	false	Low
Product	Manifest	specification-title	Apache Log4j SLF4J Binding	Medium
Product	pom	artifactid	log4j-slf4j-impl	Highest
Product	pom	groupid	org.apache.logging.log4j	Highest
Product	pom	name	Apache Log4j SLF4J Binding	High
Product	pom	parent-artifactid	log4j	Medium
Version	file	version	2.23.1	High
Version	Manifest	Bundle-Version	2.23.1	High
Version	Manifest	Implementation-Version	2.23.1	High
Version	pom	version	2.23.1	Highest

Identifiers

pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.23.1 (Confidence:High)

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: C:\Users\PowerStat\.m2\repository\org\slf4j\slf4j-api\1.7.36\slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope: PowerStatsToolbaselineJava:runtime
slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.23.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	automatic-module-name	org.slf4j	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	pom	artifactid	slf4j-api	Highest
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Product	Manifest	automatic-module-name	org.slf4j	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	slf4j-api	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	1.7.36	High
Version	Manifest	Bundle-Version	1.7.36	High
Version	Manifest	Implementation-Version	1.7.36	High
Version	pom	version	1.7.36	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@1.7.36 (Confidence:High)

spotbugs-annotations-4.8.6.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: C:\Users\PowerStat\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.8.6\spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256:4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Project/Scope: PowerStatsToolbaselineJava:compile
pkg:maven/de.powerstat.toolbaseline/tbl-java-parent@17.2.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spotbugs-annotations	High
Vendor	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Vendor	pom	artifactid	spotbugs-annotations	Highest
Vendor	pom	artifactid	spotbugs-annotations	Low
Vendor	pom	developer email	andreas.sewe@codetrails.com	Low
Vendor	pom	developer email	dbrosius@mebigfatguy.com	Low
Vendor	pom	developer email	loskutov@gmx.de	Low
Vendor	pom	developer email	skypencil@gmail.com	Low
Vendor	pom	developer id	henrik242	Medium
Vendor	pom	developer id	iloveeclipse	Medium
Vendor	pom	developer id	jsotuyod	Medium
Vendor	pom	developer id	KengoTODA	Medium
Vendor	pom	developer id	mebigfatguy	Medium
Vendor	pom	developer id	sewe	Medium
Vendor	pom	developer id	ThrawnCA	Medium
Vendor	pom	developer name	Andreas Sewe	Medium
Vendor	pom	developer name	Andrey Loskutov	Medium
Vendor	pom	developer name	Dave Brosius	Medium
Vendor	pom	developer name	Juan Martín Sotuyo Dodero	Medium
Vendor	pom	developer name	Kengo TODA	Medium
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	pom	name	SpotBugs Annotations	High
Vendor	pom	url	https://spotbugs.github.io/	Highest
Product	file	name	spotbugs-annotations	High
Product	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	Manifest	Bundle-Name	spotbugs-annotations	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Product	pom	artifactid	spotbugs-annotations	Highest
Product	pom	developer email	andreas.sewe@codetrails.com	Low
Product	pom	developer email	dbrosius@mebigfatguy.com	Low
Product	pom	developer email	loskutov@gmx.de	Low
Product	pom	developer email	skypencil@gmail.com	Low
Product	pom	developer id	henrik242	Low
Product	pom	developer id	iloveeclipse	Low
Product	pom	developer id	jsotuyod	Low
Product	pom	developer id	KengoTODA	Low
Product	pom	developer id	mebigfatguy	Low
Product	pom	developer id	sewe	Low
Product	pom	developer id	ThrawnCA	Low
Product	pom	developer name	Andreas Sewe	Low
Product	pom	developer name	Andrey Loskutov	Low
Product	pom	developer name	Dave Brosius	Low
Product	pom	developer name	Juan Martín Sotuyo Dodero	Low
Product	pom	developer name	Kengo TODA	Low
Product	pom	groupid	com.github.spotbugs	Highest
Product	pom	name	SpotBugs Annotations	High
Product	pom	url	https://spotbugs.github.io/	Medium
Version	file	version	4.8.6	High
Version	Manifest	Bundle-Version	4.8.6	High
Version	pom	version	4.8.6	Highest

Identifiers

pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor

Project: PowerStatsToolbaselineJava

de.powerstat.toolbaseline:tbl-java-parent:17.2.0

Summary

Dependencies (vulnerable)

jsr305-3.0.2.jar

Evidence

Identifiers

log4j-core-2.23.1.jar

Evidence

Related Dependencies

Identifiers

log4j-slf4j-impl-2.23.1.jar

Evidence

Identifiers

slf4j-api-1.7.36.jar

Evidence

Identifiers

spotbugs-annotations-4.8.6.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: PowerStatsToolbaselineJava

de.powerstat.toolbaseline:tbl-java-parent:17.2.0

Summary

Dependencies (vulnerable)

jsr305-3.0.2.jar

Evidence

Identifiers

log4j-core-2.23.1.jar

Evidence

Related Dependencies

Identifiers

log4j-slf4j-impl-2.23.1.jar

Evidence

Identifiers

slf4j-api-1.7.36.jar

Evidence

Identifiers

spotbugs-annotations-4.8.6.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor