Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-all/5.0.1/asm-all-5.0.1.jar MD5: 279e80742ddff574fbc87244eb5c9d54 SHA1: 2f7553f50b0d14ed811b849c282da8c1ffc32aae SHA256:94ecde163b4ca3a42425cd830c79197f22d0d1336d471ced6a8a83b07acbf7c8 Referenced In Project/Scope: Close Editor Tabs Left and Right:compile asm-all-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-modules-options-api@RELEASE110
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
The code is tested using the latest revision of the JDK for supported
LTS releases: 8, 11, 17 and 21 currently.
See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
Please ensure your build environment is up-to-date and kindly report any build issues.
File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar MD5: 7730df72b7fdff4a3a32d89a314f826a SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70 SHA256:6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4 Referenced In Project/Scope: Close Editor Tabs Left and Right:compile commons-lang3-3.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right@1.0.7
File Path: /home/runner/.m2/repository/org/netbeans/modules/org-netbeans-bootstrap/RELEASE110/org-netbeans-bootstrap-RELEASE110.jar MD5: c955d38a30cf09a3e7dad7092a2bc4fe SHA1: 4cae8a69b95b74d2bfb1944de7a08088fa908aa9 SHA256:84d5c5a955d5d8639baf32ac9958b3d150c1001076b96563fec820371c8c2e55 Referenced In Project/Scope: Close Editor Tabs Left and Right:compile org-netbeans-bootstrap-RELEASE110.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-modules-options-api@RELEASE110
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
File Path: /home/runner/.m2/repository/org/netbeans/api/org-netbeans-modules-projectapi/RELEASE110/org-netbeans-modules-projectapi-RELEASE110.jar MD5: 49976d13e55ee444c17bd32665a47247 SHA1: f313397dc63baeb2f2b16fc95c73df935476f2d1 SHA256:d97b1beb5d25825a1956675465c70f0ab5e5db267a4d19bdaa02c196cfc5bc54 Referenced In Project/Scope: Close Editor Tabs Left and Right:compile org-netbeans-modules-projectapi-RELEASE110.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right@1.0.7
File Path: /home/runner/.m2/repository/org/netbeans/api/org-netbeans-modules-projectuiapi-base/RELEASE110/org-netbeans-modules-projectuiapi-base-RELEASE110.jar MD5: 2a665f1cfe3b4b956e47fa05decd75d6 SHA1: 62b39080e1d70b968b2cf02675dc69762550db8f SHA256:a6d78ec80abc46f714ed84e9b1608a203abf551cb056496a67f434b9e0599ce8 Referenced In Project/Scope: Close Editor Tabs Left and Right:compile org-netbeans-modules-projectuiapi-base-RELEASE110.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right@1.0.7
The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
File Path: /home/runner/.m2/repository/org/netbeans/api/org-openide-util-lookup/RELEASE110/org-openide-util-lookup-RELEASE110.jar MD5: 7081cbb64509a795a2f6be7aafdd7f04 SHA1: afcde9aa1fd6132b77f3d4e0ae89012c8324694a SHA256:b70f8ef33437b6bf4525002f5374f560b980e5a5f74c9f3733a5b1fca792ad59 Referenced In Project/Scope: Close Editor Tabs Left and Right:compile org-openide-util-lookup-RELEASE110.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right@1.0.7