Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Operating System and Hardware Information

com.github.oshi:oshi-parent:6.6.1

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
jackson-core-2.17.1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.1 0Low47
jackson-databind-2.17.1.jarcpe:2.3:a:fasterxml:jackson-databind:2.17.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.1:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.1 0Highest41
jfreechart-1.5.4.jarcpe:2.3:a:time_project:time:1.5.4:*:*:*:*:*:*:*pkg:maven/org.jfree/jfreechart@1.5.4HIGH3Low37
jna-5.14.0.jarcpe:2.3:a:oracle:java_se:5.14.0:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.14.0 0Low48
jna-jpms-5.14.0.jar: jnidispatch.dll 02
jna-jpms-5.14.0.jar: jnidispatch.dll 02
jna-jpms-5.14.0.jar: jnidispatch.dll 02
jna-platform-5.14.0.jarpkg:maven/net.java.dev.jna/jna-platform@5.14.0 044
jna-platform-jpms-5.14.0.jarpkg:maven/net.java.dev.jna/jna-platform-jpms@5.14.0 044
slf4j-api-2.0.13.jarpkg:maven/org.slf4j/slf4j-api@2.0.13 029
slf4j-simple-2.0.13.jarpkg:maven/org.slf4j/slf4j-simple@2.0.13 037

Dependencies (vulnerable)

jackson-core-2.17.1.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.1/jackson-core-2.17.1.jar
MD5: 9363584821290882417f1c3ceab784df
SHA1: 5e52a11644cd59a28ef79f02bddc2cc3bab45edb
SHA256:ddb26c8a1f1a84535e8213c48b35b253370434e3287b3cf15777856fc4e58ce6
Referenced In Projects/Scopes:
  • oshi-demo:compile
  • oshi-dist:compile

jackson-core-2.17.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.oshi/oshi-demo@6.6.1
  • pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.1

Identifiers

jackson-databind-2.17.1.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.1/jackson-databind-2.17.1.jar
MD5: f0a1c37dc7d937f14e183d84f15c0f83
SHA1: 0524dcbcccdde7d45a679dfc333e4763feb09079
SHA256:b6ca2f7d5b1ab245cec5495ec339773d2d90554c48592590673fb18f4400a948
Referenced In Projects/Scopes:
  • oshi-demo:compile
  • oshi-dist:compile

jackson-databind-2.17.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.oshi/oshi-demo@6.6.1
  • pkg:maven/com.github.oshi/oshi-demo@6.6.1

Identifiers

jfreechart-1.5.4.jar

Description:

        JFreeChart is a class library, written in Java, for generating charts. 
        Utilising the Java2D API, it supports a wide range of chart types including
        bar charts, pie charts, line charts, XY-plots, time series plots, Sankey charts
        and more.
    

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/runner/.m2/repository/org/jfree/jfreechart/1.5.4/jfreechart-1.5.4.jar
MD5: 36e760314d688997c7e5ad135a3efc44
SHA1: 9a5edddb05a3ca4fbc0628c594e6641a6f36a3b4
SHA256:cd0649b04b64f2638b55c7c3ac24788ff064b777bbbaf1b952f82ee078ed8b81
Referenced In Projects/Scopes:
  • oshi-demo:compile
  • oshi-dist:compile

jfreechart-1.5.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.oshi/oshi-demo@6.6.1
  • pkg:maven/com.github.oshi/oshi-demo@6.6.1

Identifiers

CVE-2023-52070 (OSSINDEX)  

JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-129 Improper Validation of Array Index

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:*

CVE-2024-22949 (OSSINDEX)  

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-476 NULL Pointer Dereference

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:*

CVE-2024-23076 (OSSINDEX)  

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-476 NULL Pointer Dereference

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:*

jna-5.14.0.jar

Description:

Java Native Access

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar
MD5: 8b3cc652920435ad9f801e6d9b2a3497
SHA1: 67bf3eaea4f0718cb376a181a629e5f88fa1c9dd
SHA256:34ed1e1f27fa896bca50dbc4e99cf3732967cec387a7a0d5e3486c09673fe8c6
Referenced In Projects/Scopes:
  • oshi-demo:compile
  • oshi-dist:compile
  • oshi-core:compile

jna-5.14.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.oshi/oshi-core@6.6.1
  • pkg:maven/com.github.oshi/oshi-core@6.6.1
  • pkg:maven/com.github.oshi/oshi-core@6.6.1

Identifiers

jna-jpms-5.14.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-jpms/5.14.0/jna-jpms-5.14.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dll
MD5: f6bef568e690d361a5dcc165f5ad4b1f
SHA1: 05638a4aaafa689a6c246530823afdc18d3fd438
SHA256:b9d1479b9619b7ece4a36b6ae31365ffaf15a1355d4f6da02f8b5f09df2fa82f
Referenced In Projects/Scopes:

  • oshi-demo:compile
  • oshi-dist:compile
  • oshi-core-java11:compile
  • oshi-core:compile

Identifiers

  • None

jna-jpms-5.14.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-jpms/5.14.0/jna-jpms-5.14.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
MD5: 719d6ba1946c25aa61ce82f90d77ffd5
SHA1: 94d2191378cac5719daecc826fc116816284c406
SHA256:69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
Referenced In Projects/Scopes:

  • oshi-demo:compile
  • oshi-dist:compile
  • oshi-core-java11:compile
  • oshi-core:compile

Identifiers

  • None

jna-jpms-5.14.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-jpms/5.14.0/jna-jpms-5.14.0.jar/com/sun/jna/win32-x86/jnidispatch.dll
MD5: e15183ef9c6c255b76fda73d01ca7ecb
SHA1: f816f998c43204230d9ea3eecffb5f8372a32c2e
SHA256:38650a0612730c52580c9f32ff766b44b1c5a426d52e7dd7a53687bf3389ac2c
Referenced In Projects/Scopes:

  • oshi-demo:compile
  • oshi-dist:compile
  • oshi-core-java11:compile
  • oshi-core:compile

Identifiers

  • None

jna-platform-5.14.0.jar

Description:

Java Native Access Platform

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.14.0/jna-platform-5.14.0.jar
MD5: 3bc3f09a698e6ad250dd093f64fbb8a7
SHA1: 28934d48aed814f11e4c584da55c49fa7032b31b
SHA256:ae4caceb3840730c2537f9b7fb55a01baba580286b4122951488bcee558c2449
Referenced In Projects/Scopes:
  • oshi-demo:compile
  • oshi-dist:compile
  • oshi-core:compile

jna-platform-5.14.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.oshi/oshi-core@6.6.1
  • pkg:maven/com.github.oshi/oshi-core@6.6.1
  • pkg:maven/com.github.oshi/oshi-core@6.6.1

Identifiers

jna-platform-jpms-5.14.0.jar

Description:

Java Native Access Platform

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform-jpms/5.14.0/jna-platform-jpms-5.14.0.jar
MD5: e47bdb4498394d706a5dfb2173006531
SHA1: 24fde384a42c2c75c46116edda48895e5763fc85
SHA256:60dd009545f8cef45a9e6e31cace03dc28ab335220a64b24083045eddc351d45
Referenced In Projects/Scopes:
  • oshi-dist:compile
  • oshi-core-java11:compile

jna-platform-jpms-5.14.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.oshi/oshi-core-java11@6.6.1
  • pkg:maven/com.github.oshi/oshi-core-java11@6.6.1

Identifiers

slf4j-api-2.0.13.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.13/slf4j-api-2.0.13.jar
MD5: 7f4028aa04f75427327f3f30cd62ba4e
SHA1: 80229737f704b121a318bba5d5deacbcf395bc77
SHA256:e7c2a48e8515ba1f49fa637d57b4e2f590b3f5bd97407ac699c3aa5efb1204a9
Referenced In Projects/Scopes:
  • oshi-demo:compile
  • oshi-dist:compile
  • oshi-core-java11:compile
  • oshi-core:compile

slf4j-api-2.0.13.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.oshi/oshi-core@6.6.1
  • pkg:maven/com.github.oshi/oshi-core@6.6.1
  • pkg:maven/com.github.oshi/oshi-core-java11@6.6.1
  • pkg:maven/com.github.oshi/oshi-core@6.6.1

Identifiers

slf4j-simple-2.0.13.jar

Description:

SLF4J Simple Provider

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-simple/2.0.13/slf4j-simple-2.0.13.jar
MD5: 4196990c1480726609474e897fe0bdc7
SHA1: be11a3f05f7cf546524b07ad252719d840f4daed
SHA256:3153fe1d689cffb94f1530b58470c306685ba68844de8857116e3b6ebb81d9f7
Referenced In Projects/Scopes:
  • oshi-demo:compile
  • oshi-dist:compile

slf4j-simple-2.0.13.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.oshi/oshi-demo@6.6.1
  • pkg:maven/com.github.oshi/oshi-demo@6.6.1

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.