Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Planmonitor Wonen API

nl.b3p.pmw:planmonitor-wonen-api:1.0.0-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
GeographicLib-Java-1.49.jarpkg:maven/net.sf.geographiclib/GeographicLib-Java@1.49 032
HdrHistogram-2.2.2.jarpkg:maven/org.hdrhistogram/HdrHistogram@2.2.2 025
HikariCP-5.1.0.jarpkg:maven/com.zaxxer/HikariCP@5.1.0 035
LatencyUtils-2.0.3.jarcpe:2.3:a:utils_project:utils:2.0.3:*:*:*:*:*:*:*pkg:maven/org.latencyutils/LatencyUtils@2.0.3 0Highest20
apiguardian-api-1.1.2.jarpkg:maven/org.apiguardian/apiguardian-api@1.1.2 040
aspectjweaver-1.9.22.1.jarpkg:maven/org.aspectj/aspectjweaver@1.9.22.1 049
checker-qual-3.42.0.jarpkg:maven/org.checkerframework/checker-qual@3.42.0 046
commons-codec-1.16.1.jarpkg:maven/commons-codec/commons-codec@1.16.1 0123
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest105
commons-io-2.17.0.jarcpe:2.3:a:apache:commons_io:2.17.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.17.0 0Highest125
commons-jxpath-1.3.jarcpe:2.3:a:apache:commons_jxpath:1.3:*:*:*:*:*:*:*pkg:maven/commons-jxpath/commons-jxpath@1.3CRITICAL3Highest58
commons-lang3-3.16.0.jarpkg:maven/org.apache.commons/commons-lang3@3.16.0 0145
commons-pool-1.6.jarpkg:maven/commons-pool/commons-pool@1.6 075
commons-text-1.12.0.jarcpe:2.3:a:apache:commons_text:1.12.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.12.0 0Highest73
ejml-core-0.41.jarpkg:maven/org.ejml/ejml-core@0.41 026
ejml-ddense-0.41.jarpkg:maven/org.ejml/ejml-ddense@0.41 028
flyway-core-10.17.2.jarpkg:maven/org.flywaydb/flyway-core@10.17.2 021
flyway-database-postgresql-10.17.2.jarpkg:maven/org.flywaydb/flyway-database-postgresql@10.17.2 021
gt-xml-32.1.jarcpe:2.3:a:geotools:geotools:32.1:*:*:*:*:*:*:*
cpe:2.3:a:xml_library_project:xml_library:32.1:*:*:*:*:*:*:*
pkg:maven/org.geotools/gt-xml@32.1 0Highest40
gt-xsd-core-32.1.jarcpe:2.3:a:geotools:geotools:32.1:*:*:*:*:*:*:*pkg:maven/org.geotools.xsd/gt-xsd-core@32.1 0Highest44
hsqldb-2.7.3.jarcpe:2.3:a:hsqldb:hypersql_database:2.7.3:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.7.3 0Low45
httpclient-4.5.14.jarcpe:2.3:a:apache:httpclient:4.5.14:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.14 0Highest32
httpcore-4.4.16.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.16 032
indriya-2.2.jarpkg:maven/tech.units/indriya@2.2 085
jackson-core-2.17.2.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.2 0Low47
jackson-databind-2.17.2.jarcpe:2.3:a:fasterxml:jackson-databind:2.17.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.2:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.2 0Highest41
jackson-dataformat-toml-2.17.2.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.17.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-toml@2.17.2 0Highest39
jai_core-1.1.3.jarpkg:maven/javax.media/jai_core@1.1.3 028
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low42
jakarta.inject-api-2.0.1.jarpkg:maven/jakarta.inject/jakarta.inject-api@2.0.1 056
jgridshift-core-1.3.jarpkg:maven/it.geosolutions.jgridshift/jgridshift-core@1.3 019
jts-core-1.20.0.jarpkg:maven/org.locationtech.jts/jts-core@1.20.0 024
jul-to-slf4j-2.0.16.jarpkg:maven/org.slf4j/jul-to-slf4j@2.0.16 031
log4j-api-2.23.1.jarcpe:2.3:a:apache:log4j:2.23.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1 0Highest39
log4j-to-slf4j-2.23.1.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.23.1 037
logback-core-1.5.11.jarcpe:2.3:a:qos:logback:1.5.11:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.11 0Highest39
micrometer-core-1.13.6.jarcpe:2.3:a:4d:4d:1.13.6:*:*:*:*:*:*:*pkg:maven/io.micrometer/micrometer-core@1.13.6 0Low67
micrometer-registry-prometheus-1.13.6.jarcpe:2.3:a:prometheus:prometheus:1.13.6:*:*:*:*:*:*:*pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6 0Highest63
net.opengis.fes-32.1.jarcpe:2.3:a:geotools:geotools:32.1:*:*:*:*:*:*:*pkg:maven/org.geotools.ogc/net.opengis.fes@32.1 0Highest28
org.eclipse.emf.ecore-2.15.0.jarcpe:2.3:a:eclipse:org.eclipse.core.runtime:2.15.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.emf/org.eclipse.emf.ecore@2.15.0
pkg:maven/org.eclipse.emf/org.eclipse.emf.ecore@2.15.0-SNAPSHOT
MEDIUM1Low46
org.eclipse.xsd-2.12.0.jarcpe:2.3:a:eclipse:org.eclipse.core.runtime:2.12.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.xsd/org.eclipse.xsd@2.12.0MEDIUM1Low38
org.w3.xlink-32.1.jarcpe:2.3:a:geotools:geotools:32.1:*:*:*:*:*:*:*pkg:maven/org.geotools.ogc/org.w3.xlink@32.1 0Highest29
picocontainer-1.2.jarpkg:maven/picocontainer/picocontainer@1.2 026
postgresql-42.7.4.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.4:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.7.4 0Low68
prometheus-metrics-config-1.2.1.jarpkg:maven/io.prometheus/prometheus-metrics-config@1.2.1 033
prometheus-metrics-core-1.2.1.jarpkg:maven/io.prometheus/prometheus-metrics-core@1.2.1 033
prometheus-metrics-exposition-formats-1.2.1.jarpkg:maven/io.prometheus/prometheus-metrics-exposition-formats@1.2.1 033
prometheus-metrics-model-1.2.1.jarpkg:maven/io.prometheus/prometheus-metrics-model@1.2.1 033
prometheus-metrics-shaded-protobuf-1.2.1.jarcpe:2.3:a:protobuf:protobuf:1.2.1:*:*:*:*:*:*:*pkg:maven/io.prometheus/prometheus-metrics-shaded-protobuf@1.2.1 0Highest33
prometheus-metrics-tracer-common-1.2.1.jarpkg:maven/io.prometheus/prometheus-metrics-tracer-common@1.2.1 033
re2j-1.6.jarpkg:maven/com.google.re2j/re2j@1.6 028
si-quantity-2.1.jarpkg:maven/si.uom/si-quantity@2.1 024
si-units-2.1.jarpkg:maven/si.uom/si-units@2.1 033
slf4j-api-2.0.16.jarpkg:maven/org.slf4j/slf4j-api@2.0.16 029
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest42
spring-boot-3.3.5.jarcpe:2.3:a:vmware:spring_boot:3.3.5:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@3.3.5 0Highest38
spring-boot-starter-web-3.3.5.jarcpe:2.3:a:vmware:spring_boot:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.3.5:*:*:*:*:*:*:*
pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5 0Highest36
spring-core-6.1.14.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.14:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.14:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.14:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-core@6.1.14 0Highest41
spring-security-core-6.3.4.jarcpe:2.3:a:pivotal_software:spring_security:6.3.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.4:*:*:*:*:*:*:*
pkg:maven/org.springframework.security/spring-security-core@6.3.4 0Highest38
spring-security-web-6.3.4.jarcpe:2.3:a:pivotal_software:spring_security:6.3.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.4:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.3.4:*:*:*:*:*:*:*
pkg:maven/org.springframework.security/spring-security-web@6.3.4 0Highest38
spring-web-6.1.14.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.14:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.14:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.14:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.1.14:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-web@6.1.14 0Highest35
systems-common-2.1.jarpkg:maven/systems.uom/systems-common@2.1 037
tomcat-embed-core-10.1.31.jarcpe:2.3:a:apache:tomcat:10.1.31:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:10.1.31:*:*:*:*:*:*:*
pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.31 0Highest63
tomcat-embed-el-10.1.31.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.31 033
unit-api-2.2.jarpkg:maven/javax.measure/unit-api@2.2 0109
uom-lib-common-2.2.jarpkg:maven/tech.uom.lib/uom-lib-common@2.2 043
xml-commons-resolver-1.2.jarpkg:maven/org.apache.xml/xml-commons-resolver@1.2 019

Dependencies (vulnerable)

GeographicLib-Java-1.49.jar

Description:

    This is a Java implementation of the geodesic algorithms from
    GeographicLib. This is a self-contained library which makes it
    easy to do geodesic computations for an ellipsoid of revolution in
    a Java program. It requires Java version 1.1 or later.
  

License:

The MIT License(MIT): http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/net/sf/geographiclib/GeographicLib-Java/1.49/GeographicLib-Java-1.49.jar
MD5: 5536ff35e4bb0b3262c6f62f43105ea4
SHA1: 7ff2164e69fa04e1ef2ca5079e1cee298a936ea1
SHA256:78c292f7e6910d51a15fc9088c301fac3b4c0a43ac5ae17499f5763b4dd9aca8
Referenced In Project/Scope: Planmonitor Wonen API:compile
GeographicLib-Java-1.49.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

Identifiers

HdrHistogram-2.2.2.jar

Description:

        HdrHistogram supports the recording and analyzing sampled data value
        counts across a configurable integer value range with configurable value
        precision within the range. Value precision is expressed as the number of
        significant digits in the value recording, and provides control over value
        quantization behavior across the value range and the subsequent value
        resolution at any given level.
    

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
BSD-2-Clause: https://opensource.org/licenses/BSD-2-Clause
File Path: /home/runner/.m2/repository/org/hdrhistogram/HdrHistogram/2.2.2/HdrHistogram-2.2.2.jar
MD5: 41f807bf0c681d6f692c408a6e217eaf
SHA1: 7959933ebcc0f05b2eaa5af0a0c8689fa257b15c
SHA256:22d1d4316c4ec13a68b559e98c8256d69071593731da96136640f864fa14fad8
Referenced In Project/Scope: Planmonitor Wonen API:runtime
HdrHistogram-2.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6

Identifiers

HikariCP-5.1.0.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/zaxxer/HikariCP/5.1.0/HikariCP-5.1.0.jar
MD5: 37404f82207a28141bd9b0fe6b1d0a16
SHA1: 8c96e36c14461fc436bb02b264b96ef3ca5dca8c
SHA256:a47a6ee62379694ee52c30036f0931b72f9aee2a801d590341ed82bd839e2134
Referenced In Project/Scope: Planmonitor Wonen API:compile
HikariCP-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-jdbc@3.3.5

Identifiers

LatencyUtils-2.0.3.jar

Description:

        LatencyUtils is a package that provides latency recording and reporting utilities.
    

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /home/runner/.m2/repository/org/latencyutils/LatencyUtils/2.0.3/LatencyUtils-2.0.3.jar
MD5: 2ad12e1ef7614cecfb0483fa9ac6da73
SHA1: 769c0b82cb2421c8256300e907298a9410a2a3d3
SHA256:a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec
Referenced In Project/Scope: Planmonitor Wonen API:runtime
LatencyUtils-2.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6

Identifiers

apiguardian-api-1.1.2.jar

Description:

@API Guardian

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar
MD5: 8c7de3f82037fa4a2e8be2a2f13092af
SHA1: a231e0d844d2721b0fa1b238006d15c6ded6842a
SHA256:b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38
Referenced In Project/Scope: Planmonitor Wonen API:compile
apiguardian-api-1.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.5

Identifiers

aspectjweaver-1.9.22.1.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /home/runner/.m2/repository/org/aspectj/aspectjweaver/1.9.22.1/aspectjweaver-1.9.22.1.jar
MD5: f2edbc088126174a11b68279bd26c6eb
SHA1: bca243d0af0db4758fbae45c5f4995cb5dabb612
SHA256:cd2dd01ec2424c05669df4d557f6c6cd7ed87b05257ee3c866b4c5b116b18a78
Referenced In Project/Scope: Planmonitor Wonen API:compile
aspectjweaver-1.9.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-aop@3.3.5

Identifiers

checker-qual-3.42.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256:ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: Planmonitor Wonen API:runtime
checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.postgresql/postgresql@42.7.4

Identifiers

commons-codec-1.16.1.jar

Description:

     The Apache Commons Codec component contains encoder and decoders for
     various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Referenced In Project/Scope: Planmonitor Wonen API:compile
commons-codec-1.16.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope: Planmonitor Wonen API:compile
commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

Identifiers

commons-io-2.17.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-io/commons-io/2.17.0/commons-io-2.17.0.jar
MD5: f6232d0e290d58bb93f74f67165bf91f
SHA1: ddcc8433eb019fb48fe25207c0278143f3e1d7e2
SHA256:4aa4ca48f3dfd30b78220b7881d8cb93eac4093ec94361b6befa9487998a550b
Referenced In Project/Scope: Planmonitor Wonen API:compile
commons-io-2.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

Identifiers

commons-jxpath-1.3.jar

Description:

A Java-based implementation of XPath 1.0 that, in addition to XML processing, can inspect/modify Java object graphs (the library's explicit purpose) and even mixed Java/XML structures.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-jxpath/commons-jxpath/1.3/commons-jxpath-1.3.jar
MD5: 61a9aa8ff43ba10853571d57f724bf88
SHA1: c22d7d0f0f40eb7059a23cfa61773a416768b137
SHA256:fcbc0ad917d9d6a73c6df21fac322e00d213ef19cd94815a007c407a8a3ff449
Referenced In Project/Scope: Planmonitor Wonen API:compile
commons-jxpath-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

Identifiers

CVE-2022-41852 (OSSINDEX)  

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-41852 for details
CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

CVSSv3:
  • Base Score: CRITICAL (9.800000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:commons-jxpath:commons-jxpath:1.3:*:*:*:*:*:*:*

CVE-2022-40159  

** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

    Vulnerable Software & Versions:

    CVE-2022-40160  

    ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.
    CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

    CVSSv3:
    • Base Score: MEDIUM (6.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

    References:

      Vulnerable Software & Versions:

      commons-lang3-3.16.0.jar

      Description:

        Apache Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.
      
        The code is tested using the latest revision of the JDK for supported
        LTS releases: 8, 11, 17 and 21 currently.
        See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
        
        Please ensure your build environment is up-to-date and kindly report any build issues.
        

      License:

      https://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.16.0/commons-lang3-3.16.0.jar
      MD5: 67bc6dbd753fc276d69aeb4cfa205e15
      SHA1: 3eb54effe40946dfb06dc5cd6c7ce4116cd51ea4
      SHA256:08709dd74d602b705ce4017d26544210056a4ba583d5b20c09373406fe7a00f8
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      commons-lang3-3.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.b3p.pmw/planmonitor-wonen-api@1.0.0-SNAPSHOT

      Identifiers

      commons-pool-1.6.jar

      Description:

      Commons Object Pooling Library

      License:

      http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
      MD5: 5ca02245c829422176d23fa530e919cc
      SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
      SHA256:46c42b4a38dc6b2db53a9ee5c92c63db103665d56694e2cfce2c95d51a6860cc
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      commons-pool-1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      commons-text-1.12.0.jar

      Description:

      Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
          and manipulating text that should be of use in a Java environment.
        

      License:

      https://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar
      MD5: 544add6fbc8d4b100b07c3692d08099e
      SHA1: 66aa90dc099701c4d3b14bd256c328f592ccf0d6
      SHA256:de023257ff166044a56bd1aa9124e843cd05dac5806cc705a9311f3556d5a15f
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      commons-text-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      ejml-core-0.41.jar

      Description:

      A fast and easy to use dense and sparse matrix linear algebra library written in Java.

      License:

      The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/org/ejml/ejml-core/0.41/ejml-core-0.41.jar
      MD5: 200146f623a8eb87196bbc35cae6c2b1
      SHA1: 92ac2bee332a5697c42e576b94d563ba8c25877c
      SHA256:8d36469e8414d79c875defc0af3b980525d384761c9471d15a4f365b936dd1d5
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      ejml-core-0.41.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      ejml-ddense-0.41.jar

      Description:

      A fast and easy to use dense and sparse matrix linear algebra library written in Java.

      License:

      The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/org/ejml/ejml-ddense/0.41/ejml-ddense-0.41.jar
      MD5: 2128d09683d0ed77429fac23f64e42c7
      SHA1: 782c80d4c3c8a3432c4641f24c177f336a360f9c
      SHA256:355347e9cac7e96d5d724d331a9b04bb14a8a02e1d111f1ac51c79f25d937123
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      ejml-ddense-0.41.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      flyway-core-10.17.2.jar

      File Path: /home/runner/.m2/repository/org/flywaydb/flyway-core/10.17.2/flyway-core-10.17.2.jar
      MD5: 21a2b0e8c32cc0dcfbc98dc36037b620
      SHA1: 26206c0d6164f965dd4bafd556734005a420eb9c
      SHA256:104f16acd144d37d83a2f65a45bda8f2c98b9a5c63a32fdc342b1f8ef55eb515
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      flyway-core-10.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.b3p.pmw/planmonitor-wonen-api@1.0.0-SNAPSHOT

      Identifiers

      flyway-database-postgresql-10.17.2.jar

      File Path: /home/runner/.m2/repository/org/flywaydb/flyway-database-postgresql/10.17.2/flyway-database-postgresql-10.17.2.jar
      MD5: bfe0ce65370c51e3dd429c6fb7d33507
      SHA1: 39211fea2f6998d98772da01bce5bfa769b23b63
      SHA256:b5f5fc0101f4e7f7da94a52ee6382b4d6dba187b1d61fd51256067265d7c23b7
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      flyway-database-postgresql-10.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.b3p.pmw/planmonitor-wonen-api@1.0.0-SNAPSHOT

      Identifiers

      gt-xml-32.1.jar

      Description:

      GTXML Schema Driven Parser

      License:

      Lesser General Public License (LGPL): http://www.gnu.org/copyleft/lesser.txt
      File Path: /home/runner/.m2/repository/org/geotools/gt-xml/32.1/gt-xml-32.1.jar
      MD5: a3d2e8cd7ab9733dfe15bbecca76c16e
      SHA1: c0c73c216aefe8584fff7d4b5ed7c43ebcce4210
      SHA256:6310de583c98e0e1a1922205dde16a896388a7f133c5af24eff6d81282e2db3b
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      gt-xml-32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers

      gt-xsd-core-32.1.jar

      Description:

      Schema based xml parsing. This module contains tools for creating 
        bindings from xml types to java types. Schema modelling is based 
        on Eclipse XSD.

      License:

      Lesser General Public License (LGPL): http://www.gnu.org/copyleft/lesser.txt
      File Path: /home/runner/.m2/repository/org/geotools/xsd/gt-xsd-core/32.1/gt-xsd-core-32.1.jar
      MD5: 63cdc4632d84cfab835c6b6074a47ab0
      SHA1: d30b924a0505b60c34c78a662f4f1fd34827d2f1
      SHA256:6192450142c44519b5fea9208ce2539d00e5b936e5f6c341cc2c4af018dcbd3f
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      gt-xsd-core-32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers

      hsqldb-2.7.3.jar

      Description:

      HSQLDB - Lightweight 100% Java SQL Database Engine

      License:

      HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
      File Path: /home/runner/.m2/repository/org/hsqldb/hsqldb/2.7.3/hsqldb-2.7.3.jar
      MD5: 724301ab61ff54755deec86c7a724505
      SHA1: 85b49338b36f3051d217295596cf92beb92e4bfb
      SHA256:6f2f77eedbe75cfbe26bf30d73b13de0cc57fb7cdb27a92ed8c1a012f0e2363a
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      hsqldb-2.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-epsg-hsql@32.1

      Identifiers

      httpclient-4.5.14.jar

      Description:

         Apache HttpComponents Client
        

      File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jar
      MD5: 2cb357c4b763f47e58af6cad47df6ba3
      SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98
      SHA256:c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      httpclient-4.5.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers

      httpcore-4.4.16.jar

      Description:

         Apache HttpComponents Core (blocking I/O)
        

      File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar
      MD5: 28d2cd9bf8789fd2ec774fb88436ebd1
      SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850
      SHA256:6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      httpcore-4.4.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers

      indriya-2.2.jar

      Description:

      Unit Standard (JSR 385) Reference Implementation.

      License:

      BSD 3-Clause: LICENSE
      File Path: /home/runner/.m2/repository/tech/units/indriya/2.2/indriya-2.2.jar
      MD5: cefa3a26996e4c70071d27a0c36603ea
      SHA1: 647a0e06d60346f3f3c48284f66d34b28ff83340
      SHA256:5b61eafd63fd235898dea0e5e614e9636c9d7783705a0c9f1794dd07e3a84b35
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      indriya-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      jackson-core-2.17.2.jar

      Description:

      Core Jackson processing abstractions (aka Streaming API), implementation for JSON

      License:

      The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.2/jackson-core-2.17.2.jar
      MD5: 50c2dab1f29136714d5ef5c6c640336c
      SHA1: 969a35cb35c86512acbadcdbbbfb044c877db814
      SHA256:721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      jackson-core-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.b3p.pmw/planmonitor-wonen-api@1.0.0-SNAPSHOT

      Identifiers

      jackson-databind-2.17.2.jar

      Description:

      General data-binding functionality for Jackson: works on core streaming API

      License:

      The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.2/jackson-databind-2.17.2.jar
      MD5: 3e1ff7c1f0fda885946619a47ef9d5de
      SHA1: e6deb029e5901e027c129341fac39e515066b68c
      SHA256:c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      jackson-databind-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.b3p.pmw/planmonitor-wonen-api@1.0.0-SNAPSHOT

      Identifiers

      jackson-dataformat-toml-2.17.2.jar

      Description:

      Support for reading and writing TOML-encoded data via Jackson abstractions.
          

      License:

      The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-toml/2.17.2/jackson-dataformat-toml-2.17.2.jar
      MD5: 8de66b34d5acdf8b26227df2aa148cdb
      SHA1: f085b1a94428c4546eef48f00cfa63286f54a8e2
      SHA256:bc7ecf3f1bf76a26daddf2c7ab4facc017ce6e8c5c8c6b8f29cb610494828017
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      jackson-dataformat-toml-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flywaydb/flyway-core@10.17.2

      Identifiers

      jai_core-1.1.3.jar

      Description:

      The Java Advanced Imaging API extends the Java 2 platform by allowing sophisticated, high-performance image processing to be incorporated into Java applets and applications. It is a set of classes providing imaging functionality beyond that of Java 2D and the Java Foundation classes, though it is designed for compatibility with those APIs. This API implements a set of core image processing capabilities including image tiling, regions of interest, deferred execution and a set of core image processing operators, including many common point, area, and frequency domain operators.

      License:

      JDL (Java Distribution License): https://jai.dev.java.net/jdl-jai.pdf
      File Path: /home/runner/.m2/repository/javax/media/jai_core/1.1.3/jai_core-1.1.3.jar
      MD5: f398bc038307ee434bac1b93ba3ab02d
      SHA1: b179d2efb1174658483e8b41bf4ac9d2eb5de438
      SHA256:8b696cf067533545f44c2f68339e24ab1a2669153ed2081aa5be8749f4d592bf
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      jai_core-1.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      jakarta.annotation-api-2.1.1.jar

      Description:

      Jakarta Annotations API

      License:

      EPL 2.0: http://www.eclipse.org/legal/epl-2.0
      GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
      File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
      MD5: 5dac2f68e8288d0add4dc92cb161711d
      SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
      SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      jakarta.inject-api-2.0.1.jar

      Description:

      Jakarta Dependency Injection

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar
      MD5: 72003bf6efcc8455d414bbd7da86c11c
      SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
      SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      jakarta.inject-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      jgridshift-core-1.3.jar

      File Path: /home/runner/.m2/repository/it/geosolutions/jgridshift/jgridshift-core/1.3/jgridshift-core-1.3.jar
      MD5: 04a57b57bb0654b3d603eaaa748de563
      SHA1: 314702a7b6e634e1c74589983a6762974b9c51c8
      SHA256:303eb6a6f6f87369f6b9e3dcacefd6f9b0ad55920cd65a7f162ab9a23401c722
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      jgridshift-core-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      jts-core-1.20.0.jar

      Description:

      The JTS Topology Suite is an API for 2D linear geometry predicates and functions.

      License:

      https://github.com/locationtech/jts/blob/master/LICENSE_EPLv2.txt, https://github.com/locationtech/jts/blob/master/LICENSE_EDLv1.txt
      File Path: /home/runner/.m2/repository/org/locationtech/jts/jts-core/1.20.0/jts-core-1.20.0.jar
      MD5: 8de91edea80ac2de00c07226458649fb
      SHA1: 25b72c9548a328cb1aea8a6b89d710a31ade5403
      SHA256:6a783d8f9dba3d3cf7265435f134402f63c05838aa6cbcc4297ad3a5b2842baf
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      jts-core-1.20.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      jul-to-slf4j-2.0.16.jar

      Description:

      JUL to SLF4J bridge

      License:

      http://www.opensource.org/licenses/mit-license.php
      File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar
      MD5: 410ad2f2230e0150216d86e12a4af995
      SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a
      SHA256:0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      log4j-api-2.23.1.jar

      Description:

      The Apache Log4j API

      License:

      Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.23.1/log4j-api-2.23.1.jar
      MD5: bee2e2dcbeeb983bdb6b71c9c3476b6a
      SHA1: 9c15c29c526d9c6783049c0a77722693c66706e1
      SHA256:92ec1fd36ab3bc09de6198d2d7c0914685c0f7127ea931acc32fd2ecdd82ea89
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      log4j-api-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      log4j-to-slf4j-2.23.1.jar

      Description:

      The Apache Log4j binding between Log4j 2 API and SLF4J.

      License:

      Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.23.1/log4j-to-slf4j-2.23.1.jar
      MD5: d60143628bb91f9dfa0148c213388b39
      SHA1: 425ad1eb8a39904d2830e907a324e956fb456520
      SHA256:7937a84055156910234e3b42868f55e68ff4b7becbb6ffd10146f72f5bf54dd5
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      log4j-to-slf4j-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      logback-core-1.5.11.jar

      Description:

      logback-core module

      License:

      http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
      File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.11/logback-core-1.5.11.jar
      MD5: cfba493f06b32d0b225ccb6015bc1170
      SHA1: 727bdb8dc75b6c392f9be56224503948abc248e8
      SHA256:e0f242aa3c4411ce8c7ec304a5afeaa75224680890f5f813153ef807cbb9542e
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      logback-core-1.5.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      micrometer-core-1.13.6.jar

      Description:

      Core module of Micrometer containing instrumentation API and implementation

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/io/micrometer/micrometer-core/1.13.6/micrometer-core-1.13.6.jar
      MD5: 51181ad9a7aee015a3bbcc34e5106df4
      SHA1: 7620ca432f0e499bce51169e2f80c9ffee069d57
      SHA256:35966fbdcd552864729a2c136e0dff23683b5c3bc5ff701146c3e9f2098f28e7
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      micrometer-core-1.13.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6

      Identifiers

      micrometer-registry-prometheus-1.13.6.jar

      Description:

      MeterRegistry implementation for Prometheus using io.prometheus:prometheus-metrics-core. If you have compatibility issues with this module, you can go back to io.micrometer:micrometer-registry-prometheus-simpleclient that uses io.prometheus:simpleclient_common.

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/io/micrometer/micrometer-registry-prometheus/1.13.6/micrometer-registry-prometheus-1.13.6.jar
      MD5: 75ba5055b55e52cbf2619ee3742892f1
      SHA1: 92467f0a3b741e3718ad61185304432e5ca5e7a6
      SHA256:2a84a0864fe694a560771519d8a0a7650d82f6b83287c87d13f4a6944cf0c866
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      micrometer-registry-prometheus-1.13.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.b3p.pmw/planmonitor-wonen-api@1.0.0-SNAPSHOT

      Identifiers

      net.opengis.fes-32.1.jar

      Description:

      Filter Encoding Specification Schema EMF Model

      File Path: /home/runner/.m2/repository/org/geotools/ogc/net.opengis.fes/32.1/net.opengis.fes-32.1.jar
      MD5: 5a73e2692046264b27c390bbf18ef117
      SHA1: 50fd4a8ca0dea427596069001813a41083d90531
      SHA256:3fd65a977551d33ffb2ce7790c2d29009ddde57df8c895b16dc6c716eaf1c982
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      net.opengis.fes-32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers

      org.eclipse.emf.ecore-2.15.0.jar

      Description:

      EMF Ecore

      License:

      The Eclipse Public License Version 1.0: http://www.eclipse.org/legal/epl-v10.html
      File Path: /home/runner/.m2/repository/org/eclipse/emf/org.eclipse.emf.ecore/2.15.0/org.eclipse.emf.ecore-2.15.0.jar
      MD5: 566797e186b122fb2cb64a699b1c2d2b
      SHA1: ccfc09c8b6a0d4fadde09216d8a07678d38998de
      SHA256:d5e3c25344fe27f14f514f5d6deb6e9cc3f6153fa462361261a8d49a3dfe9bbf
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      org.eclipse.emf.ecore-2.15.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers

      CVE-2023-4218  

      In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
      
      CWE-611 Improper Restriction of XML External Entity Reference

      CVSSv3:
      • Base Score: MEDIUM (5.0)
      • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      org.eclipse.xsd-2.12.0.jar

      Description:

      http://www.eclipse.org

      License:

      The Eclipse Public License Version 1.0: http://www.eclipse.org/legal/epl-v10.html
      File Path: /home/runner/.m2/repository/org/eclipse/xsd/org.eclipse.xsd/2.12.0/org.eclipse.xsd-2.12.0.jar
      MD5: 75fa52ffcf1c5d0d9f85ca9aa7a0e3de
      SHA1: 1d4c0da59535d3b79e73a91b1f161c97d3103668
      SHA256:0cbded7b090a2205c367b6d08f6ab32dc6857265b87673a4e51b77301ef1b953
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      org.eclipse.xsd-2.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers

      CVE-2023-4218  

      In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
      
      CWE-611 Improper Restriction of XML External Entity Reference

      CVSSv3:
      • Base Score: MEDIUM (5.0)
      • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      org.w3.xlink-32.1.jar

      Description:

      Xlink Schema EMF Model

      File Path: /home/runner/.m2/repository/org/geotools/ogc/org.w3.xlink/32.1/org.w3.xlink-32.1.jar
      MD5: 90f71a123fe8694faac4f066b1a9d44c
      SHA1: 30bd799d3cd1bc38628c04aadf5fc8a734896aa1
      SHA256:59af5c1088e4e91e1ee132a6ee90d26db7ae35df16e34b1c103d2ceedb39fe97
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      org.w3.xlink-32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers

      picocontainer-1.2.jar

      Description:

      Please refer to the main website for documentation.

      File Path: /home/runner/.m2/repository/picocontainer/picocontainer/1.2/picocontainer-1.2.jar
      MD5: 3e2dea8daea96da71724cae35da4cc0c
      SHA1: c55e869dcdddd735acd8789b74863cde8d15d444
      SHA256:d729282e385ed351684e649e261b5b02399327c4713c6b100f122942f923412f
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      picocontainer-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers

      postgresql-42.7.4.jar

      Description:

      PostgreSQL JDBC Driver Postgresql

      License:

      BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
      File Path: /home/runner/.m2/repository/org/postgresql/postgresql/42.7.4/postgresql-42.7.4.jar
      MD5: ef7e9be503b5c6243697d628fb196cad
      SHA1: 264310fd7b2cd76738787dc0b9f7ea2e3b11adc1
      SHA256:188976721ead8e8627eb6d8389d500dccc0c9bebd885268a3047180274a6031e
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      postgresql-42.7.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.b3p.pmw/planmonitor-wonen-api@1.0.0-SNAPSHOT

      Identifiers

      prometheus-metrics-config-1.2.1.jar

      Description:

              Configuration for Prometheus metrics and exposition formats.
          

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/io/prometheus/prometheus-metrics-config/1.2.1/prometheus-metrics-config-1.2.1.jar
      MD5: 88d8f9b9640588bac87e27ea61513050
      SHA1: bcccb14176161671c4cb858b0ca50d680237fdbe
      SHA256:b9fb02ef15e63d02aedea7fc57b3bdeae4dcfc91c905af60fffe66b8950f951f
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      prometheus-metrics-config-1.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6

      Identifiers

      prometheus-metrics-core-1.2.1.jar

      Description:

              Core Prometheus metric types
          

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/io/prometheus/prometheus-metrics-core/1.2.1/prometheus-metrics-core-1.2.1.jar
      MD5: ad9629ea22769f13aff56afaecd8a28b
      SHA1: 362330b5934a128e91e331f1497cd275fec1a81c
      SHA256:47ae6ba7f38550637c9d6a0e83b7959cd974ace32b60beb948f91d2edb35461b
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      prometheus-metrics-core-1.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6

      Identifiers

      prometheus-metrics-exposition-formats-1.2.1.jar

      Description:

              Prometheus exposition formats.
          

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/io/prometheus/prometheus-metrics-exposition-formats/1.2.1/prometheus-metrics-exposition-formats-1.2.1.jar
      MD5: 153a1d7a7e61f0cda873a7c1782d6819
      SHA1: 64190364467197c39bcc296ec80a99f6c979a7dc
      SHA256:c618f0210980d6272fefcd76b2964883380a828ba6fc399a9bf84253d5d39107
      Referenced In Project/Scope: Planmonitor Wonen API:runtime
      prometheus-metrics-exposition-formats-1.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6

      Identifiers

      prometheus-metrics-model-1.2.1.jar

      Description:

              Data model for read-only immutable Prometheus metrics snapshots.
          

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/io/prometheus/prometheus-metrics-model/1.2.1/prometheus-metrics-model-1.2.1.jar
      MD5: 3183f9c7748cf28ef38ac7bdcb441e05
      SHA1: 99caac1a3f974de6bc9882fbf6a09ea055733c7b
      SHA256:3520279e1fa7fbf0febd32b3a68863e389f32a152062e6627aff5a20c8408061
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      prometheus-metrics-model-1.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6

      Identifiers

      prometheus-metrics-shaded-protobuf-1.2.1.jar

      Description:

              Shaded (reolocated to another package) dependencies for the Protobuf library used to create the Prometheus
              Protobuf format
          

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/io/prometheus/prometheus-metrics-shaded-protobuf/1.2.1/prometheus-metrics-shaded-protobuf-1.2.1.jar
      MD5: 798d9caf489a86be67e3b0e1eba6e3c5
      SHA1: 2b8ace486645dbaba1f3a694bd3a081f4d7a3aa5
      SHA256:e6060c7ef59fcf1c110677b01a96e4a08ab23d138700a6e2d0999163122750e1
      Referenced In Project/Scope: Planmonitor Wonen API:runtime
      prometheus-metrics-shaded-protobuf-1.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6

      Identifiers

      prometheus-metrics-tracer-common-1.2.1.jar

      Description:

          Common Module for Prometheus integrations with distributed tracing libraries.
        

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/io/prometheus/prometheus-metrics-tracer-common/1.2.1/prometheus-metrics-tracer-common-1.2.1.jar
      MD5: a0818de6ef86484d332d9cc3dede9d9b
      SHA1: 74cc4ac3226a3937d6e5c74c06454258e7901cec
      SHA256:c55e5d5272518e9cb468b13f252f828565b976ec78b8470cd7c622dc201ca82d
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      prometheus-metrics-tracer-common-1.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.6

      Identifiers

      re2j-1.6.jar

      Description:

      Linear time regular expressions for Java

      License:

      Go License: https://golang.org/LICENSE
      File Path: /home/runner/.m2/repository/com/google/re2j/re2j/1.6/re2j-1.6.jar
      MD5: 5f4aed37b6b18b402b2790160a50cd13
      SHA1: a13e879fd7971738d06020fefeb108cc14e14169
      SHA256:c8b5c3472d4db594a865b2e47f835d07fb8b1415eeba559dccfb0a6945f033cd
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      re2j-1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      si-quantity-2.1.jar

      Description:

      Units of Measurement SI (Système International d'Unités)

      License:

      https://opensource.org/licenses/BSD-3-Clause
      File Path: /home/runner/.m2/repository/si/uom/si-quantity/2.1/si-quantity-2.1.jar
      MD5: 79685f60efca0051a6c579e1f1522542
      SHA1: 5617d2cf30898ffcc760807009fe947483bd867b
      SHA256:2cdcfd3e5395db5576f5efc0f224b5bbd0731f3ec7552afee6ee7b63a4f65820
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      si-quantity-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      si-units-2.1.jar

      Description:

      "Units of Measurement SI (Système International d'Unités)"

      License:

      "BSD 3-Clause";link="https://opensource.org/licenses/BSD-3-Clause"
      File Path: /home/runner/.m2/repository/si/uom/si-units/2.1/si-units-2.1.jar
      MD5: 43abf4b896da58d8bca0e87f412a8457
      SHA1: 7e812192ff1abbef6c79123249840c42b4e145d4
      SHA256:491ed9956ddf4b2e30180b087e1f6fb51debccb6d46785ae0d52026342013c51
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      si-units-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      slf4j-api-2.0.16.jar

      Description:

      The slf4j API

      License:

      http://www.opensource.org/licenses/mit-license.php
      File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
      MD5: c8de8f5d740584cb24b5652cfba8b3c4
      SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
      SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-jdbc@3.3.5

      Identifiers

      snakeyaml-2.2.jar

      Description:

      YAML 1.1 parser and emitter for Java

      License:

      Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
      MD5: d78aacf5f2de5b52f1a327470efd1ad7
      SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
      SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      spring-boot-3.3.5.jar

      Description:

      Spring Boot

      License:

      Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
      File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/3.3.5/spring-boot-3.3.5.jar
      MD5: 1fd61eea0bc1381ce479c63d9ce2910e
      SHA1: 1a0d1dc425d445503bd01c9aa3683aaebc524e3b
      SHA256:6a4a5c8a5b58c209705881e487b49445679ab69c858623fef700f634e24eb9c2
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      spring-boot-3.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      spring-boot-starter-web-3.3.5.jar

      Description:

      Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

      License:

      Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
      File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.3.5/spring-boot-starter-web-3.3.5.jar
      MD5: e6478322bec747283e2165acf757cf77
      SHA1: 51cc6cd5fb15f4eecfadea4ac689ed290e65c2cc
      SHA256:ae05f9cb1abee7d296df9b66ce147ad8c8d9a70850bc8d17dcf8af5d5a1e31b1
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      spring-boot-starter-web-3.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.b3p.pmw/planmonitor-wonen-api@1.0.0-SNAPSHOT

      Identifiers

      spring-core-6.1.14.jar

      Description:

      Spring Core

      License:

      Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
      File Path: /home/runner/.m2/repository/org/springframework/spring-core/6.1.14/spring-core-6.1.14.jar
      MD5: ade8db4ec4caaac31838585ed70f2246
      SHA1: 45d2d808015bf6c5411e457fa09e843042dc3a76
      SHA256:e15a1179fc9642ffed13ca55e2863e2da524ccd1083b7c6f1b5cfd5733f3b2c5
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      spring-core-6.1.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.5

      Identifiers

      spring-security-core-6.3.4.jar

      Description:

      Spring Security

      License:

      Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
      File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/6.3.4/spring-security-core-6.3.4.jar
      MD5: faf2244250a17a2f80b3c5766623e15d
      SHA1: b090f940b1db00f58f5cad0675ce82670cc75904
      SHA256:81d8125481af81c667aa19c5f5bbbe02b4d65d16bb0c78a2642c0d2ae4f05622
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      spring-security-core-6.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.security/spring-security-test@6.3.4

      Identifiers

      spring-security-web-6.3.4.jar

      Description:

      Spring Security

      License:

      Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
      File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/6.3.4/spring-security-web-6.3.4.jar
      MD5: be09e80b9f0c2d8ea2bc64869a1e0716
      SHA1: d0b9e554c0cc3291086a53e3537935b820d82742
      SHA256:b15e61386643e91e8952affc336e31880c5795adede8de83648156bd9647ecb7
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      spring-security-web-6.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-security@3.3.5

      Identifiers

      spring-web-6.1.14.jar

      Description:

      Spring Web

      License:

      Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
      File Path: /home/runner/.m2/repository/org/springframework/spring-web/6.1.14/spring-web-6.1.14.jar
      MD5: 60eeffc4f82256cbbd08ac976f24e250
      SHA1: b45eaad7df4f37ce224acdcb555a6a3dd5c246b2
      SHA256:8fbbd95e27361aa9f656bee18d32bad062b4210d584909893cbc83dd9c64f472
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      spring-web-6.1.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      systems-common-2.1.jar

      Description:

      Parent POM for Unit Systems

      License:

      BSD;link=LICENSE
      File Path: /home/runner/.m2/repository/systems/uom/systems-common/2.1/systems-common-2.1.jar
      MD5: 8c3a56e267bbd26bb947c826e51bee2b
      SHA1: a173cc6f1fedc8b32498d6cc9599251baa72de27
      SHA256:b3cc1f3e604dcd18d3bba266db5fd01744bbd6b02f147377d4016585ba375cff
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      systems-common-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      tomcat-embed-core-10.1.31.jar

      Description:

      Core Tomcat implementation

      License:

      Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.31/tomcat-embed-core-10.1.31.jar
      MD5: 45e6600ff27fbef8cac1a76e264a820f
      SHA1: a91cc0a95157228d9cccb1a9e8fb9c77c048c937
      SHA256:7f87f59ca35642cdda2f33bb9ecebe9754071b4d836c555966db8ca7f20c242b
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      tomcat-embed-core-10.1.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      tomcat-embed-el-10.1.31.jar

      Description:

      Core Tomcat implementation

      License:

      Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.31/tomcat-embed-el-10.1.31.jar
      MD5: 3c2f7a4f7b4289225c8f6494ae4d7259
      SHA1: ab21108d69bb42160eff7b905f606a1d0c21ae67
      SHA256:0e120a96d333acf0e58fb4b74584e85fe41358225440cc4c2dee958f738d07b9
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      tomcat-embed-el-10.1.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.5

      Identifiers

      unit-api-2.2.jar

      Description:

      Units of Measurement Standard - This JSR specifies Java
              packages for modeling and working with measurement values, quantities
              and their corresponding units.

      License:

      BSD 3-Clause: LICENSE
      File Path: /home/runner/.m2/repository/javax/measure/unit-api/2.2/unit-api-2.2.jar
      MD5: 6cbc2bae2cb63cb4f85c5a187ee7dda2
      SHA1: 2b624f7334b94a82c74cb954ede9fb1179b8d30c
      SHA256:667487e1ee57298cdc767885f00b86c899b2fe7e72dc00b6560a6aa64f2bc9c4
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      unit-api-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      uom-lib-common-2.2.jar

      Description:

      Units Common Library

      License:

      BSD: LICENSE
      File Path: /home/runner/.m2/repository/tech/uom/lib/uom-lib-common/2.2/uom-lib-common-2.2.jar
      MD5: eb6a1296ea160f731ac81ab8a2c7fed7
      SHA1: 94a52abfdad3935c3769b4caab3ce9d384d8fb4e
      SHA256:a01ece1c236b7b15a431b0383bdddf06dc6d7a85290e9a62b63904e1e4e0dc0d
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      uom-lib-common-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-main@32.1

      Identifiers

      xml-commons-resolver-1.2.jar

      File Path: /home/runner/.m2/repository/org/apache/xml/xml-commons-resolver/1.2/xml-commons-resolver-1.2.jar
      MD5: 706c533146c1f4ee46b66659ea14583a
      SHA1: 3d0f97750b3a03e0971831566067754ba4bfd68c
      SHA256:47dcde8986019314ef78ae7280a94973a21d2ed95075a40a000b42da956429e1
      Referenced In Project/Scope: Planmonitor Wonen API:compile
      xml-commons-resolver-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.geotools/gt-wfs-ng@32.1

      Identifiers



      This report contains data retrieved from the National Vulnerability Database.
      This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
      This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
      This report may contain data retrieved from RetireJS.
      This report may contain data retrieved from the Sonatype OSS Index.