Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 3.0.2
Report Generated On: Apr 16, 2019 at 08:36:52 -04:00
Dependencies Scanned: 3 (3 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE 2002: 26/03/2019 04:46:16
NVD CVE 2003: 11/04/2019 04:16:16
NVD CVE 2004: 12/04/2019 04:16:11
NVD CVE 2005: 12/04/2019 04:16:11
NVD CVE 2006: 11/04/2019 04:16:17
NVD CVE 2007: 11/04/2019 04:16:17
NVD CVE 2008: 11/04/2019 04:16:17
NVD CVE 2009: 11/04/2019 04:16:17
NVD CVE 2010: 10/04/2019 04:16:23
NVD CVE 2011: 11/04/2019 04:16:17
NVD CVE 2012: 11/04/2019 04:16:18
NVD CVE 2013: 11/04/2019 03:46:32
NVD CVE 2014: 12/04/2019 04:16:12
NVD CVE 2015: 12/04/2019 03:46:35
NVD CVE 2016: 12/04/2019 03:46:38
NVD CVE 2017: 12/04/2019 03:46:39
NVD CVE 2018: 12/04/2019 03:46:41
NVD CVE 2019: 12/04/2019 03:16:10
NVD CVE Checked: 16/04/2019 07:41:26
NVD CVE Modified: 16/04/2019 06:16:17
VersionCheckOn: 1555183129408

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	GAV	Evidence Count
json-20160810.jar	org.json:json:20160810 ✓	25
gson-2.8.0.jar	com.google.code.gson:gson:2.8.0 ✓	23
jcip-annotations-1.0.jar	net.jcip:jcip-annotations:1.0 ✓	20

Dependencies

json-20160810.jar

Description: JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/ The files in this package implement JSON encoders/decoders in Java. It also includes the capability to convert between JSON and XML, HTTP headers, Cookies, and CDL. This is a reference implementation. There is a large number of JSON packages in Java. Perhaps someday the Java community will standardize on one. Until then, choose carefully. The license includes this restriction: "The software shall be used for good, not evil." If your conscience cannot live with that, then choose a different package.

License:

The JSON License: http://json.org/license.html

File Path: C:\Users\v094303\.m2\repository\org\json\json\20160810\json-20160810.jar
MD5: 2f7f899f0766e65017744a4c4fc14d46
SHA1: aca5eb39e2a12fddd6c472b240afe9ebea3a6733
Referenced In Project/Scope: element-path-finder:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	JSON in Java	High
Vendor	Manifest	bundle-symbolicname	json	Medium
Vendor	pom	artifactid	json	Low
Vendor	pom	groupid	org.json	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	description	JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/ The files in this package implement JSON encoders/decoders in Java. It also includes the capability to convert between JSON and XML, HTTP headers, Cookies, and CDL. This is a reference implementation. There is a large number of JSON packages in Java. Perhaps someday the Java community will standardize on one. Until then, choose carefully. The license includes this restriction: "The software shall be used for good, not evil." If your conscience cannot live with that, then choose a different package.	Low
Vendor	pom	url	douglascrockford/JSON-java	Highest
Vendor	manifest	Bundle-Description	JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/ The files in this package implement JSON encoders/decoders in Java. It also includes the capability to convert between JSON and XML, HTTP headers, Cookies, and CDL. This is a reference implementation. There is a large number of JSON packages in Java. Perhaps someday the Java community will standardize on one. Until then, choose carefully. The license includes this restriction: "The software shall be used for good, not evil." If your conscience cannot live with that, then choose a different package.	Low
Vendor	pom	groupid	json	Highest
Vendor	central	groupid	org.json	Highest
Vendor	file	name	json-20160810	High
Product	pom	name	JSON in Java	High
Product	pom	url	douglascrockford/JSON-java	High
Product	Manifest	bundle-symbolicname	json	Medium
Product	pom	artifactid	json	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	Bundle-Name	JSON in Java	Medium
Product	pom	groupid	json	Low
Product	pom	description	JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/ The files in this package implement JSON encoders/decoders in Java. It also includes the capability to convert between JSON and XML, HTTP headers, Cookies, and CDL. This is a reference implementation. There is a large number of JSON packages in Java. Perhaps someday the Java community will standardize on one. Until then, choose carefully. The license includes this restriction: "The software shall be used for good, not evil." If your conscience cannot live with that, then choose a different package.	Low
Product	manifest	Bundle-Description	JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/ The files in this package implement JSON encoders/decoders in Java. It also includes the capability to convert between JSON and XML, HTTP headers, Cookies, and CDL. This is a reference implementation. There is a large number of JSON packages in Java. Perhaps someday the Java community will standardize on one. Until then, choose carefully. The license includes this restriction: "The software shall be used for good, not evil." If your conscience cannot live with that, then choose a different package.	Low
Product	file	name	json-20160810	High
Product	central	artifactid	json	Highest
Version	pom	version	20160810	Highest
Version	file	version	20160810	Medium
Version	central	version	20160810	Highest

Identifiers

maven: org.json:json:20160810 ✓ Confidence:Highest

gson-2.8.0.jar

File Path: C:\Users\v094303\.m2\repository\com\google\code\gson\gson\2.8.0\gson-2.8.0.jar
MD5: a42f1f5bfa4e6f123ddcab3de7e0ff81
SHA1: c4ba5371a29ac9b2ad6129b1d39ea38750043eff
Referenced In Project/Scope: element-path-finder:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	pom	parent-artifactid	gson-parent	Low
Vendor	file	name	gson	High
Vendor	pom	parent-groupid	com.google.code.gson	Medium
Vendor	jar	package name	google	Low
Vendor	jar	package name	gson	Low
Vendor	pom	groupid	google.code.gson	Highest
Vendor	jar	package name	internal	Low
Vendor	pom	artifactid	gson	Low
Vendor	pom	name	Gson	High
Vendor	central	groupid	com.google.code.gson	Highest
Product	pom	artifactid	gson	Highest
Product	file	name	gson	High
Product	pom	parent-groupid	com.google.code.gson	Low
Product	jar	package name	gson	Low
Product	jar	package name	internal	Low
Product	pom	groupid	google.code.gson	Low
Product	pom	parent-artifactid	gson-parent	Medium
Product	pom	name	Gson	High
Product	central	artifactid	gson	Highest
Version	pom	version	2.8.0	Highest
Version	file	version	2.8.0	Highest
Version	central	version	2.8.0	Highest

Identifiers

maven: com.google.code.gson:gson:2.8.0 ✓ Confidence:Highest

jcip-annotations-1.0.jar

File Path: C:\Users\v094303\.m2\repository\net\jcip\jcip-annotations\1.0\jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
Referenced In Project/Scope: element-path-finder:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	http://jcip.net/	Highest
Vendor	jar	package name	net	Low
Vendor	jar	package name	annotations	Low
Vendor	file	name	jcip-annotations	High
Vendor	central	groupid	net.jcip	Highest
Vendor	pom	name	"Java Concurrency in Practice" book annotations	High
Vendor	pom	groupid	net.jcip	Highest
Vendor	jar	package name	jcip	Low
Vendor	pom	artifactid	jcip-annotations	Low
Product	jar	package name	annotations	Low
Product	pom	artifactid	jcip-annotations	Highest
Product	file	name	jcip-annotations	High
Product	pom	groupid	net.jcip	Low
Product	central	artifactid	jcip-annotations	Highest
Product	pom	name	"Java Concurrency in Practice" book annotations	High
Product	jar	package name	jcip	Low
Product	pom	url	http://jcip.net/	Medium
Version	file	version	1.0	Highest
Version	central	version	1.0	Highest
Version	pom	version	1.0	Highest

Identifiers

maven: net.jcip:jcip-annotations:1.0 ✓ Confidence:Highest

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: element-path-finder

Dependencies

json-20160810.jar

Evidence

Identifiers

gson-2.8.0.jar

Evidence

Identifiers

jcip-annotations-1.0.jar

Evidence

Identifiers