Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 3.1.2
Report Generated On: May 5, 2018 at 12:14:52 -07:00
Dependencies Scanned: 6 (6 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE 2002: 05/05/2018 11:51:10
NVD CVE 2003: 03/05/2018 00:56:15
NVD CVE 2004: 03/05/2018 00:55:05
NVD CVE 2005: 03/05/2018 00:52:50
NVD CVE 2006: 03/05/2018 00:49:37
NVD CVE 2007: 03/05/2018 00:44:32
NVD CVE 2008: 25/04/2018 01:05:38
NVD CVE 2009: 25/04/2018 01:00:17
NVD CVE 2010: 25/04/2018 00:55:32
NVD CVE 2011: 05/05/2018 11:51:08
NVD CVE 2012: 05/05/2018 11:51:10
NVD CVE 2013: 05/05/2018 11:51:10
NVD CVE 2014: 03/05/2018 00:34:27
NVD CVE 2015: 05/05/2018 11:51:08
NVD CVE 2016: 05/05/2018 11:51:09
NVD CVE 2017: 05/05/2018 00:09:12
NVD CVE 2018: 05/05/2018 00:01:28
NVD CVE Checked: 05/05/2018 12:14:46
NVD CVE Modified: 05/05/2018 11:02:03
VersionCheckOn: 1525547686370

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	CPE	Coordinates	CPE Confidence	Evidence Count
gson-2.8.1.jar		com.google.code.gson:gson:2.8.1 ✓		29
javapoet-1.9.0.jar		com.squareup:javapoet:1.9.0 ✓		25
jgrapht-ext-1.0.1.jar		org.jgrapht:jgrapht-ext:1.0.1 ✓		25
AptSpringModel-2.0.1.jar	cpe:/a:id:id-software:2.0.1	com.salesforce.aptspring:AptSpringModel:2.0.1	Low	23
jgrapht-core-1.0.1.jar		org.jgrapht:jgrapht-core:1.0.1 ✓		25
AptSpringAPI-2.0.1.jar	cpe:/a:id:id-software:2.0.1	com.salesforce.aptspring:AptSpringAPI:2.0.1	Low	21

Dependencies

gson-2.8.1.jar

Description: Gson JSON library

File Path: /Users/rex.hoffman/.m2/repository/com/google/code/gson/gson/2.8.1/gson-2.8.1.jar
MD5: 2c334d82c64b56ae59ea1bdcbb674303
SHA1: 02a8e0aa38a2e21cb39e2f5a7d6704cbdc941da0
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	com.google.gson	Medium
Vendor	manifest	Bundle-Description	Gson JSON library	Medium
Vendor	pom	name	Gson	High
Vendor	pom	artifactid	gson	Low
Vendor	pom	groupid	google.code.gson	Highest
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Vendor	central	groupid	com.google.code.gson	Highest
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8	Low
Vendor	pom	parent-groupid	com.google.code.gson	Medium
Vendor	file	name	gson	High
Vendor	pom	parent-artifactid	gson-parent	Low
Product	pom	artifactid	gson	Highest
Product	Manifest	bundle-symbolicname	com.google.gson	Medium
Product	manifest	Bundle-Description	Gson JSON library	Medium
Product	pom	parent-artifactid	gson-parent	Medium
Product	pom	parent-groupid	com.google.code.gson	Low
Product	pom	name	Gson	High
Product	central	artifactid	gson	Highest
Product	Manifest	Bundle-Name	Gson	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8	Low
Product	pom	groupid	google.code.gson	Low
Product	file	name	gson	High
Version	pom	version	2.8.1	Highest
Version	central	version	2.8.1	Highest
Version	file	version	2.8.1	Highest

Identifiers

maven: com.google.code.gson:gson:2.8.1 ✓ Confidence:Highest

javapoet-1.9.0.jar

Description: Use beautiful Java code to generate beautiful Java code.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Users/rex.hoffman/.m2/repository/com/squareup/javapoet/1.9.0/javapoet-1.9.0.jar
MD5: e92008edb0ea9929cb9d50f9801ccce8
SHA1: 00ecc5cf9c221d55481163e773b24336db149e51
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	http://github.com/square/javapoet/	Highest
Vendor	pom	name	JavaPoet	High
Vendor	pom	groupid	squareup	Highest
Vendor	jar	package name	squareup	Low
Vendor	file	name	javapoet	High
Vendor	pom	description	Use beautiful Java code to generate beautiful Java code.	Medium
Vendor	central	groupid	com.squareup	Highest
Vendor	pom	organization name	Square, Inc.	High
Vendor	pom	organization url	http://squareup.com	Medium
Vendor	pom	groupid	com.squareup	Highest
Vendor	jar	package name	javapoet	Low
Vendor	pom	artifactid	javapoet	Low
Product	pom	groupid	squareup	Low
Product	pom	name	JavaPoet	High
Product	pom	url	http://github.com/square/javapoet/	Medium
Product	central	artifactid	javapoet	Highest
Product	pom	organization name	Square, Inc.	Low
Product	pom	artifactid	javapoet	Highest
Product	file	name	javapoet	High
Product	pom	organization url	http://squareup.com	Low
Product	pom	description	Use beautiful Java code to generate beautiful Java code.	Medium
Product	jar	package name	javapoet	Low
Version	pom	version	1.9.0	Highest
Version	central	version	1.9.0	Highest
Version	file	version	1.9.0	Highest

Identifiers

maven: com.squareup:javapoet:1.9.0 ✓ Confidence:Highest

jgrapht-ext-1.0.1.jar

Description: A Java class library for graph-theory data structures and algorithms.

License:

GNU Lesser General Public License Version 2.1, February 1999: http://jgrapht.sourceforge.net/LGPL.html
Eclipse Public License (EPL) 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /Users/rex.hoffman/.m2/repository/org/jgrapht/jgrapht-ext/1.0.1/jgrapht-ext-1.0.1.jar
MD5: 407260aa727b906138b712b175f808b0
SHA1: 9c0dbf85af4c72a67c158e85b8e2725bdb670a80
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.jgrapht	Highest
Vendor	pom	name	JGraphT - Ext	High
Vendor	pom	artifactid	jgrapht-ext	Low
Vendor	file	name	jgrapht-ext	High
Vendor	manifest	Bundle-Description	A Java class library for graph-theory data structures and algorithms.	Medium
Vendor	pom	parent-groupid	org.jgrapht	Medium
Vendor	Manifest	bundle-symbolicname	org.jgrapht.ext	Medium
Vendor	pom	groupid	jgrapht	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	parent-artifactid	jgrapht	Low
Vendor	central	groupid	org.jgrapht	Highest
Product	pom	artifactid	jgrapht-ext	Highest
Product	pom	name	JGraphT - Ext	High
Product	pom	parent-artifactid	jgrapht	Medium
Product	file	name	jgrapht-ext	High
Product	manifest	Bundle-Description	A Java class library for graph-theory data structures and algorithms.	Medium
Product	Manifest	Bundle-Name	JGraphT - Ext	Medium
Product	Manifest	bundle-symbolicname	org.jgrapht.ext	Medium
Product	pom	parent-groupid	org.jgrapht	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	central	artifactid	jgrapht-ext	Highest
Product	pom	groupid	jgrapht	Low
Version	pom	version	1.0.1	Highest
Version	file	version	1.0.1	Highest
Version	central	version	1.0.1	Highest

Identifiers

maven: org.jgrapht:jgrapht-ext:1.0.1 ✓ Confidence:Highest

AptSpringModel-2.0.1.jar

Description: This is the spring agnostic 'meat' of the project. It models and analyzes a graph of declarations of object (bean) definitions, as well as the graph of the objects (beans) themselves. This project should be reusable in CDI or any other DI/IoC annotation based system.

File Path: /Users/rex.hoffman/.m2/repository/com/salesforce/aptspring/AptSpringModel/2.0.1/AptSpringModel-2.0.1.jar
MD5: 3ac2fb771d7251bf3d49a3ae8398df7a
SHA1: 6136d755466035c4077a8f204afeb258d1b351ba
Referenced In Project/Scope: AptSpringProcessor:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	apt	Low
Vendor	pom	parent-artifactid	AptSpringParent	Low
Vendor	pom	description	This is the spring agnostic 'meat' of the project. It models and analyzes a graph of declarations of object (bean) definitions, as well as the graph of the objects (beans) themselves. This project should be reusable in CDI or any other DI/IoC annotation based system.	Low
Vendor	pom	parent-groupid	com.salesforce.aptspring	Medium
Vendor	file	name	AptSpringModel	High
Vendor	jar	package name	graph	Low
Vendor	pom	groupid	salesforce.aptspring	Highest
Vendor	pom	groupid	com.salesforce.aptspring	Highest
Vendor	pom	artifactid	AptSpringModel	Low
Vendor	jar	package name	salesforce	Low
Vendor	pom	name	${project.artifactId}	High
Product	jar	package name	apt	Low
Product	jar	package name	model	Low
Product	pom	artifactid	AptSpringModel	Highest
Product	pom	groupid	salesforce.aptspring	Low
Product	pom	description	This is the spring agnostic 'meat' of the project. It models and analyzes a graph of declarations of object (bean) definitions, as well as the graph of the objects (beans) themselves. This project should be reusable in CDI or any other DI/IoC annotation based system.	Low
Product	pom	parent-artifactid	AptSpringParent	Medium
Product	file	name	AptSpringModel	High
Product	jar	package name	graph	Low
Product	pom	parent-groupid	com.salesforce.aptspring	Low
Product	pom	name	${project.artifactId}	High
Version	pom	version	2.0.1	Highest
Version	file	version	2.0.1	Highest

Identifiers

cpe: cpe:/a:id:id-software:2.0.1 Confidence:Low
maven: com.salesforce.aptspring:AptSpringModel:2.0.1 Confidence:High

jgrapht-core-1.0.1.jar

Description: A Java class library for graph-theory data structures and algorithms.

License:

GNU Lesser General Public License Version 2.1, February 1999: http://jgrapht.sourceforge.net/LGPL.html
Eclipse Public License (EPL) 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /Users/rex.hoffman/.m2/repository/org/jgrapht/jgrapht-core/1.0.1/jgrapht-core-1.0.1.jar
MD5: b827590449da3085ce7cc39736e999af
SHA1: 9ecbb2734a9b16126a56bf6544cafba2767d0f44
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	JGraphT - Core	High
Vendor	pom	groupid	org.jgrapht	Highest
Vendor	file	name	jgrapht-core	High
Vendor	manifest	Bundle-Description	A Java class library for graph-theory data structures and algorithms.	Medium
Vendor	pom	parent-groupid	org.jgrapht	Medium
Vendor	pom	groupid	jgrapht	Highest
Vendor	Manifest	bundle-symbolicname	org.jgrapht.core	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	parent-artifactid	jgrapht	Low
Vendor	central	groupid	org.jgrapht	Highest
Vendor	pom	artifactid	jgrapht-core	Low
Product	pom	name	JGraphT - Core	High
Product	file	name	jgrapht-core	High
Product	pom	parent-artifactid	jgrapht	Medium
Product	manifest	Bundle-Description	A Java class library for graph-theory data structures and algorithms.	Medium
Product	pom	artifactid	jgrapht-core	Highest
Product	pom	parent-groupid	org.jgrapht	Low
Product	Manifest	bundle-symbolicname	org.jgrapht.core	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	groupid	jgrapht	Low
Product	Manifest	Bundle-Name	JGraphT - Core	Medium
Product	central	artifactid	jgrapht-core	Highest
Version	pom	version	1.0.1	Highest
Version	file	version	1.0.1	Highest
Version	central	version	1.0.1	Highest

Identifiers

maven: org.jgrapht:jgrapht-core:1.0.1 ✓ Confidence:Highest

AptSpringAPI-2.0.1.jar

Description: This project contains one class, a marking annotation, @Verify, that indicates that the AptSpringProcessor should verify a spring graph. All checks are fully enumerated in @Verify's javadoc.

File Path: /Users/rex.hoffman/.m2/repository/com/salesforce/aptspring/AptSpringAPI/2.0.1/AptSpringAPI-2.0.1.jar
MD5: 702182e0cc53375c12cd0390cde767ae
SHA1: c0c6ade67c69663376a2df0df0fcb7fc74735c80
Referenced In Project/Scope: AptSpringProcessor:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	AptSpringAPI	High
Vendor	pom	parent-artifactid	AptSpringParent	Low
Vendor	pom	artifactid	AptSpringAPI	Low
Vendor	pom	parent-groupid	com.salesforce.aptspring	Medium
Vendor	pom	description	This project contains one class, a marking annotation, @Verify, that indicates that the AptSpringProcessor should verify a spring graph. All checks are fully enumerated in @Verify's javadoc.	Low
Vendor	pom	groupid	salesforce.aptspring	Highest
Vendor	jar	package name	aptspring	Low
Vendor	pom	groupid	com.salesforce.aptspring	Highest
Vendor	jar	package name	salesforce	Low
Vendor	pom	name	${project.artifactId}	High
Product	file	name	AptSpringAPI	High
Product	pom	groupid	salesforce.aptspring	Low
Product	pom	parent-artifactid	AptSpringParent	Medium
Product	pom	description	This project contains one class, a marking annotation, @Verify, that indicates that the AptSpringProcessor should verify a spring graph. All checks are fully enumerated in @Verify's javadoc.	Low
Product	jar	package name	verified	Low
Product	jar	package name	aptspring	Low
Product	pom	parent-groupid	com.salesforce.aptspring	Low
Product	pom	artifactid	AptSpringAPI	Highest
Product	pom	name	${project.artifactId}	High
Version	pom	version	2.0.1	Highest
Version	file	version	2.0.1	Highest

Identifiers

cpe: cpe:/a:id:id-software:2.0.1 Confidence:Low
maven: com.salesforce.aptspring:AptSpringAPI:2.0.1 Confidence:High

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: AptSpringParent

com.salesforce.aptspring:AptSpringParent:2.0.1

Dependencies

gson-2.8.1.jar

Evidence

Identifiers

javapoet-1.9.0.jar

Evidence

Identifiers

jgrapht-ext-1.0.1.jar

Evidence

Identifiers

AptSpringModel-2.0.1.jar

Evidence

Identifiers

jgrapht-core-1.0.1.jar

Evidence

Identifiers

AptSpringAPI-2.0.1.jar

Evidence

Identifiers