Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: RealLifeDeveloper Build Tools

com.reallifedeveloper:rld-build-tools:2.0.23

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
GeographicLib-Java-1.49.jarpkg:maven/net.sf.geographiclib/GeographicLib-Java@1.49 032
amqp-client-5.25.0.jarpkg:maven/com.rabbitmq/amqp-client@5.25.0 048
antlr4-runtime-4.13.0.jarpkg:maven/org.antlr/antlr4-runtime@4.13.0 030
apiguardian-api-1.1.2.jarpkg:maven/org.apiguardian/apiguardian-api@1.1.2 040
checker-qual-3.49.5.jarpkg:maven/org.checkerframework/checker-qual@3.49.5 044
commons-io-2.18.0.jarcpe:2.3:a:apache:commons_io:2.18.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.18.0 0Highest125
commons-lang3-3.18.0.jarpkg:maven/org.apache.commons/commons-lang3@3.18.0 0145
commons-pool-1.5.4.jarpkg:maven/commons-pool/commons-pool@1.5.4 074
commons-text-1.13.0.jarcpe:2.3:a:apache:commons_text:1.13.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.13.0 0Highest73
dbunit-3.0.0.jarcpe:2.3:a:golden_project:golden:3.0.0:*:*:*:*:*:*:*pkg:maven/org.dbunit/dbunit@3.0.0 0Low96
ejml-core-0.41.jarpkg:maven/org.ejml/ejml-core@0.41 026
ejml-ddense-0.41.jarpkg:maven/org.ejml/ejml-ddense@0.41 028
geolatte-geom-1.9.1.jarpkg:maven/org.geolatte/geolatte-geom@1.9.1 026
gt-api-33.1.jarcpe:2.3:a:geotools:geotools:33.1:*:*:*:*:*:*:*pkg:maven/org.geotools/gt-api@33.1 0Highest40
hibernate-spatial-7.0.5.Final.jarcpe:2.3:a:hibernate:hibernate_orm:7.0.5:*:*:*:*:*:*:*pkg:maven/org.hibernate.orm/hibernate-spatial@7.0.5.Final 0Highest45
indriya-2.2.jarpkg:maven/tech.units/indriya@2.2 085
jackson-core-2.19.1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.19.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.1 0Low47
jai_core-1.1.3.jarpkg:maven/javax.media/jai_core@1.1.3 024
jakarta.annotation-api-3.0.0.jarcpe:2.3:a:oracle:projects:3.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@3.0.0 0Low42
jakarta.inject-api-2.0.1.jarpkg:maven/jakarta.inject/jakarta.inject-api@2.0.1 056
jakarta.persistence-api-3.2.0.jarpkg:maven/jakarta.persistence/jakarta.persistence-api@3.2.0 040
jboss-logging-3.6.1.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.6.1.Final 043
jgridshift-core-1.3.jarpkg:maven/it.geosolutions.jgridshift/jgridshift-core@1.3 019
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jts-core-1.19.0.jarpkg:maven/org.locationtech.jts/jts-core@1.19.0 024
junit-jupiter-api-5.13.1.jarpkg:maven/org.junit.jupiter/junit-jupiter-api@5.13.1 076
junit-platform-engine-1.13.1.jarcpe:2.3:a:fan_platform_project:fan_platform:1.13.1:*:*:*:*:*:*:*pkg:maven/org.junit.platform/junit-platform-engine@1.13.1 0Low76
logback-core-1.5.18.jarcpe:2.3:a:qos:logback:1.5.18:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.18 0Highest39
lombok-1.18.38.jarpkg:maven/org.projectlombok/lombok@1.18.38 036
lombok-1.18.38.jar: mavenEcjBootstrapAgent.jar 07
micrometer-commons-1.14.8.jarcpe:2.3:a:4d:4d:1.14.8:*:*:*:*:*:*:*pkg:maven/io.micrometer/micrometer-commons@1.14.8 0Low65
net.opengis.ows-33.1.jarcpe:2.3:a:geotools:geotools:33.1:*:*:*:*:*:*:*pkg:maven/org.geotools.ogc/net.opengis.ows@33.1 0Highest28
opentest4j-1.3.0.jarpkg:maven/org.opentest4j/opentest4j@1.3.0 060
org.eclipse.emf.ecore-2.15.0.jarcpe:2.3:a:eclipse:org.eclipse.core.runtime:2.15.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.emf/org.eclipse.emf.ecore@2.15.0
pkg:maven/org.eclipse.emf/org.eclipse.emf.ecore@2.15.0-SNAPSHOT		MEDIUM1Low46
org.w3.xlink-33.1.jarcpe:2.3:a:geotools:geotools:33.1:*:*:*:*:*:*:*pkg:maven/org.geotools.ogc/org.w3.xlink@33.1 0Highest29
re2j-1.8.jarpkg:maven/com.google.re2j/re2j@1.8 028
si-quantity-2.1.jarpkg:maven/si.uom/si-quantity@2.1 024
si-units-2.1.jarpkg:maven/si.uom/si-units@2.1 033
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 029
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest42
spotbugs-annotations-4.9.3.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.3 053
spring-core-6.2.8.jarcpe:2.3:a:pivotal_software:spring_framework:6.2.8:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.2.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.2.8:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.2.8 0Highest41
spring-data-commons-3.5.1.jarcpe:2.3:a:pivotal_software:spring_data_commons:3.5.1:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-commons@3.5.1 0Highest32
spring-data-jpa-3.5.1.jarcpe:2.3:a:pivotal_software:spring_data_jpa:3.5.1:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-jpa@3.5.1 0Highest30
systems-common-2.1.jarpkg:maven/systems.uom/systems-common@2.1 037
unit-api-2.2.jarpkg:maven/javax.measure/unit-api@2.2 0109
uom-lib-common-2.2.jarpkg:maven/tech.uom.lib/uom-lib-common@2.2 043

Dependencies (vulnerable)

GeographicLib-Java-1.49.jar

Description:

    This is a Java implementation of the geodesic algorithms from
    GeographicLib. This is a self-contained library which makes it
    easy to do geodesic computations for an ellipsoid of revolution in
    a Java program. It requires Java version 1.1 or later.

License:

The MIT License(MIT): http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/net/sf/geographiclib/GeographicLib-Java/1.49/GeographicLib-Java-1.49.jar
MD5: 5536ff35e4bb0b3262c6f62f43105ea4
SHA1: 7ff2164e69fa04e1ef2ca5079e1cee298a936ea1
SHA256:78c292f7e6910d51a15fc9088c301fac3b4c0a43ac5ae17499f5763b4dd9aca8
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
GeographicLib-Java-1.49.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

amqp-client-5.25.0.jar

Description:

The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.

License:

AL 2.0: https://www.apache.org/licenses/LICENSE-2.0.html
GPL v2: https://www.gnu.org/licenses/gpl-2.0.txt
MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
File Path: /home/runner/.m2/repository/com/rabbitmq/amqp-client/5.25.0/amqp-client-5.25.0.jar
MD5: c2e27869a87b0127a78d37dc25bb26c0
SHA1: f3303742cae7b0ef37b9966a54de82b635dc0207
SHA256:5aa96f005084139eb1077d94b55dc6428eca7da7e2cc53eab44a773391f8aa8f
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
amqp-client-5.25.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

antlr4-runtime-4.13.0.jar

Description:

The ANTLR 4 Runtime

License:

https://www.antlr.org/license.html
File Path: /home/runner/.m2/repository/org/antlr/antlr4-runtime/4.13.0/antlr4-runtime-4.13.0.jar
MD5: bff95723c494b332b14575d713a65df4
SHA1: 5a02e48521624faaf5ff4d99afc88b01686af655
SHA256:bd7f7b5d07bc0b047f10915b32ca4bb1de9e57d8049098882e4453c88c076a5d
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
antlr4-runtime-4.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.data/spring-data-jpa@3.5.1

Identifiers

apiguardian-api-1.1.2.jar

Description:

@API Guardian

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar
MD5: 8c7de3f82037fa4a2e8be2a2f13092af
SHA1: a231e0d844d2721b0fa1b238006d15c6ded6842a
SHA256:b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
apiguardian-api-1.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.13.1

Identifiers

checker-qual-3.49.5.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.49.5/checker-qual-3.49.5.jar
MD5: a6525c2747603fb3ec22d18c4adc7419
SHA1: f0d119b5a4adb4164e9d6fa9fd3ffa5d0e458963
SHA256:508c83c62c344f6f7ee28f47b88a8797d6116d043bfd1ca0576c828dd1df2880
Referenced In Project/Scope: RealLifeDeveloper Build Tools:provided
checker-qual-3.49.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

commons-io-2.18.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-io/commons-io/2.18.0/commons-io-2.18.0.jar
MD5: 8cce74ccf461cd6502ae04c908eca917
SHA1: 44084ef756763795b31c578403dd028ff4a22950
SHA256:f3ca0f8d63c40e23a56d54101c60d5edee136b42d84bfb85bc7963093109cf8b
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
commons-io-2.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

commons-lang3-3.18.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17 and 21 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar
MD5: 48b9886957920a4cdb602780ca345087
SHA1: fb14946f0e39748a6571de0635acbe44e7885491
SHA256:4eeeae8d20c078abb64b015ec158add383ac581571cddc45c68f0c9ae0230720
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
commons-lang3-3.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

commons-pool-1.5.4.jar

Description:

Commons Object Pooling Library

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-pool/commons-pool/1.5.4/commons-pool-1.5.4.jar
MD5: 80e9d1cbd70542f4f293793d109679a9
SHA1: 75b6e20c596ed2945a259cea26d7fadd298398e6
SHA256:22095672ac3ad6503e42ec6d4cbc330cd1318040223f6c5d9605473b6d2aa0fd
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
commons-pool-1.5.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

commons-text-1.13.0.jar

Description:

Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
    and manipulating text that should be of use in a Java environment.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-text/1.13.0/commons-text-1.13.0.jar
MD5: 4b4766452c04316e3ef6ffe3490d6b10
SHA1: ba2ed5521c491cabf7ecdb57f77922561c2e8958
SHA256:1e323a501127df78ed0987f345d69d65d0ea7fa3d4fb5b3f84aaeba3a8b20f38
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
commons-text-1.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

dbunit-3.0.0.jar

Description:

    dbUnit is a JUnit extension (also usable from Ant and Maven) targeted for database-driven projects that, among other things, puts your database into a known state between test runs. This is an excellent way to avoid the myriad of problems that can occur when one test case corrupts the database and causes subsequent tests to fail or exacerbate the damage.

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt
File Path: /home/runner/.m2/repository/org/dbunit/dbunit/3.0.0/dbunit-3.0.0.jar
MD5: 3a1386e0082bd660b9eb9930526c6c71
SHA1: a5d192af07b5c6bd97130f690123760485bba126
SHA256:910f6f480a8429e734abba41416897d05c596f10189b93a5cef6c4a2f413f0ef
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
dbunit-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

ejml-core-0.41.jar

Description:

A fast and easy to use dense and sparse matrix linear algebra library written in Java.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/ejml/ejml-core/0.41/ejml-core-0.41.jar
MD5: 200146f623a8eb87196bbc35cae6c2b1
SHA1: 92ac2bee332a5697c42e576b94d563ba8c25877c
SHA256:8d36469e8414d79c875defc0af3b980525d384761c9471d15a4f365b936dd1d5
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
ejml-core-0.41.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

ejml-ddense-0.41.jar

Description:

A fast and easy to use dense and sparse matrix linear algebra library written in Java.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/ejml/ejml-ddense/0.41/ejml-ddense-0.41.jar
MD5: 2128d09683d0ed77429fac23f64e42c7
SHA1: 782c80d4c3c8a3432c4641f24c177f336a360f9c
SHA256:355347e9cac7e96d5d724d331a9b04bb14a8a02e1d111f1ac51c79f25d937123
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
ejml-ddense-0.41.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

geolatte-geom-1.9.1.jar

Description:

This geoLatte-geom library offers a geometry model that conforms to the OGC Simple Features for SQL
        specification.

License:

LGPL 3.0: http://www.gnu.org/licenses/lgpl-3.0.txt
File Path: /home/runner/.m2/repository/org/geolatte/geolatte-geom/1.9.1/geolatte-geom-1.9.1.jar
MD5: 7e09eb33b1dfea22be402999ef7b9792
SHA1: 773a1526b21093e81fdc3acc6917ef89fe57fc98
SHA256:c52e838ab32336b61b3c122d0388e326442f6a06241651c4f6d2d2b0e6bcb930
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
geolatte-geom-1.9.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-spatial@7.0.5.Final

Identifiers

gt-api-33.1.jar

Description:

Standard interfaces implemented throughout the library.

License:

Lesser General Public License (LGPL): http://www.gnu.org/copyleft/lesser.txt
File Path: /home/runner/.m2/repository/org/geotools/gt-api/33.1/gt-api-33.1.jar
MD5: 7acf73a440dab498ab2a718f8325252d
SHA1: d73d9776387809168168cbdb1439c117bcb6f6c6
SHA256:f35c948b003ae38bc7d4ed1ee799bcbae22cb4728fc16aa265d79ff199e50c09
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
gt-api-33.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

hibernate-spatial-7.0.5.Final.jar

Description:

Integrate support for Spatial/GIS data into Hibernate O/RM

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/hibernate/orm/hibernate-spatial/7.0.5.Final/hibernate-spatial-7.0.5.Final.jar
MD5: dab25d0d904bc9ac45363129c4af09b7
SHA1: f4e0a5b4eb4bebd25589e2f0d77a2a714329c1e4
SHA256:0be4175ba2c7ded1e973f36e03969d0353715e7e5539303c6f8dbd1225e5beb1
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
hibernate-spatial-7.0.5.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

indriya-2.2.jar

Description:

Unit Standard (JSR 385) Reference Implementation.

License:

BSD 3-Clause: LICENSE
File Path: /home/runner/.m2/repository/tech/units/indriya/2.2/indriya-2.2.jar
MD5: cefa3a26996e4c70071d27a0c36603ea
SHA1: 647a0e06d60346f3f3c48284f66d34b28ff83340
SHA256:5b61eafd63fd235898dea0e5e614e9636c9d7783705a0c9f1794dd07e3a84b35
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
indriya-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

jackson-core-2.19.1.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.19.1/jackson-core-2.19.1.jar
MD5: 52aec5a03ab9fd81dcc8fee45952da17
SHA1: 6e5a8cb8a6cada322497cefb7726657d98aaee15
SHA256:c46369e1a21810100adbc92503b62f15a9ef1640427932f4fe1588ef7ce7e480
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
jackson-core-2.19.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

jai_core-1.1.3.jar

File Path: /home/runner/.m2/repository/javax/media/jai_core/1.1.3/jai_core-1.1.3.jar
MD5: f398bc038307ee434bac1b93ba3ab02d
SHA1: b179d2efb1174658483e8b41bf4ac9d2eb5de438
SHA256:8b696cf067533545f44c2f68339e24ab1a2669153ed2081aa5be8749f4d592bf
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
jai_core-1.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

jakarta.annotation-api-3.0.0.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: https://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar
MD5: 7faffaab962918da4cf5ddfd76609dd2
SHA1: 54f928fadec906a99d558536756d171917b9d936
SHA256:b01f55552284cfb149411e64eabca75e942d26d2e1786b32914250e4330afaa2
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
jakarta.annotation-api-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.data/spring-data-jpa@3.5.1

Identifiers

jakarta.inject-api-2.0.1.jar

Description:

Jakarta Dependency Injection

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar
MD5: 72003bf6efcc8455d414bbd7da86c11c
SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
jakarta.inject-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@7.0.5.Final

Identifiers

jakarta.persistence-api-3.2.0.jar

Description:

Jakarta Persistence 3.2 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/runner/.m2/repository/jakarta/persistence/jakarta.persistence-api/3.2.0/jakarta.persistence-api-3.2.0.jar
MD5: 79acec18d202797dcba1fff596a47684
SHA1: bb75a113f3fa191c2c7ee7b206d8e674251b3129
SHA256:be8a26b0e75c84c1b7600f759256fbc68d60333d89ec0ce3f784fc3ffa09aa8c
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
jakarta.persistence-api-3.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

jboss-logging-3.6.1.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt
File Path: /home/runner/.m2/repository/org/jboss/logging/jboss-logging/3.6.1.Final/jboss-logging-3.6.1.Final.jar
MD5: acab989faf62db02c092448e95614fab
SHA1: 886afbb445b4016a37c8960a7aef6ebd769ce7e5
SHA256:5e08a4b092dc85b337f0910a740571d8720cfa565fabd880a8caf94a657ca416
Referenced In Project/Scope: RealLifeDeveloper Build Tools:runtime
jboss-logging-3.6.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-spatial@7.0.5.Final

Identifiers

jgridshift-core-1.3.jar

File Path: /home/runner/.m2/repository/it/geosolutions/jgridshift/jgridshift-core/1.3/jgridshift-core-1.3.jar
MD5: 04a57b57bb0654b3d603eaaa748de563
SHA1: 314702a7b6e634e1c74589983a6762974b9c51c8
SHA256:303eb6a6f6f87369f6b9e3dcacefd6f9b0ad55920cd65a7f162ab9a23401c722
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
jgridshift-core-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: RealLifeDeveloper Build Tools:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.3

Identifiers

jts-core-1.19.0.jar

Description:

The JTS Topology Suite is an API for 2D linear geometry predicates and functions.

License:

https://github.com/locationtech/jts/blob/master/LICENSE_EPLv2.txt, https://github.com/locationtech/jts/blob/master/LICENSE_EDLv1.txt
File Path: /home/runner/.m2/repository/org/locationtech/jts/jts-core/1.19.0/jts-core-1.19.0.jar
MD5: a3b90d76c097fd275fbbf22f8e3cde6b
SHA1: 3ff3baa0074445384f9e0068df81fbd0a168395a
SHA256:dbb8644cf324123d06c27aa982f570811e10b4cb1f2aef893b00de237d33efc0
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
jts-core-1.19.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-spatial@7.0.5.Final

Identifiers

junit-jupiter-api-5.13.1.jar

Description:

Module "junit-jupiter-api" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /home/runner/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.13.1/junit-jupiter-api-5.13.1.jar
MD5: dfc0c94e39104df4a5a85203892fd206
SHA1: 33ee7e4a267950257dc7da8946af0db3f73e36f4
SHA256:3f7bd659a2f1497f8708c55ea1337842c52a5866ee27305e337cc3211596bcea
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
junit-jupiter-api-5.13.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

junit-platform-engine-1.13.1.jar

Description:

Module "junit-platform-engine" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /home/runner/.m2/repository/org/junit/platform/junit-platform-engine/1.13.1/junit-platform-engine-1.13.1.jar
MD5: 4ee30ef51542c327dfd9787dc83f850c
SHA1: 15a28065d991d076ae59f2406e7b8a4a9db655b7
SHA256:0863112f8509429b7c6c8cc1ff4619f4af450a0851b0fd95fde560cc7b9cd17e
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
junit-platform-engine-1.13.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.13.1

Identifiers

logback-core-1.5.18.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.18/logback-core-1.5.18.jar
MD5: 10bcea83842beead15f072799b9c923d
SHA1: 6c0375624f6f36b4e089e2488ba21334a11ef13f
SHA256:85139e7b57b464f8e5e36326dd81317648bed199ccc4f98cd42585f8d7571027
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
logback-core-1.5.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/ch.qos.logback/logback-classic@1.5.18

Identifiers

lombok-1.18.38.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /home/runner/.m2/repository/org/projectlombok/lombok/1.18.38/lombok-1.18.38.jar
MD5: 789cacd8d3969e9d23e6e6baec747f70
SHA1: 57f8f5e02e92a30fd21b80cbd426a4172b5f8e29
SHA256:1e1e427c36ff63c44fd30ef292d9e773ea3154460ab6265d3fed7e6f5bc50fb9
Referenced In Project/Scope: RealLifeDeveloper Build Tools:provided
lombok-1.18.38.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

lombok-1.18.38.jar: mavenEcjBootstrapAgent.jar

File Path: /home/runner/.m2/repository/org/projectlombok/lombok/1.18.38/lombok-1.18.38.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: 885d5d6be90a5dcd4b82cdf741e3f31a
SHA1: e1f7f1779f40157fd0b984c1bc32a0cb45cae66e
SHA256:74a80a6ee84e5c6fe497dfcc46a46dbe30578525e747eb531e918ee0750c8da9
Referenced In Project/Scope: RealLifeDeveloper Build Tools:provided

Identifiers

  • None

micrometer-commons-1.14.8.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/micrometer/micrometer-commons/1.14.8/micrometer-commons-1.14.8.jar
MD5: afc6a3ed0d778c9748ed3636d5bfac35
SHA1: 51baec7ebe61f1cd38db19b35e57ac248345cc5f
SHA256:277cd6ec84a392e1ae056129078344493fbfbf60cf15f3e88e29d26f8a6b62c7
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
micrometer-commons-1.14.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-context@6.2.8

Identifiers

net.opengis.ows-33.1.jar

Description:

Open Web Services Schema EMF Model

File Path: /home/runner/.m2/repository/org/geotools/ogc/net.opengis.ows/33.1/net.opengis.ows-33.1.jar
MD5: 5c29fb095a3447778c715c9e849c9d40
SHA1: 8b6f79434cf01dbde0d2207f66a162c5f7976928
SHA256:0669b9e258e6952bb7b3bae84fc6ef1e001ed63e571c6d7185f4ea0e5ddba24a
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
net.opengis.ows-33.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

opentest4j-1.3.0.jar

Description:

Open Test Alliance for the JVM

License:

The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar
MD5: 03c404f727531f3fd3b4c73997899327
SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e
SHA256:48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
opentest4j-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.13.1

Identifiers

org.eclipse.emf.ecore-2.15.0.jar

Description:

EMF Ecore

License:

The Eclipse Public License Version 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/org/eclipse/emf/org.eclipse.emf.ecore/2.15.0/org.eclipse.emf.ecore-2.15.0.jar
MD5: 566797e186b122fb2cb64a699b1c2d2b
SHA1: ccfc09c8b6a0d4fadde09216d8a07678d38998de
SHA256:d5e3c25344fe27f14f514f5d6deb6e9cc3f6153fa462361261a8d49a3dfe9bbf
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
org.eclipse.emf.ecore-2.15.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

CVE-2023-4218  

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

org.w3.xlink-33.1.jar

Description:

Xlink Schema EMF Model

File Path: /home/runner/.m2/repository/org/geotools/ogc/org.w3.xlink/33.1/org.w3.xlink-33.1.jar
MD5: aedf6fddd94c2423c235bbd58e3c5412
SHA1: 32b8d350b5cd6185d73e566134e0f2f79a9d5cbb
SHA256:ee22599693e000425f6c249eba71437185f2b8d89c8bf47584a6747230933a2c
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
org.w3.xlink-33.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

re2j-1.8.jar

Description:

Linear time regular expressions for Java

License:

Go License: https://golang.org/LICENSE
File Path: /home/runner/.m2/repository/com/google/re2j/re2j/1.8/re2j-1.8.jar
MD5: 4240e655caa938c61ddbec8b92bfb061
SHA1: 12c25e923e9e4fb1575a7640a2698745c6f19a94
SHA256:7b52c72156dd7f98b3237a5b35c1d34fba381b21048c89208913ad80a45dfbd7
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
re2j-1.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

si-quantity-2.1.jar

Description:

Units of Measurement SI (Système International d'Unités)

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /home/runner/.m2/repository/si/uom/si-quantity/2.1/si-quantity-2.1.jar
MD5: 79685f60efca0051a6c579e1f1522542
SHA1: 5617d2cf30898ffcc760807009fe947483bd867b
SHA256:2cdcfd3e5395db5576f5efc0f224b5bbd0731f3ec7552afee6ee7b63a4f65820
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
si-quantity-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

si-units-2.1.jar

Description:

"Units of Measurement SI (Système International d'Unités)"

License:

"BSD 3-Clause";link="https://opensource.org/licenses/BSD-3-Clause"
File Path: /home/runner/.m2/repository/si/uom/si-units/2.1/si-units-2.1.jar
MD5: 43abf4b896da58d8bca0e87f412a8457
SHA1: 7e812192ff1abbef6c79123249840c42b4e145d4
SHA256:491ed9956ddf4b2e30180b087e1f6fb51debccb6d46785ae0d52026342013c51
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
si-units-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

snakeyaml-2.2.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dbunit/dbunit@3.0.0

Identifiers

spotbugs-annotations-4.9.3.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.9.3/spotbugs-annotations-4.9.3.jar
MD5: 6149845e438bd5a34ebaf81f8bc9e243
SHA1: 4d362bffcfdfd734999e94d7d98fde678aae71cf
SHA256:13532bfe2f45fcd491432221df72d9cd0efb8f987c9245e12befa192c8925ce3
Referenced In Project/Scope: RealLifeDeveloper Build Tools:provided
spotbugs-annotations-4.9.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

spring-core-6.2.8.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/6.2.8/spring-core-6.2.8.jar
MD5: 4db163bd5ffe489aaf0d3c44f47d66e5
SHA1: 2caf1cef93252f5ef2b7f334b8b4d61f3aecad15
SHA256:27f640340164d74a0e90ee176b75d5a18a93f82fa96f444a757acf0bf3ae7257
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
spring-core-6.2.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-context@6.2.8

Identifiers

spring-data-commons-3.5.1.jar

Description:

Core Spring concepts underpinning every Spring Data module.

File Path: /home/runner/.m2/repository/org/springframework/data/spring-data-commons/3.5.1/spring-data-commons-3.5.1.jar
MD5: 92c4cf932de3c0f2a6c786faae21c83a
SHA1: 90bd3f9edcc3b98e0d49657f3f2152e933b42ae8
SHA256:139fcb68434b4188fa2363e01e8a0a150fbe69f9945c175e4992825cb0fc21d7
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
spring-data-commons-3.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.data/spring-data-jpa@3.5.1

Identifiers

spring-data-jpa-3.5.1.jar

Description:

Spring Data module for JPA repositories.

File Path: /home/runner/.m2/repository/org/springframework/data/spring-data-jpa/3.5.1/spring-data-jpa-3.5.1.jar
MD5: 48d14d6ae41fb3d1d3b4f9a710d3c38c
SHA1: 7d34c2d8c8bcd96f5ce3f012c2a88d682a86e14b
SHA256:c18353bfa941d5fd7d38fd7ddf7bf8548ea2dc6af397847b6384e8d0bb029467
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
spring-data-jpa-3.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-build-tools@2.0.23

Identifiers

systems-common-2.1.jar

Description:

Parent POM for Unit Systems

License:

BSD;link=LICENSE
File Path: /home/runner/.m2/repository/systems/uom/systems-common/2.1/systems-common-2.1.jar
MD5: 8c3a56e267bbd26bb947c826e51bee2b
SHA1: a173cc6f1fedc8b32498d6cc9599251baa72de27
SHA256:b3cc1f3e604dcd18d3bba266db5fd01744bbd6b02f147377d4016585ba375cff
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
systems-common-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

unit-api-2.2.jar

Description:

Units of Measurement Standard - This JSR specifies Java
        packages for modeling and working with measurement values, quantities
        and their corresponding units.

License:

BSD 3-Clause: LICENSE
File Path: /home/runner/.m2/repository/javax/measure/unit-api/2.2/unit-api-2.2.jar
MD5: 6cbc2bae2cb63cb4f85c5a187ee7dda2
SHA1: 2b624f7334b94a82c74cb954ede9fb1179b8d30c
SHA256:667487e1ee57298cdc767885f00b86c899b2fe7e72dc00b6560a6aa64f2bc9c4
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
unit-api-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers

uom-lib-common-2.2.jar

Description:

Units Common Library

License:

BSD: LICENSE
File Path: /home/runner/.m2/repository/tech/uom/lib/uom-lib-common/2.2/uom-lib-common-2.2.jar
MD5: eb6a1296ea160f731ac81ab8a2c7fed7
SHA1: 94a52abfdad3935c3769b4caab3ce9d384d8fb4e
SHA256:a01ece1c236b7b15a431b0383bdddf06dc6d7a85290e9a62b63904e1e4e0dc0d
Referenced In Project/Scope: RealLifeDeveloper Build Tools:compile
uom-lib-common-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-shapefile@33.1

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.