Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 3.1.0
Report Generated On: May 6, 2019 at 08:58:09 +00:00
Dependencies Scanned: 2 (2 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE 2002: 02/05/2019 09:15:31
NVD CVE 2003: 04/05/2019 08:45:56
NVD CVE 2004: 01/05/2019 09:15:33
NVD CVE 2005: 02/05/2019 09:15:32
NVD CVE 2006: 04/05/2019 08:45:56
NVD CVE 2007: 04/05/2019 08:45:56
NVD CVE 2008: 04/05/2019 08:45:57
NVD CVE 2009: 04/05/2019 08:45:57
NVD CVE 2010: 04/05/2019 08:45:57
NVD CVE 2011: 04/05/2019 08:45:57
NVD CVE 2012: 04/05/2019 08:15:38
NVD CVE 2013: 04/05/2019 08:15:39
NVD CVE 2014: 04/05/2019 08:15:39
NVD CVE 2015: 04/05/2019 08:15:39
NVD CVE 2016: 04/05/2019 08:15:39
NVD CVE 2017: 06/05/2019 07:45:39
NVD CVE 2018: 06/05/2019 07:45:39
NVD CVE 2019: 06/05/2019 07:15:28
NVD CVE Checked: 06/05/2019 08:56:14
NVD CVE Modified: 06/05/2019 05:15:31
VersionCheckOn: 1557132974884

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	CPE	Coordinates	Highest Severity	CVE Count	CPE Confidence	Evidence Count
gson-2.8.2.jar		com.google.code.gson:gson:2.8.2 ✓		0		29
extension-0.1.0-SNAPSHOT.jar		org.sw4j.gson:extension:0.1.0-SNAPSHOT		0		27

Dependencies

gson-2.8.2.jar

Description: Gson JSON library

File Path: /root/.m2/repository/com/google/code/gson/gson/2.8.2/gson-2.8.2.jar
MD5: 2330bde3467e7cfec44d38e74f27dab8
SHA1: 3edcfe49d2c6053a70a2a47e4e1c2f94998a49cf
Referenced In Project/Scope: HAR Reader:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	manifest	Bundle-Description	Gson JSON library	Medium
Vendor	pom	name	Gson	High
Vendor	central	groupid	com.google.code.gson	Highest
Vendor	file	name	gson	High
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	pom	artifactid	gson	Low
Vendor	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	parent-artifactid	gson-parent	Low
Vendor	pom	parent-groupid	com.google.code.gson	Medium
Vendor	Manifest	bundle-symbolicname	com.google.gson	Medium
Vendor	pom	groupid	google.code.gson	Highest
Product	pom	groupid	google.code.gson	Low
Product	manifest	Bundle-Description	Gson JSON library	Medium
Product	pom	artifactid	gson	Highest
Product	pom	name	Gson	High
Product	pom	parent-artifactid	gson-parent	Medium
Product	pom	parent-groupid	com.google.code.gson	Low
Product	file	name	gson	High
Product	Manifest	Bundle-Name	Gson	Medium
Product	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	central	artifactid	gson	Highest
Product	Manifest	bundle-symbolicname	com.google.gson	Medium
Version	central	version	2.8.2	Highest
Version	file	version	2.8.2	Highest
Version	pom	version	2.8.2	Highest

Identifiers

maven: com.google.code.gson:gson:2.8.2 ✓ Confidence:Highest

extension-0.1.0-SNAPSHOT.jar

Description: Extension classes for the Gson library.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/org/sw4j/gson/extension/0.1.0-SNAPSHOT/extension-0.1.0-SNAPSHOT.jar
MD5: cac222634e24fdbd57830918e790d7d2
SHA1: 3e0207bcbfa334e1f5159dbf4aae3d3fb08d60b7
Referenced In Project/Scope: HAR Reader:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-artifactid	parent	Low
Vendor	pom	artifactid	extension	Low
Vendor	pom	parent-groupid	org.sw4j	Medium
Vendor	file	name	extension	High
Vendor	jar	package name	adapter	Low
Vendor	pom	name	Gson Extension	High
Vendor	jar	package name	gson	Low
Vendor	jar	package name	sw4j	Low
Vendor	pom	groupid	org.sw4j.gson	Highest
Vendor	pom	url	https://gson-extension.sw4j.org/	Highest
Vendor	pom	description	Extension classes for the Gson library.	Medium
Vendor	pom	groupid	sw4j.gson	Highest
Product	pom	groupid	sw4j.gson	Low
Product	pom	name	Gson Extension	High
Product	jar	package name	gson	Low
Product	pom	parent-artifactid	parent	Medium
Product	pom	parent-groupid	org.sw4j	Low
Product	file	name	extension	High
Product	pom	description	Extension classes for the Gson library.	Medium
Product	pom	url	https://gson-extension.sw4j.org/	Medium
Product	jar	package name	offsetdatetimeadapter	Low
Product	pom	artifactid	extension	Highest
Product	jar	package name	adapter	Low
Version	pom	version	0.1.0-SNAPSHOT	Highest
Version	pom	version	0.1.0-20181017.183443-17	Highest
Version	file	version	0.1.0	Highest
Version	file	name	extension	Medium

Identifiers

maven: org.sw4j.gson:extension:0.1.0-SNAPSHOT Confidence:High

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: HAR Reader

Dependencies

gson-2.8.2.jar

Evidence

Identifiers

extension-0.1.0-SNAPSHOT.jar

Evidence

Identifiers