Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create example.js #39

Closed
wants to merge 0 commits into from
Closed

Conversation

itsarraj0test
Copy link

AppSec Wiki Pull Request

Change Description:

Changes Made:

Reason for Change:

Checklist:

  • I have tested the changes locally
  • Is Code changes ready for review
  • I have proofread the changes to ensure accuracy
  • I have tested any links or references within the wiki page
  • I have checked for consistency with other existing pages (if applicable)
  • I have updated any relevant cross-references or documentation

Copy link

Hey @itsarraj0test 👋, Thanks for contributing the new Pull Request !!

Secrets Bot


2024-10-08T07:17:08.6792508Z Current runner version: '2.320.0'
2024-10-08T07:17:08.6816519Z ##[group]Operating System
2024-10-08T07:17:08.6817279Z Ubuntu
2024-10-08T07:17:08.6817631Z 22.04.5
2024-10-08T07:17:08.6817928Z LTS
2024-10-08T07:17:08.6818335Z ##[endgroup]
2024-10-08T07:17:08.6818903Z ##[group]Runner Image
2024-10-08T07:17:08.6819313Z Image: ubuntu-22.04
2024-10-08T07:17:08.6819787Z Version: 20240922.1.0
2024-10-08T07:17:08.6820768Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md
2024-10-08T07:17:08.6822228Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1
2024-10-08T07:17:08.6823100Z ##[endgroup]
2024-10-08T07:17:08.6823493Z ##[group]Runner Image Provisioner
2024-10-08T07:17:08.6823989Z 2.0.384.1
2024-10-08T07:17:08.6824343Z ##[endgroup]
2024-10-08T07:17:08.6838726Z ##[group]GITHUB_TOKEN Permissions
2024-10-08T07:17:08.6840415Z Issues: write
2024-10-08T07:17:08.6840857Z Metadata: read
2024-10-08T07:17:08.6841492Z PullRequests: write
2024-10-08T07:17:08.6841986Z ##[endgroup]
2024-10-08T07:17:08.6844922Z Secret source: Actions
2024-10-08T07:17:08.6845538Z Prepare workflow directory
2024-10-08T07:17:08.7482792Z Prepare all required actions
2024-10-08T07:17:08.7639759Z Getting action download info
2024-10-08T07:17:08.9935878Z Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744)
2024-10-08T07:17:09.1147668Z Download action repository 'trufflesecurity/TruffleHog-Enterprise-Github-Action@main' (SHA:896eb9c43cebe80ae73e5aa5948595121ac7229c)
2024-10-08T07:17:09.4422019Z Complete job name: TruffleHog Bot scan
2024-10-08T07:17:09.5045056Z ##[group]Build container for action use: '/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main/Dockerfile'.
2024-10-08T07:17:09.5101971Z ##[command]/usr/bin/docker build -t 5d845e:166a73cd1a2f49fdbf2c3ab38717d328 -f "/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main/Dockerfile" "/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main"
2024-10-08T07:17:10.0144406Z #0 building with "default" instance using docker driver
2024-10-08T07:17:10.0145244Z
2024-10-08T07:17:10.0145518Z #1 [internal] load build definition from Dockerfile
2024-10-08T07:17:10.0146222Z #1 transferring dockerfile: 153B done
2024-10-08T07:17:10.0146759Z #1 DONE 0.0s
2024-10-08T07:17:10.0147075Z
2024-10-08T07:17:10.0147589Z #2 [internal] load metadata for us-docker.pkg.dev/thog-artifacts/public/scanner:latest
2024-10-08T07:17:10.7686563Z #2 DONE 0.9s
2024-10-08T07:17:10.8839147Z
2024-10-08T07:17:10.8839723Z #3 [internal] load .dockerignore
2024-10-08T07:17:10.8840572Z #3 transferring context: 2B done
2024-10-08T07:17:10.8841154Z #3 DONE 0.0s
2024-10-08T07:17:10.8841390Z
2024-10-08T07:17:10.8841627Z #4 [internal] load build context
2024-10-08T07:17:10.8842208Z #4 transferring context: 112B done
2024-10-08T07:17:10.8842727Z #4 DONE 0.0s
2024-10-08T07:17:10.8842934Z
2024-10-08T07:17:10.8843730Z #5 [1/2] FROM us-docker.pkg.dev/thog-artifacts/public/scanner:latest@sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1
2024-10-08T07:17:10.8845506Z #5 resolve us-docker.pkg.dev/thog-artifacts/public/scanner:latest@sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1 done
2024-10-08T07:17:10.8846621Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 0B / 70.83MB 0.1s
2024-10-08T07:17:10.8847486Z #5 sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1 743B / 743B done
2024-10-08T07:17:10.8848437Z #5 sha256:6d9d40a1eb71b3a08e69ca6dff5dc75a671389eacefdb46fe572b48990c1777f 1.16kB / 1.16kB done
2024-10-08T07:17:10.8849814Z #5 sha256:73e5984d21eba9ed309a98a73bea0f5005954f47397b7ebf5ee5fdfe62c1b2b3 1.84kB / 1.84kB done
2024-10-08T07:17:10.8851083Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 0B / 3.63MB 0.1s
2024-10-08T07:17:10.8852109Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0B / 10.43MB 0.1s
2024-10-08T07:17:10.9844037Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 3.63MB / 3.63MB 0.2s
2024-10-08T07:17:11.1867339Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 26.21MB / 70.83MB 0.4s
2024-10-08T07:17:11.1869682Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 3.63MB / 3.63MB 0.2s done
2024-10-08T07:17:11.1871310Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 10.43MB / 10.43MB 0.4s
2024-10-08T07:17:11.1872905Z #5 extracting sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 0.1s done
2024-10-08T07:17:11.1874324Z #5 sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 184B / 184B 0.4s
2024-10-08T07:17:11.2916590Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 50.33MB / 70.83MB 0.5s
2024-10-08T07:17:11.2918465Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 10.43MB / 10.43MB 0.4s done
2024-10-08T07:17:11.2920551Z #5 sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 184B / 184B 0.4s done
2024-10-08T07:17:11.2922139Z #5 extracting sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0.1s
2024-10-08T07:17:11.3929077Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 70.83MB / 70.83MB 0.6s
2024-10-08T07:17:11.5730330Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 70.83MB / 70.83MB 0.7s done
2024-10-08T07:17:11.5732985Z #5 extracting sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0.2s done
2024-10-08T07:17:11.5734577Z #5 extracting sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c
2024-10-08T07:17:11.9971604Z #5 extracting sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 0.3s done
2024-10-08T07:17:11.9973014Z #5 extracting sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61
2024-10-08T07:17:12.1910720Z #5 extracting sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 done
2024-10-08T07:17:12.1911451Z #5 DONE 1.3s
2024-10-08T07:17:12.1911634Z
2024-10-08T07:17:12.1911891Z #6 [2/2] COPY entrypoint.sh /entrypoint.sh
2024-10-08T07:17:12.1912461Z #6 DONE 0.0s
2024-10-08T07:17:12.1912638Z
2024-10-08T07:17:12.1912764Z #7 exporting to image
2024-10-08T07:17:12.1913139Z #7 exporting layers
2024-10-08T07:17:13.0057577Z #7 exporting layers 1.0s done
2024-10-08T07:17:13.0317729Z #7 writing image sha256:793fa8133facf7caff23bc2736f612254874174757cb6a1cceb31222c32dd77c done
2024-10-08T07:17:13.0319623Z #7 naming to docker.io/library/5d845e:166a73cd1a2f49fdbf2c3ab38717d328 done
2024-10-08T07:17:13.0320815Z #7 DONE 1.0s
2024-10-08T07:17:13.0393649Z ##[endgroup]
2024-10-08T07:17:13.0796243Z ##[group]Run actions/checkout@v3
2024-10-08T07:17:13.0796813Z with:
2024-10-08T07:17:13.0797121Z fetch-depth: 0
2024-10-08T07:17:13.0797489Z repository: itsarraj/PRBotCheck
2024-10-08T07:17:13.0798181Z token: ***
2024-10-08T07:17:13.0798510Z ssh-strict: true
2024-10-08T07:17:13.0799099Z persist-credentials: true
2024-10-08T07:17:13.0799563Z clean: true
2024-10-08T07:17:13.0799873Z sparse-checkout-cone-mode: true
2024-10-08T07:17:13.0800269Z fetch-tags: false
2024-10-08T07:17:13.0800673Z lfs: false
2024-10-08T07:17:13.0800961Z submodules: false
2024-10-08T07:17:13.0801307Z set-safe-directory: true
2024-10-08T07:17:13.0801743Z ##[endgroup]
2024-10-08T07:17:13.2720589Z Syncing repository: itsarraj/PRBotCheck
2024-10-08T07:17:13.2722330Z ##[group]Getting Git version info
2024-10-08T07:17:13.2723177Z Working directory is '/home/runner/work/PRBotCheck/PRBotCheck'
2024-10-08T07:17:13.2724085Z [command]/usr/bin/git version
2024-10-08T07:17:13.2724641Z git version 2.46.1
2024-10-08T07:17:13.2726050Z ##[endgroup]
2024-10-08T07:17:13.2737815Z Temporarily overriding HOME='/home/runner/work/_temp/ad6f8427-b240-42f3-9c51-fdf27aee0fb6' before making global git config changes
2024-10-08T07:17:13.2739215Z Adding repository directory to the temporary git global config as a safe directory
2024-10-08T07:17:13.2740589Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:17:13.2742631Z Deleting the contents of '/home/runner/work/PRBotCheck/PRBotCheck'
2024-10-08T07:17:13.2745469Z ##[group]Initializing the repository
2024-10-08T07:17:13.2748245Z [command]/usr/bin/git init /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:17:13.2824474Z hint: Using 'master' as the name for the initial branch. This default branch name
2024-10-08T07:17:13.2825493Z hint: is subject to change. To configure the initial branch name to use in all
2024-10-08T07:17:13.2826489Z hint: of your new repositories, which will suppress this warning, call:
2024-10-08T07:17:13.2827030Z hint:
2024-10-08T07:17:13.2827494Z hint: git config --global init.defaultBranch
2024-10-08T07:17:13.2828047Z hint:
2024-10-08T07:17:13.2828557Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
2024-10-08T07:17:13.2830077Z hint: 'development'. The just-created branch can be renamed via this command:
2024-10-08T07:17:13.2830750Z hint:
2024-10-08T07:17:13.2831070Z hint: git branch -m
2024-10-08T07:17:13.2831685Z Initialized empty Git repository in /home/runner/work/PRBotCheck/PRBotCheck/.git/
2024-10-08T07:17:13.2838057Z [command]/usr/bin/git remote add origin https://github.com/itsarraj/PRBotCheck
2024-10-08T07:17:13.2867135Z ##[endgroup]
2024-10-08T07:17:13.2867769Z ##[group]Disabling automatic garbage collection
2024-10-08T07:17:13.2870036Z [command]/usr/bin/git config --local gc.auto 0
2024-10-08T07:17:13.2896117Z ##[endgroup]
2024-10-08T07:17:13.2896725Z ##[group]Setting up auth
2024-10-08T07:17:13.2901204Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
2024-10-08T07:17:13.2926644Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-10-08T07:17:13.3247404Z [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
2024-10-08T07:17:13.3272572Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-10-08T07:17:13.3491901Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2024-10-08T07:17:13.3524464Z ##[endgroup]
2024-10-08T07:17:13.3525237Z ##[group]Fetching the repository
2024-10-08T07:17:13.3534525Z [command]/usr/bin/git -c protocol.version=2 fetch --prune --progress --no-recurse-submodules origin +refs/heads/:refs/remotes/origin/ +refs/tags/:refs/tags/
2024-10-08T07:17:13.5781700Z remote: Enumerating objects: 32, done.
2024-10-08T07:17:13.5782755Z remote: Counting objects: 3% (1/32)
2024-10-08T07:17:13.5783427Z remote: Counting objects: 6% (2/32)
2024-10-08T07:17:13.5784366Z remote: Counting objects: 9% (3/32)
2024-10-08T07:17:13.5785082Z remote: Counting objects: 12% (4/32)
2024-10-08T07:17:13.5785848Z remote: Counting objects: 15% (5/32)
2024-10-08T07:17:13.5786762Z remote: Counting objects: 18% (6/32)
2024-10-08T07:17:13.5787599Z remote: Counting objects: 21% (7/32)
2024-10-08T07:17:13.5788444Z remote: Counting objects: 25% (8/32)
2024-10-08T07:17:13.5789586Z remote: Counting objects: 28% (9/32)
2024-10-08T07:17:13.5790391Z remote: Counting objects: 31% (10/32)
2024-10-08T07:17:13.5791209Z remote: Counting objects: 34% (11/32)
2024-10-08T07:17:13.5792075Z remote: Counting objects: 37% (12/32)
2024-10-08T07:17:13.5792863Z remote: Counting objects: 40% (13/32)
2024-10-08T07:17:13.5793584Z remote: Counting objects: 43% (14/32)
2024-10-08T07:17:13.5794378Z remote: Counting objects: 46% (15/32)
2024-10-08T07:17:13.5795436Z remote: Counting objects: 50% (16/32)
2024-10-08T07:17:13.5796267Z remote: Counting objects: 53% (17/32)
2024-10-08T07:17:13.5797103Z remote: Counting objects: 56% (18/32)
2024-10-08T07:17:13.5798097Z remote: Counting objects: 59% (19/32)
2024-10-08T07:17:13.5799100Z remote: Counting objects: 62% (20/32)
2024-10-08T07:17:13.5800039Z remote: Counting objects: 65% (21/32)
2024-10-08T07:17:13.5800929Z remote: Counting objects: 68% (22/32)
2024-10-08T07:17:13.5801667Z remote: Counting objects: 71% (23/32)
2024-10-08T07:17:13.5802434Z remote: Counting objects: 75% (24/32)
2024-10-08T07:17:13.5803372Z remote: Counting objects: 78% (25/32)
2024-10-08T07:17:13.5804154Z remote: Counting objects: 81% (26/32)
2024-10-08T07:17:13.5805015Z remote: Counting objects: 84% (27/32)
2024-10-08T07:17:13.5805840Z remote: Counting objects: 87% (28/32)
2024-10-08T07:17:13.5806514Z remote: Counting objects: 90% (29/32)
2024-10-08T07:17:13.5807293Z remote: Counting objects: 93% (30/32)
2024-10-08T07:17:13.5808087Z remote: Counting objects: 96% (31/32)
2024-10-08T07:17:13.5809207Z remote: Counting objects: 100% (32/32)
2024-10-08T07:17:13.5810126Z remote: Counting objects: 100% (32/32), done.
2024-10-08T07:17:13.5810963Z remote: Compressing objects: 4% (1/22)
2024-10-08T07:17:13.5811672Z remote: Compressing objects: 9% (2/22)
2024-10-08T07:17:13.5812423Z remote: Compressing objects: 13% (3/22)
2024-10-08T07:17:13.5813204Z remote: Compressing objects: 18% (4/22)
2024-10-08T07:17:13.5813969Z remote: Compressing objects: 22% (5/22)
2024-10-08T07:17:13.5814758Z remote: Compressing objects: 27% (6/22)
2024-10-08T07:17:13.5815568Z remote: Compressing objects: 31% (7/22)
2024-10-08T07:17:13.5816318Z remote: Compressing objects: 36% (8/22)
2024-10-08T07:17:13.5823242Z remote: Compressing objects: 40% (9/22)
2024-10-08T07:17:13.5824123Z remote: Compressing objects: 45% (10/22)
2024-10-08T07:17:13.5824941Z remote: Compressing objects: 50% (11/22)
2024-10-08T07:17:13.5825918Z remote: Compressing objects: 54% (12/22)
2024-10-08T07:17:13.5826801Z remote: Compressing objects: 59% (13/22)
2024-10-08T07:17:13.5827701Z remote: Compressing objects: 63% (14/22)
2024-10-08T07:17:13.5828892Z remote: Compressing objects: 68% (15/22)
2024-10-08T07:17:13.5829837Z remote: Compressing objects: 72% (16/22)
2024-10-08T07:17:13.5830748Z remote: Compressing objects: 77% (17/22)
2024-10-08T07:17:13.5831690Z remote: Compressing objects: 81% (18/22)
2024-10-08T07:17:13.5832800Z remote: Compressing objects: 86% (19/22)
2024-10-08T07:17:13.5833708Z remote: Compressing objects: 90% (20/22)
2024-10-08T07:17:13.5834666Z remote: Compressing objects: 95% (21/22)
2024-10-08T07:17:13.5835456Z remote: Compressing objects: 100% (22/22)
2024-10-08T07:17:13.5836388Z remote: Compressing objects: 100% (22/22), done.
2024-10-08T07:17:13.5838127Z remote: Total 32 (delta 12), reused 25 (delta 5), pack-reused 0 (from 0)
2024-10-08T07:17:13.5917174Z From https://github.com/itsarraj/PRBotCheck
2024-10-08T07:17:13.5918973Z * [new branch] master -> origin/master
2024-10-08T07:17:13.5956337Z [command]/usr/bin/git branch --list --remote origin/master
2024-10-08T07:17:13.5979640Z origin/master
2024-10-08T07:17:13.5990264Z [command]/usr/bin/git rev-parse refs/remotes/origin/master
2024-10-08T07:17:13.6013411Z 62868f4
2024-10-08T07:17:13.6022497Z ##[endgroup]
2024-10-08T07:17:13.6023772Z ##[group]Determining the checkout info
2024-10-08T07:17:13.6025017Z ##[endgroup]
2024-10-08T07:17:13.6026296Z ##[group]Checking out the ref
2024-10-08T07:17:13.6027960Z [command]/usr/bin/git checkout --progress --force -B master refs/remotes/origin/master
2024-10-08T07:17:13.6072765Z Reset branch 'master'
2024-10-08T07:17:13.6076559Z branch 'master' set up to track 'origin/master'.
2024-10-08T07:17:13.6083399Z ##[endgroup]
2024-10-08T07:17:13.6120205Z [command]/usr/bin/git log -1 --format='%H'
2024-10-08T07:17:13.6143196Z '62868f47b40a795a4d99b3e3ddec9e6e76e772f0'
2024-10-08T07:17:13.6447970Z ##[group]Run trufflesecurity/TruffleHog-Enterprise-Github-Action@main
2024-10-08T07:17:13.6448845Z with:
2024-10-08T07:17:13.6449239Z args: --fail-verified master HEAD --json
2024-10-08T07:17:13.6449647Z ##[endgroup]
2024-10-08T07:17:13.6668422Z ##[command]/usr/bin/docker run --name d845e166a73cd1a2f49fdbf2c3ab38717d328_db0635 --label 5d845e --workdir /github/workspace --rm -e "INPUT_ARGS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/PRBotCheck/PRBotCheck":"/github/workspace" 5d845e:166a73cd1a2f49fdbf2c3ab38717d328 "--fail-verified master HEAD --json"
2024-10-08T07:17:15.9373487Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"running trufflehog","pid":"NyK1B","version":"v1.90.20"}
2024-10-08T07:17:15.9374568Z
2024-10-08T07:17:15.9377815Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"log level set","pid":"NyK1B","version":"v1.90.20","level":0}
2024-10-08T07:17:15.9380200Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"resolved base reference","pid":"NyK1B","version":"v1.90.20","commit":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0"}
2024-10-08T07:17:15.9382424Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"resolved head reference","pid":"NyK1B","version":"v1.90.20","commit":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0"}
2024-10-08T07:17:15.9384904Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"resolved common merge base between references","pid":"NyK1B","version":"v1.90.20","commit":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0"}
2024-10-08T07:17:15.9386726Z 🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷
2024-10-08T07:17:15.9387310Z version: v1.90.20
2024-10-08T07:17:15.9387528Z
2024-10-08T07:17:15.9389084Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"scanning repo","pid":"NyK1B","version":"v1.90.20","repo":"https://github.com/itsarraj/PRBotCheck","base":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0","head":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0"}
2024-10-08T07:17:15.9430294Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"finished scanning commits","pid":"NyK1B","version":"v1.90.20","commits_scanned":0}
2024-10-08T07:17:15.9432088Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"no secrets found","pid":"NyK1B","version":"v1.90.20"}
2024-10-08T07:17:16.0413482Z Post job cleanup.
2024-10-08T07:17:16.1131960Z [command]/usr/bin/git version
2024-10-08T07:17:16.1166184Z git version 2.46.1
2024-10-08T07:17:16.1212884Z Temporarily overriding HOME='/home/runner/work/_temp/4045f328-ac9f-43bf-b291-8f6f389c0fcc' before making global git config changes
2024-10-08T07:17:16.1213982Z Adding repository directory to the temporary git global config as a safe directory
2024-10-08T07:17:16.1216600Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:17:16.1246128Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
2024-10-08T07:17:16.1273918Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-10-08T07:17:16.1505241Z [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
2024-10-08T07:17:16.1524533Z http.https://github.com/.extraheader
2024-10-08T07:17:16.1535971Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2024-10-08T07:17:16.1563770Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-10-08T07:17:16.1990092Z Cleaning up orphan processes

SCA Bot

2024-10-08T07:17:09.4673048Z Current runner version: '2.320.0' 2024-10-08T07:17:09.4696977Z ##[group]Operating System 2024-10-08T07:17:09.4697743Z Ubuntu 2024-10-08T07:17:09.4698076Z 22.04.5 2024-10-08T07:17:09.4698434Z LTS 2024-10-08T07:17:09.4698837Z ##[endgroup] 2024-10-08T07:17:09.4699242Z ##[group]Runner Image 2024-10-08T07:17:09.4699645Z Image: ubuntu-22.04 2024-10-08T07:17:09.4700114Z Version: 20240922.1.0 2024-10-08T07:17:09.4701130Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md 2024-10-08T07:17:09.4702560Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1 2024-10-08T07:17:09.4703452Z ##[endgroup] 2024-10-08T07:17:09.4704091Z ##[group]Runner Image Provisioner 2024-10-08T07:17:09.4704603Z 2.0.384.1 2024-10-08T07:17:09.4705023Z ##[endgroup] 2024-10-08T07:17:09.4719636Z ##[group]GITHUB_TOKEN Permissions 2024-10-08T07:17:09.4721244Z Issues: write 2024-10-08T07:17:09.4721674Z Metadata: read 2024-10-08T07:17:09.4722370Z PullRequests: write 2024-10-08T07:17:09.4722867Z ##[endgroup] 2024-10-08T07:17:09.4726174Z Secret source: Actions 2024-10-08T07:17:09.4726778Z Prepare workflow directory 2024-10-08T07:17:09.5359967Z Prepare all required actions 2024-10-08T07:17:09.5518927Z Getting action download info 2024-10-08T07:17:09.6991014Z Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744) 2024-10-08T07:17:09.9119709Z Complete job name: Snyk Bot scan 2024-10-08T07:17:10.0093547Z ##[group]Run actions/checkout@v3 2024-10-08T07:17:10.0094265Z with: 2024-10-08T07:17:10.0094829Z repository: itsarraj/PRBotCheck 2024-10-08T07:17:10.0095713Z token: *** 2024-10-08T07:17:10.0096184Z ssh-strict: true 2024-10-08T07:17:10.0096718Z persist-credentials: true 2024-10-08T07:17:10.0097201Z clean: true 2024-10-08T07:17:10.0097700Z sparse-checkout-cone-mode: true 2024-10-08T07:17:10.0098206Z fetch-depth: 1 2024-10-08T07:17:10.0098559Z fetch-tags: false 2024-10-08T07:17:10.0099033Z lfs: false 2024-10-08T07:17:10.0099415Z submodules: false 2024-10-08T07:17:10.0099785Z set-safe-directory: true 2024-10-08T07:17:10.0100316Z ##[endgroup] 2024-10-08T07:17:10.2455058Z Syncing repository: itsarraj/PRBotCheck 2024-10-08T07:17:10.2456974Z ##[group]Getting Git version info 2024-10-08T07:17:10.2458098Z Working directory is '/home/runner/work/PRBotCheck/PRBotCheck' 2024-10-08T07:17:10.2459157Z [command]/usr/bin/git version 2024-10-08T07:17:10.2503354Z git version 2.46.1 2024-10-08T07:17:10.2529781Z ##[endgroup] 2024-10-08T07:17:10.2553230Z Temporarily overriding HOME='/home/runner/work/_temp/db919cee-a365-439c-b9ac-39d1fa0987ee' before making global git config changes 2024-10-08T07:17:10.2556096Z Adding repository directory to the temporary git global config as a safe directory 2024-10-08T07:17:10.2558311Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:17:10.2595254Z Deleting the contents of '/home/runner/work/PRBotCheck/PRBotCheck' 2024-10-08T07:17:10.2599128Z ##[group]Initializing the repository 2024-10-08T07:17:10.2602755Z [command]/usr/bin/git init /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:17:10.2679124Z hint: Using 'master' as the name for the initial branch. This default branch name 2024-10-08T07:17:10.2680517Z hint: is subject to change. To configure the initial branch name to use in all 2024-10-08T07:17:10.2681580Z hint: of your new repositories, which will suppress this warning, call: 2024-10-08T07:17:10.2682321Z hint: 2024-10-08T07:17:10.2682899Z hint: git config --global init.defaultBranch 2024-10-08T07:17:10.2683525Z hint: 2024-10-08T07:17:10.2684398Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and 2024-10-08T07:17:10.2686273Z hint: 'development'. The just-created branch can be renamed via this command: 2024-10-08T07:17:10.2687347Z hint: 2024-10-08T07:17:10.2688136Z hint: git branch -m 2024-10-08T07:17:10.2689682Z Initialized empty Git repository in /home/runner/work/PRBotCheck/PRBotCheck/.git/ 2024-10-08T07:17:10.2696718Z [command]/usr/bin/git remote add origin https://github.com/itsarraj/PRBotCheck 2024-10-08T07:17:10.2729244Z ##[endgroup] 2024-10-08T07:17:10.2730630Z ##[group]Disabling automatic garbage collection 2024-10-08T07:17:10.2732418Z [command]/usr/bin/git config --local gc.auto 0 2024-10-08T07:17:10.2759143Z ##[endgroup] 2024-10-08T07:17:10.2760404Z ##[group]Setting up auth 2024-10-08T07:17:10.2765203Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-10-08T07:17:10.2792718Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-10-08T07:17:10.3130735Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-10-08T07:17:10.3158332Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-10-08T07:17:10.3384148Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic *** 2024-10-08T07:17:10.3415155Z ##[endgroup] 2024-10-08T07:17:10.3416434Z ##[group]Fetching the repository 2024-10-08T07:17:10.3424734Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +62868f47b40a795a4d99b3e3ddec9e6e76e772f0:refs/remotes/origin/master 2024-10-08T07:17:10.5975081Z remote: Enumerating objects: 12, done. 2024-10-08T07:17:10.5976077Z remote: Counting objects: 8% (1/12) 2024-10-08T07:17:10.5976997Z remote: Counting objects: 16% (2/12) 2024-10-08T07:17:10.5977675Z remote: Counting objects: 25% (3/12) 2024-10-08T07:17:10.5978362Z remote: Counting objects: 33% (4/12) 2024-10-08T07:17:10.5979015Z remote: Counting objects: 41% (5/12) 2024-10-08T07:17:10.5979634Z remote: Counting objects: 50% (6/12) 2024-10-08T07:17:10.5980302Z remote: Counting objects: 58% (7/12) 2024-10-08T07:17:10.5980936Z remote: Counting objects: 66% (8/12) 2024-10-08T07:17:10.5981541Z remote: Counting objects: 75% (9/12) 2024-10-08T07:17:10.5982248Z remote: Counting objects: 83% (10/12) 2024-10-08T07:17:10.5982862Z remote: Counting objects: 91% (11/12) 2024-10-08T07:17:10.5983517Z remote: Counting objects: 100% (12/12) 2024-10-08T07:17:10.5984671Z remote: Counting objects: 100% (12/12), done. 2024-10-08T07:17:10.5985403Z remote: Compressing objects: 9% (1/11) 2024-10-08T07:17:10.5986065Z remote: Compressing objects: 18% (2/11) 2024-10-08T07:17:10.5986772Z remote: Compressing objects: 27% (3/11) 2024-10-08T07:17:10.5987424Z remote: Compressing objects: 36% (4/11) 2024-10-08T07:17:10.5988089Z remote: Compressing objects: 45% (5/11) 2024-10-08T07:17:10.5989019Z remote: Compressing objects: 54% (6/11) 2024-10-08T07:17:10.5989708Z remote: Compressing objects: 63% (7/11) 2024-10-08T07:17:10.5990883Z remote: Compressing objects: 72% (8/11) 2024-10-08T07:17:10.5992387Z remote: Compressing objects: 81% (9/11) 2024-10-08T07:17:10.5993157Z remote: Compressing objects: 90% (10/11) 2024-10-08T07:17:10.5994180Z remote: Compressing objects: 100% (11/11) 2024-10-08T07:17:10.5995159Z remote: Compressing objects: 100% (11/11), done. 2024-10-08T07:17:10.5996372Z remote: Total 12 (delta 0), reused 10 (delta 0), pack-reused 0 (from 0) 2024-10-08T07:17:10.6081124Z From https://github.com/itsarraj/PRBotCheck 2024-10-08T07:17:10.6082769Z * [new ref] 62868f4 -> origin/master 2024-10-08T07:17:10.6111468Z ##[endgroup] 2024-10-08T07:17:10.6112573Z ##[group]Determining the checkout info 2024-10-08T07:17:10.6114924Z ##[endgroup] 2024-10-08T07:17:10.6115627Z ##[group]Checking out the ref 2024-10-08T07:17:10.6120980Z [command]/usr/bin/git checkout --progress --force -B master refs/remotes/origin/master 2024-10-08T07:17:10.6165147Z Reset branch 'master' 2024-10-08T07:17:10.6168905Z branch 'master' set up to track 'origin/master'. 2024-10-08T07:17:10.6177124Z ##[endgroup] 2024-10-08T07:17:10.6215054Z [command]/usr/bin/git log -1 --format='%H' 2024-10-08T07:17:10.6239257Z '62868f47b40a795a4d99b3e3ddec9e6e76e772f0' 2024-10-08T07:17:10.6603029Z ##[group]Run rm -rf node_modules 2024-10-08T07:17:10.6604109Z �[36;1mrm -rf node_modules�[0m 2024-10-08T07:17:10.6604684Z �[36;1mrm -f package-lock.json�[0m 2024-10-08T07:17:10.6605200Z �[36;1mnpm install�[0m 2024-10-08T07:17:10.6605858Z �[36;1mecho "Downloading and authenticating Snyk CLI..."�[0m 2024-10-08T07:17:10.6606913Z �[36;1mcurl -Lo ./snyk "https://github.com/snyk/snyk/releases/download/v1.1100.0/snyk-linux"�[0m 2024-10-08T07:17:10.6607828Z �[36;1mchmod +x snyk�[0m 2024-10-08T07:17:10.6608560Z �[36;1m./snyk auth ***�[0m 2024-10-08T07:17:10.6609090Z �[36;1mecho "Running Snyk test and monitor..."�[0m 2024-10-08T07:17:10.6609810Z �[36;1m./snyk test --all-projects --color --json || true�[0m 2024-10-08T07:17:10.6610649Z �[36;1m./snyk monitor --all-projects || true�[0m 2024-10-08T07:17:10.6638404Z shell: /usr/bin/bash -e {0} 2024-10-08T07:17:10.6639070Z ##[endgroup] 2024-10-08T07:17:14.1861341Z npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. 2024-10-08T07:17:14.1936179Z npm warn deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3 2024-10-08T07:17:14.2202607Z npm warn deprecated hoek@4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial). 2024-10-08T07:17:14.2663317Z npm warn deprecated formatio@1.1.1: This package is unmaintained. Use @sinonjs/formatio instead 2024-10-08T07:17:14.2759045Z npm warn deprecated samsam@1.1.2: This package has been deprecated in favour of @sinonjs/samsam 2024-10-08T07:17:14.2822820Z npm warn deprecated glob@7.1.1: Glob versions prior to v9 are no longer supported 2024-10-08T07:17:14.2871123Z npm warn deprecated mkdirp@0.3.3: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) 2024-10-08T07:17:14.2982090Z npm warn deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) 2024-10-08T07:17:14.4270666Z npm warn deprecated formidable@1.0.11: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau 2024-10-08T07:17:14.5229959Z npm warn deprecated sinon@1.17.0: 16.1.1 2024-10-08T07:17:14.5253444Z npm warn deprecated connect@2.6.0: connect 2.x series is deprecated 2024-10-08T07:17:14.7819686Z 2024-10-08T07:17:14.7820654Z added 112 packages, and audited 113 packages in 4s 2024-10-08T07:17:14.7821276Z 2024-10-08T07:17:14.7821539Z 15 packages are looking for funding 2024-10-08T07:17:14.7824481Z run `npm fund` for details 2024-10-08T07:17:14.8010028Z 2024-10-08T07:17:14.8010782Z 22 vulnerabilities (1 low, 2 moderate, 12 high, 7 critical) 2024-10-08T07:17:14.8011520Z 2024-10-08T07:17:14.8012079Z To address all issues possible (including breaking changes), run: 2024-10-08T07:17:14.8013466Z npm audit fix --force 2024-10-08T07:17:14.8014240Z 2024-10-08T07:17:14.8014595Z Some issues need review, and may require choosing 2024-10-08T07:17:14.8015466Z a different dependency. 2024-10-08T07:17:14.8016010Z 2024-10-08T07:17:14.8016320Z Run `npm audit` for details. 2024-10-08T07:17:14.8186897Z Downloading and authenticating Snyk CLI... 2024-10-08T07:17:14.8257882Z % Total % Received % Xferd Average Speed Time Time Time Current 2024-10-08T07:17:14.8259369Z Dload Upload Total Spent Left Speed 2024-10-08T07:17:14.8259972Z 2024-10-08T07:17:14.9493196Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:17:14.9494850Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:17:15.0675711Z 2024-10-08T07:17:15.0676631Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:17:15.4132759Z 2024-10-08T07:17:15.4134738Z 100 67.1M 100 67.1M 0 0 114M 0 --:--:-- --:--:-- --:--:-- 114M 2024-10-08T07:17:16.4232536Z 2024-10-08T07:17:16.4233583Z Your account has been authenticated. Snyk is now ready to be used. 2024-10-08T07:17:16.4237657Z 2024-10-08T07:17:16.6734632Z Running Snyk test and monitor... 2024-10-08T07:17:23.9084624Z { 2024-10-08T07:17:23.9085416Z "vulnerabilities": [ 2024-10-08T07:17:23.9086431Z { 2024-10-08T07:17:23.9087530Z "id": "SNYK-JAVA-ORGAPACHEMAVEN-6144614", 2024-10-08T07:17:23.9088743Z "title": "Resources Downloaded over Insecure Protocol", 2024-10-08T07:17:23.9092228Z "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9093179Z "credit": [ 2024-10-08T07:17:23.9094153Z "Unknown" 2024-10-08T07:17:23.9094746Z ], 2024-10-08T07:17:23.9095263Z "semver": { 2024-10-08T07:17:23.9095942Z "vulnerable": [ 2024-10-08T07:17:23.9096562Z "[,3.8.1)" 2024-10-08T07:17:23.9097164Z ] 2024-10-08T07:17:23.9097742Z }, 2024-10-08T07:17:23.9098336Z "exploit": "Not Defined", 2024-10-08T07:17:23.9099153Z "fixedIn": [ 2024-10-08T07:17:23.9099833Z "3.8.1" 2024-10-08T07:17:23.9100337Z ], 2024-10-08T07:17:23.9100885Z "patches": [], 2024-10-08T07:17:23.9101580Z "insights": { 2024-10-08T07:17:23.9102153Z "triageAdvice": null 2024-10-08T07:17:23.9102792Z }, 2024-10-08T07:17:23.9103394Z "language": "java", 2024-10-08T07:17:23.9104204Z "severity": "high", 2024-10-08T07:17:23.9104782Z "cvssScore": 7.1, 2024-10-08T07:17:23.9105490Z "functions": [], 2024-10-08T07:17:23.9106106Z "malicious": false, 2024-10-08T07:17:23.9106629Z "isDisputed": false, 2024-10-08T07:17:23.9107548Z "moduleName": "org.apache.maven:maven-core", 2024-10-08T07:17:23.9108332Z "references": [ 2024-10-08T07:17:23.9109130Z { 2024-10-08T07:17:23.9110400Z "url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E", 2024-10-08T07:17:23.9112044Z "title": "Apache Security Advisory" 2024-10-08T07:17:23.9112787Z }, 2024-10-08T07:17:23.9113356Z { 2024-10-08T07:17:23.9114430Z "url": "https://github.com/apache/maven/commit/28b4ea92d38365d0f27a5bd044ac4927580147f8", 2024-10-08T07:17:23.9115573Z "title": "GitHub Commit" 2024-10-08T07:17:23.9116348Z }, 2024-10-08T07:17:23.9116804Z { 2024-10-08T07:17:23.9117680Z "url": "https://github.com/apache/maven/commit/3b21386c3f1ab85060f6c950fb2fb17123df8647", 2024-10-08T07:17:23.9118939Z "title": "GitHub Commit" 2024-10-08T07:17:23.9120081Z }, 2024-10-08T07:17:23.9120587Z { 2024-10-08T07:17:23.9121456Z "url": "https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f", 2024-10-08T07:17:23.9122680Z "title": "GitHub Commit" 2024-10-08T07:17:23.9123321Z } 2024-10-08T07:17:23.9123989Z ], 2024-10-08T07:17:23.9124582Z "cvssDetails": [ 2024-10-08T07:17:23.9125157Z { 2024-10-08T07:17:23.9125773Z "assigner": "NVD", 2024-10-08T07:17:23.9126359Z "severity": "critical", 2024-10-08T07:17:23.9127222Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:17:23.9128284Z "cvssV3BaseScore": 9.1, 2024-10-08T07:17:23.9129193Z "modificationTime": "2024-03-11T09:50:36.020732Z" 2024-10-08T07:17:23.9130320Z }, 2024-10-08T07:17:23.9130940Z { 2024-10-08T07:17:23.9131574Z "assigner": "Red Hat", 2024-10-08T07:17:23.9132394Z "severity": "high", 2024-10-08T07:17:23.9133149Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:17:23.9134416Z "cvssV3BaseScore": 7.4, 2024-10-08T07:17:23.9135403Z "modificationTime": "2024-03-11T09:53:46.595598Z" 2024-10-08T07:17:23.9135830Z } 2024-10-08T07:17:23.9136122Z ], 2024-10-08T07:17:23.9136527Z "cvssSources": [ 2024-10-08T07:17:23.9137061Z { 2024-10-08T07:17:23.9137757Z "type": "primary", 2024-10-08T07:17:23.9138478Z "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9139275Z "assigner": "Snyk", 2024-10-08T07:17:23.9140006Z "severity": "high", 2024-10-08T07:17:23.9140593Z "baseScore": 7.1, 2024-10-08T07:17:23.9141101Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9141741Z "modificationTime": "2024-03-06T14:09:37.073828Z" 2024-10-08T07:17:23.9142185Z }, 2024-10-08T07:17:23.9142441Z { 2024-10-08T07:17:23.9142841Z "type": "secondary", 2024-10-08T07:17:23.9143297Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:17:23.9144327Z "assigner": "NVD", 2024-10-08T07:17:23.9144690Z "severity": "critical", 2024-10-08T07:17:23.9145243Z "baseScore": 9.1, 2024-10-08T07:17:23.9146004Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9146643Z "modificationTime": "2024-03-11T09:50:36.020732Z" 2024-10-08T07:17:23.9147083Z }, 2024-10-08T07:17:23.9147481Z { 2024-10-08T07:17:23.9147792Z "type": "secondary", 2024-10-08T07:17:23.9148222Z "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:17:23.9148793Z "assigner": "Red Hat", 2024-10-08T07:17:23.9149302Z "severity": "high", 2024-10-08T07:17:23.9149791Z "baseScore": 7.4, 2024-10-08T07:17:23.9150356Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9151021Z "modificationTime": "2024-03-11T09:53:46.595598Z" 2024-10-08T07:17:23.9151491Z } 2024-10-08T07:17:23.9151978Z ], 2024-10-08T07:17:23.9161916Z "description": "## Overview\n\nAffected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls.\r\n\r\nIf you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. For more information about repository management, visit [this page](https://maven.apache.org/repository-management.html).\n## Remediation\nUpgrade `org.apache.maven:maven-core` to version 3.8.1 or higher.\n## References\n- [Apache Security Advisory](https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E)\n- [GitHub Commit](https://github.com/apache/maven/commit/28b4ea92d38365d0f27a5bd044ac4927580147f8)\n- [GitHub Commit](https://github.com/apache/maven/commit/3b21386c3f1ab85060f6c950fb2fb17123df8647)\n- [GitHub Commit](https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f)\n", 2024-10-08T07:17:23.9170402Z "epssDetails": { 2024-10-08T07:17:23.9170911Z "percentile": "0.57700", 2024-10-08T07:17:23.9171343Z "probability": "0.00197", 2024-10-08T07:17:23.9172147Z "modelVersion": "v2023.03.01" 2024-10-08T07:17:23.9172660Z }, 2024-10-08T07:17:23.9172969Z "identifiers": { 2024-10-08T07:17:23.9173519Z "CVE": [ 2024-10-08T07:17:23.9174216Z "CVE-2021-26291" 2024-10-08T07:17:23.9174542Z ], 2024-10-08T07:17:23.9175106Z "CWE": [ 2024-10-08T07:17:23.9175475Z "CWE-494" 2024-10-08T07:17:23.9176036Z ], 2024-10-08T07:17:23.9176517Z "GHSA": [ 2024-10-08T07:17:23.9177010Z "GHSA-2f88-5hg8-9x2x" 2024-10-08T07:17:23.9177596Z ] 2024-10-08T07:17:23.9177867Z }, 2024-10-08T07:17:23.9178426Z "packageName": "org.apache.maven:maven-core", 2024-10-08T07:17:23.9179057Z "proprietary": false, 2024-10-08T07:17:23.9179662Z "creationTime": "2024-01-04T15:15:05.020423Z", 2024-10-08T07:17:23.9180211Z "functions_new": [], 2024-10-08T07:17:23.9180707Z "alternativeIds": [], 2024-10-08T07:17:23.9181318Z "disclosureTime": "2021-04-26T09:21:36Z", 2024-10-08T07:17:23.9181865Z "exploitDetails": { 2024-10-08T07:17:23.9182350Z "sources": [], 2024-10-08T07:17:23.9182844Z "maturityLevels": [ 2024-10-08T07:17:23.9183212Z { 2024-10-08T07:17:23.9183693Z "type": "secondary", 2024-10-08T07:17:23.9184447Z "level": "Not Defined", 2024-10-08T07:17:23.9184976Z "format": "CVSSv3" 2024-10-08T07:17:23.9185437Z }, 2024-10-08T07:17:23.9186053Z { 2024-10-08T07:17:23.9186391Z "type": "primary", 2024-10-08T07:17:23.9187033Z "level": "Not Defined", 2024-10-08T07:17:23.9187405Z "format": "CVSSv4" 2024-10-08T07:17:23.9187941Z } 2024-10-08T07:17:23.9188314Z ] 2024-10-08T07:17:23.9188789Z }, 2024-10-08T07:17:23.9189077Z "packageManager": "maven", 2024-10-08T07:17:23.9189692Z "mavenModuleName": { 2024-10-08T07:17:23.9190133Z "groupId": "org.apache.maven", 2024-10-08T07:17:23.9190739Z "artifactId": "maven-core" 2024-10-08T07:17:23.9191365Z }, 2024-10-08T07:17:23.9191827Z "publicationTime": "2024-01-04T15:16:41.308178Z", 2024-10-08T07:17:23.9192467Z "severityBasedOn": "CVSS", 2024-10-08T07:17:23.9193059Z "modificationTime": "2024-03-11T09:53:46.595598Z", 2024-10-08T07:17:23.9193711Z "socialTrendAlert": false, 2024-10-08T07:17:23.9194341Z "severityWithCritical": "high", 2024-10-08T07:17:23.9194959Z "from": [ 2024-10-08T07:17:23.9195414Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:17:23.9196049Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:17:23.9196665Z "org.apache.maven:maven-core@2.0" 2024-10-08T07:17:23.9197139Z ], 2024-10-08T07:17:23.9197446Z "upgradePath": [ 2024-10-08T07:17:23.9197881Z false, 2024-10-08T07:17:23.9198298Z "org.apache.maven:maven-embedder@3.8.1", 2024-10-08T07:17:23.9198771Z "org.apache.maven:maven-core@3.8.1" 2024-10-08T07:17:23.9199312Z ], 2024-10-08T07:17:23.9199687Z "isUpgradable": true, 2024-10-08T07:17:23.9200167Z "isPatchable": false, 2024-10-08T07:17:23.9200590Z "name": "org.apache.maven:maven-core", 2024-10-08T07:17:23.9201159Z "version": "2.0" 2024-10-08T07:17:23.9201588Z }, 2024-10-08T07:17:23.9201836Z { 2024-10-08T07:17:23.9202258Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-31521", 2024-10-08T07:17:23.9202825Z "title": "Directory Traversal", 2024-10-08T07:17:23.9203324Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9203764Z "credit": [ 2024-10-08T07:17:23.9204289Z "Unknown" 2024-10-08T07:17:23.9204597Z ], 2024-10-08T07:17:23.9204912Z "semver": { 2024-10-08T07:17:23.9205264Z "vulnerable": [ 2024-10-08T07:17:23.9205608Z "[,3.0.24)" 2024-10-08T07:17:23.9205944Z ] 2024-10-08T07:17:23.9206371Z }, 2024-10-08T07:17:23.9206756Z "exploit": "Not Defined", 2024-10-08T07:17:23.9207151Z "fixedIn": [ 2024-10-08T07:17:23.9207546Z "3.0.24" 2024-10-08T07:17:23.9208146Z ], 2024-10-08T07:17:23.9208445Z "patches": [], 2024-10-08T07:17:23.9208865Z "insights": { 2024-10-08T07:17:23.9209191Z "triageAdvice": null 2024-10-08T07:17:23.9209556Z }, 2024-10-08T07:17:23.9209920Z "language": "java", 2024-10-08T07:17:23.9210295Z "severity": "medium", 2024-10-08T07:17:23.9210621Z "cvssScore": 5.3, 2024-10-08T07:17:23.9211171Z "functions": [ 2024-10-08T07:17:23.9211506Z { 2024-10-08T07:17:23.9211769Z "version": [ 2024-10-08T07:17:23.9212187Z "[,3.0.24)" 2024-10-08T07:17:23.9212510Z ], 2024-10-08T07:17:23.9212842Z "functionId": { 2024-10-08T07:17:23.9213302Z "filePath": "org/codehaus/plexus/util/Expand.java", 2024-10-08T07:17:23.9213903Z "className": "Expand", 2024-10-08T07:17:23.9214343Z "functionName": "extractFile" 2024-10-08T07:17:23.9214808Z } 2024-10-08T07:17:23.9215066Z } 2024-10-08T07:17:23.9215380Z ], 2024-10-08T07:17:23.9215739Z "malicious": false, 2024-10-08T07:17:23.9216068Z "isDisputed": false, 2024-10-08T07:17:23.9216601Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9217149Z "references": [ 2024-10-08T07:17:23.9217497Z { 2024-10-08T07:17:23.9218288Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef", 2024-10-08T07:17:23.9219003Z "title": "GitHub Commit" 2024-10-08T07:17:23.9219360Z }, 2024-10-08T07:17:23.9219711Z { 2024-10-08T07:17:23.9220406Z "url": "https://github.com/codehaus-plexus/plexus-utils/issues/4", 2024-10-08T07:17:23.9220977Z "title": "GitHub Issue" 2024-10-08T07:17:23.9221514Z } 2024-10-08T07:17:23.9221818Z ], 2024-10-08T07:17:23.9222160Z "cvssDetails": [ 2024-10-08T07:17:23.9222529Z { 2024-10-08T07:17:23.9222854Z "assigner": "NVD", 2024-10-08T07:17:23.9223225Z "severity": "high", 2024-10-08T07:17:23.9223945Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:17:23.9224471Z "cvssV3BaseScore": 7.5, 2024-10-08T07:17:23.9225008Z "modificationTime": "2024-03-11T09:53:39.008801Z" 2024-10-08T07:17:23.9225535Z }, 2024-10-08T07:17:23.9225840Z { 2024-10-08T07:17:23.9226124Z "assigner": "Red Hat", 2024-10-08T07:17:23.9226577Z "severity": "high", 2024-10-08T07:17:23.9227310Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:17:23.9227799Z "cvssV3BaseScore": 7.5, 2024-10-08T07:17:23.9228401Z "modificationTime": "2024-03-11T09:53:59.688096Z" 2024-10-08T07:17:23.9228851Z } 2024-10-08T07:17:23.9229137Z ], 2024-10-08T07:17:23.9229486Z "cvssSources": [ 2024-10-08T07:17:23.9229824Z { 2024-10-08T07:17:23.9230131Z "type": "primary", 2024-10-08T07:17:23.9230655Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9231111Z "assigner": "Snyk", 2024-10-08T07:17:23.9231485Z "severity": "medium", 2024-10-08T07:17:23.9231940Z "baseScore": 5.3, 2024-10-08T07:17:23.9232279Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9232796Z "modificationTime": "2024-05-09T13:34:27.533160Z" 2024-10-08T07:17:23.9233301Z }, 2024-10-08T07:17:23.9233594Z { 2024-10-08T07:17:23.9234006Z "type": "secondary", 2024-10-08T07:17:23.9234542Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:17:23.9235025Z "assigner": "NVD", 2024-10-08T07:17:23.9235466Z "severity": "high", 2024-10-08T07:17:23.9235805Z "baseScore": 7.5, 2024-10-08T07:17:23.9236168Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9236742Z "modificationTime": "2024-03-11T09:53:39.008801Z" 2024-10-08T07:17:23.9237154Z }, 2024-10-08T07:17:23.9237463Z { 2024-10-08T07:17:23.9237821Z "type": "secondary", 2024-10-08T07:17:23.9238435Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:17:23.9238907Z "assigner": "Red Hat", 2024-10-08T07:17:23.9239363Z "severity": "high", 2024-10-08T07:17:23.9239754Z "baseScore": 7.5, 2024-10-08T07:17:23.9240119Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9240759Z "modificationTime": "2024-03-11T09:53:59.688096Z" 2024-10-08T07:17:23.9241232Z } 2024-10-08T07:17:23.9241526Z ], 2024-10-08T07:17:23.9245799Z "description": "## Overview\nAn attacker could access arbitrary files and directories stored on the file system by manipulating files with `dot-dot-slash (../)` sequences and their variations or by using absolute file paths. \r\n\r\n**Note:**\r\n\r\nThere is no indication that access to the filesystem beyond that of the application user can be achieved. So typical deployments will have only limited confidentiality impact from this vulnerability.\n\n## References\n- [https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef](https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef)\n- [https://github.com/codehaus-plexus/plexus-utils/issues/4](https://github.com/codehaus-plexus/plexus-utils/issues/4)\n", 2024-10-08T07:17:23.9249727Z "epssDetails": { 2024-10-08T07:17:23.9250102Z "percentile": "0.26522", 2024-10-08T07:17:23.9250568Z "probability": "0.00060", 2024-10-08T07:17:23.9250976Z "modelVersion": "v2023.03.01" 2024-10-08T07:17:23.9251371Z }, 2024-10-08T07:17:23.9251762Z "identifiers": { 2024-10-08T07:17:23.9252063Z "CVE": [ 2024-10-08T07:17:23.9252444Z "CVE-2022-4244" 2024-10-08T07:17:23.9252864Z ], 2024-10-08T07:17:23.9253158Z "CWE": [ 2024-10-08T07:17:23.9253481Z "CWE-22" 2024-10-08T07:17:23.9253974Z ] 2024-10-08T07:17:23.9254268Z }, 2024-10-08T07:17:23.9254722Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9255288Z "proprietary": false, 2024-10-08T07:17:23.9255739Z "creationTime": "2017-09-20T00:00:00Z", 2024-10-08T07:17:23.9256243Z "functions_new": [ 2024-10-08T07:17:23.9256546Z { 2024-10-08T07:17:23.9256842Z "version": [ 2024-10-08T07:17:23.9257250Z "[,3.0.24)" 2024-10-08T07:17:23.9257549Z ], 2024-10-08T07:17:23.9257879Z "functionId": { 2024-10-08T07:17:23.9258383Z "className": "org.codehaus.plexus.util.Expand", 2024-10-08T07:17:23.9258888Z "functionName": "extractFile" 2024-10-08T07:17:23.9259271Z } 2024-10-08T07:17:23.9259624Z } 2024-10-08T07:17:23.9259911Z ], 2024-10-08T07:17:23.9260237Z "alternativeIds": [], 2024-10-08T07:17:23.9260723Z "disclosureTime": "2016-05-08T00:00:00Z", 2024-10-08T07:17:23.9261158Z "exploitDetails": { 2024-10-08T07:17:23.9261533Z "sources": [], 2024-10-08T07:17:23.9261910Z "maturityLevels": [ 2024-10-08T07:17:23.9262281Z { 2024-10-08T07:17:23.9262595Z "type": "secondary", 2024-10-08T07:17:23.9263047Z "level": "Not Defined", 2024-10-08T07:17:23.9263424Z "format": "CVSSv3" 2024-10-08T07:17:23.9263952Z }, 2024-10-08T07:17:23.9264323Z { 2024-10-08T07:17:23.9264615Z "type": "primary", 2024-10-08T07:17:23.9264996Z "level": "Not Defined", 2024-10-08T07:17:23.9265447Z "format": "CVSSv4" 2024-10-08T07:17:23.9265811Z } 2024-10-08T07:17:23.9266101Z ] 2024-10-08T07:17:23.9266460Z }, 2024-10-08T07:17:23.9266778Z "packageManager": "maven", 2024-10-08T07:17:23.9267171Z "mavenModuleName": { 2024-10-08T07:17:23.9267608Z "groupId": "org.codehaus.plexus", 2024-10-08T07:17:23.9268098Z "artifactId": "plexus-utils" 2024-10-08T07:17:23.9268504Z }, 2024-10-08T07:17:23.9268943Z "publicationTime": "2017-09-20T00:00:00Z", 2024-10-08T07:17:23.9269587Z "severityBasedOn": "CVSS", 2024-10-08T07:17:23.9270110Z "modificationTime": "2024-05-09T13:34:27.533160Z", 2024-10-08T07:17:23.9270693Z "socialTrendAlert": false, 2024-10-08T07:17:23.9271069Z "severityWithCritical": "medium", 2024-10-08T07:17:23.9271498Z "from": [ 2024-10-08T07:17:23.9271988Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:17:23.9272656Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:17:23.9273137Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:17:23.9273726Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:17:23.9274302Z ], 2024-10-08T07:17:23.9274575Z "upgradePath": [ 2024-10-08T07:17:23.9274986Z false, 2024-10-08T07:17:23.9275417Z "org.apache.maven:maven-embedder@3.5.0", 2024-10-08T07:17:23.9275999Z "org.apache.maven:maven-core@3.5.0", 2024-10-08T07:17:23.9276491Z "org.codehaus.plexus:plexus-utils@3.0.24" 2024-10-08T07:17:23.9276938Z ], 2024-10-08T07:17:23.9277313Z "isUpgradable": true, 2024-10-08T07:17:23.9277708Z "isPatchable": false, 2024-10-08T07:17:23.9278139Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9278650Z "version": "1.0.4" 2024-10-08T07:17:23.9279005Z }, 2024-10-08T07:17:23.9279250Z { 2024-10-08T07:17:23.9279720Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-31522", 2024-10-08T07:17:23.9280231Z "title": "Shell Command Injection", 2024-10-08T07:17:23.9280734Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9281233Z "credit": [ 2024-10-08T07:17:23.9281576Z "Charles Duffy" 2024-10-08T07:17:23.9281908Z ], 2024-10-08T07:17:23.9282279Z "semver": { 2024-10-08T07:17:23.9282569Z "vulnerable": [ 2024-10-08T07:17:23.9282906Z "[,3.0.16)" 2024-10-08T07:17:23.9283305Z ] 2024-10-08T07:17:23.9283558Z }, 2024-10-08T07:17:23.9283970Z "exploit": "Not Defined", 2024-10-08T07:17:23.9284440Z "fixedIn": [ 2024-10-08T07:17:23.9284766Z "3.0.16" 2024-10-08T07:17:23.9285039Z ], 2024-10-08T07:17:23.9285407Z "patches": [], 2024-10-08T07:17:23.9285741Z "insights": { 2024-10-08T07:17:23.9286062Z "triageAdvice": null 2024-10-08T07:17:23.9286472Z }, 2024-10-08T07:17:23.9286770Z "language": "java", 2024-10-08T07:17:23.9287147Z "severity": "critical", 2024-10-08T07:17:23.9287546Z "cvssScore": 9.8, 2024-10-08T07:17:23.9287892Z "functions": [ 2024-10-08T07:17:23.9288231Z { 2024-10-08T07:17:23.9288553Z "version": [ 2024-10-08T07:17:23.9288899Z "[,3.0.16)" 2024-10-08T07:17:23.9289243Z ], 2024-10-08T07:17:23.9289628Z "functionId": { 2024-10-08T07:17:23.9290091Z "filePath": "org/codehaus/plexus/util/cli/Commandline.java", 2024-10-08T07:17:23.9290626Z "className": "Commandline", 2024-10-08T07:17:23.9291114Z "functionName": "execute" 2024-10-08T07:17:23.9291516Z } 2024-10-08T07:17:23.9291779Z } 2024-10-08T07:17:23.9292128Z ], 2024-10-08T07:17:23.9292447Z "malicious": false, 2024-10-08T07:17:23.9292771Z "isDisputed": false, 2024-10-08T07:17:23.9293330Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9293931Z "references": [ 2024-10-08T07:17:23.9294339Z { 2024-10-08T07:17:23.9295054Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41", 2024-10-08T07:17:23.9295771Z "title": "GitHub Commit" 2024-10-08T07:17:23.9296212Z }, 2024-10-08T07:17:23.9296518Z { 2024-10-08T07:17:23.9297149Z "url": "https://raw.githubusercontent.com/sonatype/plexus-utils/master/jira/PLXUTILS-161.json", 2024-10-08T07:17:23.9298027Z "title": "PLXUTILS-161 - Raw Jira Ticket JSON" 2024-10-08T07:17:23.9298676Z } 2024-10-08T07:17:23.9298963Z ], 2024-10-08T07:17:23.9299320Z "cvssDetails": [ 2024-10-08T07:17:23.9299825Z { 2024-10-08T07:17:23.9300131Z "assigner": "NVD", 2024-10-08T07:17:23.9300561Z "severity": "critical", 2024-10-08T07:17:23.9301064Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9301583Z "cvssV3BaseScore": 9.8, 2024-10-08T07:17:23.9302203Z "modificationTime": "2024-03-11T09:46:36.869045Z" 2024-10-08T07:17:23.9302732Z }, 2024-10-08T07:17:23.9303043Z { 2024-10-08T07:17:23.9303417Z "assigner": "Red Hat", 2024-10-08T07:17:23.9304082Z "severity": "high", 2024-10-08T07:17:23.9304558Z "cvssV3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9305145Z "cvssV3BaseScore": 7.8, 2024-10-08T07:17:23.9305687Z "modificationTime": "2024-03-11T09:53:54.737412Z" 2024-10-08T07:17:23.9306094Z } 2024-10-08T07:17:23.9306443Z ], 2024-10-08T07:17:23.9306760Z "cvssSources": [ 2024-10-08T07:17:23.9307092Z { 2024-10-08T07:17:23.9307430Z "type": "primary", 2024-10-08T07:17:23.9307898Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9308382Z "assigner": "Snyk", 2024-10-08T07:17:23.9308818Z "severity": "critical", 2024-10-08T07:17:23.9309187Z "baseScore": 9.8, 2024-10-08T07:17:23.9309572Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9310171Z "modificationTime": "2024-03-06T13:58:02.476253Z" 2024-10-08T07:17:23.9310580Z }, 2024-10-08T07:17:23.9310871Z { 2024-10-08T07:17:23.9311252Z "type": "secondary", 2024-10-08T07:17:23.9312028Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9312487Z "assigner": "NVD", 2024-10-08T07:17:23.9312939Z "severity": "critical", 2024-10-08T07:17:23.9313324Z "baseScore": 9.8, 2024-10-08T07:17:23.9313743Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9314353Z "modificationTime": "2024-03-11T09:46:36.869045Z" 2024-10-08T07:17:23.9314806Z }, 2024-10-08T07:17:23.9315184Z { 2024-10-08T07:17:23.9315459Z "type": "secondary", 2024-10-08T07:17:23.9315913Z "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9316481Z "assigner": "Red Hat", 2024-10-08T07:17:23.9317110Z "severity": "high", 2024-10-08T07:17:23.9317609Z "baseScore": 7.8, 2024-10-08T07:17:23.9318249Z "cvssVersion": "3.0", 2024-10-08T07:17:23.9318920Z "modificationTime": "2024-03-11T09:53:54.737412Z" 2024-10-08T07:17:23.9319483Z } 2024-10-08T07:17:23.9319740Z ], 2024-10-08T07:17:23.9323339Z "description": "## Overview\r\n[`Codehaus Plexus`](https://codehaus-plexus.github.io/) is a collection of components used by Apache Maven.\r\n\r\nAffected versions of this package are vulnerable to Shell Command Injection. The Commandline class in plexus-utils does not correctly quote the contents of double-quoted strings.\r\n\r\n## Remediation\r\nUpgrade _Codehaus Plexus_ to version `3.0.16` or higher.\r\n\r\n## References\r\n- [Github Commit](https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41)\r\n- [PLXUTILS-161 - Raw Jira Ticket JSON](https://raw.githubusercontent.com/sonatype/plexus-utils/master/jira/PLXUTILS-161.json)", 2024-10-08T07:17:23.9326731Z "epssDetails": { 2024-10-08T07:17:23.9327237Z "percentile": "0.73724", 2024-10-08T07:17:23.9327600Z "probability": "0.00395", 2024-10-08T07:17:23.9328096Z "modelVersion": "v2023.03.01" 2024-10-08T07:17:23.9328486Z }, 2024-10-08T07:17:23.9328819Z "identifiers": { 2024-10-08T07:17:23.9329295Z "CVE": [ 2024-10-08T07:17:23.9329742Z "CVE-2017-1000487" 2024-10-08T07:17:23.9330115Z ], 2024-10-08T07:17:23.9330545Z "CWE": [ 2024-10-08T07:17:23.9331006Z "CWE-77" 2024-10-08T07:17:23.9331304Z ] 2024-10-08T07:17:23.9331599Z }, 2024-10-08T07:17:23.9332111Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9332786Z "proprietary": false, 2024-10-08T07:17:23.9333202Z "creationTime": "2016-09-20T00:00:00Z", 2024-10-08T07:17:23.9333718Z "functions_new": [ 2024-10-08T07:17:23.9334188Z { 2024-10-08T07:17:23.9334453Z "version": [ 2024-10-08T07:17:23.9334872Z "[,3.0.16)" 2024-10-08T07:17:23.9335323Z ], 2024-10-08T07:17:23.9335720Z "functionId": { 2024-10-08T07:17:23.9336177Z "className": "org.codehaus.plexus.util.cli.Commandline", 2024-10-08T07:17:23.9336712Z "functionName": "execute" 2024-10-08T07:17:23.9337179Z } 2024-10-08T07:17:23.9337439Z } 2024-10-08T07:17:23.9337728Z ], 2024-10-08T07:17:23.9338113Z "alternativeIds": [], 2024-10-08T07:17:23.9338583Z "disclosureTime": "2016-05-08T00:00:00Z", 2024-10-08T07:17:23.9338986Z "exploitDetails": { 2024-10-08T07:17:23.9339424Z "sources": [], 2024-10-08T07:17:23.9339781Z "maturityLevels": [ 2024-10-08T07:17:23.9340149Z { 2024-10-08T07:17:23.9340482Z "type": "secondary", 2024-10-08T07:17:23.9340877Z "level": "Not Defined", 2024-10-08T07:17:23.9341291Z "format": "CVSSv3" 2024-10-08T07:17:23.9341676Z }, 2024-10-08T07:17:23.9341974Z { 2024-10-08T07:17:23.9342302Z "type": "primary", 2024-10-08T07:17:23.9342747Z "level": "Not Defined", 2024-10-08T07:17:23.9343105Z "format": "CVSSv4" 2024-10-08T07:17:23.9343477Z } 2024-10-08T07:17:23.9343950Z ] 2024-10-08T07:17:23.9344233Z }, 2024-10-08T07:17:23.9344551Z "packageManager": "maven", 2024-10-08T07:17:23.9345014Z "mavenModuleName": { 2024-10-08T07:17:23.9345433Z "groupId": "org.codehaus.plexus", 2024-10-08T07:17:23.9345892Z "artifactId": "plexus-utils" 2024-10-08T07:17:23.9346354Z }, 2024-10-08T07:17:23.9346767Z "publicationTime": "2016-09-20T00:00:00Z", 2024-10-08T07:17:23.9347224Z "severityBasedOn": "CVSS", 2024-10-08T07:17:23.9347762Z "modificationTime": "2024-03-11T09:53:54.737412Z", 2024-10-08T07:17:23.9348255Z "socialTrendAlert": false, 2024-10-08T07:17:23.9348676Z "severityWithCritical": "critical", 2024-10-08T07:17:23.9349135Z "from": [ 2024-10-08T07:17:23.9349570Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:17:23.9350120Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:17:23.9350705Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:17:23.9351188Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:17:23.9351622Z ], 2024-10-08T07:17:23.9352005Z "upgradePath": [ 2024-10-08T07:17:23.9352352Z false, 2024-10-08T07:17:23.9352722Z "org.apache.maven:maven-embedder@3.2.1", 2024-10-08T07:17:23.9353318Z "org.apache.maven:maven-core@3.2.1", 2024-10-08T07:17:23.9354166Z "org.codehaus.plexus:plexus-utils@3.0.17" 2024-10-08T07:17:23.9354748Z ], 2024-10-08T07:17:23.9355036Z "isUpgradable": true, 2024-10-08T07:17:23.9355412Z "isPatchable": false, 2024-10-08T07:17:23.9355968Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9356382Z "version": "1.0.4" 2024-10-08T07:17:23.9356727Z }, 2024-10-08T07:17:23.9357081Z { 2024-10-08T07:17:23.9357494Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-461102", 2024-10-08T07:17:23.9357977Z "title": "XML External Entity (XXE) Injection", 2024-10-08T07:17:23.9358650Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U", 2024-10-08T07:17:23.9359176Z "credit": [ 2024-10-08T07:17:23.9359517Z "Florian Weimer" 2024-10-08T07:17:23.9359877Z ], 2024-10-08T07:17:23.9360171Z "semver": { 2024-10-08T07:17:23.9360515Z "vulnerable": [ 2024-10-08T07:17:23.9360887Z "[,3.0.24)" 2024-10-08T07:17:23.9361212Z ] 2024-10-08T07:17:23.9361520Z }, 2024-10-08T07:17:23.9361887Z "exploit": "Unproven", 2024-10-08T07:17:23.9362392Z "fixedIn": [ 2024-10-08T07:17:23.9362711Z "3.0.24" 2024-10-08T07:17:23.9363090Z ], 2024-10-08T07:17:23.9363370Z "patches": [], 2024-10-08T07:17:23.9363706Z "insights": { 2024-10-08T07:17:23.9364245Z "triageAdvice": null 2024-10-08T07:17:23.9364620Z }, 2024-10-08T07:17:23.9364887Z "language": "java", 2024-10-08T07:17:23.9365445Z "severity": "medium", 2024-10-08T07:17:23.9365826Z "cvssScore": 4.3, 2024-10-08T07:17:23.9366135Z "functions": [ 2024-10-08T07:17:23.9366545Z { 2024-10-08T07:17:23.9366846Z "version": [ 2024-10-08T07:17:23.9367199Z "(1.5.3,3.0.24)" 2024-10-08T07:17:23.9367570Z ], 2024-10-08T07:17:23.9367881Z "functionId": { 2024-10-08T07:17:23.9368391Z "filePath": "org/codehaus/plexus/util/xml/XmlWriterUtil.java", 2024-10-08T07:17:23.9369008Z "className": "XmlWriterUtil", 2024-10-08T07:17:23.9369415Z "functionName": "writeComment" 2024-10-08T07:17:23.9369851Z } 2024-10-08T07:17:23.9370203Z } 2024-10-08T07:17:23.9370457Z ], 2024-10-08T07:17:23.9370773Z "malicious": false, 2024-10-08T07:17:23.9371189Z "isDisputed": false, 2024-10-08T07:17:23.9371709Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9372143Z "references": [ 2024-10-08T07:17:23.9372540Z { 2024-10-08T07:17:23.9373284Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de", 2024-10-08T07:17:23.9374176Z "title": "GitHub Commit" 2024-10-08T07:17:23.9374524Z }, 2024-10-08T07:17:23.9374829Z { 2024-10-08T07:17:23.9375391Z "url": "https://github.com/codehaus-plexus/plexus-utils/issues/3", 2024-10-08T07:17:23.9375902Z "title": "GitHub Issue" 2024-10-08T07:17:23.9376294Z } 2024-10-08T07:17:23.9376638Z ], 2024-10-08T07:17:23.9376953Z "cvssDetails": [ 2024-10-08T07:17:23.9377256Z { 2024-10-08T07:17:23.9377622Z "assigner": "NVD", 2024-10-08T07:17:23.9378011Z "severity": "medium", 2024-10-08T07:17:23.9378506Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9379055Z "cvssV3BaseScore": 4.3, 2024-10-08T07:17:23.9379588Z "modificationTime": "2024-03-11T09:53:38.966298Z" 2024-10-08T07:17:23.9380041Z }, 2024-10-08T07:17:23.9380356Z { 2024-10-08T07:17:23.9380688Z "assigner": "Red Hat", 2024-10-08T07:17:23.9381077Z "severity": "medium", 2024-10-08T07:17:23.9381688Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9382167Z "cvssV3BaseScore": 4.3, 2024-10-08T07:17:23.9382677Z "modificationTime": "2024-03-11T09:53:59.734097Z" 2024-10-08T07:17:23.9383189Z } 2024-10-08T07:17:23.9383475Z ], 2024-10-08T07:17:23.9383740Z "cvssSources": [ 2024-10-08T07:17:23.9384435Z { 2024-10-08T07:17:23.9384748Z "type": "primary", 2024-10-08T07:17:23.9385217Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U", 2024-10-08T07:17:23.9385832Z "assigner": "Snyk", 2024-10-08T07:17:23.9386208Z "severity": "medium", 2024-10-08T07:17:23.9386604Z "baseScore": 4.3, 2024-10-08T07:17:23.9386993Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9387501Z "modificationTime": "2024-03-06T14:09:20.690133Z" 2024-10-08T07:17:23.9387964Z }, 2024-10-08T07:17:23.9388314Z { 2024-10-08T07:17:23.9388588Z "type": "secondary", 2024-10-08T07:17:23.9389064Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9389607Z "assigner": "NVD", 2024-10-08T07:17:23.9390014Z "severity": "medium", 2024-10-08T07:17:23.9390371Z "baseScore": 4.3, 2024-10-08T07:17:23.9390790Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9391308Z "modificationTime": "2024-03-11T09:53:38.966298Z" 2024-10-08T07:17:23.9391850Z }, 2024-10-08T07:17:23.9392211Z { 2024-10-08T07:17:23.9392544Z "type": "secondary", 2024-10-08T07:17:23.9393092Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9393560Z "assigner": "Red Hat", 2024-10-08T07:17:23.9394086Z "severity": "medium", 2024-10-08T07:17:23.9394649Z "baseScore": 4.3, 2024-10-08T07:17:23.9395042Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9395510Z "modificationTime": "2024-03-11T09:53:59.734097Z" 2024-10-08T07:17:23.9396020Z } 2024-10-08T07:17:23.9396327Z ], 2024-10-08T07:17:23.9400826Z "description": "## Overview\n[org.codehaus.plexus:plexus-utils](https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-utils) is a collection of various utility classes to ease working with strings, files, command lines, XML and more.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. `org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment` fails to sanitize comments for a `-->` sequence. This means that text contained in the command string could be interpreted as XML and allow for XML injection.\n## Remediation\nUpgrade `org.codehaus.plexus:plexus-utils` to version 3.0.24 or higher.\n## References\n- [GitHub Commit](https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de)\n- [GitHub Issue](https://github.com/codehaus-plexus/plexus-utils/issues/3)\n", 2024-10-08T07:17:23.9404791Z "epssDetails": { 2024-10-08T07:17:23.9405118Z "percentile": "0.30216", 2024-10-08T07:17:23.9405513Z "probability": "0.00067", 2024-10-08T07:17:23.9405995Z "modelVersion": "v2023.03.01" 2024-10-08T07:17:23.9406383Z }, 2024-10-08T07:17:23.9406650Z "identifiers": { 2024-10-08T07:17:23.9407064Z "CVE": [ 2024-10-08T07:17:23.9407440Z "CVE-2022-4245" 2024-10-08T07:17:23.9407794Z ], 2024-10-08T07:17:23.9408129Z "CWE": [ 2024-10-08T07:17:23.9408467Z "CWE-91" 2024-10-08T07:17:23.9408795Z ] 2024-10-08T07:17:23.9409106Z }, 2024-10-08T07:17:23.9409540Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9410037Z "proprietary": false, 2024-10-08T07:17:23.9410559Z "creationTime": "2019-09-06T15:46:47.546130Z", 2024-10-08T07:17:23.9410972Z "functions_new": [ 2024-10-08T07:17:23.9411325Z { 2024-10-08T07:17:23.9411681Z "version": [ 2024-10-08T07:17:23.9411981Z "(1.5.3,3.0.24)" 2024-10-08T07:17:23.9412344Z ], 2024-10-08T07:17:23.9412717Z "functionId": { 2024-10-08T07:17:23.9413232Z "className": "org.codehaus.plexus.util.xml.XmlWriterUtil", 2024-10-08T07:17:23.9413746Z "functionName": "writeComment" 2024-10-08T07:17:23.9414364Z } 2024-10-08T07:17:23.9414674Z } 2024-10-08T07:17:23.9415024Z ], 2024-10-08T07:17:23.9415299Z "alternativeIds": [], 2024-10-08T07:17:23.9415785Z "disclosureTime": "2015-09-21T15:48:37Z", 2024-10-08T07:17:23.9416288Z "exploitDetails": { 2024-10-08T07:17:23.9416607Z "sources": [ 2024-10-08T07:17:23.9416954Z "Snyk" 2024-10-08T07:17:23.9417316Z ], 2024-10-08T07:17:23.9417641Z "maturityLevels": [ 2024-10-08T07:17:23.9417956Z { 2024-10-08T07:17:23.9418325Z "type": "secondary", 2024-10-08T07:17:23.9418734Z "level": "Not Defined", 2024-10-08T07:17:23.9419131Z "format": "CVSSv3" 2024-10-08T07:17:23.9419516Z }, 2024-10-08T07:17:23.9419828Z { 2024-10-08T07:17:23.9420135Z "type": "primary", 2024-10-08T07:17:23.9420551Z "level": "Proof of Concept", 2024-10-08T07:17:23.9421018Z "format": "CVSSv4" 2024-10-08T07:17:23.9421633Z } 2024-10-08T07:17:23.9422233Z ] 2024-10-08T07:17:23.9422663Z }, 2024-10-08T07:17:23.9423031Z "packageManager": "maven", 2024-10-08T07:17:23.9424360Z "mavenModuleName": { 2024-10-08T07:17:23.9424762Z "groupId": "org.codehaus.plexus", 2024-10-08T07:17:23.9425282Z "artifactId": "plexus-utils" 2024-10-08T07:17:23.9425807Z }, 2024-10-08T07:17:23.9426208Z "publicationTime": "2019-09-06T15:46:00Z", 2024-10-08T07:17:23.9426645Z "severityBasedOn": "CVSS", 2024-10-08T07:17:23.9427360Z "modificationTime": "2024-03-11T09:53:59.734097Z", 2024-10-08T07:17:23.9427853Z "socialTrendAlert": false, 2024-10-08T07:17:23.9428293Z "severityWithCritical": "medium", 2024-10-08T07:17:23.9428743Z "from": [ 2024-10-08T07:17:23.9429195Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:17:23.9429731Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:17:23.9430268Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:17:23.9430802Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:17:23.9431233Z ], 2024-10-08T07:17:23.9431601Z "upgradePath": [ 2024-10-08T07:17:23.9431927Z false, 2024-10-08T07:17:23.9432332Z "org.apache.maven:maven-embedder@3.5.0", 2024-10-08T07:17:23.9432904Z "org.apache.maven:maven-core@3.5.0", 2024-10-08T07:17:23.9433442Z "org.codehaus.plexus:plexus-utils@3.0.24" 2024-10-08T07:17:23.9434046Z ], 2024-10-08T07:17:23.9434477Z "isUpgradable": true, 2024-10-08T07:17:23.9434859Z "isPatchable": false, 2024-10-08T07:17:23.9435299Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9435828Z "version": "1.0.4" 2024-10-08T07:17:23.9436167Z } 2024-10-08T07:17:23.9436504Z ], 2024-10-08T07:17:23.9436771Z "ok": false, 2024-10-08T07:17:23.9437100Z "dependencyCount": 28, 2024-10-08T07:17:23.9437509Z "org": "itsarraj", 2024-10-08T07:17:23.9438302Z "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", 2024-10-08T07:17:23.9439136Z "isPrivate": true, 2024-10-08T07:17:23.9439575Z "licensesPolicy": { 2024-10-08T07:17:23.9439931Z "severities": {}, 2024-10-08T07:17:23.9440277Z "orgLicenseRules": { 2024-10-08T07:17:23.9440712Z "AGPL-1.0": { 2024-10-08T07:17:23.9441098Z "licenseType": "AGPL-1.0", 2024-10-08T07:17:23.9441508Z "severity": "high", 2024-10-08T07:17:23.9441930Z "instructions": "" 2024-10-08T07:17:23.9442277Z }, 2024-10-08T07:17:23.9442667Z "AGPL-3.0": { 2024-10-08T07:17:23.9443112Z "licenseType": "AGPL-3.0", 2024-10-08T07:17:23.9443467Z "severity": "high", 2024-10-08T07:17:23.9444068Z "instructions": "" 2024-10-08T07:17:23.9444513Z }, 2024-10-08T07:17:23.9444869Z "Artistic-1.0": { 2024-10-08T07:17:23.9445240Z "licenseType": "Artistic-1.0", 2024-10-08T07:17:23.9445714Z "severity": "medium", 2024-10-08T07:17:23.9446107Z "instructions": "" 2024-10-08T07:17:23.9446418Z }, 2024-10-08T07:17:23.9446803Z "Artistic-2.0": { 2024-10-08T07:17:23.9447225Z "licenseType": "Artistic-2.0", 2024-10-08T07:17:23.9447701Z "severity": "medium", 2024-10-08T07:17:23.9448095Z "instructions": "" 2024-10-08T07:17:23.9448454Z }, 2024-10-08T07:17:23.9448840Z "CDDL-1.0": { 2024-10-08T07:17:23.9449183Z "licenseType": "CDDL-1.0", 2024-10-08T07:17:23.9449590Z "severity": "medium", 2024-10-08T07:17:23.9450019Z "instructions": "" 2024-10-08T07:17:23.9450390Z }, 2024-10-08T07:17:23.9450680Z "CPOL-1.02": { 2024-10-08T07:17:23.9451137Z "licenseType": "CPOL-1.02", 2024-10-08T07:17:23.9451557Z "severity": "high", 2024-10-08T07:17:23.9451925Z "instructions": "" 2024-10-08T07:17:23.9452289Z }, 2024-10-08T07:17:23.9452626Z "EPL-1.0": { 2024-10-08T07:17:23.9453005Z "licenseType": "EPL-1.0", 2024-10-08T07:17:23.9453419Z "severity": "medium", 2024-10-08T07:17:23.9453918Z "instructions": "" 2024-10-08T07:17:23.9454268Z }, 2024-10-08T07:17:23.9454700Z "GPL-2.0": { 2024-10-08T07:17:23.9455206Z "licenseType": "GPL-2.0", 2024-10-08T07:17:23.9455595Z "severity": "high", 2024-10-08T07:17:23.9456042Z "instructions": "" 2024-10-08T07:17:23.9456347Z }, 2024-10-08T07:17:23.9456667Z "GPL-3.0": { 2024-10-08T07:17:23.9457118Z "licenseType": "GPL-3.0", 2024-10-08T07:17:23.9457507Z "severity": "high", 2024-10-08T07:17:23.9457963Z "instructions": "" 2024-10-08T07:17:23.9458386Z }, 2024-10-08T07:17:23.9458711Z "LGPL-2.0": { 2024-10-08T07:17:23.9459109Z "licenseType": "LGPL-2.0", 2024-10-08T07:17:23.9459531Z "severity": "medium", 2024-10-08T07:17:23.9459917Z "instructions": "" 2024-10-08T07:17:23.9460257Z }, 2024-10-08T07:17:23.9460610Z "LGPL-2.1": { 2024-10-08T07:17:23.9461008Z "licenseType": "LGPL-2.1", 2024-10-08T07:17:23.9461398Z "severity": "medium", 2024-10-08T07:17:23.9461828Z "instructions": "" 2024-10-08T07:17:23.9462156Z }, 2024-10-08T07:17:23.9462480Z "LGPL-3.0": { 2024-10-08T07:17:23.9462929Z "licenseType": "LGPL-3.0", 2024-10-08T07:17:23.9463305Z "severity": "medium", 2024-10-08T07:17:23.9463676Z "instructions": "" 2024-10-08T07:17:23.9464341Z }, 2024-10-08T07:17:23.9464665Z "MPL-1.1": { 2024-10-08T07:17:23.9465007Z "licenseType": "MPL-1.1", 2024-10-08T07:17:23.9465479Z "severity": "medium", 2024-10-08T07:17:23.9465860Z "instructions": "" 2024-10-08T07:17:23.9466258Z }, 2024-10-08T07:17:23.9466558Z "MPL-2.0": { 2024-10-08T07:17:23.9466930Z "licenseType": "MPL-2.0", 2024-10-08T07:17:23.9467384Z "severity": "medium", 2024-10-08T07:17:23.9467738Z "instructions": "" 2024-10-08T07:17:23.9468077Z }, 2024-10-08T07:17:23.9468468Z "MS-RL": { 2024-10-08T07:17:23.9468833Z "licenseType": "MS-RL", 2024-10-08T07:17:23.9469182Z "severity": "medium", 2024-10-08T07:17:23.9469624Z "instructions": "" 2024-10-08T07:17:23.9469965Z }, 2024-10-08T07:17:23.9470259Z "SimPL-2.0": { 2024-10-08T07:17:23.9470727Z "licenseType": "SimPL-2.0", 2024-10-08T07:17:23.9471132Z "severity": "high", 2024-10-08T07:17:23.9471497Z "instructions": "" 2024-10-08T07:17:23.9471881Z } 2024-10-08T07:17:23.9472164Z } 2024-10-08T07:17:23.9472457Z }, 2024-10-08T07:17:23.9472821Z "packageManager": "maven", 2024-10-08T07:17:23.9473299Z "projectId": "585b6b28-57da-4dbb-bda8-0387c1c59e27", 2024-10-08T07:17:23.9473961Z "ignoreSettings": { 2024-10-08T07:17:23.9474442Z "adminOnly": false, 2024-10-08T07:17:23.9474770Z "reasonRequired": false, 2024-10-08T07:17:23.9475198Z "disregardFilesystemIgnores": false 2024-10-08T07:17:23.9475658Z }, 2024-10-08T07:17:23.9476003Z "summary": "4 vulnerable dependency paths", 2024-10-08T07:17:23.9476422Z "remediation": { 2024-10-08T07:17:23.9476815Z "unresolved": [], 2024-10-08T07:17:23.9477169Z "upgrade": { 2024-10-08T07:17:23.9477567Z "org.apache.maven:maven-embedder@2.0": { 2024-10-08T07:17:23.9478217Z "upgradeTo": "org.apache.maven:maven-embedder@3.8.1", 2024-10-08T07:17:23.9478710Z "upgrades": [ 2024-10-08T07:17:23.9479139Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:17:23.9479701Z "org.codehaus.plexus:plexus-utils@1.0.4", 2024-10-08T07:17:23.9480262Z "org.codehaus.plexus:plexus-utils@1.0.4", 2024-10-08T07:17:23.9480808Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:17:23.9481357Z ], 2024-10-08T07:17:23.9481641Z "vulns": [ 2024-10-08T07:17:23.9482068Z "SNYK-JAVA-ORGAPACHEMAVEN-6144614", 2024-10-08T07:17:23.9482692Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-31521", 2024-10-08T07:17:23.9483235Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-461102", 2024-10-08T07:17:23.9483736Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-31522" 2024-10-08T07:17:23.9484370Z ] 2024-10-08T07:17:23.9484659Z } 2024-10-08T07:17:23.9484906Z }, 2024-10-08T07:17:23.9485269Z "patch": {}, 2024-10-08T07:17:23.9485737Z "ignore": {}, 2024-10-08T07:17:23.9486141Z "pin": {} 2024-10-08T07:17:23.9486410Z }, 2024-10-08T07:17:23.9486725Z "filesystemPolicy": false, 2024-10-08T07:17:23.9487174Z "filtered": { 2024-10-08T07:17:23.9487456Z "ignore": [], 2024-10-08T07:17:23.9487774Z "patch": [] 2024-10-08T07:17:23.9488151Z }, 2024-10-08T07:17:23.9488439Z "uniqueCount": 4, 2024-10-08T07:17:23.9488927Z "projectName": "jenkins.mvn.demo:mvnwebapp", 2024-10-08T07:17:23.9489456Z "foundProjectCount": 1, 2024-10-08T07:17:23.9489845Z "displayTargetFile": "pom.xml", 2024-10-08T07:17:23.9490274Z "hasUnknownVersions": false, 2024-10-08T07:17:23.9490808Z "path": "/home/runner/work/PRBotCheck/PRBotCheck" 2024-10-08T07:17:23.9491251Z } 2024-10-08T07:17:27.6026753Z 2024-10-08T07:17:27.6028114Z Monitoring /home/runner/work/PRBotCheck/PRBotCheck/package-lock.json... 2024-10-08T07:17:27.6029272Z 2024-10-08T07:17:27.6030704Z Dependency express was not found in package-lock.json. Your package.json and package-lock.json are probably out of sync. Please run "npm install" and try again. 2024-10-08T07:17:27.6032163Z 2024-10-08T07:17:27.6032585Z ------------------------------------------------------- 2024-10-08T07:17:27.6033124Z 2024-10-08T07:17:27.6034236Z Monitoring /home/runner/work/PRBotCheck/PRBotCheck (jenkins.mvn.demo:mvnwebapp)... 2024-10-08T07:17:27.6035089Z 2024-10-08T07:17:27.6036526Z Explore this snapshot at https://app.snyk.io/org/itsarraj/project/585b6b28-57da-4dbb-bda8-0387c1c59e27/history/40b3b79c-4b17-4306-a2ab-85cd016fb5e7 2024-10-08T07:17:27.6037953Z 2024-10-08T07:17:27.6038650Z Notifications about newly disclosed issues related to these dependencies will be emailed to you. 2024-10-08T07:17:27.6039643Z 2024-10-08T07:17:27.6050695Z 2024-10-08T07:17:27.6051572Z You have reached your monthly limit of 200 private tests for your itsarraj org. 2024-10-08T07:17:27.6053049Z To learn more about our plans and increase your tests limit visit https://snyk.io/plans. 2024-10-08T07:17:27.8261178Z Post job cleanup. 2024-10-08T07:17:27.8978050Z [command]/usr/bin/git version 2024-10-08T07:17:27.9010695Z git version 2.46.1 2024-10-08T07:17:27.9051929Z Temporarily overriding HOME='/home/runner/work/_temp/6d31199b-a5c4-4216-b955-357d11a476f1' before making global git config changes 2024-10-08T07:17:27.9053291Z Adding repository directory to the temporary git global config as a safe directory 2024-10-08T07:17:27.9055579Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:17:27.9084963Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-10-08T07:17:27.9112537Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-10-08T07:17:27.9338471Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-10-08T07:17:27.9358181Z http.https://github.com/.extraheader 2024-10-08T07:17:27.9370011Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader 2024-10-08T07:17:27.9399970Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-10-08T07:17:27.9841551Z Cleaning up orphan processes

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

1 similar comment
Copy link

Hey @itsarraj0test 👋, Thanks for contributing the new Pull Request !!

Secrets Bot


2024-10-08T07:17:08.6792508Z Current runner version: '2.320.0'
2024-10-08T07:17:08.6816519Z ##[group]Operating System
2024-10-08T07:17:08.6817279Z Ubuntu
2024-10-08T07:17:08.6817631Z 22.04.5
2024-10-08T07:17:08.6817928Z LTS
2024-10-08T07:17:08.6818335Z ##[endgroup]
2024-10-08T07:17:08.6818903Z ##[group]Runner Image
2024-10-08T07:17:08.6819313Z Image: ubuntu-22.04
2024-10-08T07:17:08.6819787Z Version: 20240922.1.0
2024-10-08T07:17:08.6820768Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md
2024-10-08T07:17:08.6822228Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1
2024-10-08T07:17:08.6823100Z ##[endgroup]
2024-10-08T07:17:08.6823493Z ##[group]Runner Image Provisioner
2024-10-08T07:17:08.6823989Z 2.0.384.1
2024-10-08T07:17:08.6824343Z ##[endgroup]
2024-10-08T07:17:08.6838726Z ##[group]GITHUB_TOKEN Permissions
2024-10-08T07:17:08.6840415Z Issues: write
2024-10-08T07:17:08.6840857Z Metadata: read
2024-10-08T07:17:08.6841492Z PullRequests: write
2024-10-08T07:17:08.6841986Z ##[endgroup]
2024-10-08T07:17:08.6844922Z Secret source: Actions
2024-10-08T07:17:08.6845538Z Prepare workflow directory
2024-10-08T07:17:08.7482792Z Prepare all required actions
2024-10-08T07:17:08.7639759Z Getting action download info
2024-10-08T07:17:08.9935878Z Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744)
2024-10-08T07:17:09.1147668Z Download action repository 'trufflesecurity/TruffleHog-Enterprise-Github-Action@main' (SHA:896eb9c43cebe80ae73e5aa5948595121ac7229c)
2024-10-08T07:17:09.4422019Z Complete job name: TruffleHog Bot scan
2024-10-08T07:17:09.5045056Z ##[group]Build container for action use: '/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main/Dockerfile'.
2024-10-08T07:17:09.5101971Z ##[command]/usr/bin/docker build -t 5d845e:166a73cd1a2f49fdbf2c3ab38717d328 -f "/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main/Dockerfile" "/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main"
2024-10-08T07:17:10.0144406Z #0 building with "default" instance using docker driver
2024-10-08T07:17:10.0145244Z
2024-10-08T07:17:10.0145518Z #1 [internal] load build definition from Dockerfile
2024-10-08T07:17:10.0146222Z #1 transferring dockerfile: 153B done
2024-10-08T07:17:10.0146759Z #1 DONE 0.0s
2024-10-08T07:17:10.0147075Z
2024-10-08T07:17:10.0147589Z #2 [internal] load metadata for us-docker.pkg.dev/thog-artifacts/public/scanner:latest
2024-10-08T07:17:10.7686563Z #2 DONE 0.9s
2024-10-08T07:17:10.8839147Z
2024-10-08T07:17:10.8839723Z #3 [internal] load .dockerignore
2024-10-08T07:17:10.8840572Z #3 transferring context: 2B done
2024-10-08T07:17:10.8841154Z #3 DONE 0.0s
2024-10-08T07:17:10.8841390Z
2024-10-08T07:17:10.8841627Z #4 [internal] load build context
2024-10-08T07:17:10.8842208Z #4 transferring context: 112B done
2024-10-08T07:17:10.8842727Z #4 DONE 0.0s
2024-10-08T07:17:10.8842934Z
2024-10-08T07:17:10.8843730Z #5 [1/2] FROM us-docker.pkg.dev/thog-artifacts/public/scanner:latest@sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1
2024-10-08T07:17:10.8845506Z #5 resolve us-docker.pkg.dev/thog-artifacts/public/scanner:latest@sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1 done
2024-10-08T07:17:10.8846621Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 0B / 70.83MB 0.1s
2024-10-08T07:17:10.8847486Z #5 sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1 743B / 743B done
2024-10-08T07:17:10.8848437Z #5 sha256:6d9d40a1eb71b3a08e69ca6dff5dc75a671389eacefdb46fe572b48990c1777f 1.16kB / 1.16kB done
2024-10-08T07:17:10.8849814Z #5 sha256:73e5984d21eba9ed309a98a73bea0f5005954f47397b7ebf5ee5fdfe62c1b2b3 1.84kB / 1.84kB done
2024-10-08T07:17:10.8851083Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 0B / 3.63MB 0.1s
2024-10-08T07:17:10.8852109Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0B / 10.43MB 0.1s
2024-10-08T07:17:10.9844037Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 3.63MB / 3.63MB 0.2s
2024-10-08T07:17:11.1867339Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 26.21MB / 70.83MB 0.4s
2024-10-08T07:17:11.1869682Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 3.63MB / 3.63MB 0.2s done
2024-10-08T07:17:11.1871310Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 10.43MB / 10.43MB 0.4s
2024-10-08T07:17:11.1872905Z #5 extracting sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 0.1s done
2024-10-08T07:17:11.1874324Z #5 sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 184B / 184B 0.4s
2024-10-08T07:17:11.2916590Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 50.33MB / 70.83MB 0.5s
2024-10-08T07:17:11.2918465Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 10.43MB / 10.43MB 0.4s done
2024-10-08T07:17:11.2920551Z #5 sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 184B / 184B 0.4s done
2024-10-08T07:17:11.2922139Z #5 extracting sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0.1s
2024-10-08T07:17:11.3929077Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 70.83MB / 70.83MB 0.6s
2024-10-08T07:17:11.5730330Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 70.83MB / 70.83MB 0.7s done
2024-10-08T07:17:11.5732985Z #5 extracting sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0.2s done
2024-10-08T07:17:11.5734577Z #5 extracting sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c
2024-10-08T07:17:11.9971604Z #5 extracting sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 0.3s done
2024-10-08T07:17:11.9973014Z #5 extracting sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61
2024-10-08T07:17:12.1910720Z #5 extracting sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 done
2024-10-08T07:17:12.1911451Z #5 DONE 1.3s
2024-10-08T07:17:12.1911634Z
2024-10-08T07:17:12.1911891Z #6 [2/2] COPY entrypoint.sh /entrypoint.sh
2024-10-08T07:17:12.1912461Z #6 DONE 0.0s
2024-10-08T07:17:12.1912638Z
2024-10-08T07:17:12.1912764Z #7 exporting to image
2024-10-08T07:17:12.1913139Z #7 exporting layers
2024-10-08T07:17:13.0057577Z #7 exporting layers 1.0s done
2024-10-08T07:17:13.0317729Z #7 writing image sha256:793fa8133facf7caff23bc2736f612254874174757cb6a1cceb31222c32dd77c done
2024-10-08T07:17:13.0319623Z #7 naming to docker.io/library/5d845e:166a73cd1a2f49fdbf2c3ab38717d328 done
2024-10-08T07:17:13.0320815Z #7 DONE 1.0s
2024-10-08T07:17:13.0393649Z ##[endgroup]
2024-10-08T07:17:13.0796243Z ##[group]Run actions/checkout@v3
2024-10-08T07:17:13.0796813Z with:
2024-10-08T07:17:13.0797121Z fetch-depth: 0
2024-10-08T07:17:13.0797489Z repository: itsarraj/PRBotCheck
2024-10-08T07:17:13.0798181Z token: ***
2024-10-08T07:17:13.0798510Z ssh-strict: true
2024-10-08T07:17:13.0799099Z persist-credentials: true
2024-10-08T07:17:13.0799563Z clean: true
2024-10-08T07:17:13.0799873Z sparse-checkout-cone-mode: true
2024-10-08T07:17:13.0800269Z fetch-tags: false
2024-10-08T07:17:13.0800673Z lfs: false
2024-10-08T07:17:13.0800961Z submodules: false
2024-10-08T07:17:13.0801307Z set-safe-directory: true
2024-10-08T07:17:13.0801743Z ##[endgroup]
2024-10-08T07:17:13.2720589Z Syncing repository: itsarraj/PRBotCheck
2024-10-08T07:17:13.2722330Z ##[group]Getting Git version info
2024-10-08T07:17:13.2723177Z Working directory is '/home/runner/work/PRBotCheck/PRBotCheck'
2024-10-08T07:17:13.2724085Z [command]/usr/bin/git version
2024-10-08T07:17:13.2724641Z git version 2.46.1
2024-10-08T07:17:13.2726050Z ##[endgroup]
2024-10-08T07:17:13.2737815Z Temporarily overriding HOME='/home/runner/work/_temp/ad6f8427-b240-42f3-9c51-fdf27aee0fb6' before making global git config changes
2024-10-08T07:17:13.2739215Z Adding repository directory to the temporary git global config as a safe directory
2024-10-08T07:17:13.2740589Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:17:13.2742631Z Deleting the contents of '/home/runner/work/PRBotCheck/PRBotCheck'
2024-10-08T07:17:13.2745469Z ##[group]Initializing the repository
2024-10-08T07:17:13.2748245Z [command]/usr/bin/git init /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:17:13.2824474Z hint: Using 'master' as the name for the initial branch. This default branch name
2024-10-08T07:17:13.2825493Z hint: is subject to change. To configure the initial branch name to use in all
2024-10-08T07:17:13.2826489Z hint: of your new repositories, which will suppress this warning, call:
2024-10-08T07:17:13.2827030Z hint:
2024-10-08T07:17:13.2827494Z hint: git config --global init.defaultBranch
2024-10-08T07:17:13.2828047Z hint:
2024-10-08T07:17:13.2828557Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
2024-10-08T07:17:13.2830077Z hint: 'development'. The just-created branch can be renamed via this command:
2024-10-08T07:17:13.2830750Z hint:
2024-10-08T07:17:13.2831070Z hint: git branch -m
2024-10-08T07:17:13.2831685Z Initialized empty Git repository in /home/runner/work/PRBotCheck/PRBotCheck/.git/
2024-10-08T07:17:13.2838057Z [command]/usr/bin/git remote add origin https://github.com/itsarraj/PRBotCheck
2024-10-08T07:17:13.2867135Z ##[endgroup]
2024-10-08T07:17:13.2867769Z ##[group]Disabling automatic garbage collection
2024-10-08T07:17:13.2870036Z [command]/usr/bin/git config --local gc.auto 0
2024-10-08T07:17:13.2896117Z ##[endgroup]
2024-10-08T07:17:13.2896725Z ##[group]Setting up auth
2024-10-08T07:17:13.2901204Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
2024-10-08T07:17:13.2926644Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-10-08T07:17:13.3247404Z [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
2024-10-08T07:17:13.3272572Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-10-08T07:17:13.3491901Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2024-10-08T07:17:13.3524464Z ##[endgroup]
2024-10-08T07:17:13.3525237Z ##[group]Fetching the repository
2024-10-08T07:17:13.3534525Z [command]/usr/bin/git -c protocol.version=2 fetch --prune --progress --no-recurse-submodules origin +refs/heads/:refs/remotes/origin/ +refs/tags/:refs/tags/
2024-10-08T07:17:13.5781700Z remote: Enumerating objects: 32, done.
2024-10-08T07:17:13.5782755Z remote: Counting objects: 3% (1/32)
2024-10-08T07:17:13.5783427Z remote: Counting objects: 6% (2/32)
2024-10-08T07:17:13.5784366Z remote: Counting objects: 9% (3/32)
2024-10-08T07:17:13.5785082Z remote: Counting objects: 12% (4/32)
2024-10-08T07:17:13.5785848Z remote: Counting objects: 15% (5/32)
2024-10-08T07:17:13.5786762Z remote: Counting objects: 18% (6/32)
2024-10-08T07:17:13.5787599Z remote: Counting objects: 21% (7/32)
2024-10-08T07:17:13.5788444Z remote: Counting objects: 25% (8/32)
2024-10-08T07:17:13.5789586Z remote: Counting objects: 28% (9/32)
2024-10-08T07:17:13.5790391Z remote: Counting objects: 31% (10/32)
2024-10-08T07:17:13.5791209Z remote: Counting objects: 34% (11/32)
2024-10-08T07:17:13.5792075Z remote: Counting objects: 37% (12/32)
2024-10-08T07:17:13.5792863Z remote: Counting objects: 40% (13/32)
2024-10-08T07:17:13.5793584Z remote: Counting objects: 43% (14/32)
2024-10-08T07:17:13.5794378Z remote: Counting objects: 46% (15/32)
2024-10-08T07:17:13.5795436Z remote: Counting objects: 50% (16/32)
2024-10-08T07:17:13.5796267Z remote: Counting objects: 53% (17/32)
2024-10-08T07:17:13.5797103Z remote: Counting objects: 56% (18/32)
2024-10-08T07:17:13.5798097Z remote: Counting objects: 59% (19/32)
2024-10-08T07:17:13.5799100Z remote: Counting objects: 62% (20/32)
2024-10-08T07:17:13.5800039Z remote: Counting objects: 65% (21/32)
2024-10-08T07:17:13.5800929Z remote: Counting objects: 68% (22/32)
2024-10-08T07:17:13.5801667Z remote: Counting objects: 71% (23/32)
2024-10-08T07:17:13.5802434Z remote: Counting objects: 75% (24/32)
2024-10-08T07:17:13.5803372Z remote: Counting objects: 78% (25/32)
2024-10-08T07:17:13.5804154Z remote: Counting objects: 81% (26/32)
2024-10-08T07:17:13.5805015Z remote: Counting objects: 84% (27/32)
2024-10-08T07:17:13.5805840Z remote: Counting objects: 87% (28/32)
2024-10-08T07:17:13.5806514Z remote: Counting objects: 90% (29/32)
2024-10-08T07:17:13.5807293Z remote: Counting objects: 93% (30/32)
2024-10-08T07:17:13.5808087Z remote: Counting objects: 96% (31/32)
2024-10-08T07:17:13.5809207Z remote: Counting objects: 100% (32/32)
2024-10-08T07:17:13.5810126Z remote: Counting objects: 100% (32/32), done.
2024-10-08T07:17:13.5810963Z remote: Compressing objects: 4% (1/22)
2024-10-08T07:17:13.5811672Z remote: Compressing objects: 9% (2/22)
2024-10-08T07:17:13.5812423Z remote: Compressing objects: 13% (3/22)
2024-10-08T07:17:13.5813204Z remote: Compressing objects: 18% (4/22)
2024-10-08T07:17:13.5813969Z remote: Compressing objects: 22% (5/22)
2024-10-08T07:17:13.5814758Z remote: Compressing objects: 27% (6/22)
2024-10-08T07:17:13.5815568Z remote: Compressing objects: 31% (7/22)
2024-10-08T07:17:13.5816318Z remote: Compressing objects: 36% (8/22)
2024-10-08T07:17:13.5823242Z remote: Compressing objects: 40% (9/22)
2024-10-08T07:17:13.5824123Z remote: Compressing objects: 45% (10/22)
2024-10-08T07:17:13.5824941Z remote: Compressing objects: 50% (11/22)
2024-10-08T07:17:13.5825918Z remote: Compressing objects: 54% (12/22)
2024-10-08T07:17:13.5826801Z remote: Compressing objects: 59% (13/22)
2024-10-08T07:17:13.5827701Z remote: Compressing objects: 63% (14/22)
2024-10-08T07:17:13.5828892Z remote: Compressing objects: 68% (15/22)
2024-10-08T07:17:13.5829837Z remote: Compressing objects: 72% (16/22)
2024-10-08T07:17:13.5830748Z remote: Compressing objects: 77% (17/22)
2024-10-08T07:17:13.5831690Z remote: Compressing objects: 81% (18/22)
2024-10-08T07:17:13.5832800Z remote: Compressing objects: 86% (19/22)
2024-10-08T07:17:13.5833708Z remote: Compressing objects: 90% (20/22)
2024-10-08T07:17:13.5834666Z remote: Compressing objects: 95% (21/22)
2024-10-08T07:17:13.5835456Z remote: Compressing objects: 100% (22/22)
2024-10-08T07:17:13.5836388Z remote: Compressing objects: 100% (22/22), done.
2024-10-08T07:17:13.5838127Z remote: Total 32 (delta 12), reused 25 (delta 5), pack-reused 0 (from 0)
2024-10-08T07:17:13.5917174Z From https://github.com/itsarraj/PRBotCheck
2024-10-08T07:17:13.5918973Z * [new branch] master -> origin/master
2024-10-08T07:17:13.5956337Z [command]/usr/bin/git branch --list --remote origin/master
2024-10-08T07:17:13.5979640Z origin/master
2024-10-08T07:17:13.5990264Z [command]/usr/bin/git rev-parse refs/remotes/origin/master
2024-10-08T07:17:13.6013411Z 62868f4
2024-10-08T07:17:13.6022497Z ##[endgroup]
2024-10-08T07:17:13.6023772Z ##[group]Determining the checkout info
2024-10-08T07:17:13.6025017Z ##[endgroup]
2024-10-08T07:17:13.6026296Z ##[group]Checking out the ref
2024-10-08T07:17:13.6027960Z [command]/usr/bin/git checkout --progress --force -B master refs/remotes/origin/master
2024-10-08T07:17:13.6072765Z Reset branch 'master'
2024-10-08T07:17:13.6076559Z branch 'master' set up to track 'origin/master'.
2024-10-08T07:17:13.6083399Z ##[endgroup]
2024-10-08T07:17:13.6120205Z [command]/usr/bin/git log -1 --format='%H'
2024-10-08T07:17:13.6143196Z '62868f47b40a795a4d99b3e3ddec9e6e76e772f0'
2024-10-08T07:17:13.6447970Z ##[group]Run trufflesecurity/TruffleHog-Enterprise-Github-Action@main
2024-10-08T07:17:13.6448845Z with:
2024-10-08T07:17:13.6449239Z args: --fail-verified master HEAD --json
2024-10-08T07:17:13.6449647Z ##[endgroup]
2024-10-08T07:17:13.6668422Z ##[command]/usr/bin/docker run --name d845e166a73cd1a2f49fdbf2c3ab38717d328_db0635 --label 5d845e --workdir /github/workspace --rm -e "INPUT_ARGS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/PRBotCheck/PRBotCheck":"/github/workspace" 5d845e:166a73cd1a2f49fdbf2c3ab38717d328 "--fail-verified master HEAD --json"
2024-10-08T07:17:15.9373487Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"running trufflehog","pid":"NyK1B","version":"v1.90.20"}
2024-10-08T07:17:15.9374568Z
2024-10-08T07:17:15.9377815Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"log level set","pid":"NyK1B","version":"v1.90.20","level":0}
2024-10-08T07:17:15.9380200Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"resolved base reference","pid":"NyK1B","version":"v1.90.20","commit":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0"}
2024-10-08T07:17:15.9382424Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"resolved head reference","pid":"NyK1B","version":"v1.90.20","commit":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0"}
2024-10-08T07:17:15.9384904Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"resolved common merge base between references","pid":"NyK1B","version":"v1.90.20","commit":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0"}
2024-10-08T07:17:15.9386726Z 🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷
2024-10-08T07:17:15.9387310Z version: v1.90.20
2024-10-08T07:17:15.9387528Z
2024-10-08T07:17:15.9389084Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"scanning repo","pid":"NyK1B","version":"v1.90.20","repo":"https://github.com/itsarraj/PRBotCheck","base":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0","head":"62868f47b40a795a4d99b3e3ddec9e6e76e772f0"}
2024-10-08T07:17:15.9430294Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"finished scanning commits","pid":"NyK1B","version":"v1.90.20","commits_scanned":0}
2024-10-08T07:17:15.9432088Z {"level":"info-0","ts":"2024-10-08T07:17:15Z","logger":"thog/scanner","msg":"no secrets found","pid":"NyK1B","version":"v1.90.20"}
2024-10-08T07:17:16.0413482Z Post job cleanup.
2024-10-08T07:17:16.1131960Z [command]/usr/bin/git version
2024-10-08T07:17:16.1166184Z git version 2.46.1
2024-10-08T07:17:16.1212884Z Temporarily overriding HOME='/home/runner/work/_temp/4045f328-ac9f-43bf-b291-8f6f389c0fcc' before making global git config changes
2024-10-08T07:17:16.1213982Z Adding repository directory to the temporary git global config as a safe directory
2024-10-08T07:17:16.1216600Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:17:16.1246128Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
2024-10-08T07:17:16.1273918Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-10-08T07:17:16.1505241Z [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
2024-10-08T07:17:16.1524533Z http.https://github.com/.extraheader
2024-10-08T07:17:16.1535971Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2024-10-08T07:17:16.1563770Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-10-08T07:17:16.1990092Z Cleaning up orphan processes

SCA Bot

2024-10-08T07:17:09.4673048Z Current runner version: '2.320.0' 2024-10-08T07:17:09.4696977Z ##[group]Operating System 2024-10-08T07:17:09.4697743Z Ubuntu 2024-10-08T07:17:09.4698076Z 22.04.5 2024-10-08T07:17:09.4698434Z LTS 2024-10-08T07:17:09.4698837Z ##[endgroup] 2024-10-08T07:17:09.4699242Z ##[group]Runner Image 2024-10-08T07:17:09.4699645Z Image: ubuntu-22.04 2024-10-08T07:17:09.4700114Z Version: 20240922.1.0 2024-10-08T07:17:09.4701130Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md 2024-10-08T07:17:09.4702560Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1 2024-10-08T07:17:09.4703452Z ##[endgroup] 2024-10-08T07:17:09.4704091Z ##[group]Runner Image Provisioner 2024-10-08T07:17:09.4704603Z 2.0.384.1 2024-10-08T07:17:09.4705023Z ##[endgroup] 2024-10-08T07:17:09.4719636Z ##[group]GITHUB_TOKEN Permissions 2024-10-08T07:17:09.4721244Z Issues: write 2024-10-08T07:17:09.4721674Z Metadata: read 2024-10-08T07:17:09.4722370Z PullRequests: write 2024-10-08T07:17:09.4722867Z ##[endgroup] 2024-10-08T07:17:09.4726174Z Secret source: Actions 2024-10-08T07:17:09.4726778Z Prepare workflow directory 2024-10-08T07:17:09.5359967Z Prepare all required actions 2024-10-08T07:17:09.5518927Z Getting action download info 2024-10-08T07:17:09.6991014Z Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744) 2024-10-08T07:17:09.9119709Z Complete job name: Snyk Bot scan 2024-10-08T07:17:10.0093547Z ##[group]Run actions/checkout@v3 2024-10-08T07:17:10.0094265Z with: 2024-10-08T07:17:10.0094829Z repository: itsarraj/PRBotCheck 2024-10-08T07:17:10.0095713Z token: *** 2024-10-08T07:17:10.0096184Z ssh-strict: true 2024-10-08T07:17:10.0096718Z persist-credentials: true 2024-10-08T07:17:10.0097201Z clean: true 2024-10-08T07:17:10.0097700Z sparse-checkout-cone-mode: true 2024-10-08T07:17:10.0098206Z fetch-depth: 1 2024-10-08T07:17:10.0098559Z fetch-tags: false 2024-10-08T07:17:10.0099033Z lfs: false 2024-10-08T07:17:10.0099415Z submodules: false 2024-10-08T07:17:10.0099785Z set-safe-directory: true 2024-10-08T07:17:10.0100316Z ##[endgroup] 2024-10-08T07:17:10.2455058Z Syncing repository: itsarraj/PRBotCheck 2024-10-08T07:17:10.2456974Z ##[group]Getting Git version info 2024-10-08T07:17:10.2458098Z Working directory is '/home/runner/work/PRBotCheck/PRBotCheck' 2024-10-08T07:17:10.2459157Z [command]/usr/bin/git version 2024-10-08T07:17:10.2503354Z git version 2.46.1 2024-10-08T07:17:10.2529781Z ##[endgroup] 2024-10-08T07:17:10.2553230Z Temporarily overriding HOME='/home/runner/work/_temp/db919cee-a365-439c-b9ac-39d1fa0987ee' before making global git config changes 2024-10-08T07:17:10.2556096Z Adding repository directory to the temporary git global config as a safe directory 2024-10-08T07:17:10.2558311Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:17:10.2595254Z Deleting the contents of '/home/runner/work/PRBotCheck/PRBotCheck' 2024-10-08T07:17:10.2599128Z ##[group]Initializing the repository 2024-10-08T07:17:10.2602755Z [command]/usr/bin/git init /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:17:10.2679124Z hint: Using 'master' as the name for the initial branch. This default branch name 2024-10-08T07:17:10.2680517Z hint: is subject to change. To configure the initial branch name to use in all 2024-10-08T07:17:10.2681580Z hint: of your new repositories, which will suppress this warning, call: 2024-10-08T07:17:10.2682321Z hint: 2024-10-08T07:17:10.2682899Z hint: git config --global init.defaultBranch 2024-10-08T07:17:10.2683525Z hint: 2024-10-08T07:17:10.2684398Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and 2024-10-08T07:17:10.2686273Z hint: 'development'. The just-created branch can be renamed via this command: 2024-10-08T07:17:10.2687347Z hint: 2024-10-08T07:17:10.2688136Z hint: git branch -m 2024-10-08T07:17:10.2689682Z Initialized empty Git repository in /home/runner/work/PRBotCheck/PRBotCheck/.git/ 2024-10-08T07:17:10.2696718Z [command]/usr/bin/git remote add origin https://github.com/itsarraj/PRBotCheck 2024-10-08T07:17:10.2729244Z ##[endgroup] 2024-10-08T07:17:10.2730630Z ##[group]Disabling automatic garbage collection 2024-10-08T07:17:10.2732418Z [command]/usr/bin/git config --local gc.auto 0 2024-10-08T07:17:10.2759143Z ##[endgroup] 2024-10-08T07:17:10.2760404Z ##[group]Setting up auth 2024-10-08T07:17:10.2765203Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-10-08T07:17:10.2792718Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-10-08T07:17:10.3130735Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-10-08T07:17:10.3158332Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-10-08T07:17:10.3384148Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic *** 2024-10-08T07:17:10.3415155Z ##[endgroup] 2024-10-08T07:17:10.3416434Z ##[group]Fetching the repository 2024-10-08T07:17:10.3424734Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +62868f47b40a795a4d99b3e3ddec9e6e76e772f0:refs/remotes/origin/master 2024-10-08T07:17:10.5975081Z remote: Enumerating objects: 12, done. 2024-10-08T07:17:10.5976077Z remote: Counting objects: 8% (1/12) 2024-10-08T07:17:10.5976997Z remote: Counting objects: 16% (2/12) 2024-10-08T07:17:10.5977675Z remote: Counting objects: 25% (3/12) 2024-10-08T07:17:10.5978362Z remote: Counting objects: 33% (4/12) 2024-10-08T07:17:10.5979015Z remote: Counting objects: 41% (5/12) 2024-10-08T07:17:10.5979634Z remote: Counting objects: 50% (6/12) 2024-10-08T07:17:10.5980302Z remote: Counting objects: 58% (7/12) 2024-10-08T07:17:10.5980936Z remote: Counting objects: 66% (8/12) 2024-10-08T07:17:10.5981541Z remote: Counting objects: 75% (9/12) 2024-10-08T07:17:10.5982248Z remote: Counting objects: 83% (10/12) 2024-10-08T07:17:10.5982862Z remote: Counting objects: 91% (11/12) 2024-10-08T07:17:10.5983517Z remote: Counting objects: 100% (12/12) 2024-10-08T07:17:10.5984671Z remote: Counting objects: 100% (12/12), done. 2024-10-08T07:17:10.5985403Z remote: Compressing objects: 9% (1/11) 2024-10-08T07:17:10.5986065Z remote: Compressing objects: 18% (2/11) 2024-10-08T07:17:10.5986772Z remote: Compressing objects: 27% (3/11) 2024-10-08T07:17:10.5987424Z remote: Compressing objects: 36% (4/11) 2024-10-08T07:17:10.5988089Z remote: Compressing objects: 45% (5/11) 2024-10-08T07:17:10.5989019Z remote: Compressing objects: 54% (6/11) 2024-10-08T07:17:10.5989708Z remote: Compressing objects: 63% (7/11) 2024-10-08T07:17:10.5990883Z remote: Compressing objects: 72% (8/11) 2024-10-08T07:17:10.5992387Z remote: Compressing objects: 81% (9/11) 2024-10-08T07:17:10.5993157Z remote: Compressing objects: 90% (10/11) 2024-10-08T07:17:10.5994180Z remote: Compressing objects: 100% (11/11) 2024-10-08T07:17:10.5995159Z remote: Compressing objects: 100% (11/11), done. 2024-10-08T07:17:10.5996372Z remote: Total 12 (delta 0), reused 10 (delta 0), pack-reused 0 (from 0) 2024-10-08T07:17:10.6081124Z From https://github.com/itsarraj/PRBotCheck 2024-10-08T07:17:10.6082769Z * [new ref] 62868f4 -> origin/master 2024-10-08T07:17:10.6111468Z ##[endgroup] 2024-10-08T07:17:10.6112573Z ##[group]Determining the checkout info 2024-10-08T07:17:10.6114924Z ##[endgroup] 2024-10-08T07:17:10.6115627Z ##[group]Checking out the ref 2024-10-08T07:17:10.6120980Z [command]/usr/bin/git checkout --progress --force -B master refs/remotes/origin/master 2024-10-08T07:17:10.6165147Z Reset branch 'master' 2024-10-08T07:17:10.6168905Z branch 'master' set up to track 'origin/master'. 2024-10-08T07:17:10.6177124Z ##[endgroup] 2024-10-08T07:17:10.6215054Z [command]/usr/bin/git log -1 --format='%H' 2024-10-08T07:17:10.6239257Z '62868f47b40a795a4d99b3e3ddec9e6e76e772f0' 2024-10-08T07:17:10.6603029Z ##[group]Run rm -rf node_modules 2024-10-08T07:17:10.6604109Z �[36;1mrm -rf node_modules�[0m 2024-10-08T07:17:10.6604684Z �[36;1mrm -f package-lock.json�[0m 2024-10-08T07:17:10.6605200Z �[36;1mnpm install�[0m 2024-10-08T07:17:10.6605858Z �[36;1mecho "Downloading and authenticating Snyk CLI..."�[0m 2024-10-08T07:17:10.6606913Z �[36;1mcurl -Lo ./snyk "https://github.com/snyk/snyk/releases/download/v1.1100.0/snyk-linux"�[0m 2024-10-08T07:17:10.6607828Z �[36;1mchmod +x snyk�[0m 2024-10-08T07:17:10.6608560Z �[36;1m./snyk auth ***�[0m 2024-10-08T07:17:10.6609090Z �[36;1mecho "Running Snyk test and monitor..."�[0m 2024-10-08T07:17:10.6609810Z �[36;1m./snyk test --all-projects --color --json || true�[0m 2024-10-08T07:17:10.6610649Z �[36;1m./snyk monitor --all-projects || true�[0m 2024-10-08T07:17:10.6638404Z shell: /usr/bin/bash -e {0} 2024-10-08T07:17:10.6639070Z ##[endgroup] 2024-10-08T07:17:14.1861341Z npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. 2024-10-08T07:17:14.1936179Z npm warn deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3 2024-10-08T07:17:14.2202607Z npm warn deprecated hoek@4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial). 2024-10-08T07:17:14.2663317Z npm warn deprecated formatio@1.1.1: This package is unmaintained. Use @sinonjs/formatio instead 2024-10-08T07:17:14.2759045Z npm warn deprecated samsam@1.1.2: This package has been deprecated in favour of @sinonjs/samsam 2024-10-08T07:17:14.2822820Z npm warn deprecated glob@7.1.1: Glob versions prior to v9 are no longer supported 2024-10-08T07:17:14.2871123Z npm warn deprecated mkdirp@0.3.3: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) 2024-10-08T07:17:14.2982090Z npm warn deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) 2024-10-08T07:17:14.4270666Z npm warn deprecated formidable@1.0.11: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau 2024-10-08T07:17:14.5229959Z npm warn deprecated sinon@1.17.0: 16.1.1 2024-10-08T07:17:14.5253444Z npm warn deprecated connect@2.6.0: connect 2.x series is deprecated 2024-10-08T07:17:14.7819686Z 2024-10-08T07:17:14.7820654Z added 112 packages, and audited 113 packages in 4s 2024-10-08T07:17:14.7821276Z 2024-10-08T07:17:14.7821539Z 15 packages are looking for funding 2024-10-08T07:17:14.7824481Z run `npm fund` for details 2024-10-08T07:17:14.8010028Z 2024-10-08T07:17:14.8010782Z 22 vulnerabilities (1 low, 2 moderate, 12 high, 7 critical) 2024-10-08T07:17:14.8011520Z 2024-10-08T07:17:14.8012079Z To address all issues possible (including breaking changes), run: 2024-10-08T07:17:14.8013466Z npm audit fix --force 2024-10-08T07:17:14.8014240Z 2024-10-08T07:17:14.8014595Z Some issues need review, and may require choosing 2024-10-08T07:17:14.8015466Z a different dependency. 2024-10-08T07:17:14.8016010Z 2024-10-08T07:17:14.8016320Z Run `npm audit` for details. 2024-10-08T07:17:14.8186897Z Downloading and authenticating Snyk CLI... 2024-10-08T07:17:14.8257882Z % Total % Received % Xferd Average Speed Time Time Time Current 2024-10-08T07:17:14.8259369Z Dload Upload Total Spent Left Speed 2024-10-08T07:17:14.8259972Z 2024-10-08T07:17:14.9493196Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:17:14.9494850Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:17:15.0675711Z 2024-10-08T07:17:15.0676631Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:17:15.4132759Z 2024-10-08T07:17:15.4134738Z 100 67.1M 100 67.1M 0 0 114M 0 --:--:-- --:--:-- --:--:-- 114M 2024-10-08T07:17:16.4232536Z 2024-10-08T07:17:16.4233583Z Your account has been authenticated. Snyk is now ready to be used. 2024-10-08T07:17:16.4237657Z 2024-10-08T07:17:16.6734632Z Running Snyk test and monitor... 2024-10-08T07:17:23.9084624Z { 2024-10-08T07:17:23.9085416Z "vulnerabilities": [ 2024-10-08T07:17:23.9086431Z { 2024-10-08T07:17:23.9087530Z "id": "SNYK-JAVA-ORGAPACHEMAVEN-6144614", 2024-10-08T07:17:23.9088743Z "title": "Resources Downloaded over Insecure Protocol", 2024-10-08T07:17:23.9092228Z "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9093179Z "credit": [ 2024-10-08T07:17:23.9094153Z "Unknown" 2024-10-08T07:17:23.9094746Z ], 2024-10-08T07:17:23.9095263Z "semver": { 2024-10-08T07:17:23.9095942Z "vulnerable": [ 2024-10-08T07:17:23.9096562Z "[,3.8.1)" 2024-10-08T07:17:23.9097164Z ] 2024-10-08T07:17:23.9097742Z }, 2024-10-08T07:17:23.9098336Z "exploit": "Not Defined", 2024-10-08T07:17:23.9099153Z "fixedIn": [ 2024-10-08T07:17:23.9099833Z "3.8.1" 2024-10-08T07:17:23.9100337Z ], 2024-10-08T07:17:23.9100885Z "patches": [], 2024-10-08T07:17:23.9101580Z "insights": { 2024-10-08T07:17:23.9102153Z "triageAdvice": null 2024-10-08T07:17:23.9102792Z }, 2024-10-08T07:17:23.9103394Z "language": "java", 2024-10-08T07:17:23.9104204Z "severity": "high", 2024-10-08T07:17:23.9104782Z "cvssScore": 7.1, 2024-10-08T07:17:23.9105490Z "functions": [], 2024-10-08T07:17:23.9106106Z "malicious": false, 2024-10-08T07:17:23.9106629Z "isDisputed": false, 2024-10-08T07:17:23.9107548Z "moduleName": "org.apache.maven:maven-core", 2024-10-08T07:17:23.9108332Z "references": [ 2024-10-08T07:17:23.9109130Z { 2024-10-08T07:17:23.9110400Z "url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E", 2024-10-08T07:17:23.9112044Z "title": "Apache Security Advisory" 2024-10-08T07:17:23.9112787Z }, 2024-10-08T07:17:23.9113356Z { 2024-10-08T07:17:23.9114430Z "url": "https://github.com/apache/maven/commit/28b4ea92d38365d0f27a5bd044ac4927580147f8", 2024-10-08T07:17:23.9115573Z "title": "GitHub Commit" 2024-10-08T07:17:23.9116348Z }, 2024-10-08T07:17:23.9116804Z { 2024-10-08T07:17:23.9117680Z "url": "https://github.com/apache/maven/commit/3b21386c3f1ab85060f6c950fb2fb17123df8647", 2024-10-08T07:17:23.9118939Z "title": "GitHub Commit" 2024-10-08T07:17:23.9120081Z }, 2024-10-08T07:17:23.9120587Z { 2024-10-08T07:17:23.9121456Z "url": "https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f", 2024-10-08T07:17:23.9122680Z "title": "GitHub Commit" 2024-10-08T07:17:23.9123321Z } 2024-10-08T07:17:23.9123989Z ], 2024-10-08T07:17:23.9124582Z "cvssDetails": [ 2024-10-08T07:17:23.9125157Z { 2024-10-08T07:17:23.9125773Z "assigner": "NVD", 2024-10-08T07:17:23.9126359Z "severity": "critical", 2024-10-08T07:17:23.9127222Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:17:23.9128284Z "cvssV3BaseScore": 9.1, 2024-10-08T07:17:23.9129193Z "modificationTime": "2024-03-11T09:50:36.020732Z" 2024-10-08T07:17:23.9130320Z }, 2024-10-08T07:17:23.9130940Z { 2024-10-08T07:17:23.9131574Z "assigner": "Red Hat", 2024-10-08T07:17:23.9132394Z "severity": "high", 2024-10-08T07:17:23.9133149Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:17:23.9134416Z "cvssV3BaseScore": 7.4, 2024-10-08T07:17:23.9135403Z "modificationTime": "2024-03-11T09:53:46.595598Z" 2024-10-08T07:17:23.9135830Z } 2024-10-08T07:17:23.9136122Z ], 2024-10-08T07:17:23.9136527Z "cvssSources": [ 2024-10-08T07:17:23.9137061Z { 2024-10-08T07:17:23.9137757Z "type": "primary", 2024-10-08T07:17:23.9138478Z "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9139275Z "assigner": "Snyk", 2024-10-08T07:17:23.9140006Z "severity": "high", 2024-10-08T07:17:23.9140593Z "baseScore": 7.1, 2024-10-08T07:17:23.9141101Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9141741Z "modificationTime": "2024-03-06T14:09:37.073828Z" 2024-10-08T07:17:23.9142185Z }, 2024-10-08T07:17:23.9142441Z { 2024-10-08T07:17:23.9142841Z "type": "secondary", 2024-10-08T07:17:23.9143297Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:17:23.9144327Z "assigner": "NVD", 2024-10-08T07:17:23.9144690Z "severity": "critical", 2024-10-08T07:17:23.9145243Z "baseScore": 9.1, 2024-10-08T07:17:23.9146004Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9146643Z "modificationTime": "2024-03-11T09:50:36.020732Z" 2024-10-08T07:17:23.9147083Z }, 2024-10-08T07:17:23.9147481Z { 2024-10-08T07:17:23.9147792Z "type": "secondary", 2024-10-08T07:17:23.9148222Z "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:17:23.9148793Z "assigner": "Red Hat", 2024-10-08T07:17:23.9149302Z "severity": "high", 2024-10-08T07:17:23.9149791Z "baseScore": 7.4, 2024-10-08T07:17:23.9150356Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9151021Z "modificationTime": "2024-03-11T09:53:46.595598Z" 2024-10-08T07:17:23.9151491Z } 2024-10-08T07:17:23.9151978Z ], 2024-10-08T07:17:23.9161916Z "description": "## Overview\n\nAffected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls.\r\n\r\nIf you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. For more information about repository management, visit [this page](https://maven.apache.org/repository-management.html).\n## Remediation\nUpgrade `org.apache.maven:maven-core` to version 3.8.1 or higher.\n## References\n- [Apache Security Advisory](https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E)\n- [GitHub Commit](https://github.com/apache/maven/commit/28b4ea92d38365d0f27a5bd044ac4927580147f8)\n- [GitHub Commit](https://github.com/apache/maven/commit/3b21386c3f1ab85060f6c950fb2fb17123df8647)\n- [GitHub Commit](https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f)\n", 2024-10-08T07:17:23.9170402Z "epssDetails": { 2024-10-08T07:17:23.9170911Z "percentile": "0.57700", 2024-10-08T07:17:23.9171343Z "probability": "0.00197", 2024-10-08T07:17:23.9172147Z "modelVersion": "v2023.03.01" 2024-10-08T07:17:23.9172660Z }, 2024-10-08T07:17:23.9172969Z "identifiers": { 2024-10-08T07:17:23.9173519Z "CVE": [ 2024-10-08T07:17:23.9174216Z "CVE-2021-26291" 2024-10-08T07:17:23.9174542Z ], 2024-10-08T07:17:23.9175106Z "CWE": [ 2024-10-08T07:17:23.9175475Z "CWE-494" 2024-10-08T07:17:23.9176036Z ], 2024-10-08T07:17:23.9176517Z "GHSA": [ 2024-10-08T07:17:23.9177010Z "GHSA-2f88-5hg8-9x2x" 2024-10-08T07:17:23.9177596Z ] 2024-10-08T07:17:23.9177867Z }, 2024-10-08T07:17:23.9178426Z "packageName": "org.apache.maven:maven-core", 2024-10-08T07:17:23.9179057Z "proprietary": false, 2024-10-08T07:17:23.9179662Z "creationTime": "2024-01-04T15:15:05.020423Z", 2024-10-08T07:17:23.9180211Z "functions_new": [], 2024-10-08T07:17:23.9180707Z "alternativeIds": [], 2024-10-08T07:17:23.9181318Z "disclosureTime": "2021-04-26T09:21:36Z", 2024-10-08T07:17:23.9181865Z "exploitDetails": { 2024-10-08T07:17:23.9182350Z "sources": [], 2024-10-08T07:17:23.9182844Z "maturityLevels": [ 2024-10-08T07:17:23.9183212Z { 2024-10-08T07:17:23.9183693Z "type": "secondary", 2024-10-08T07:17:23.9184447Z "level": "Not Defined", 2024-10-08T07:17:23.9184976Z "format": "CVSSv3" 2024-10-08T07:17:23.9185437Z }, 2024-10-08T07:17:23.9186053Z { 2024-10-08T07:17:23.9186391Z "type": "primary", 2024-10-08T07:17:23.9187033Z "level": "Not Defined", 2024-10-08T07:17:23.9187405Z "format": "CVSSv4" 2024-10-08T07:17:23.9187941Z } 2024-10-08T07:17:23.9188314Z ] 2024-10-08T07:17:23.9188789Z }, 2024-10-08T07:17:23.9189077Z "packageManager": "maven", 2024-10-08T07:17:23.9189692Z "mavenModuleName": { 2024-10-08T07:17:23.9190133Z "groupId": "org.apache.maven", 2024-10-08T07:17:23.9190739Z "artifactId": "maven-core" 2024-10-08T07:17:23.9191365Z }, 2024-10-08T07:17:23.9191827Z "publicationTime": "2024-01-04T15:16:41.308178Z", 2024-10-08T07:17:23.9192467Z "severityBasedOn": "CVSS", 2024-10-08T07:17:23.9193059Z "modificationTime": "2024-03-11T09:53:46.595598Z", 2024-10-08T07:17:23.9193711Z "socialTrendAlert": false, 2024-10-08T07:17:23.9194341Z "severityWithCritical": "high", 2024-10-08T07:17:23.9194959Z "from": [ 2024-10-08T07:17:23.9195414Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:17:23.9196049Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:17:23.9196665Z "org.apache.maven:maven-core@2.0" 2024-10-08T07:17:23.9197139Z ], 2024-10-08T07:17:23.9197446Z "upgradePath": [ 2024-10-08T07:17:23.9197881Z false, 2024-10-08T07:17:23.9198298Z "org.apache.maven:maven-embedder@3.8.1", 2024-10-08T07:17:23.9198771Z "org.apache.maven:maven-core@3.8.1" 2024-10-08T07:17:23.9199312Z ], 2024-10-08T07:17:23.9199687Z "isUpgradable": true, 2024-10-08T07:17:23.9200167Z "isPatchable": false, 2024-10-08T07:17:23.9200590Z "name": "org.apache.maven:maven-core", 2024-10-08T07:17:23.9201159Z "version": "2.0" 2024-10-08T07:17:23.9201588Z }, 2024-10-08T07:17:23.9201836Z { 2024-10-08T07:17:23.9202258Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-31521", 2024-10-08T07:17:23.9202825Z "title": "Directory Traversal", 2024-10-08T07:17:23.9203324Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9203764Z "credit": [ 2024-10-08T07:17:23.9204289Z "Unknown" 2024-10-08T07:17:23.9204597Z ], 2024-10-08T07:17:23.9204912Z "semver": { 2024-10-08T07:17:23.9205264Z "vulnerable": [ 2024-10-08T07:17:23.9205608Z "[,3.0.24)" 2024-10-08T07:17:23.9205944Z ] 2024-10-08T07:17:23.9206371Z }, 2024-10-08T07:17:23.9206756Z "exploit": "Not Defined", 2024-10-08T07:17:23.9207151Z "fixedIn": [ 2024-10-08T07:17:23.9207546Z "3.0.24" 2024-10-08T07:17:23.9208146Z ], 2024-10-08T07:17:23.9208445Z "patches": [], 2024-10-08T07:17:23.9208865Z "insights": { 2024-10-08T07:17:23.9209191Z "triageAdvice": null 2024-10-08T07:17:23.9209556Z }, 2024-10-08T07:17:23.9209920Z "language": "java", 2024-10-08T07:17:23.9210295Z "severity": "medium", 2024-10-08T07:17:23.9210621Z "cvssScore": 5.3, 2024-10-08T07:17:23.9211171Z "functions": [ 2024-10-08T07:17:23.9211506Z { 2024-10-08T07:17:23.9211769Z "version": [ 2024-10-08T07:17:23.9212187Z "[,3.0.24)" 2024-10-08T07:17:23.9212510Z ], 2024-10-08T07:17:23.9212842Z "functionId": { 2024-10-08T07:17:23.9213302Z "filePath": "org/codehaus/plexus/util/Expand.java", 2024-10-08T07:17:23.9213903Z "className": "Expand", 2024-10-08T07:17:23.9214343Z "functionName": "extractFile" 2024-10-08T07:17:23.9214808Z } 2024-10-08T07:17:23.9215066Z } 2024-10-08T07:17:23.9215380Z ], 2024-10-08T07:17:23.9215739Z "malicious": false, 2024-10-08T07:17:23.9216068Z "isDisputed": false, 2024-10-08T07:17:23.9216601Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9217149Z "references": [ 2024-10-08T07:17:23.9217497Z { 2024-10-08T07:17:23.9218288Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef", 2024-10-08T07:17:23.9219003Z "title": "GitHub Commit" 2024-10-08T07:17:23.9219360Z }, 2024-10-08T07:17:23.9219711Z { 2024-10-08T07:17:23.9220406Z "url": "https://github.com/codehaus-plexus/plexus-utils/issues/4", 2024-10-08T07:17:23.9220977Z "title": "GitHub Issue" 2024-10-08T07:17:23.9221514Z } 2024-10-08T07:17:23.9221818Z ], 2024-10-08T07:17:23.9222160Z "cvssDetails": [ 2024-10-08T07:17:23.9222529Z { 2024-10-08T07:17:23.9222854Z "assigner": "NVD", 2024-10-08T07:17:23.9223225Z "severity": "high", 2024-10-08T07:17:23.9223945Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:17:23.9224471Z "cvssV3BaseScore": 7.5, 2024-10-08T07:17:23.9225008Z "modificationTime": "2024-03-11T09:53:39.008801Z" 2024-10-08T07:17:23.9225535Z }, 2024-10-08T07:17:23.9225840Z { 2024-10-08T07:17:23.9226124Z "assigner": "Red Hat", 2024-10-08T07:17:23.9226577Z "severity": "high", 2024-10-08T07:17:23.9227310Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:17:23.9227799Z "cvssV3BaseScore": 7.5, 2024-10-08T07:17:23.9228401Z "modificationTime": "2024-03-11T09:53:59.688096Z" 2024-10-08T07:17:23.9228851Z } 2024-10-08T07:17:23.9229137Z ], 2024-10-08T07:17:23.9229486Z "cvssSources": [ 2024-10-08T07:17:23.9229824Z { 2024-10-08T07:17:23.9230131Z "type": "primary", 2024-10-08T07:17:23.9230655Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9231111Z "assigner": "Snyk", 2024-10-08T07:17:23.9231485Z "severity": "medium", 2024-10-08T07:17:23.9231940Z "baseScore": 5.3, 2024-10-08T07:17:23.9232279Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9232796Z "modificationTime": "2024-05-09T13:34:27.533160Z" 2024-10-08T07:17:23.9233301Z }, 2024-10-08T07:17:23.9233594Z { 2024-10-08T07:17:23.9234006Z "type": "secondary", 2024-10-08T07:17:23.9234542Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:17:23.9235025Z "assigner": "NVD", 2024-10-08T07:17:23.9235466Z "severity": "high", 2024-10-08T07:17:23.9235805Z "baseScore": 7.5, 2024-10-08T07:17:23.9236168Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9236742Z "modificationTime": "2024-03-11T09:53:39.008801Z" 2024-10-08T07:17:23.9237154Z }, 2024-10-08T07:17:23.9237463Z { 2024-10-08T07:17:23.9237821Z "type": "secondary", 2024-10-08T07:17:23.9238435Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:17:23.9238907Z "assigner": "Red Hat", 2024-10-08T07:17:23.9239363Z "severity": "high", 2024-10-08T07:17:23.9239754Z "baseScore": 7.5, 2024-10-08T07:17:23.9240119Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9240759Z "modificationTime": "2024-03-11T09:53:59.688096Z" 2024-10-08T07:17:23.9241232Z } 2024-10-08T07:17:23.9241526Z ], 2024-10-08T07:17:23.9245799Z "description": "## Overview\nAn attacker could access arbitrary files and directories stored on the file system by manipulating files with `dot-dot-slash (../)` sequences and their variations or by using absolute file paths. \r\n\r\n**Note:**\r\n\r\nThere is no indication that access to the filesystem beyond that of the application user can be achieved. So typical deployments will have only limited confidentiality impact from this vulnerability.\n\n## References\n- [https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef](https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef)\n- [https://github.com/codehaus-plexus/plexus-utils/issues/4](https://github.com/codehaus-plexus/plexus-utils/issues/4)\n", 2024-10-08T07:17:23.9249727Z "epssDetails": { 2024-10-08T07:17:23.9250102Z "percentile": "0.26522", 2024-10-08T07:17:23.9250568Z "probability": "0.00060", 2024-10-08T07:17:23.9250976Z "modelVersion": "v2023.03.01" 2024-10-08T07:17:23.9251371Z }, 2024-10-08T07:17:23.9251762Z "identifiers": { 2024-10-08T07:17:23.9252063Z "CVE": [ 2024-10-08T07:17:23.9252444Z "CVE-2022-4244" 2024-10-08T07:17:23.9252864Z ], 2024-10-08T07:17:23.9253158Z "CWE": [ 2024-10-08T07:17:23.9253481Z "CWE-22" 2024-10-08T07:17:23.9253974Z ] 2024-10-08T07:17:23.9254268Z }, 2024-10-08T07:17:23.9254722Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9255288Z "proprietary": false, 2024-10-08T07:17:23.9255739Z "creationTime": "2017-09-20T00:00:00Z", 2024-10-08T07:17:23.9256243Z "functions_new": [ 2024-10-08T07:17:23.9256546Z { 2024-10-08T07:17:23.9256842Z "version": [ 2024-10-08T07:17:23.9257250Z "[,3.0.24)" 2024-10-08T07:17:23.9257549Z ], 2024-10-08T07:17:23.9257879Z "functionId": { 2024-10-08T07:17:23.9258383Z "className": "org.codehaus.plexus.util.Expand", 2024-10-08T07:17:23.9258888Z "functionName": "extractFile" 2024-10-08T07:17:23.9259271Z } 2024-10-08T07:17:23.9259624Z } 2024-10-08T07:17:23.9259911Z ], 2024-10-08T07:17:23.9260237Z "alternativeIds": [], 2024-10-08T07:17:23.9260723Z "disclosureTime": "2016-05-08T00:00:00Z", 2024-10-08T07:17:23.9261158Z "exploitDetails": { 2024-10-08T07:17:23.9261533Z "sources": [], 2024-10-08T07:17:23.9261910Z "maturityLevels": [ 2024-10-08T07:17:23.9262281Z { 2024-10-08T07:17:23.9262595Z "type": "secondary", 2024-10-08T07:17:23.9263047Z "level": "Not Defined", 2024-10-08T07:17:23.9263424Z "format": "CVSSv3" 2024-10-08T07:17:23.9263952Z }, 2024-10-08T07:17:23.9264323Z { 2024-10-08T07:17:23.9264615Z "type": "primary", 2024-10-08T07:17:23.9264996Z "level": "Not Defined", 2024-10-08T07:17:23.9265447Z "format": "CVSSv4" 2024-10-08T07:17:23.9265811Z } 2024-10-08T07:17:23.9266101Z ] 2024-10-08T07:17:23.9266460Z }, 2024-10-08T07:17:23.9266778Z "packageManager": "maven", 2024-10-08T07:17:23.9267171Z "mavenModuleName": { 2024-10-08T07:17:23.9267608Z "groupId": "org.codehaus.plexus", 2024-10-08T07:17:23.9268098Z "artifactId": "plexus-utils" 2024-10-08T07:17:23.9268504Z }, 2024-10-08T07:17:23.9268943Z "publicationTime": "2017-09-20T00:00:00Z", 2024-10-08T07:17:23.9269587Z "severityBasedOn": "CVSS", 2024-10-08T07:17:23.9270110Z "modificationTime": "2024-05-09T13:34:27.533160Z", 2024-10-08T07:17:23.9270693Z "socialTrendAlert": false, 2024-10-08T07:17:23.9271069Z "severityWithCritical": "medium", 2024-10-08T07:17:23.9271498Z "from": [ 2024-10-08T07:17:23.9271988Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:17:23.9272656Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:17:23.9273137Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:17:23.9273726Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:17:23.9274302Z ], 2024-10-08T07:17:23.9274575Z "upgradePath": [ 2024-10-08T07:17:23.9274986Z false, 2024-10-08T07:17:23.9275417Z "org.apache.maven:maven-embedder@3.5.0", 2024-10-08T07:17:23.9275999Z "org.apache.maven:maven-core@3.5.0", 2024-10-08T07:17:23.9276491Z "org.codehaus.plexus:plexus-utils@3.0.24" 2024-10-08T07:17:23.9276938Z ], 2024-10-08T07:17:23.9277313Z "isUpgradable": true, 2024-10-08T07:17:23.9277708Z "isPatchable": false, 2024-10-08T07:17:23.9278139Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9278650Z "version": "1.0.4" 2024-10-08T07:17:23.9279005Z }, 2024-10-08T07:17:23.9279250Z { 2024-10-08T07:17:23.9279720Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-31522", 2024-10-08T07:17:23.9280231Z "title": "Shell Command Injection", 2024-10-08T07:17:23.9280734Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9281233Z "credit": [ 2024-10-08T07:17:23.9281576Z "Charles Duffy" 2024-10-08T07:17:23.9281908Z ], 2024-10-08T07:17:23.9282279Z "semver": { 2024-10-08T07:17:23.9282569Z "vulnerable": [ 2024-10-08T07:17:23.9282906Z "[,3.0.16)" 2024-10-08T07:17:23.9283305Z ] 2024-10-08T07:17:23.9283558Z }, 2024-10-08T07:17:23.9283970Z "exploit": "Not Defined", 2024-10-08T07:17:23.9284440Z "fixedIn": [ 2024-10-08T07:17:23.9284766Z "3.0.16" 2024-10-08T07:17:23.9285039Z ], 2024-10-08T07:17:23.9285407Z "patches": [], 2024-10-08T07:17:23.9285741Z "insights": { 2024-10-08T07:17:23.9286062Z "triageAdvice": null 2024-10-08T07:17:23.9286472Z }, 2024-10-08T07:17:23.9286770Z "language": "java", 2024-10-08T07:17:23.9287147Z "severity": "critical", 2024-10-08T07:17:23.9287546Z "cvssScore": 9.8, 2024-10-08T07:17:23.9287892Z "functions": [ 2024-10-08T07:17:23.9288231Z { 2024-10-08T07:17:23.9288553Z "version": [ 2024-10-08T07:17:23.9288899Z "[,3.0.16)" 2024-10-08T07:17:23.9289243Z ], 2024-10-08T07:17:23.9289628Z "functionId": { 2024-10-08T07:17:23.9290091Z "filePath": "org/codehaus/plexus/util/cli/Commandline.java", 2024-10-08T07:17:23.9290626Z "className": "Commandline", 2024-10-08T07:17:23.9291114Z "functionName": "execute" 2024-10-08T07:17:23.9291516Z } 2024-10-08T07:17:23.9291779Z } 2024-10-08T07:17:23.9292128Z ], 2024-10-08T07:17:23.9292447Z "malicious": false, 2024-10-08T07:17:23.9292771Z "isDisputed": false, 2024-10-08T07:17:23.9293330Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9293931Z "references": [ 2024-10-08T07:17:23.9294339Z { 2024-10-08T07:17:23.9295054Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41", 2024-10-08T07:17:23.9295771Z "title": "GitHub Commit" 2024-10-08T07:17:23.9296212Z }, 2024-10-08T07:17:23.9296518Z { 2024-10-08T07:17:23.9297149Z "url": "https://raw.githubusercontent.com/sonatype/plexus-utils/master/jira/PLXUTILS-161.json", 2024-10-08T07:17:23.9298027Z "title": "PLXUTILS-161 - Raw Jira Ticket JSON" 2024-10-08T07:17:23.9298676Z } 2024-10-08T07:17:23.9298963Z ], 2024-10-08T07:17:23.9299320Z "cvssDetails": [ 2024-10-08T07:17:23.9299825Z { 2024-10-08T07:17:23.9300131Z "assigner": "NVD", 2024-10-08T07:17:23.9300561Z "severity": "critical", 2024-10-08T07:17:23.9301064Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9301583Z "cvssV3BaseScore": 9.8, 2024-10-08T07:17:23.9302203Z "modificationTime": "2024-03-11T09:46:36.869045Z" 2024-10-08T07:17:23.9302732Z }, 2024-10-08T07:17:23.9303043Z { 2024-10-08T07:17:23.9303417Z "assigner": "Red Hat", 2024-10-08T07:17:23.9304082Z "severity": "high", 2024-10-08T07:17:23.9304558Z "cvssV3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9305145Z "cvssV3BaseScore": 7.8, 2024-10-08T07:17:23.9305687Z "modificationTime": "2024-03-11T09:53:54.737412Z" 2024-10-08T07:17:23.9306094Z } 2024-10-08T07:17:23.9306443Z ], 2024-10-08T07:17:23.9306760Z "cvssSources": [ 2024-10-08T07:17:23.9307092Z { 2024-10-08T07:17:23.9307430Z "type": "primary", 2024-10-08T07:17:23.9307898Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9308382Z "assigner": "Snyk", 2024-10-08T07:17:23.9308818Z "severity": "critical", 2024-10-08T07:17:23.9309187Z "baseScore": 9.8, 2024-10-08T07:17:23.9309572Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9310171Z "modificationTime": "2024-03-06T13:58:02.476253Z" 2024-10-08T07:17:23.9310580Z }, 2024-10-08T07:17:23.9310871Z { 2024-10-08T07:17:23.9311252Z "type": "secondary", 2024-10-08T07:17:23.9312028Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9312487Z "assigner": "NVD", 2024-10-08T07:17:23.9312939Z "severity": "critical", 2024-10-08T07:17:23.9313324Z "baseScore": 9.8, 2024-10-08T07:17:23.9313743Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9314353Z "modificationTime": "2024-03-11T09:46:36.869045Z" 2024-10-08T07:17:23.9314806Z }, 2024-10-08T07:17:23.9315184Z { 2024-10-08T07:17:23.9315459Z "type": "secondary", 2024-10-08T07:17:23.9315913Z "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:17:23.9316481Z "assigner": "Red Hat", 2024-10-08T07:17:23.9317110Z "severity": "high", 2024-10-08T07:17:23.9317609Z "baseScore": 7.8, 2024-10-08T07:17:23.9318249Z "cvssVersion": "3.0", 2024-10-08T07:17:23.9318920Z "modificationTime": "2024-03-11T09:53:54.737412Z" 2024-10-08T07:17:23.9319483Z } 2024-10-08T07:17:23.9319740Z ], 2024-10-08T07:17:23.9323339Z "description": "## Overview\r\n[`Codehaus Plexus`](https://codehaus-plexus.github.io/) is a collection of components used by Apache Maven.\r\n\r\nAffected versions of this package are vulnerable to Shell Command Injection. The Commandline class in plexus-utils does not correctly quote the contents of double-quoted strings.\r\n\r\n## Remediation\r\nUpgrade _Codehaus Plexus_ to version `3.0.16` or higher.\r\n\r\n## References\r\n- [Github Commit](https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41)\r\n- [PLXUTILS-161 - Raw Jira Ticket JSON](https://raw.githubusercontent.com/sonatype/plexus-utils/master/jira/PLXUTILS-161.json)", 2024-10-08T07:17:23.9326731Z "epssDetails": { 2024-10-08T07:17:23.9327237Z "percentile": "0.73724", 2024-10-08T07:17:23.9327600Z "probability": "0.00395", 2024-10-08T07:17:23.9328096Z "modelVersion": "v2023.03.01" 2024-10-08T07:17:23.9328486Z }, 2024-10-08T07:17:23.9328819Z "identifiers": { 2024-10-08T07:17:23.9329295Z "CVE": [ 2024-10-08T07:17:23.9329742Z "CVE-2017-1000487" 2024-10-08T07:17:23.9330115Z ], 2024-10-08T07:17:23.9330545Z "CWE": [ 2024-10-08T07:17:23.9331006Z "CWE-77" 2024-10-08T07:17:23.9331304Z ] 2024-10-08T07:17:23.9331599Z }, 2024-10-08T07:17:23.9332111Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9332786Z "proprietary": false, 2024-10-08T07:17:23.9333202Z "creationTime": "2016-09-20T00:00:00Z", 2024-10-08T07:17:23.9333718Z "functions_new": [ 2024-10-08T07:17:23.9334188Z { 2024-10-08T07:17:23.9334453Z "version": [ 2024-10-08T07:17:23.9334872Z "[,3.0.16)" 2024-10-08T07:17:23.9335323Z ], 2024-10-08T07:17:23.9335720Z "functionId": { 2024-10-08T07:17:23.9336177Z "className": "org.codehaus.plexus.util.cli.Commandline", 2024-10-08T07:17:23.9336712Z "functionName": "execute" 2024-10-08T07:17:23.9337179Z } 2024-10-08T07:17:23.9337439Z } 2024-10-08T07:17:23.9337728Z ], 2024-10-08T07:17:23.9338113Z "alternativeIds": [], 2024-10-08T07:17:23.9338583Z "disclosureTime": "2016-05-08T00:00:00Z", 2024-10-08T07:17:23.9338986Z "exploitDetails": { 2024-10-08T07:17:23.9339424Z "sources": [], 2024-10-08T07:17:23.9339781Z "maturityLevels": [ 2024-10-08T07:17:23.9340149Z { 2024-10-08T07:17:23.9340482Z "type": "secondary", 2024-10-08T07:17:23.9340877Z "level": "Not Defined", 2024-10-08T07:17:23.9341291Z "format": "CVSSv3" 2024-10-08T07:17:23.9341676Z }, 2024-10-08T07:17:23.9341974Z { 2024-10-08T07:17:23.9342302Z "type": "primary", 2024-10-08T07:17:23.9342747Z "level": "Not Defined", 2024-10-08T07:17:23.9343105Z "format": "CVSSv4" 2024-10-08T07:17:23.9343477Z } 2024-10-08T07:17:23.9343950Z ] 2024-10-08T07:17:23.9344233Z }, 2024-10-08T07:17:23.9344551Z "packageManager": "maven", 2024-10-08T07:17:23.9345014Z "mavenModuleName": { 2024-10-08T07:17:23.9345433Z "groupId": "org.codehaus.plexus", 2024-10-08T07:17:23.9345892Z "artifactId": "plexus-utils" 2024-10-08T07:17:23.9346354Z }, 2024-10-08T07:17:23.9346767Z "publicationTime": "2016-09-20T00:00:00Z", 2024-10-08T07:17:23.9347224Z "severityBasedOn": "CVSS", 2024-10-08T07:17:23.9347762Z "modificationTime": "2024-03-11T09:53:54.737412Z", 2024-10-08T07:17:23.9348255Z "socialTrendAlert": false, 2024-10-08T07:17:23.9348676Z "severityWithCritical": "critical", 2024-10-08T07:17:23.9349135Z "from": [ 2024-10-08T07:17:23.9349570Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:17:23.9350120Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:17:23.9350705Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:17:23.9351188Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:17:23.9351622Z ], 2024-10-08T07:17:23.9352005Z "upgradePath": [ 2024-10-08T07:17:23.9352352Z false, 2024-10-08T07:17:23.9352722Z "org.apache.maven:maven-embedder@3.2.1", 2024-10-08T07:17:23.9353318Z "org.apache.maven:maven-core@3.2.1", 2024-10-08T07:17:23.9354166Z "org.codehaus.plexus:plexus-utils@3.0.17" 2024-10-08T07:17:23.9354748Z ], 2024-10-08T07:17:23.9355036Z "isUpgradable": true, 2024-10-08T07:17:23.9355412Z "isPatchable": false, 2024-10-08T07:17:23.9355968Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9356382Z "version": "1.0.4" 2024-10-08T07:17:23.9356727Z }, 2024-10-08T07:17:23.9357081Z { 2024-10-08T07:17:23.9357494Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-461102", 2024-10-08T07:17:23.9357977Z "title": "XML External Entity (XXE) Injection", 2024-10-08T07:17:23.9358650Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U", 2024-10-08T07:17:23.9359176Z "credit": [ 2024-10-08T07:17:23.9359517Z "Florian Weimer" 2024-10-08T07:17:23.9359877Z ], 2024-10-08T07:17:23.9360171Z "semver": { 2024-10-08T07:17:23.9360515Z "vulnerable": [ 2024-10-08T07:17:23.9360887Z "[,3.0.24)" 2024-10-08T07:17:23.9361212Z ] 2024-10-08T07:17:23.9361520Z }, 2024-10-08T07:17:23.9361887Z "exploit": "Unproven", 2024-10-08T07:17:23.9362392Z "fixedIn": [ 2024-10-08T07:17:23.9362711Z "3.0.24" 2024-10-08T07:17:23.9363090Z ], 2024-10-08T07:17:23.9363370Z "patches": [], 2024-10-08T07:17:23.9363706Z "insights": { 2024-10-08T07:17:23.9364245Z "triageAdvice": null 2024-10-08T07:17:23.9364620Z }, 2024-10-08T07:17:23.9364887Z "language": "java", 2024-10-08T07:17:23.9365445Z "severity": "medium", 2024-10-08T07:17:23.9365826Z "cvssScore": 4.3, 2024-10-08T07:17:23.9366135Z "functions": [ 2024-10-08T07:17:23.9366545Z { 2024-10-08T07:17:23.9366846Z "version": [ 2024-10-08T07:17:23.9367199Z "(1.5.3,3.0.24)" 2024-10-08T07:17:23.9367570Z ], 2024-10-08T07:17:23.9367881Z "functionId": { 2024-10-08T07:17:23.9368391Z "filePath": "org/codehaus/plexus/util/xml/XmlWriterUtil.java", 2024-10-08T07:17:23.9369008Z "className": "XmlWriterUtil", 2024-10-08T07:17:23.9369415Z "functionName": "writeComment" 2024-10-08T07:17:23.9369851Z } 2024-10-08T07:17:23.9370203Z } 2024-10-08T07:17:23.9370457Z ], 2024-10-08T07:17:23.9370773Z "malicious": false, 2024-10-08T07:17:23.9371189Z "isDisputed": false, 2024-10-08T07:17:23.9371709Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9372143Z "references": [ 2024-10-08T07:17:23.9372540Z { 2024-10-08T07:17:23.9373284Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de", 2024-10-08T07:17:23.9374176Z "title": "GitHub Commit" 2024-10-08T07:17:23.9374524Z }, 2024-10-08T07:17:23.9374829Z { 2024-10-08T07:17:23.9375391Z "url": "https://github.com/codehaus-plexus/plexus-utils/issues/3", 2024-10-08T07:17:23.9375902Z "title": "GitHub Issue" 2024-10-08T07:17:23.9376294Z } 2024-10-08T07:17:23.9376638Z ], 2024-10-08T07:17:23.9376953Z "cvssDetails": [ 2024-10-08T07:17:23.9377256Z { 2024-10-08T07:17:23.9377622Z "assigner": "NVD", 2024-10-08T07:17:23.9378011Z "severity": "medium", 2024-10-08T07:17:23.9378506Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9379055Z "cvssV3BaseScore": 4.3, 2024-10-08T07:17:23.9379588Z "modificationTime": "2024-03-11T09:53:38.966298Z" 2024-10-08T07:17:23.9380041Z }, 2024-10-08T07:17:23.9380356Z { 2024-10-08T07:17:23.9380688Z "assigner": "Red Hat", 2024-10-08T07:17:23.9381077Z "severity": "medium", 2024-10-08T07:17:23.9381688Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9382167Z "cvssV3BaseScore": 4.3, 2024-10-08T07:17:23.9382677Z "modificationTime": "2024-03-11T09:53:59.734097Z" 2024-10-08T07:17:23.9383189Z } 2024-10-08T07:17:23.9383475Z ], 2024-10-08T07:17:23.9383740Z "cvssSources": [ 2024-10-08T07:17:23.9384435Z { 2024-10-08T07:17:23.9384748Z "type": "primary", 2024-10-08T07:17:23.9385217Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U", 2024-10-08T07:17:23.9385832Z "assigner": "Snyk", 2024-10-08T07:17:23.9386208Z "severity": "medium", 2024-10-08T07:17:23.9386604Z "baseScore": 4.3, 2024-10-08T07:17:23.9386993Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9387501Z "modificationTime": "2024-03-06T14:09:20.690133Z" 2024-10-08T07:17:23.9387964Z }, 2024-10-08T07:17:23.9388314Z { 2024-10-08T07:17:23.9388588Z "type": "secondary", 2024-10-08T07:17:23.9389064Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9389607Z "assigner": "NVD", 2024-10-08T07:17:23.9390014Z "severity": "medium", 2024-10-08T07:17:23.9390371Z "baseScore": 4.3, 2024-10-08T07:17:23.9390790Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9391308Z "modificationTime": "2024-03-11T09:53:38.966298Z" 2024-10-08T07:17:23.9391850Z }, 2024-10-08T07:17:23.9392211Z { 2024-10-08T07:17:23.9392544Z "type": "secondary", 2024-10-08T07:17:23.9393092Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:17:23.9393560Z "assigner": "Red Hat", 2024-10-08T07:17:23.9394086Z "severity": "medium", 2024-10-08T07:17:23.9394649Z "baseScore": 4.3, 2024-10-08T07:17:23.9395042Z "cvssVersion": "3.1", 2024-10-08T07:17:23.9395510Z "modificationTime": "2024-03-11T09:53:59.734097Z" 2024-10-08T07:17:23.9396020Z } 2024-10-08T07:17:23.9396327Z ], 2024-10-08T07:17:23.9400826Z "description": "## Overview\n[org.codehaus.plexus:plexus-utils](https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-utils) is a collection of various utility classes to ease working with strings, files, command lines, XML and more.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. `org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment` fails to sanitize comments for a `-->` sequence. This means that text contained in the command string could be interpreted as XML and allow for XML injection.\n## Remediation\nUpgrade `org.codehaus.plexus:plexus-utils` to version 3.0.24 or higher.\n## References\n- [GitHub Commit](https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de)\n- [GitHub Issue](https://github.com/codehaus-plexus/plexus-utils/issues/3)\n", 2024-10-08T07:17:23.9404791Z "epssDetails": { 2024-10-08T07:17:23.9405118Z "percentile": "0.30216", 2024-10-08T07:17:23.9405513Z "probability": "0.00067", 2024-10-08T07:17:23.9405995Z "modelVersion": "v2023.03.01" 2024-10-08T07:17:23.9406383Z }, 2024-10-08T07:17:23.9406650Z "identifiers": { 2024-10-08T07:17:23.9407064Z "CVE": [ 2024-10-08T07:17:23.9407440Z "CVE-2022-4245" 2024-10-08T07:17:23.9407794Z ], 2024-10-08T07:17:23.9408129Z "CWE": [ 2024-10-08T07:17:23.9408467Z "CWE-91" 2024-10-08T07:17:23.9408795Z ] 2024-10-08T07:17:23.9409106Z }, 2024-10-08T07:17:23.9409540Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9410037Z "proprietary": false, 2024-10-08T07:17:23.9410559Z "creationTime": "2019-09-06T15:46:47.546130Z", 2024-10-08T07:17:23.9410972Z "functions_new": [ 2024-10-08T07:17:23.9411325Z { 2024-10-08T07:17:23.9411681Z "version": [ 2024-10-08T07:17:23.9411981Z "(1.5.3,3.0.24)" 2024-10-08T07:17:23.9412344Z ], 2024-10-08T07:17:23.9412717Z "functionId": { 2024-10-08T07:17:23.9413232Z "className": "org.codehaus.plexus.util.xml.XmlWriterUtil", 2024-10-08T07:17:23.9413746Z "functionName": "writeComment" 2024-10-08T07:17:23.9414364Z } 2024-10-08T07:17:23.9414674Z } 2024-10-08T07:17:23.9415024Z ], 2024-10-08T07:17:23.9415299Z "alternativeIds": [], 2024-10-08T07:17:23.9415785Z "disclosureTime": "2015-09-21T15:48:37Z", 2024-10-08T07:17:23.9416288Z "exploitDetails": { 2024-10-08T07:17:23.9416607Z "sources": [ 2024-10-08T07:17:23.9416954Z "Snyk" 2024-10-08T07:17:23.9417316Z ], 2024-10-08T07:17:23.9417641Z "maturityLevels": [ 2024-10-08T07:17:23.9417956Z { 2024-10-08T07:17:23.9418325Z "type": "secondary", 2024-10-08T07:17:23.9418734Z "level": "Not Defined", 2024-10-08T07:17:23.9419131Z "format": "CVSSv3" 2024-10-08T07:17:23.9419516Z }, 2024-10-08T07:17:23.9419828Z { 2024-10-08T07:17:23.9420135Z "type": "primary", 2024-10-08T07:17:23.9420551Z "level": "Proof of Concept", 2024-10-08T07:17:23.9421018Z "format": "CVSSv4" 2024-10-08T07:17:23.9421633Z } 2024-10-08T07:17:23.9422233Z ] 2024-10-08T07:17:23.9422663Z }, 2024-10-08T07:17:23.9423031Z "packageManager": "maven", 2024-10-08T07:17:23.9424360Z "mavenModuleName": { 2024-10-08T07:17:23.9424762Z "groupId": "org.codehaus.plexus", 2024-10-08T07:17:23.9425282Z "artifactId": "plexus-utils" 2024-10-08T07:17:23.9425807Z }, 2024-10-08T07:17:23.9426208Z "publicationTime": "2019-09-06T15:46:00Z", 2024-10-08T07:17:23.9426645Z "severityBasedOn": "CVSS", 2024-10-08T07:17:23.9427360Z "modificationTime": "2024-03-11T09:53:59.734097Z", 2024-10-08T07:17:23.9427853Z "socialTrendAlert": false, 2024-10-08T07:17:23.9428293Z "severityWithCritical": "medium", 2024-10-08T07:17:23.9428743Z "from": [ 2024-10-08T07:17:23.9429195Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:17:23.9429731Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:17:23.9430268Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:17:23.9430802Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:17:23.9431233Z ], 2024-10-08T07:17:23.9431601Z "upgradePath": [ 2024-10-08T07:17:23.9431927Z false, 2024-10-08T07:17:23.9432332Z "org.apache.maven:maven-embedder@3.5.0", 2024-10-08T07:17:23.9432904Z "org.apache.maven:maven-core@3.5.0", 2024-10-08T07:17:23.9433442Z "org.codehaus.plexus:plexus-utils@3.0.24" 2024-10-08T07:17:23.9434046Z ], 2024-10-08T07:17:23.9434477Z "isUpgradable": true, 2024-10-08T07:17:23.9434859Z "isPatchable": false, 2024-10-08T07:17:23.9435299Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:17:23.9435828Z "version": "1.0.4" 2024-10-08T07:17:23.9436167Z } 2024-10-08T07:17:23.9436504Z ], 2024-10-08T07:17:23.9436771Z "ok": false, 2024-10-08T07:17:23.9437100Z "dependencyCount": 28, 2024-10-08T07:17:23.9437509Z "org": "itsarraj", 2024-10-08T07:17:23.9438302Z "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", 2024-10-08T07:17:23.9439136Z "isPrivate": true, 2024-10-08T07:17:23.9439575Z "licensesPolicy": { 2024-10-08T07:17:23.9439931Z "severities": {}, 2024-10-08T07:17:23.9440277Z "orgLicenseRules": { 2024-10-08T07:17:23.9440712Z "AGPL-1.0": { 2024-10-08T07:17:23.9441098Z "licenseType": "AGPL-1.0", 2024-10-08T07:17:23.9441508Z "severity": "high", 2024-10-08T07:17:23.9441930Z "instructions": "" 2024-10-08T07:17:23.9442277Z }, 2024-10-08T07:17:23.9442667Z "AGPL-3.0": { 2024-10-08T07:17:23.9443112Z "licenseType": "AGPL-3.0", 2024-10-08T07:17:23.9443467Z "severity": "high", 2024-10-08T07:17:23.9444068Z "instructions": "" 2024-10-08T07:17:23.9444513Z }, 2024-10-08T07:17:23.9444869Z "Artistic-1.0": { 2024-10-08T07:17:23.9445240Z "licenseType": "Artistic-1.0", 2024-10-08T07:17:23.9445714Z "severity": "medium", 2024-10-08T07:17:23.9446107Z "instructions": "" 2024-10-08T07:17:23.9446418Z }, 2024-10-08T07:17:23.9446803Z "Artistic-2.0": { 2024-10-08T07:17:23.9447225Z "licenseType": "Artistic-2.0", 2024-10-08T07:17:23.9447701Z "severity": "medium", 2024-10-08T07:17:23.9448095Z "instructions": "" 2024-10-08T07:17:23.9448454Z }, 2024-10-08T07:17:23.9448840Z "CDDL-1.0": { 2024-10-08T07:17:23.9449183Z "licenseType": "CDDL-1.0", 2024-10-08T07:17:23.9449590Z "severity": "medium", 2024-10-08T07:17:23.9450019Z "instructions": "" 2024-10-08T07:17:23.9450390Z }, 2024-10-08T07:17:23.9450680Z "CPOL-1.02": { 2024-10-08T07:17:23.9451137Z "licenseType": "CPOL-1.02", 2024-10-08T07:17:23.9451557Z "severity": "high", 2024-10-08T07:17:23.9451925Z "instructions": "" 2024-10-08T07:17:23.9452289Z }, 2024-10-08T07:17:23.9452626Z "EPL-1.0": { 2024-10-08T07:17:23.9453005Z "licenseType": "EPL-1.0", 2024-10-08T07:17:23.9453419Z "severity": "medium", 2024-10-08T07:17:23.9453918Z "instructions": "" 2024-10-08T07:17:23.9454268Z }, 2024-10-08T07:17:23.9454700Z "GPL-2.0": { 2024-10-08T07:17:23.9455206Z "licenseType": "GPL-2.0", 2024-10-08T07:17:23.9455595Z "severity": "high", 2024-10-08T07:17:23.9456042Z "instructions": "" 2024-10-08T07:17:23.9456347Z }, 2024-10-08T07:17:23.9456667Z "GPL-3.0": { 2024-10-08T07:17:23.9457118Z "licenseType": "GPL-3.0", 2024-10-08T07:17:23.9457507Z "severity": "high", 2024-10-08T07:17:23.9457963Z "instructions": "" 2024-10-08T07:17:23.9458386Z }, 2024-10-08T07:17:23.9458711Z "LGPL-2.0": { 2024-10-08T07:17:23.9459109Z "licenseType": "LGPL-2.0", 2024-10-08T07:17:23.9459531Z "severity": "medium", 2024-10-08T07:17:23.9459917Z "instructions": "" 2024-10-08T07:17:23.9460257Z }, 2024-10-08T07:17:23.9460610Z "LGPL-2.1": { 2024-10-08T07:17:23.9461008Z "licenseType": "LGPL-2.1", 2024-10-08T07:17:23.9461398Z "severity": "medium", 2024-10-08T07:17:23.9461828Z "instructions": "" 2024-10-08T07:17:23.9462156Z }, 2024-10-08T07:17:23.9462480Z "LGPL-3.0": { 2024-10-08T07:17:23.9462929Z "licenseType": "LGPL-3.0", 2024-10-08T07:17:23.9463305Z "severity": "medium", 2024-10-08T07:17:23.9463676Z "instructions": "" 2024-10-08T07:17:23.9464341Z }, 2024-10-08T07:17:23.9464665Z "MPL-1.1": { 2024-10-08T07:17:23.9465007Z "licenseType": "MPL-1.1", 2024-10-08T07:17:23.9465479Z "severity": "medium", 2024-10-08T07:17:23.9465860Z "instructions": "" 2024-10-08T07:17:23.9466258Z }, 2024-10-08T07:17:23.9466558Z "MPL-2.0": { 2024-10-08T07:17:23.9466930Z "licenseType": "MPL-2.0", 2024-10-08T07:17:23.9467384Z "severity": "medium", 2024-10-08T07:17:23.9467738Z "instructions": "" 2024-10-08T07:17:23.9468077Z }, 2024-10-08T07:17:23.9468468Z "MS-RL": { 2024-10-08T07:17:23.9468833Z "licenseType": "MS-RL", 2024-10-08T07:17:23.9469182Z "severity": "medium", 2024-10-08T07:17:23.9469624Z "instructions": "" 2024-10-08T07:17:23.9469965Z }, 2024-10-08T07:17:23.9470259Z "SimPL-2.0": { 2024-10-08T07:17:23.9470727Z "licenseType": "SimPL-2.0", 2024-10-08T07:17:23.9471132Z "severity": "high", 2024-10-08T07:17:23.9471497Z "instructions": "" 2024-10-08T07:17:23.9471881Z } 2024-10-08T07:17:23.9472164Z } 2024-10-08T07:17:23.9472457Z }, 2024-10-08T07:17:23.9472821Z "packageManager": "maven", 2024-10-08T07:17:23.9473299Z "projectId": "585b6b28-57da-4dbb-bda8-0387c1c59e27", 2024-10-08T07:17:23.9473961Z "ignoreSettings": { 2024-10-08T07:17:23.9474442Z "adminOnly": false, 2024-10-08T07:17:23.9474770Z "reasonRequired": false, 2024-10-08T07:17:23.9475198Z "disregardFilesystemIgnores": false 2024-10-08T07:17:23.9475658Z }, 2024-10-08T07:17:23.9476003Z "summary": "4 vulnerable dependency paths", 2024-10-08T07:17:23.9476422Z "remediation": { 2024-10-08T07:17:23.9476815Z "unresolved": [], 2024-10-08T07:17:23.9477169Z "upgrade": { 2024-10-08T07:17:23.9477567Z "org.apache.maven:maven-embedder@2.0": { 2024-10-08T07:17:23.9478217Z "upgradeTo": "org.apache.maven:maven-embedder@3.8.1", 2024-10-08T07:17:23.9478710Z "upgrades": [ 2024-10-08T07:17:23.9479139Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:17:23.9479701Z "org.codehaus.plexus:plexus-utils@1.0.4", 2024-10-08T07:17:23.9480262Z "org.codehaus.plexus:plexus-utils@1.0.4", 2024-10-08T07:17:23.9480808Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:17:23.9481357Z ], 2024-10-08T07:17:23.9481641Z "vulns": [ 2024-10-08T07:17:23.9482068Z "SNYK-JAVA-ORGAPACHEMAVEN-6144614", 2024-10-08T07:17:23.9482692Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-31521", 2024-10-08T07:17:23.9483235Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-461102", 2024-10-08T07:17:23.9483736Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-31522" 2024-10-08T07:17:23.9484370Z ] 2024-10-08T07:17:23.9484659Z } 2024-10-08T07:17:23.9484906Z }, 2024-10-08T07:17:23.9485269Z "patch": {}, 2024-10-08T07:17:23.9485737Z "ignore": {}, 2024-10-08T07:17:23.9486141Z "pin": {} 2024-10-08T07:17:23.9486410Z }, 2024-10-08T07:17:23.9486725Z "filesystemPolicy": false, 2024-10-08T07:17:23.9487174Z "filtered": { 2024-10-08T07:17:23.9487456Z "ignore": [], 2024-10-08T07:17:23.9487774Z "patch": [] 2024-10-08T07:17:23.9488151Z }, 2024-10-08T07:17:23.9488439Z "uniqueCount": 4, 2024-10-08T07:17:23.9488927Z "projectName": "jenkins.mvn.demo:mvnwebapp", 2024-10-08T07:17:23.9489456Z "foundProjectCount": 1, 2024-10-08T07:17:23.9489845Z "displayTargetFile": "pom.xml", 2024-10-08T07:17:23.9490274Z "hasUnknownVersions": false, 2024-10-08T07:17:23.9490808Z "path": "/home/runner/work/PRBotCheck/PRBotCheck" 2024-10-08T07:17:23.9491251Z } 2024-10-08T07:17:27.6026753Z 2024-10-08T07:17:27.6028114Z Monitoring /home/runner/work/PRBotCheck/PRBotCheck/package-lock.json... 2024-10-08T07:17:27.6029272Z 2024-10-08T07:17:27.6030704Z Dependency express was not found in package-lock.json. Your package.json and package-lock.json are probably out of sync. Please run "npm install" and try again. 2024-10-08T07:17:27.6032163Z 2024-10-08T07:17:27.6032585Z ------------------------------------------------------- 2024-10-08T07:17:27.6033124Z 2024-10-08T07:17:27.6034236Z Monitoring /home/runner/work/PRBotCheck/PRBotCheck (jenkins.mvn.demo:mvnwebapp)... 2024-10-08T07:17:27.6035089Z 2024-10-08T07:17:27.6036526Z Explore this snapshot at https://app.snyk.io/org/itsarraj/project/585b6b28-57da-4dbb-bda8-0387c1c59e27/history/40b3b79c-4b17-4306-a2ab-85cd016fb5e7 2024-10-08T07:17:27.6037953Z 2024-10-08T07:17:27.6038650Z Notifications about newly disclosed issues related to these dependencies will be emailed to you. 2024-10-08T07:17:27.6039643Z 2024-10-08T07:17:27.6050695Z 2024-10-08T07:17:27.6051572Z You have reached your monthly limit of 200 private tests for your itsarraj org. 2024-10-08T07:17:27.6053049Z To learn more about our plans and increase your tests limit visit https://snyk.io/plans. 2024-10-08T07:17:27.8261178Z Post job cleanup. 2024-10-08T07:17:27.8978050Z [command]/usr/bin/git version 2024-10-08T07:17:27.9010695Z git version 2.46.1 2024-10-08T07:17:27.9051929Z Temporarily overriding HOME='/home/runner/work/_temp/6d31199b-a5c4-4216-b955-357d11a476f1' before making global git config changes 2024-10-08T07:17:27.9053291Z Adding repository directory to the temporary git global config as a safe directory 2024-10-08T07:17:27.9055579Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:17:27.9084963Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-10-08T07:17:27.9112537Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-10-08T07:17:27.9338471Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-10-08T07:17:27.9358181Z http.https://github.com/.extraheader 2024-10-08T07:17:27.9370011Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader 2024-10-08T07:17:27.9399970Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-10-08T07:17:27.9841551Z Cleaning up orphan processes

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant