Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.
File Path: /home/runner/.m2/repository/com/googlecode/javaewah/JavaEWAH/1.2.3/JavaEWAH-1.2.3.jar MD5: 8fdeda28c1fb10e67b3d79f86bef5e61 SHA1: 13a27c856e0c8808cee9a64032c58eee11c3adc9 SHA256:d65226949713c4c61a784f41c51167e7b0316f93764398ebba9e4336b3d954c2 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile JavaEWAH-1.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
POM and identification for artifact that was not possible to uniquely identify as a maven dependency.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/netbeans/external/adapter-base/RELEASE220/adapter-base-RELEASE220.jar MD5: a4428177751626d61c0fb176618b38af SHA1: 0c7b101c71719b0ae54282eb69878116b8d8d9f5 SHA256:c523df1d4d03a0ca026699718e6d071ff09bb8eedd7a336ce4f4cca770e243d5 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile adapter-base-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-subversion@RELEASE220
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
adapter-base-RELEASE220
High
Vendor
jar
package name
svnclientadapter
Highest
Vendor
jar
package name
tigris
Highest
Vendor
Manifest
build-jdk-spec
1.8
Low
Vendor
Manifest
bundle-symbolicname
svnclientadapter.base
Medium
Vendor
Manifest
originally-created-by
1.8.0_282 (Azul Systems, Inc.)
Low
Vendor
pom
artifactid
adapter-base
Highest
Vendor
pom
artifactid
adapter-base
Low
Vendor
pom
groupid
org.netbeans.external
Highest
Vendor
pom
groupid
org.tigris.svnclientadapter
Highest
Vendor
pom
name
Maven definition for adapter-base.jar - external part of NetBeans module.
High
Vendor
pom
name
svnClientAdapter Base Interface
High
Vendor
pom
parent-artifactid
multi
Low
Vendor
pom
parent-artifactid
netbeans-parent
Low
Vendor
pom
parent-groupid
org.apache.netbeans
Medium
Product
file
name
adapter-base-RELEASE220
High
Product
jar
package name
svnclientadapter
Highest
Product
jar
package name
tigris
Highest
Product
Manifest
build-jdk-spec
1.8
Low
Product
Manifest
Bundle-Name
svnclientadapter.base
Medium
Product
Manifest
bundle-symbolicname
svnclientadapter.base
Medium
Product
Manifest
originally-created-by
1.8.0_282 (Azul Systems, Inc.)
Low
Product
pom
artifactid
adapter-base
Highest
Product
pom
groupid
org.netbeans.external
Highest
Product
pom
groupid
org.tigris.svnclientadapter
Highest
Product
pom
name
Maven definition for adapter-base.jar - external part of NetBeans module.
ASM, a very small and fast Java bytecode manipulation framework
License:
BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm/9.7/asm-9.7.jar MD5: 3957b18bf02a62edcb6726d074b90b08 SHA1: 073d7b3086e14beb604ced229c302feff6449723 SHA256:adf46d5e34940bdf148ecdd26a9ee8eea94496a72034ff7141066b3eea5c4e9d Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:runtime asm-9.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-git@RELEASE220
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
asm
High
Vendor
jar
package name
asm
Highest
Vendor
jar
package name
objectweb
Highest
Vendor
Manifest
bundle-docurl
http://asm.ow2.org
Low
Vendor
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Vendor
Manifest
bundle-symbolicname
org.objectweb.asm
Medium
Vendor
pom
artifactid
asm
Highest
Vendor
pom
artifactid
asm
Low
Vendor
pom
developer email
ebruneton@free.fr
Low
Vendor
pom
developer email
eu@javatx.org
Low
Vendor
pom
developer email
forax@univ-mlv.fr
Low
Vendor
pom
developer id
ebruneton
Medium
Vendor
pom
developer id
eu
Medium
Vendor
pom
developer id
forax
Medium
Vendor
pom
developer name
Eric Bruneton
Medium
Vendor
pom
developer name
Eugene Kuleshov
Medium
Vendor
pom
developer name
Remi Forax
Medium
Vendor
pom
groupid
org.ow2.asm
Highest
Vendor
pom
name
asm
High
Vendor
pom
organization name
OW2
High
Vendor
pom
organization url
http://www.ow2.org/
Medium
Vendor
pom
parent-artifactid
ow2
Low
Vendor
pom
parent-groupid
org.ow2
Medium
Vendor
pom
url
http://asm.ow2.io/
Highest
Product
file
name
asm
High
Product
jar
package name
asm
Highest
Product
jar
package name
objectweb
Highest
Product
Manifest
bundle-docurl
http://asm.ow2.org
Low
Product
Manifest
Bundle-Name
org.objectweb.asm
Medium
Product
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Product
Manifest
bundle-symbolicname
org.objectweb.asm
Medium
Product
Manifest
Implementation-Title
ASM, a very small and fast Java bytecode manipulation framework
Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework
License:
BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/9.7/asm-commons-9.7.jar MD5: 53a46610df6a8dbc4ff85b8fd4cdea66 SHA1: e86dda4696d3c185fcc95d8d311904e7ce38a53f SHA256:389bc247958e049fc9a0408d398c92c6d370c18035120395d4cba1d9d9304b7a Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:runtime asm-commons-9.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-git@RELEASE220
Tree API of ASM, a very small and fast Java bytecode manipulation framework
License:
BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/9.7/asm-tree-9.7.jar MD5: ea5cad3e0cbd2520688e4b0b5c4218e7 SHA1: e446a17b175bfb733b87c5c2560ccb4e57d69f1a SHA256:62f4b3bc436045c1acb5c3ba2d8ec556ec3369093d7f5d06c747eb04b56d52b1 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:runtime asm-tree-9.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-git@RELEASE220
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
asm-tree
High
Vendor
jar
package name
asm
Highest
Vendor
jar
package name
objectweb
Highest
Vendor
jar
package name
tree
Highest
Vendor
Manifest
bundle-docurl
http://asm.ow2.org
Low
Vendor
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Vendor
Manifest
bundle-symbolicname
org.objectweb.asm.tree
Medium
Vendor
Manifest
module-requires
org.objectweb.asm;transitive=true
Low
Vendor
pom
artifactid
asm-tree
Highest
Vendor
pom
artifactid
asm-tree
Low
Vendor
pom
developer email
ebruneton@free.fr
Low
Vendor
pom
developer email
eu@javatx.org
Low
Vendor
pom
developer email
forax@univ-mlv.fr
Low
Vendor
pom
developer id
ebruneton
Medium
Vendor
pom
developer id
eu
Medium
Vendor
pom
developer id
forax
Medium
Vendor
pom
developer name
Eric Bruneton
Medium
Vendor
pom
developer name
Eugene Kuleshov
Medium
Vendor
pom
developer name
Remi Forax
Medium
Vendor
pom
groupid
org.ow2.asm
Highest
Vendor
pom
name
asm-tree
High
Vendor
pom
organization name
OW2
High
Vendor
pom
organization url
http://www.ow2.org/
Medium
Vendor
pom
parent-artifactid
ow2
Low
Vendor
pom
parent-groupid
org.ow2
Medium
Vendor
pom
url
http://asm.ow2.io/
Highest
Product
file
name
asm-tree
High
Product
jar
package name
asm
Highest
Product
jar
package name
objectweb
Highest
Product
jar
package name
tree
Highest
Product
Manifest
bundle-docurl
http://asm.ow2.org
Low
Product
Manifest
Bundle-Name
org.objectweb.asm.tree
Medium
Product
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Product
Manifest
bundle-symbolicname
org.objectweb.asm.tree
Medium
Product
Manifest
Implementation-Title
Tree API of ASM, a very small and fast Java bytecode manipulation framework
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.
File Path: /home/runner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.77/bcprov-jdk18on-1.77.jar MD5: ca01387064e08db12e1345b474521ff1 SHA1: 2cc971b6c20949c1ff98d1a4bc741ee848a09523 SHA256:dabb98c24d72c9b9f585633d1df9c5cd58d9ad373d0cd681367e6a603a495d58 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile bcprov-jdk18on-1.77.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
bouncycastle - Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
CWE-297 Improper Validation of Certificate with Host Mismatch
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
File Path: /home/runner/.m2/repository/org/netbeans/external/com-jcraft-jsch/RELEASE220/com-jcraft-jsch-RELEASE220.jar/META-INF/maven/com.github.mwiede/jsch/pom.xml MD5: 85f4f9a60f52c33cda4d806ec64bd00a SHA1: c25e7c9cbca0156005c3c675af8752438d54c4fc SHA256:0818be86a36c6c4254b23f0e97c2d3e92bfecf8ad7d5ac72b42ba4c37eebc7ba Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
File Path: /home/runner/.m2/repository/org/netbeans/external/com-jcraft-jsch/RELEASE220/com-jcraft-jsch-RELEASE220.jar MD5: 518b440f8309c56c19bd93d044de0b79 SHA1: ad512ddc61c12c29d19df6ce8fe0ef33e7da90a8 SHA256:02c166bcd7fa4161c97c75c0aad9ba0b7264f5439b2f330af155b19dcb78db2e Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile com-jcraft-jsch-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
File Path: /home/runner/.m2/repository/org/netbeans/external/com-jcraft-jzlib/RELEASE220/com-jcraft-jzlib-RELEASE220.jar MD5: a094b16c6447f7a8337cdea80fbe4ccf SHA1: f9f1fcf2ec99bdd8e434397def7eca6d49600bb0 SHA256:0cdd369ace17c8edef0aa8901668b05f12d14e4f9503610733eb051611a2ee4c Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile com-jcraft-jzlib-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
File Path: /home/runner/.m2/repository/commons-codec/commons-codec/1.16.0/commons-codec-1.16.0.jar MD5: 6e26920fa7228891980890cce06b718c SHA1: 4e3eb3d79888d76b54e28b350915b5dc3919c9de SHA256:56595fb20b0b85bc91d0d503dad50bb7f1b9afc0eed5dffa6cbb25929000484d Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile commons-codec-1.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar MD5: 8b3cc652920435ad9f801e6d9b2a3497 SHA1: 67bf3eaea4f0718cb376a181a629e5f88fa1c9dd SHA256:34ed1e1f27fa896bca50dbc4e99cf3732967cec387a7a0d5e3486c09673fe8c6 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile jna-5.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.14.0/jna-platform-5.14.0.jar MD5: 3bc3f09a698e6ad250dd093f64fbb8a7 SHA1: 28934d48aed814f11e4c584da55c49fa7032b31b SHA256:ae4caceb3840730c2537f9b7fb55a01baba580286b4122951488bcee558c2449 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile jna-platform-5.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
File Path: /home/runner/.m2/repository/com/jcraft/jsch/0.1.55/jsch-0.1.55.jar MD5: c395ada0fc012d66f11bd30246f6c84d SHA1: bbd40e5aa7aa3cfad5db34965456cee738a42a50 SHA256:d492b15a6d2ea3f1cc39c422c953c40c12289073dbe8360d98c0f6f9ec74fc44 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile jsch-0.1.55.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
File Path: /home/runner/.m2/repository/com/kohlschutter/junixsocket/junixsocket-common/2.5.1/junixsocket-common-2.5.1.jar MD5: 6eab1b24001a4c2dbdcf46518d5cc8cd SHA1: 87515d51236afd95693fdc6f2233a98f9c1429b1 SHA256:ed3a364225d501fb2fa2944ac7061d9e243c5bc07f238590df2a0e3ca21ebef8 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile junixsocket-common-2.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
Binaries of the native JNI library for common platforms
File Path: /home/runner/.m2/repository/com/kohlschutter/junixsocket/junixsocket-native-common/2.5.1/junixsocket-native-common-2.5.1.jar MD5: df8474acd79d6d422a90538d50e6f981 SHA1: 4a19ca3071bfaa7cb30aad62d6f93faa080ea9e8 SHA256:1812573ffd48ce5a2f231102c4c560d17700141c5084149f5a77047df529fe97 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile junixsocket-native-common-2.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
File Path: /home/runner/.m2/repository/com/jcraft/jzlib/1.1.3/jzlib-1.1.3.jar MD5: 386d3714fef534d21175d8885ae48bf7 SHA1: c01428efa717624f7aabf4df319939dda9646b2d SHA256:89b1360f407381bf61fde411019d8cbd009ebb10cff715f3669017a031027560 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile jzlib-1.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
File Path: /home/runner/.m2/repository/org/netbeans/api/libs-c-kohlschutter-junixsocket/RELEASE220/libs-c-kohlschutter-junixsocket-RELEASE220.jar MD5: 4d00a759a2e62f14ea13fde29629b3da SHA1: deea04a0cc368b533870ba407b239e9b658e280d SHA256:daf9ac1027bad0c8492de55d177238b5ae7a1aeb30badc3df805ee84e9cf4a26 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile libs-c-kohlschutter-junixsocket-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
This plugin helps you to easily close unused or unwanted editor tabs. Instead of either close all tabs
or all tabs except the currently selected you can also close the tabs right or left, the ones either
belong or not belong to the project from the context menu of a selected tab at once or even all tabs
that have not been changed since the last commit to your version control system (Git, SVN and Mercurial
supported).
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/de/funfried/netbeans/plugins/nb-editor-close-left-right/1.0.7/nb-editor-close-left-right-1.0.7.jar MD5: c92ddc9a704451c5c91363c12b58a90d SHA1: 7f1a2976000ae51b2ad97b77800fd650a8ad3e30 SHA256:e59f26bb7e713266aba7d72d51321bd036d1c510b1d2ae22b89cd468ea5470ab Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile nb-editor-close-left-right-1.0.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right-vcs-extension-nb22@0.3
File Path: /home/runner/.m2/repository/org/netbeans/modules/org-netbeans-bootstrap/RELEASE220/org-netbeans-bootstrap-RELEASE220.jar MD5: fce02c8c3147e22d9045e4ac0e177e5d SHA1: 94264c51441d990e061b7e9ad9eb92970856cb24 SHA256:f05ec8fb7d1610a99527484a7d561422f25f67ad65ee4b296580596f66c22f1d Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:runtime org-netbeans-bootstrap-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-subversion@RELEASE220
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
File Path: /home/runner/.m2/repository/org/netbeans/api/org-netbeans-modules-projectuiapi-base/RELEASE220/org-netbeans-modules-projectuiapi-base-RELEASE220.jar MD5: 82873cf3e1b310df9b1eb63a7b004a7e SHA1: b9f3b54f08e0152fc2856e6d4949f7cceb69948d SHA256:1d9fc2ebad56f15e67dbb15ab88a47d6b76c5575974f86c88417eb58fe34be0b Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile org-netbeans-modules-projectuiapi-base-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-git@RELEASE220
The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
File Path: /home/runner/.m2/repository/org/netbeans/modules/org-netbeans-modules-subversion/RELEASE220/org-netbeans-modules-subversion-RELEASE220.jar MD5: 71de17c7116589c32e4423439bc7466a SHA1: d5fa90d8a92873bf3c5c655214d148ae7daf72ee SHA256:846ef770e406b0e765818773211ca62316046ed2f24df3043d9bc4b374439f35 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile org-netbeans-modules-subversion-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right-vcs-extension-nb22@0.3
File Path: /home/runner/.m2/repository/org/netbeans/modules/org-netbeans-modules-versioning-core/RELEASE220/org-netbeans-modules-versioning-core-RELEASE220.jar MD5: ce7e6975cd543ec1237732f0cb173248 SHA1: b46da0a65a4ccea7ad427cec798e379ca27f7bcb SHA256:baf25ed5a2a77425111532bfee19c18cbaf5dfe7523cdc72119695d396a94a69 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile org-netbeans-modules-versioning-core-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-git@RELEASE220
File Path: /home/runner/.m2/repository/org/netbeans/api/org-openide-util-lookup/RELEASE220/org-openide-util-lookup-RELEASE220.jar MD5: aef713d470e2a344155d39f14a81eaa2 SHA1: 0d6661b0943575232d6529c67fcf89a6cace3152 SHA256:54f6302572f2fe5c9dd15d7a4b4558ff17aa95d029ef5d4f5a1253bb746bf96a Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile org-openide-util-lookup-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right-vcs-extension-nb22@0.3
File Path: /home/runner/.m2/repository/org/eclipse/jgit/org.eclipse.jgit/6.9.0.202403050737-r/org.eclipse.jgit-6.9.0.202403050737-r.jar MD5: bf46ab2ec23bf919a867b25bf08bf22f SHA1: e4da064611794c35cbf80a720a3f813285d5ccba SHA256:6209ac6691be2a06320f02000d89bed73edf05f45d65ef9a155147511ab77f3c Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile org.eclipse.jgit-6.9.0.202403050737-r.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar MD5: 872da51f5de7f3923da4de871d57fd85 SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14 SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220
POM and identification for artifact that was not possible to uniquely identify as a maven dependency.
File Path: /home/runner/.m2/repository/org/netbeans/external/updater/RELEASE220/updater-RELEASE220.jar MD5: dc3b739e244d1e3f94569985852b8bd4 SHA1: 20f7b83a04136fde357a175fed28f97b4c157c89 SHA256:9429a1f51754fa8623a7e2eea241e6cc58a929609f1893ec4ba4b2b02af98d31 Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile updater-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-subversion@RELEASE220
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
updater-RELEASE220
High
Vendor
jar
package name
netbeans
Highest
Vendor
jar
package name
updater
Highest
Vendor
Manifest
netbeans-own-library
true
Low
Vendor
pom
artifactid
updater
Highest
Vendor
pom
artifactid
updater
Low
Vendor
pom
groupid
org.netbeans.external
Highest
Vendor
pom
name
Maven definition for updater.jar - external part of NetBeans module.
High
Vendor
pom
parent-artifactid
netbeans-parent
Low
Vendor
pom
parent-groupid
org.apache.netbeans
Medium
Product
file
name
updater-RELEASE220
High
Product
jar
package name
netbeans
Highest
Product
jar
package name
updater
Highest
Product
Manifest
netbeans-own-library
true
Low
Product
pom
artifactid
updater
Highest
Product
pom
groupid
org.netbeans.external
Highest
Product
pom
name
Maven definition for updater.jar - external part of NetBeans module.