Create a.js

[itsarraj0test]

AppSec Wiki Pull Request

Change Description:

Changes Made:

Reason for Change:

Checklist:

• I have tested the changes locally
• Is Code changes ready for review
• I have proofread the changes to ensure accuracy
• I have tested any links or references within the wiki page
• I have checked for consistency with other existing pages (if applicable)
• I have updated any relevant cross-references or documentation

[github-actions]

Hey @itsarraj0test 👋, Thanks for contributing the new Pull Request !!

Secrets Bot

2024-10-08T07:23:27.9027825Z Current runner version: '2.320.0'
2024-10-08T07:23:27.9053227Z ##[group]Operating System
2024-10-08T07:23:27.9053862Z Ubuntu
2024-10-08T07:23:27.9054307Z 22.04.5
2024-10-08T07:23:27.9054641Z LTS
2024-10-08T07:23:27.9054958Z ##[endgroup]
2024-10-08T07:23:27.9055396Z ##[group]Runner Image
2024-10-08T07:23:27.9055852Z Image: ubuntu-22.04
2024-10-08T07:23:27.9056223Z Version: 20240922.1.0
2024-10-08T07:23:27.9057258Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md
2024-10-08T07:23:27.9058711Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1
2024-10-08T07:23:27.9059543Z ##[endgroup]
2024-10-08T07:23:27.9059987Z ##[group]Runner Image Provisioner
2024-10-08T07:23:27.9060490Z 2.0.384.1
2024-10-08T07:23:27.9060794Z ##[endgroup]
2024-10-08T07:23:27.9076071Z ##[group]GITHUB_TOKEN Permissions
2024-10-08T07:23:27.9077729Z Issues: write
2024-10-08T07:23:27.9078188Z Metadata: read
2024-10-08T07:23:27.9078831Z PullRequests: write
2024-10-08T07:23:27.9079334Z ##[endgroup]
2024-10-08T07:23:27.9082261Z Secret source: Actions
2024-10-08T07:23:27.9083130Z Prepare workflow directory
2024-10-08T07:23:27.9719148Z Prepare all required actions
2024-10-08T07:23:27.9877855Z Getting action download info
2024-10-08T07:23:28.1735608Z Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744)
2024-10-08T07:23:28.2958202Z Download action repository 'trufflesecurity/TruffleHog-Enterprise-Github-Action@main' (SHA:896eb9c43cebe80ae73e5aa5948595121ac7229c)
2024-10-08T07:23:28.9627728Z Complete job name: TruffleHog Bot scan
2024-10-08T07:23:29.0269528Z ##[group]Build container for action use: '/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main/Dockerfile'.
2024-10-08T07:23:29.0328060Z ##[command]/usr/bin/docker build -t 514a91:da4627a8310540dea3e284573586d61c -f "/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main/Dockerfile" "/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main"
2024-10-08T07:23:29.4874860Z #0 building with "default" instance using docker driver
2024-10-08T07:23:29.4875363Z
2024-10-08T07:23:29.4875615Z #1 [internal] load build definition from Dockerfile
2024-10-08T07:23:29.4876107Z #1 transferring dockerfile: 153B done
2024-10-08T07:23:29.4876654Z #1 DONE 0.0s
2024-10-08T07:23:29.4876828Z
2024-10-08T07:23:29.4877191Z #2 [internal] load metadata for us-docker.pkg.dev/thog-artifacts/public/scanner:latest
2024-10-08T07:23:30.3317863Z #2 DONE 1.0s
2024-10-08T07:23:30.4510195Z
2024-10-08T07:23:30.4511165Z #3 [internal] load .dockerignore
2024-10-08T07:23:30.4511829Z #3 transferring context: 2B done
2024-10-08T07:23:30.4512376Z #3 DONE 0.0s
2024-10-08T07:23:30.4512559Z
2024-10-08T07:23:30.4512698Z #4 [internal] load build context
2024-10-08T07:23:30.4513327Z #4 transferring context: 112B done
2024-10-08T07:23:30.4513810Z #4 DONE 0.0s
2024-10-08T07:23:30.4513978Z
2024-10-08T07:23:30.4514595Z #5 [1/2] FROM us-docker.pkg.dev/thog-artifacts/public/scanner:latest@sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1
2024-10-08T07:23:30.4516040Z #5 resolve us-docker.pkg.dev/thog-artifacts/public/scanner:latest@sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1 done
2024-10-08T07:23:30.4517272Z #5 sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1 743B / 743B done
2024-10-08T07:23:30.4518104Z #5 sha256:6d9d40a1eb71b3a08e69ca6dff5dc75a671389eacefdb46fe572b48990c1777f 1.16kB / 1.16kB done
2024-10-08T07:23:30.4519004Z #5 sha256:73e5984d21eba9ed309a98a73bea0f5005954f47397b7ebf5ee5fdfe62c1b2b3 1.84kB / 1.84kB done
2024-10-08T07:23:30.4519929Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 0B / 3.63MB 0.1s
2024-10-08T07:23:30.4520810Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0B / 10.43MB 0.1s
2024-10-08T07:23:30.4521673Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 0B / 70.83MB 0.1s
2024-10-08T07:23:30.8533589Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 3.63MB / 3.63MB 0.4s done
2024-10-08T07:23:30.8535644Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 10.43MB / 10.43MB 0.5s done
2024-10-08T07:23:30.8537362Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 9.44MB / 70.83MB 0.5s
2024-10-08T07:23:30.8539007Z #5 extracting sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 0.1s done
2024-10-08T07:23:30.8540695Z #5 sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 0B / 184B 0.5s
2024-10-08T07:23:30.9864615Z #5 sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 184B / 184B 0.6s done
2024-10-08T07:23:30.9866354Z #5 extracting sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0.1s
2024-10-08T07:23:31.0875178Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 24.12MB / 70.83MB 0.7s
2024-10-08T07:23:31.2548176Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 50.33MB / 70.83MB 0.9s
2024-10-08T07:23:31.2549346Z #5 extracting sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0.2s done
2024-10-08T07:23:31.4201976Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 58.72MB / 70.83MB 1.0s
2024-10-08T07:23:31.4203784Z #5 extracting sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c
2024-10-08T07:23:31.5224869Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 70.83MB / 70.83MB 1.1s done
2024-10-08T07:23:31.8448752Z #5 extracting sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 0.3s done
2024-10-08T07:23:31.8450981Z #5 extracting sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61
2024-10-08T07:23:32.0049753Z #5 extracting sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 done
2024-10-08T07:23:32.0050501Z #5 DONE 1.5s
2024-10-08T07:23:32.0050958Z
2024-10-08T07:23:32.0051133Z #6 [2/2] COPY entrypoint.sh /entrypoint.sh
2024-10-08T07:23:32.0051637Z #6 DONE 0.0s
2024-10-08T07:23:32.0051811Z
2024-10-08T07:23:32.0052033Z #7 exporting to image
2024-10-08T07:23:32.0052374Z #7 exporting layers 0.1s done
2024-10-08T07:23:32.0314511Z #7 writing image sha256:12118147633822d3b7eabcfc042528405af6f2313fa77b94635eb2b28a228281 done
2024-10-08T07:23:32.0316255Z #7 naming to docker.io/library/514a91:da4627a8310540dea3e284573586d61c done
2024-10-08T07:23:32.0317111Z #7 DONE 0.1s
2024-10-08T07:23:32.0372091Z ##[endgroup]
2024-10-08T07:23:32.0770712Z ##[group]Run actions/checkout@v3
2024-10-08T07:23:32.0771183Z with:
2024-10-08T07:23:32.0771615Z fetch-depth: 0
2024-10-08T07:23:32.0771952Z repository: itsarraj/PRBotCheck
2024-10-08T07:23:32.0772535Z token: ***
2024-10-08T07:23:32.0773186Z ssh-strict: true
2024-10-08T07:23:32.0773527Z persist-credentials: true
2024-10-08T07:23:32.0773916Z clean: true
2024-10-08T07:23:32.0774353Z sparse-checkout-cone-mode: true
2024-10-08T07:23:32.0774721Z fetch-tags: false
2024-10-08T07:23:32.0775049Z lfs: false
2024-10-08T07:23:32.0775426Z submodules: false
2024-10-08T07:23:32.0775739Z set-safe-directory: true
2024-10-08T07:23:32.0776124Z ##[endgroup]
2024-10-08T07:23:32.3435530Z Syncing repository: itsarraj/PRBotCheck
2024-10-08T07:23:32.3437489Z ##[group]Getting Git version info
2024-10-08T07:23:32.3438229Z Working directory is '/home/runner/work/PRBotCheck/PRBotCheck'
2024-10-08T07:23:32.3439092Z [command]/usr/bin/git version
2024-10-08T07:23:32.3439682Z git version 2.46.1
2024-10-08T07:23:32.3441075Z ##[endgroup]
2024-10-08T07:23:32.3452511Z Temporarily overriding HOME='/home/runner/work/_temp/4abae079-6bf5-41a7-852e-382b9e4656c8' before making global git config changes
2024-10-08T07:23:32.3453765Z Adding repository directory to the temporary git global config as a safe directory
2024-10-08T07:23:32.3454744Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:23:32.3465760Z Deleting the contents of '/home/runner/work/PRBotCheck/PRBotCheck'
2024-10-08T07:23:32.3469252Z ##[group]Initializing the repository
2024-10-08T07:23:32.3471947Z [command]/usr/bin/git init /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:23:32.3543571Z hint: Using 'master' as the name for the initial branch. This default branch name
2024-10-08T07:23:32.3544734Z hint: is subject to change. To configure the initial branch name to use in all
2024-10-08T07:23:32.3545538Z hint: of your new repositories, which will suppress this warning, call:
2024-10-08T07:23:32.3546100Z hint:
2024-10-08T07:23:32.3546603Z hint: git config --global init.defaultBranch
2024-10-08T07:23:32.3547096Z hint:
2024-10-08T07:23:32.3547605Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
2024-10-08T07:23:32.3548597Z hint: 'development'. The just-created branch can be renamed via this command:
2024-10-08T07:23:32.3549184Z hint:
2024-10-08T07:23:32.3549535Z hint: git branch -m
2024-10-08T07:23:32.3554357Z Initialized empty Git repository in /home/runner/work/PRBotCheck/PRBotCheck/.git/
2024-10-08T07:23:32.3563992Z [command]/usr/bin/git remote add origin https://github.com/itsarraj/PRBotCheck
2024-10-08T07:23:32.3598752Z ##[endgroup]
2024-10-08T07:23:32.3599923Z ##[group]Disabling automatic garbage collection
2024-10-08T07:23:32.3602366Z [command]/usr/bin/git config --local gc.auto 0
2024-10-08T07:23:32.3628938Z ##[endgroup]
2024-10-08T07:23:32.3629979Z ##[group]Setting up auth
2024-10-08T07:23:32.3635120Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
2024-10-08T07:23:32.3663751Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-10-08T07:23:32.3986516Z [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
2024-10-08T07:23:32.4013703Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-10-08T07:23:32.4237187Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2024-10-08T07:23:32.4268956Z ##[endgroup]
2024-10-08T07:23:32.4269692Z ##[group]Fetching the repository
2024-10-08T07:23:32.4277400Z [command]/usr/bin/git -c protocol.version=2 fetch --prune --progress --no-recurse-submodules origin +refs/heads/:refs/remotes/origin/ +refs/tags/:refs/tags/
2024-10-08T07:23:32.8991603Z remote: Enumerating objects: 37, done.
2024-10-08T07:23:32.8992411Z remote: Counting objects: 2% (1/37)
2024-10-08T07:23:32.8993872Z remote: Counting objects: 5% (2/37)
2024-10-08T07:23:32.8994715Z remote: Counting objects: 8% (3/37)
2024-10-08T07:23:32.8997764Z remote: Counting objects: 10% (4/37)
2024-10-08T07:23:32.8998741Z remote: Counting objects: 13% (5/37)
2024-10-08T07:23:32.8999638Z remote: Counting objects: 16% (6/37)
2024-10-08T07:23:32.9000370Z remote: Counting objects: 18% (7/37)
2024-10-08T07:23:32.9001147Z remote: Counting objects: 21% (8/37)
2024-10-08T07:23:32.9002053Z remote: Counting objects: 24% (9/37)
2024-10-08T07:23:32.9002512Z remote: Counting objects: 27% (10/37)
2024-10-08T07:23:32.9003402Z remote: Counting objects: 29% (11/37)
2024-10-08T07:23:32.9004401Z remote: Counting objects: 32% (12/37)
2024-10-08T07:23:32.9005188Z remote: Counting objects: 35% (13/37)
2024-10-08T07:23:32.9006213Z remote: Counting objects: 37% (14/37)
2024-10-08T07:23:32.9006991Z remote: Counting objects: 40% (15/37)
2024-10-08T07:23:32.9007734Z remote: Counting objects: 43% (16/37)
2024-10-08T07:23:32.9008469Z remote: Counting objects: 45% (17/37)
2024-10-08T07:23:32.9009249Z remote: Counting objects: 48% (18/37)
2024-10-08T07:23:32.9010047Z remote: Counting objects: 51% (19/37)
2024-10-08T07:23:32.9010592Z remote: Counting objects: 54% (20/37)
2024-10-08T07:23:32.9011076Z remote: Counting objects: 56% (21/37)
2024-10-08T07:23:32.9011502Z remote: Counting objects: 59% (22/37)
2024-10-08T07:23:32.9012014Z remote: Counting objects: 62% (23/37)
2024-10-08T07:23:32.9012487Z remote: Counting objects: 64% (24/37)
2024-10-08T07:23:32.9013210Z remote: Counting objects: 67% (25/37)
2024-10-08T07:23:32.9013691Z remote: Counting objects: 70% (26/37)
2024-10-08T07:23:32.9014181Z remote: Counting objects: 72% (27/37)
2024-10-08T07:23:32.9014698Z remote: Counting objects: 75% (28/37)
2024-10-08T07:23:32.9015131Z remote: Counting objects: 78% (29/37)
2024-10-08T07:23:32.9015615Z remote: Counting objects: 81% (30/37)
2024-10-08T07:23:32.9016121Z remote: Counting objects: 83% (31/37)
2024-10-08T07:23:32.9016552Z remote: Counting objects: 86% (32/37)
2024-10-08T07:23:32.9017027Z remote: Counting objects: 89% (33/37)
2024-10-08T07:23:32.9017558Z remote: Counting objects: 91% (34/37)
2024-10-08T07:23:32.9017979Z remote: Counting objects: 94% (35/37)
2024-10-08T07:23:32.9018448Z remote: Counting objects: 97% (36/37)
2024-10-08T07:23:32.9018953Z remote: Counting objects: 100% (37/37)
2024-10-08T07:23:32.9019425Z remote: Counting objects: 100% (37/37), done.
2024-10-08T07:23:32.9019938Z remote: Compressing objects: 4% (1/25)
2024-10-08T07:23:32.9020471Z remote: Compressing objects: 8% (2/25)
2024-10-08T07:23:32.9020936Z remote: Compressing objects: 12% (3/25)
2024-10-08T07:23:32.9021418Z remote: Compressing objects: 16% (4/25)
2024-10-08T07:23:32.9021944Z remote: Compressing objects: 20% (5/25)
2024-10-08T07:23:32.9022401Z remote: Compressing objects: 24% (6/25)
2024-10-08T07:23:32.9022875Z remote: Compressing objects: 28% (7/25)
2024-10-08T07:23:32.9023605Z remote: Compressing objects: 32% (8/25)
2024-10-08T07:23:32.9024112Z remote: Compressing objects: 36% (9/25)
2024-10-08T07:23:32.9024573Z remote: Compressing objects: 40% (10/25)
2024-10-08T07:23:32.9025136Z remote: Compressing objects: 44% (11/25)
2024-10-08T07:23:32.9025627Z remote: Compressing objects: 48% (12/25)
2024-10-08T07:23:32.9026078Z remote: Compressing objects: 52% (13/25)
2024-10-08T07:23:32.9026799Z remote: Compressing objects: 56% (14/25)
2024-10-08T07:23:32.9027307Z remote: Compressing objects: 60% (15/25)
2024-10-08T07:23:32.9027752Z remote: Compressing objects: 64% (16/25)
2024-10-08T07:23:32.9028308Z remote: Compressing objects: 68% (17/25)
2024-10-08T07:23:32.9028786Z remote: Compressing objects: 72% (18/25)
2024-10-08T07:23:32.9029227Z remote: Compressing objects: 76% (19/25)
2024-10-08T07:23:32.9029786Z remote: Compressing objects: 80% (20/25)
2024-10-08T07:23:32.9030262Z remote: Compressing objects: 84% (21/25)
2024-10-08T07:23:32.9030714Z remote: Compressing objects: 88% (22/25)
2024-10-08T07:23:32.9031253Z remote: Compressing objects: 92% (23/25)
2024-10-08T07:23:32.9031729Z remote: Compressing objects: 96% (24/25)
2024-10-08T07:23:32.9032176Z remote: Compressing objects: 100% (25/25)
2024-10-08T07:23:32.9032747Z remote: Compressing objects: 100% (25/25), done.
2024-10-08T07:23:32.9483238Z remote: Total 37 (delta 15), reused 28 (delta 6), pack-reused 0 (from 0)
2024-10-08T07:23:32.9606128Z From https://github.com/itsarraj/PRBotCheck
2024-10-08T07:23:32.9607266Z * [new branch] master -> origin/master
2024-10-08T07:23:32.9639164Z [command]/usr/bin/git branch --list --remote origin/master
2024-10-08T07:23:32.9659601Z origin/master
2024-10-08T07:23:32.9667656Z [command]/usr/bin/git rev-parse refs/remotes/origin/master
2024-10-08T07:23:32.9686373Z cec140f
2024-10-08T07:23:32.9692063Z ##[endgroup]
2024-10-08T07:23:32.9692746Z ##[group]Determining the checkout info
2024-10-08T07:23:32.9694073Z ##[endgroup]
2024-10-08T07:23:32.9694900Z ##[group]Checking out the ref
2024-10-08T07:23:32.9697423Z [command]/usr/bin/git checkout --progress --force -B master refs/remotes/origin/master
2024-10-08T07:23:32.9738947Z Reset branch 'master'
2024-10-08T07:23:32.9742243Z branch 'master' set up to track 'origin/master'.
2024-10-08T07:23:32.9748007Z ##[endgroup]
2024-10-08T07:23:32.9778074Z [command]/usr/bin/git log -1 --format='%H'
2024-10-08T07:23:32.9798192Z 'cec140f7b72f0e3ef62bc828d29d005a9d3e95ce'
2024-10-08T07:23:33.0090941Z ##[group]Run trufflesecurity/TruffleHog-Enterprise-Github-Action@main
2024-10-08T07:23:33.0091585Z with:
2024-10-08T07:23:33.0092083Z args: --fail-verified master HEAD --json
2024-10-08T07:23:33.0092525Z ##[endgroup]
2024-10-08T07:23:33.0307678Z ##[command]/usr/bin/docker run --name a91da4627a8310540dea3e284573586d61c_bc7626 --label 514a91 --workdir /github/workspace --rm -e "INPUT_ARGS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/PRBotCheck/PRBotCheck":"/github/workspace" 514a91:da4627a8310540dea3e284573586d61c "--fail-verified master HEAD --json"
2024-10-08T07:23:35.2948660Z {"level":"info-0","ts":"2024-10-08T07:23:35Z","logger":"thog/scanner","msg":"running trufflehog","pid":"XQ6Xt","version":"v1.90.20"}
2024-10-08T07:23:35.2949822Z
2024-10-08T07:23:35.2950957Z {"level":"info-0","ts":"2024-10-08T07:23:35Z","logger":"thog/scanner","msg":"log level set","pid":"XQ6Xt","version":"v1.90.20","level":0}
2024-10-08T07:23:35.2953978Z {"level":"info-0","ts":"2024-10-08T07:23:35Z","logger":"thog/scanner","msg":"resolved base reference","pid":"XQ6Xt","version":"v1.90.20","commit":"cec140f7b72f0e3ef62bc828d29d005a9d3e95ce"}
2024-10-08T07:23:35.2956874Z {"level":"info-0","ts":"2024-10-08T07:23:35Z","logger":"thog/scanner","msg":"resolved head reference","pid":"XQ6Xt","version":"v1.90.20","commit":"cec140f7b72f0e3ef62bc828d29d005a9d3e95ce"}
2024-10-08T07:23:35.2959922Z {"level":"info-0","ts":"2024-10-08T07:23:35Z","logger":"thog/scanner","msg":"resolved common merge base between references","pid":"XQ6Xt","version":"v1.90.20","commit":"cec140f7b72f0e3ef62bc828d29d005a9d3e95ce"}
2024-10-08T07:23:35.2962756Z 🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷
2024-10-08T07:23:35.2963727Z version: v1.90.20
2024-10-08T07:23:35.2964063Z
2024-10-08T07:23:35.2966212Z {"level":"info-0","ts":"2024-10-08T07:23:35Z","logger":"thog/scanner","msg":"scanning repo","pid":"XQ6Xt","version":"v1.90.20","repo":"https://github.com/itsarraj/PRBotCheck","base":"cec140f7b72f0e3ef62bc828d29d005a9d3e95ce","head":"cec140f7b72f0e3ef62bc828d29d005a9d3e95ce"}
2024-10-08T07:23:35.3007734Z {"level":"info-0","ts":"2024-10-08T07:23:35Z","logger":"thog/scanner","msg":"finished scanning commits","pid":"XQ6Xt","version":"v1.90.20","commits_scanned":0}
2024-10-08T07:23:35.3009927Z {"level":"info-0","ts":"2024-10-08T07:23:35Z","logger":"thog/scanner","msg":"no secrets found","pid":"XQ6Xt","version":"v1.90.20"}
2024-10-08T07:23:35.3969913Z Post job cleanup.
2024-10-08T07:23:35.4678954Z [command]/usr/bin/git version
2024-10-08T07:23:35.4712486Z git version 2.46.1
2024-10-08T07:23:35.4753855Z Temporarily overriding HOME='/home/runner/work/_temp/4c864c3d-52d1-4936-8c68-ac36a731337d' before making global git config changes
2024-10-08T07:23:35.4754921Z Adding repository directory to the temporary git global config as a safe directory
2024-10-08T07:23:35.4757142Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:23:35.4786305Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
2024-10-08T07:23:35.4813382Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-10-08T07:23:35.5037422Z [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
2024-10-08T07:23:35.5056808Z http.https://github.com/.extraheader
2024-10-08T07:23:35.5067750Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2024-10-08T07:23:35.5095104Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-10-08T07:23:35.5507342Z Cleaning up orphan processes

SCA Bot

2024-10-08T07:23:26.3312529Z Current runner version: '2.320.0' 2024-10-08T07:23:26.3336421Z ##[group]Operating System 2024-10-08T07:23:26.3337065Z Ubuntu 2024-10-08T07:23:26.3337455Z 22.04.5 2024-10-08T07:23:26.3337785Z LTS 2024-10-08T07:23:26.3338139Z ##[endgroup] 2024-10-08T07:23:26.3338548Z ##[group]Runner Image 2024-10-08T07:23:26.3339317Z Image: ubuntu-22.04 2024-10-08T07:23:26.3339760Z Version: 20240922.1.0 2024-10-08T07:23:26.3340922Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md 2024-10-08T07:23:26.3342450Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1 2024-10-08T07:23:26.3343339Z ##[endgroup] 2024-10-08T07:23:26.3343838Z ##[group]Runner Image Provisioner 2024-10-08T07:23:26.3344354Z 2.0.384.1 2024-10-08T07:23:26.3344662Z ##[endgroup] 2024-10-08T07:23:26.3360854Z ##[group]GITHUB_TOKEN Permissions 2024-10-08T07:23:26.3362668Z Issues: write 2024-10-08T07:23:26.3363167Z Metadata: read 2024-10-08T07:23:26.3363899Z PullRequests: write 2024-10-08T07:23:26.3364456Z ##[endgroup] 2024-10-08T07:23:26.3367847Z Secret source: Actions 2024-10-08T07:23:26.3368453Z Prepare workflow directory 2024-10-08T07:23:26.4012753Z Prepare all required actions 2024-10-08T07:23:26.4178666Z Getting action download info 2024-10-08T07:23:26.5493871Z Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744) 2024-10-08T07:23:26.7552552Z Complete job name: Snyk Bot scan 2024-10-08T07:23:26.8467432Z ##[group]Run actions/checkout@v3 2024-10-08T07:23:26.8468095Z with: 2024-10-08T07:23:26.8468486Z repository: itsarraj/PRBotCheck 2024-10-08T07:23:26.8469381Z token: *** 2024-10-08T07:23:26.8469873Z ssh-strict: true 2024-10-08T07:23:26.8470308Z persist-credentials: true 2024-10-08T07:23:26.8470733Z clean: true 2024-10-08T07:23:26.8471208Z sparse-checkout-cone-mode: true 2024-10-08T07:23:26.8471705Z fetch-depth: 1 2024-10-08T07:23:26.8472055Z fetch-tags: false 2024-10-08T07:23:26.8472512Z lfs: false 2024-10-08T07:23:26.8472905Z submodules: false 2024-10-08T07:23:26.8473323Z set-safe-directory: true 2024-10-08T07:23:26.8473805Z ##[endgroup] 2024-10-08T07:23:27.0525132Z Syncing repository: itsarraj/PRBotCheck 2024-10-08T07:23:27.0527288Z ##[group]Getting Git version info 2024-10-08T07:23:27.0528494Z Working directory is '/home/runner/work/PRBotCheck/PRBotCheck' 2024-10-08T07:23:27.0529903Z [command]/usr/bin/git version 2024-10-08T07:23:27.0530686Z git version 2.46.1 2024-10-08T07:23:27.0547161Z ##[endgroup] 2024-10-08T07:23:27.0570227Z Temporarily overriding HOME='/home/runner/work/_temp/36f39952-9ffe-4311-971c-3a4b0d7c7483' before making global git config changes 2024-10-08T07:23:27.0572668Z Adding repository directory to the temporary git global config as a safe directory 2024-10-08T07:23:27.0574890Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:23:27.0619615Z Deleting the contents of '/home/runner/work/PRBotCheck/PRBotCheck' 2024-10-08T07:23:27.0623130Z ##[group]Initializing the repository 2024-10-08T07:23:27.0626061Z [command]/usr/bin/git init /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:23:27.0700490Z hint: Using 'master' as the name for the initial branch. This default branch name 2024-10-08T07:23:27.0701712Z hint: is subject to change. To configure the initial branch name to use in all 2024-10-08T07:23:27.0702791Z hint: of your new repositories, which will suppress this warning, call: 2024-10-08T07:23:27.0703554Z hint: 2024-10-08T07:23:27.0704155Z hint: git config --global init.defaultBranch 2024-10-08T07:23:27.0704733Z hint: 2024-10-08T07:23:27.0705375Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and 2024-10-08T07:23:27.0706509Z hint: 'development'. The just-created branch can be renamed via this command: 2024-10-08T07:23:27.0707237Z hint: 2024-10-08T07:23:27.0707638Z hint: git branch -m 2024-10-08T07:23:27.0711915Z Initialized empty Git repository in /home/runner/work/PRBotCheck/PRBotCheck/.git/ 2024-10-08T07:23:27.0720548Z [command]/usr/bin/git remote add origin https://github.com/itsarraj/PRBotCheck 2024-10-08T07:23:27.0751709Z ##[endgroup] 2024-10-08T07:23:27.0752590Z ##[group]Disabling automatic garbage collection 2024-10-08T07:23:27.0754712Z [command]/usr/bin/git config --local gc.auto 0 2024-10-08T07:23:27.0780807Z ##[endgroup] 2024-10-08T07:23:27.0781510Z ##[group]Setting up auth 2024-10-08T07:23:27.0785870Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-10-08T07:23:27.0812944Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-10-08T07:23:27.1162350Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-10-08T07:23:27.1188441Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-10-08T07:23:27.1413485Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic *** 2024-10-08T07:23:27.1445418Z ##[endgroup] 2024-10-08T07:23:27.1446217Z ##[group]Fetching the repository 2024-10-08T07:23:27.1454894Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +cec140f7b72f0e3ef62bc828d29d005a9d3e95ce:refs/remotes/origin/master 2024-10-08T07:23:27.3292923Z remote: Enumerating objects: 12, done. 2024-10-08T07:23:27.3293670Z remote: Counting objects: 8% (1/12) 2024-10-08T07:23:27.3295243Z remote: Counting objects: 16% (2/12) 2024-10-08T07:23:27.3296585Z remote: Counting objects: 25% (3/12) 2024-10-08T07:23:27.3297655Z remote: Counting objects: 33% (4/12) 2024-10-08T07:23:27.3298772Z remote: Counting objects: 41% (5/12) 2024-10-08T07:23:27.3299619Z remote: Counting objects: 50% (6/12) 2024-10-08T07:23:27.3300405Z remote: Counting objects: 58% (7/12) 2024-10-08T07:23:27.3301321Z remote: Counting objects: 66% (8/12) 2024-10-08T07:23:27.3302111Z remote: Counting objects: 75% (9/12) 2024-10-08T07:23:27.3302747Z remote: Counting objects: 83% (10/12) 2024-10-08T07:23:27.3303494Z remote: Counting objects: 91% (11/12) 2024-10-08T07:23:27.3304312Z remote: Counting objects: 100% (12/12) 2024-10-08T07:23:27.3305033Z remote: Counting objects: 100% (12/12), done. 2024-10-08T07:23:27.3305807Z remote: Compressing objects: 9% (1/11) 2024-10-08T07:23:27.3306517Z remote: Compressing objects: 18% (2/11) 2024-10-08T07:23:27.3307248Z remote: Compressing objects: 27% (3/11) 2024-10-08T07:23:27.3307980Z remote: Compressing objects: 36% (4/11) 2024-10-08T07:23:27.3308638Z remote: Compressing objects: 45% (5/11) 2024-10-08T07:23:27.3309556Z remote: Compressing objects: 54% (6/11) 2024-10-08T07:23:27.3310288Z remote: Compressing objects: 63% (7/11) 2024-10-08T07:23:27.3310932Z remote: Compressing objects: 72% (8/11) 2024-10-08T07:23:27.3311547Z remote: Compressing objects: 81% (9/11) 2024-10-08T07:23:27.3312249Z remote: Compressing objects: 90% (10/11) 2024-10-08T07:23:27.3312924Z remote: Compressing objects: 100% (11/11) 2024-10-08T07:23:27.3313661Z remote: Compressing objects: 100% (11/11), done. 2024-10-08T07:23:27.3314810Z remote: Total 12 (delta 0), reused 9 (delta 0), pack-reused 0 (from 0) 2024-10-08T07:23:27.3402883Z From https://github.com/itsarraj/PRBotCheck 2024-10-08T07:23:27.3405857Z * [new ref] cec140f -> origin/master 2024-10-08T07:23:27.3432251Z ##[endgroup] 2024-10-08T07:23:27.3434657Z ##[group]Determining the checkout info 2024-10-08T07:23:27.3436246Z ##[endgroup] 2024-10-08T07:23:27.3437639Z ##[group]Checking out the ref 2024-10-08T07:23:27.3440823Z [command]/usr/bin/git checkout --progress --force -B master refs/remotes/origin/master 2024-10-08T07:23:27.3486343Z Reset branch 'master' 2024-10-08T07:23:27.3489791Z branch 'master' set up to track 'origin/master'. 2024-10-08T07:23:27.3532222Z ##[endgroup] 2024-10-08T07:23:27.3536494Z [command]/usr/bin/git log -1 --format='%H' 2024-10-08T07:23:27.3560055Z 'cec140f7b72f0e3ef62bc828d29d005a9d3e95ce' 2024-10-08T07:23:27.3958715Z ##[group]Run rm -rf node_modules 2024-10-08T07:23:27.3959741Z �[36;1mrm -rf node_modules�[0m 2024-10-08T07:23:27.3960301Z �[36;1mrm -f package-lock.json�[0m 2024-10-08T07:23:27.3960902Z �[36;1mnpm install�[0m 2024-10-08T07:23:27.3961464Z �[36;1mecho "Downloading and authenticating Snyk CLI..."�[0m 2024-10-08T07:23:27.3962802Z �[36;1mcurl -Lo ./snyk "https://github.com/snyk/snyk/releases/download/v1.1100.0/snyk-linux"�[0m 2024-10-08T07:23:27.3964076Z �[36;1mchmod +x snyk�[0m 2024-10-08T07:23:27.3964774Z �[36;1m./snyk auth ***�[0m 2024-10-08T07:23:27.3965343Z �[36;1mecho "Running Snyk test and monitor..."�[0m 2024-10-08T07:23:27.3966136Z �[36;1m./snyk test --all-projects --color --json || true�[0m 2024-10-08T07:23:27.3966879Z �[36;1m./snyk monitor --all-projects || true�[0m 2024-10-08T07:23:27.3994397Z shell: /usr/bin/bash -e {0} 2024-10-08T07:23:27.3994953Z ##[endgroup] 2024-10-08T07:23:31.0661892Z npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. 2024-10-08T07:23:31.1266209Z npm warn deprecated hoek@4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial). 2024-10-08T07:23:31.1407509Z npm warn deprecated formatio@1.1.1: This package is unmaintained. Use @sinonjs/formatio instead 2024-10-08T07:23:31.1526149Z npm warn deprecated samsam@1.1.2: This package has been deprecated in favour of @sinonjs/samsam 2024-10-08T07:23:31.1648829Z npm warn deprecated glob@7.1.1: Glob versions prior to v9 are no longer supported 2024-10-08T07:23:31.1707549Z npm warn deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3 2024-10-08T07:23:31.1722320Z npm warn deprecated mkdirp@0.3.3: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) 2024-10-08T07:23:31.1873606Z npm warn deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) 2024-10-08T07:23:31.3841058Z npm warn deprecated formidable@1.0.11: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau 2024-10-08T07:23:31.4324598Z npm warn deprecated sinon@1.17.0: 16.1.1 2024-10-08T07:23:31.4438821Z npm warn deprecated connect@2.6.0: connect 2.x series is deprecated 2024-10-08T07:23:31.6915760Z 2024-10-08T07:23:31.6916603Z added 112 packages, and audited 113 packages in 4s 2024-10-08T07:23:31.6917350Z 2024-10-08T07:23:31.6917915Z 15 packages are looking for funding 2024-10-08T07:23:31.6918855Z run `npm fund` for details 2024-10-08T07:23:31.7156722Z 2024-10-08T07:23:31.7157608Z 22 vulnerabilities (1 low, 2 moderate, 12 high, 7 critical) 2024-10-08T07:23:31.7158760Z 2024-10-08T07:23:31.7159793Z To address all issues possible (including breaking changes), run: 2024-10-08T07:23:31.7161282Z npm audit fix --force 2024-10-08T07:23:31.7161713Z 2024-10-08T07:23:31.7162096Z Some issues need review, and may require choosing 2024-10-08T07:23:31.7163086Z a different dependency. 2024-10-08T07:23:31.7163553Z 2024-10-08T07:23:31.7163797Z Run `npm audit` for details. 2024-10-08T07:23:31.7333147Z Downloading and authenticating Snyk CLI... 2024-10-08T07:23:31.7415247Z % Total % Received % Xferd Average Speed Time Time Time Current 2024-10-08T07:23:31.7417084Z Dload Upload Total Spent Left Speed 2024-10-08T07:23:31.7417818Z 2024-10-08T07:23:31.8241154Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:23:31.8242522Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:23:31.8790162Z 2024-10-08T07:23:31.8790890Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:23:32.4720753Z 2024-10-08T07:23:32.4722114Z 100 67.1M 100 67.1M 0 0 91.9M 0 --:--:-- --:--:-- --:--:-- 91.9M 2024-10-08T07:23:33.6388911Z 2024-10-08T07:23:33.6390029Z Your account has been authenticated. Snyk is now ready to be used. 2024-10-08T07:23:33.6390681Z 2024-10-08T07:23:33.9496260Z Running Snyk test and monitor... 2024-10-08T07:23:42.6695411Z { 2024-10-08T07:23:42.6696002Z "vulnerabilities": [ 2024-10-08T07:23:42.6696628Z { 2024-10-08T07:23:42.6697977Z "id": "SNYK-JAVA-ORGAPACHEMAVEN-6144614", 2024-10-08T07:23:42.6706100Z "title": "Resources Downloaded over Insecure Protocol", 2024-10-08T07:23:42.6707143Z "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", 2024-10-08T07:23:42.6707965Z "credit": [ 2024-10-08T07:23:42.6708560Z "Unknown" 2024-10-08T07:23:42.6709274Z ], 2024-10-08T07:23:42.6709842Z "semver": { 2024-10-08T07:23:42.6710625Z "vulnerable": [ 2024-10-08T07:23:42.6711257Z "[,3.8.1)" 2024-10-08T07:23:42.6711909Z ] 2024-10-08T07:23:42.6712382Z }, 2024-10-08T07:23:42.6712863Z "exploit": "Not Defined", 2024-10-08T07:23:42.6713672Z "fixedIn": [ 2024-10-08T07:23:42.6714240Z "3.8.1" 2024-10-08T07:23:42.6714894Z ], 2024-10-08T07:23:42.6715393Z "patches": [], 2024-10-08T07:23:42.6715971Z "insights": { 2024-10-08T07:23:42.6716670Z "triageAdvice": null 2024-10-08T07:23:42.6717252Z }, 2024-10-08T07:23:42.6717859Z "language": "java", 2024-10-08T07:23:42.6718518Z "severity": "high", 2024-10-08T07:23:42.6719391Z "cvssScore": 7.1, 2024-10-08T07:23:42.6719945Z "functions": [], 2024-10-08T07:23:42.6720580Z "malicious": false, 2024-10-08T07:23:42.6721259Z "isDisputed": false, 2024-10-08T07:23:42.6722097Z "moduleName": "org.apache.maven:maven-core", 2024-10-08T07:23:42.6722878Z "references": [ 2024-10-08T07:23:42.6723521Z { 2024-10-08T07:23:42.6724841Z "url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E", 2024-10-08T07:23:42.6726343Z "title": "Apache Security Advisory" 2024-10-08T07:23:42.6732649Z }, 2024-10-08T07:23:42.6733234Z { 2024-10-08T07:23:42.6733948Z "url": "https://github.com/apache/maven/commit/28b4ea92d38365d0f27a5bd044ac4927580147f8", 2024-10-08T07:23:42.6734618Z "title": "GitHub Commit" 2024-10-08T07:23:42.6735120Z }, 2024-10-08T07:23:42.6735416Z { 2024-10-08T07:23:42.6736078Z "url": "https://github.com/apache/maven/commit/3b21386c3f1ab85060f6c950fb2fb17123df8647", 2024-10-08T07:23:42.6736818Z "title": "GitHub Commit" 2024-10-08T07:23:42.6737197Z }, 2024-10-08T07:23:42.6737503Z { 2024-10-08T07:23:42.6738418Z "url": "https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f", 2024-10-08T07:23:42.6746209Z "title": "GitHub Commit" 2024-10-08T07:23:42.6746941Z } 2024-10-08T07:23:42.6747414Z ], 2024-10-08T07:23:42.6747733Z "cvssDetails": [ 2024-10-08T07:23:42.6748118Z { 2024-10-08T07:23:42.6748434Z "assigner": "NVD", 2024-10-08T07:23:42.6748819Z "severity": "critical", 2024-10-08T07:23:42.6749622Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:23:42.6750162Z "cvssV3BaseScore": 9.1, 2024-10-08T07:23:42.6750728Z "modificationTime": "2024-03-11T09:50:36.020732Z" 2024-10-08T07:23:42.6751766Z }, 2024-10-08T07:23:42.6752037Z { 2024-10-08T07:23:42.6752368Z "assigner": "Red Hat", 2024-10-08T07:23:42.6752810Z "severity": "high", 2024-10-08T07:23:42.6753299Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:23:42.6753987Z "cvssV3BaseScore": 7.4, 2024-10-08T07:23:42.6754592Z "modificationTime": "2024-03-11T09:53:46.595598Z" 2024-10-08T07:23:42.6755057Z } 2024-10-08T07:23:42.6755397Z ], 2024-10-08T07:23:42.6755667Z "cvssSources": [ 2024-10-08T07:23:42.6756020Z { 2024-10-08T07:23:42.6756397Z "type": "primary", 2024-10-08T07:23:42.6756850Z "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", 2024-10-08T07:23:42.6757312Z "assigner": "Snyk", 2024-10-08T07:23:42.6757731Z "severity": "high", 2024-10-08T07:23:42.6758118Z "baseScore": 7.1, 2024-10-08T07:23:42.6758494Z "cvssVersion": "3.1", 2024-10-08T07:23:42.6759191Z "modificationTime": "2024-03-06T14:09:37.073828Z" 2024-10-08T07:23:42.6759682Z }, 2024-10-08T07:23:42.6759979Z { 2024-10-08T07:23:42.6760308Z "type": "secondary", 2024-10-08T07:23:42.6760797Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:23:42.6761606Z "assigner": "NVD", 2024-10-08T07:23:42.6762123Z "severity": "critical", 2024-10-08T07:23:42.6762782Z "baseScore": 9.1, 2024-10-08T07:23:42.6763271Z "cvssVersion": "3.1", 2024-10-08T07:23:42.6763907Z "modificationTime": "2024-03-11T09:50:36.020732Z" 2024-10-08T07:23:42.6764361Z }, 2024-10-08T07:23:42.6764619Z { 2024-10-08T07:23:42.6764998Z "type": "secondary", 2024-10-08T07:23:42.6765460Z "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:23:42.6766020Z "assigner": "Red Hat", 2024-10-08T07:23:42.6766748Z "severity": "high", 2024-10-08T07:23:42.6767386Z "baseScore": 7.4, 2024-10-08T07:23:42.6767979Z "cvssVersion": "3.1", 2024-10-08T07:23:42.6768905Z "modificationTime": "2024-03-11T09:53:46.595598Z" 2024-10-08T07:23:42.6769818Z } 2024-10-08T07:23:42.6770283Z ], 2024-10-08T07:23:42.6784703Z "description": "## Overview\n\nAffected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls.\r\n\r\nIf you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. For more information about repository management, visit [this page](https://maven.apache.org/repository-management.html).\n## Remediation\nUpgrade `org.apache.maven:maven-core` to version 3.8.1 or higher.\n## References\n- [Apache Security Advisory](https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E)\n- [GitHub Commit](https://github.com/apache/maven/commit/28b4ea92d38365d0f27a5bd044ac4927580147f8)\n- [GitHub Commit](https://github.com/apache/maven/commit/3b21386c3f1ab85060f6c950fb2fb17123df8647)\n- [GitHub Commit](https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f)\n", 2024-10-08T07:23:42.6797758Z "epssDetails": { 2024-10-08T07:23:42.6798330Z "percentile": "0.57700", 2024-10-08T07:23:42.6798903Z "probability": "0.00197", 2024-10-08T07:23:42.6800026Z "modelVersion": "v2023.03.01" 2024-10-08T07:23:42.6800652Z }, 2024-10-08T07:23:42.6801142Z "identifiers": { 2024-10-08T07:23:42.6801683Z "CVE": [ 2024-10-08T07:23:42.6802264Z "CVE-2021-26291" 2024-10-08T07:23:42.6802821Z ], 2024-10-08T07:23:42.6803287Z "CWE": [ 2024-10-08T07:23:42.6803841Z "CWE-494" 2024-10-08T07:23:42.6804485Z ], 2024-10-08T07:23:42.6805014Z "GHSA": [ 2024-10-08T07:23:42.6805576Z "GHSA-2f88-5hg8-9x2x" 2024-10-08T07:23:42.6806152Z ] 2024-10-08T07:23:42.6806674Z }, 2024-10-08T07:23:42.6807275Z "packageName": "org.apache.maven:maven-core", 2024-10-08T07:23:42.6808020Z "proprietary": false, 2024-10-08T07:23:42.6808839Z "creationTime": "2024-01-04T15:15:05.020423Z", 2024-10-08T07:23:42.6809776Z "functions_new": [], 2024-10-08T07:23:42.6810306Z "alternativeIds": [], 2024-10-08T07:23:42.6811120Z "disclosureTime": "2021-04-26T09:21:36Z", 2024-10-08T07:23:42.6811826Z "exploitDetails": { 2024-10-08T07:23:42.6812388Z "sources": [], 2024-10-08T07:23:42.6812975Z "maturityLevels": [ 2024-10-08T07:23:42.6813530Z { 2024-10-08T07:23:42.6814048Z "type": "secondary", 2024-10-08T07:23:42.6814689Z "level": "Not Defined", 2024-10-08T07:23:42.6815318Z "format": "CVSSv3" 2024-10-08T07:23:42.6815910Z }, 2024-10-08T07:23:42.6816434Z { 2024-10-08T07:23:42.6816864Z "type": "primary", 2024-10-08T07:23:42.6817485Z "level": "Not Defined", 2024-10-08T07:23:42.6818220Z "format": "CVSSv4" 2024-10-08T07:23:42.6818726Z } 2024-10-08T07:23:42.6819522Z ] 2024-10-08T07:23:42.6820036Z }, 2024-10-08T07:23:42.6820541Z "packageManager": "maven", 2024-10-08T07:23:42.6821111Z "mavenModuleName": { 2024-10-08T07:23:42.6821771Z "groupId": "org.apache.maven", 2024-10-08T07:23:42.6822534Z "artifactId": "maven-core" 2024-10-08T07:23:42.6823196Z }, 2024-10-08T07:23:42.6823793Z "publicationTime": "2024-01-04T15:16:41.308178Z", 2024-10-08T07:23:42.6824569Z "severityBasedOn": "CVSS", 2024-10-08T07:23:42.6825417Z "modificationTime": "2024-03-11T09:53:46.595598Z", 2024-10-08T07:23:42.6826124Z "socialTrendAlert": false, 2024-10-08T07:23:42.6826794Z "severityWithCritical": "high", 2024-10-08T07:23:42.6827496Z "from": [ 2024-10-08T07:23:42.6828182Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:23:42.6829173Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:23:42.6830066Z "org.apache.maven:maven-core@2.0" 2024-10-08T07:23:42.6830736Z ], 2024-10-08T07:23:42.6831197Z "upgradePath": [ 2024-10-08T07:23:42.6831732Z false, 2024-10-08T07:23:42.6832378Z "org.apache.maven:maven-embedder@3.8.1", 2024-10-08T07:23:42.6833196Z "org.apache.maven:maven-core@3.8.1" 2024-10-08T07:23:42.6833867Z ], 2024-10-08T07:23:42.6834361Z "isUpgradable": true, 2024-10-08T07:23:42.6834946Z "isPatchable": false, 2024-10-08T07:23:42.6835737Z "name": "org.apache.maven:maven-core", 2024-10-08T07:23:42.6836377Z "version": "2.0" 2024-10-08T07:23:42.6836935Z }, 2024-10-08T07:23:42.6837444Z { 2024-10-08T07:23:42.6838065Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-31521", 2024-10-08T07:23:42.6838777Z "title": "Directory Traversal", 2024-10-08T07:23:42.6839803Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:23:42.6840566Z "credit": [ 2024-10-08T07:23:42.6841004Z "Unknown" 2024-10-08T07:23:42.6841578Z ], 2024-10-08T07:23:42.6842023Z "semver": { 2024-10-08T07:23:42.6842539Z "vulnerable": [ 2024-10-08T07:23:42.6843077Z "[,3.0.24)" 2024-10-08T07:23:42.6843569Z ] 2024-10-08T07:23:42.6844030Z }, 2024-10-08T07:23:42.6844513Z "exploit": "Not Defined", 2024-10-08T07:23:42.6845109Z "fixedIn": [ 2024-10-08T07:23:42.6845619Z "3.0.24" 2024-10-08T07:23:42.6846347Z ], 2024-10-08T07:23:42.6846759Z "patches": [], 2024-10-08T07:23:42.6847299Z "insights": { 2024-10-08T07:23:42.6847881Z "triageAdvice": null 2024-10-08T07:23:42.6848416Z }, 2024-10-08T07:23:42.6848872Z "language": "java", 2024-10-08T07:23:42.6849661Z "severity": "medium", 2024-10-08T07:23:42.6850251Z "cvssScore": 5.3, 2024-10-08T07:23:42.6850886Z "functions": [ 2024-10-08T07:23:42.6851491Z { 2024-10-08T07:23:42.6851945Z "version": [ 2024-10-08T07:23:42.6852516Z "[,3.0.24)" 2024-10-08T07:23:42.6852999Z ], 2024-10-08T07:23:42.6853473Z "functionId": { 2024-10-08T07:23:42.6854236Z "filePath": "org/codehaus/plexus/util/Expand.java", 2024-10-08T07:23:42.6854997Z "className": "Expand", 2024-10-08T07:23:42.6855654Z "functionName": "extractFile" 2024-10-08T07:23:42.6856350Z } 2024-10-08T07:23:42.6856824Z } 2024-10-08T07:23:42.6857226Z ], 2024-10-08T07:23:42.6857763Z "malicious": false, 2024-10-08T07:23:42.6858320Z "isDisputed": false, 2024-10-08T07:23:42.6859332Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:23:42.6860214Z "references": [ 2024-10-08T07:23:42.6860677Z { 2024-10-08T07:23:42.6861852Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef", 2024-10-08T07:23:42.6863125Z "title": "GitHub Commit" 2024-10-08T07:23:42.6863725Z }, 2024-10-08T07:23:42.6864125Z { 2024-10-08T07:23:42.6865003Z "url": "https://github.com/codehaus-plexus/plexus-utils/issues/4", 2024-10-08T07:23:42.6865880Z "title": "GitHub Issue" 2024-10-08T07:23:42.6866485Z } 2024-10-08T07:23:42.6866940Z ], 2024-10-08T07:23:42.6867399Z "cvssDetails": [ 2024-10-08T07:23:42.6867932Z { 2024-10-08T07:23:42.6868407Z "assigner": "NVD", 2024-10-08T07:23:42.6869129Z "severity": "high", 2024-10-08T07:23:42.6869942Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:23:42.6870855Z "cvssV3BaseScore": 7.5, 2024-10-08T07:23:42.6871625Z "modificationTime": "2024-03-11T09:53:39.008801Z" 2024-10-08T07:23:42.6872364Z }, 2024-10-08T07:23:42.6872879Z { 2024-10-08T07:23:42.6873396Z "assigner": "Red Hat", 2024-10-08T07:23:42.6873957Z "severity": "high", 2024-10-08T07:23:42.6874783Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:23:42.6875648Z "cvssV3BaseScore": 7.5, 2024-10-08T07:23:42.6876519Z "modificationTime": "2024-03-11T09:53:59.688096Z" 2024-10-08T07:23:42.6877193Z } 2024-10-08T07:23:42.6877654Z ], 2024-10-08T07:23:42.6878170Z "cvssSources": [ 2024-10-08T07:23:42.6878643Z { 2024-10-08T07:23:42.6879294Z "type": "primary", 2024-10-08T07:23:42.6880086Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:23:42.6880907Z "assigner": "Snyk", 2024-10-08T07:23:42.6881451Z "severity": "medium", 2024-10-08T07:23:42.6882117Z "baseScore": 5.3, 2024-10-08T07:23:42.6882716Z "cvssVersion": "3.1", 2024-10-08T07:23:42.6883507Z "modificationTime": "2024-05-09T13:34:27.533160Z" 2024-10-08T07:23:42.6884244Z }, 2024-10-08T07:23:42.6884714Z { 2024-10-08T07:23:42.6885180Z "type": "secondary", 2024-10-08T07:23:42.6885904Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:23:42.6886718Z "assigner": "NVD", 2024-10-08T07:23:42.6887286Z "severity": "high", 2024-10-08T07:23:42.6887942Z "baseScore": 7.5, 2024-10-08T07:23:42.6888470Z "cvssVersion": "3.1", 2024-10-08T07:23:42.6889531Z "modificationTime": "2024-03-11T09:53:39.008801Z" 2024-10-08T07:23:42.6890345Z }, 2024-10-08T07:23:42.6890791Z { 2024-10-08T07:23:42.6891211Z "type": "secondary", 2024-10-08T07:23:42.6892212Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:23:42.6892993Z "assigner": "Red Hat", 2024-10-08T07:23:42.6893573Z "severity": "high", 2024-10-08T07:23:42.6894227Z "baseScore": 7.5, 2024-10-08T07:23:42.6894799Z "cvssVersion": "3.1", 2024-10-08T07:23:42.6895751Z "modificationTime": "2024-03-11T09:53:59.688096Z" 2024-10-08T07:23:42.6896495Z } 2024-10-08T07:23:42.6896957Z ], 2024-10-08T07:23:42.6902608Z "description": "## Overview\nAn attacker could access arbitrary files and directories stored on the file system by manipulating files with `dot-dot-slash (../)` sequences and their variations or by using absolute file paths. \r\n\r\n**Note:**\r\n\r\nThere is no indication that access to the filesystem beyond that of the application user can be achieved. So typical deployments will have only limited confidentiality impact from this vulnerability.\n\n## References\n- [https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef](https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef)\n- [https://github.com/codehaus-plexus/plexus-utils/issues/4](https://github.com/codehaus-plexus/plexus-utils/issues/4)\n", 2024-10-08T07:23:42.6906784Z "epssDetails": { 2024-10-08T07:23:42.6907180Z "percentile": "0.26522", 2024-10-08T07:23:42.6907675Z "probability": "0.00060", 2024-10-08T07:23:42.6908099Z "modelVersion": "v2023.03.01" 2024-10-08T07:23:42.6908472Z }, 2024-10-08T07:23:42.6908848Z "identifiers": { 2024-10-08T07:23:42.6909335Z "CVE": [ 2024-10-08T07:23:42.6909742Z "CVE-2022-4244" 2024-10-08T07:23:42.6910165Z ], 2024-10-08T07:23:42.6910477Z "CWE": [ 2024-10-08T07:23:42.6910845Z "CWE-22" 2024-10-08T07:23:42.6911185Z ] 2024-10-08T07:23:42.6911487Z }, 2024-10-08T07:23:42.6911954Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:23:42.6912484Z "proprietary": false, 2024-10-08T07:23:42.6912949Z "creationTime": "2017-09-20T00:00:00Z", 2024-10-08T07:23:42.6913408Z "functions_new": [ 2024-10-08T07:23:42.6913812Z { 2024-10-08T07:23:42.6914109Z "version": [ 2024-10-08T07:23:42.6914462Z "[,3.0.24)" 2024-10-08T07:23:42.6914861Z ], 2024-10-08T07:23:42.6915202Z "functionId": { 2024-10-08T07:23:42.6915618Z "className": "org.codehaus.plexus.util.Expand", 2024-10-08T07:23:42.6916198Z "functionName": "extractFile" 2024-10-08T07:23:42.6916647Z } 2024-10-08T07:23:42.6916917Z } 2024-10-08T07:23:42.6917254Z ], 2024-10-08T07:23:42.6917629Z "alternativeIds": [], 2024-10-08T07:23:42.6918083Z "disclosureTime": "2016-05-08T00:00:00Z", 2024-10-08T07:23:42.6918544Z "exploitDetails": { 2024-10-08T07:23:42.6918897Z "sources": [], 2024-10-08T07:23:42.6919533Z "maturityLevels": [ 2024-10-08T07:23:42.6920121Z { 2024-10-08T07:23:42.6920414Z "type": "secondary", 2024-10-08T07:23:42.6920810Z "level": "Not Defined", 2024-10-08T07:23:42.6921281Z "format": "CVSSv3" 2024-10-08T07:23:42.6921607Z }, 2024-10-08T07:23:42.6921916Z { 2024-10-08T07:23:42.6922296Z "type": "primary", 2024-10-08T07:23:42.6922682Z "level": "Not Defined", 2024-10-08T07:23:42.6923058Z "format": "CVSSv4" 2024-10-08T07:23:42.6923453Z } 2024-10-08T07:23:42.6923744Z ] 2024-10-08T07:23:42.6924018Z }, 2024-10-08T07:23:42.6924388Z "packageManager": "maven", 2024-10-08T07:23:42.6924782Z "mavenModuleName": { 2024-10-08T07:23:42.6925238Z "groupId": "org.codehaus.plexus", 2024-10-08T07:23:42.6925700Z "artifactId": "plexus-utils" 2024-10-08T07:23:42.6926091Z }, 2024-10-08T07:23:42.6926547Z "publicationTime": "2017-09-20T00:00:00Z", 2024-10-08T07:23:42.6927215Z "severityBasedOn": "CVSS", 2024-10-08T07:23:42.6927786Z "modificationTime": "2024-05-09T13:34:27.533160Z", 2024-10-08T07:23:42.6928321Z "socialTrendAlert": false, 2024-10-08T07:23:42.6928750Z "severityWithCritical": "medium", 2024-10-08T07:23:42.6929372Z "from": [ 2024-10-08T07:23:42.6929891Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:23:42.6930590Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:23:42.6931118Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:23:42.6931649Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:23:42.6932095Z ], 2024-10-08T07:23:42.6932395Z "upgradePath": [ 2024-10-08T07:23:42.6932796Z false, 2024-10-08T07:23:42.6933162Z "org.apache.maven:maven-embedder@3.5.0", 2024-10-08T07:23:42.6933668Z "org.apache.maven:maven-core@3.5.0", 2024-10-08T07:23:42.6934250Z "org.codehaus.plexus:plexus-utils@3.0.24" 2024-10-08T07:23:42.6934644Z ], 2024-10-08T07:23:42.6934956Z "isUpgradable": true, 2024-10-08T07:23:42.6935402Z "isPatchable": false, 2024-10-08T07:23:42.6935858Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:23:42.6936263Z "version": "1.0.4" 2024-10-08T07:23:42.6936667Z }, 2024-10-08T07:23:42.6936946Z { 2024-10-08T07:23:42.6937359Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-31522", 2024-10-08T07:23:42.6937855Z "title": "Shell Command Injection", 2024-10-08T07:23:42.6938385Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:23:42.6938868Z "credit": [ 2024-10-08T07:23:42.6939351Z "Charles Duffy" 2024-10-08T07:23:42.6939695Z ], 2024-10-08T07:23:42.6940001Z "semver": { 2024-10-08T07:23:42.6940372Z "vulnerable": [ 2024-10-08T07:23:42.6940678Z "[,3.0.16)" 2024-10-08T07:23:42.6941016Z ] 2024-10-08T07:23:42.6941348Z }, 2024-10-08T07:23:42.6941621Z "exploit": "Not Defined", 2024-10-08T07:23:42.6942009Z "fixedIn": [ 2024-10-08T07:23:42.6942377Z "3.0.16" 2024-10-08T07:23:42.6942700Z ], 2024-10-08T07:23:42.6942957Z "patches": [], 2024-10-08T07:23:42.6943333Z "insights": { 2024-10-08T07:23:42.6943691Z "triageAdvice": null 2024-10-08T07:23:42.6944086Z }, 2024-10-08T07:23:42.6944352Z "language": "java", 2024-10-08T07:23:42.6944724Z "severity": "critical", 2024-10-08T07:23:42.6945165Z "cvssScore": 9.8, 2024-10-08T07:23:42.6945505Z "functions": [ 2024-10-08T07:23:42.6945863Z { 2024-10-08T07:23:42.6946204Z "version": [ 2024-10-08T07:23:42.6946551Z "[,3.0.16)" 2024-10-08T07:23:42.6946837Z ], 2024-10-08T07:23:42.6947193Z "functionId": { 2024-10-08T07:23:42.6947681Z "filePath": "org/codehaus/plexus/util/cli/Commandline.java", 2024-10-08T07:23:42.6948171Z "className": "Commandline", 2024-10-08T07:23:42.6948635Z "functionName": "execute" 2024-10-08T07:23:42.6949133Z } 2024-10-08T07:23:42.6949429Z } 2024-10-08T07:23:42.6949767Z ], 2024-10-08T07:23:42.6950083Z "malicious": false, 2024-10-08T07:23:42.6950440Z "isDisputed": false, 2024-10-08T07:23:42.6950988Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:23:42.6951416Z "references": [ 2024-10-08T07:23:42.6951743Z { 2024-10-08T07:23:42.6952513Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41", 2024-10-08T07:23:42.6953217Z "title": "GitHub Commit" 2024-10-08T07:23:42.6953559Z }, 2024-10-08T07:23:42.6953915Z { 2024-10-08T07:23:42.6954566Z "url": "https://raw.githubusercontent.com/sonatype/plexus-utils/master/jira/PLXUTILS-161.json", 2024-10-08T07:23:42.6955295Z "title": "PLXUTILS-161 - Raw Jira Ticket JSON" 2024-10-08T07:23:42.6955806Z } 2024-10-08T07:23:42.6956091Z ], 2024-10-08T07:23:42.6956402Z "cvssDetails": [ 2024-10-08T07:23:42.6956751Z { 2024-10-08T07:23:42.6957186Z "assigner": "NVD", 2024-10-08T07:23:42.6957576Z "severity": "critical", 2024-10-08T07:23:42.6958128Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:23:42.6958624Z "cvssV3BaseScore": 9.8, 2024-10-08T07:23:42.6959370Z "modificationTime": "2024-03-11T09:46:36.869045Z" 2024-10-08T07:23:42.6960045Z }, 2024-10-08T07:23:42.6960398Z { 2024-10-08T07:23:42.6960706Z "assigner": "Red Hat", 2024-10-08T07:23:42.6961176Z "severity": "high", 2024-10-08T07:23:42.6961666Z "cvssV3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:23:42.6962193Z "cvssV3BaseScore": 7.8, 2024-10-08T07:23:42.6962796Z "modificationTime": "2024-03-11T09:53:54.737412Z" 2024-10-08T07:23:42.6963238Z } 2024-10-08T07:23:42.6963577Z ], 2024-10-08T07:23:42.6963856Z "cvssSources": [ 2024-10-08T07:23:42.6964186Z { 2024-10-08T07:23:42.6964545Z "type": "primary", 2024-10-08T07:23:42.6964974Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:23:42.6965454Z "assigner": "Snyk", 2024-10-08T07:23:42.6965886Z "severity": "critical", 2024-10-08T07:23:42.6966266Z "baseScore": 9.8, 2024-10-08T07:23:42.6966603Z "cvssVersion": "3.1", 2024-10-08T07:23:42.6967164Z "modificationTime": "2024-03-06T13:58:02.476253Z" 2024-10-08T07:23:42.6967602Z }, 2024-10-08T07:23:42.6967894Z { 2024-10-08T07:23:42.6968225Z "type": "secondary", 2024-10-08T07:23:42.6968673Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:23:42.6969264Z "assigner": "NVD", 2024-10-08T07:23:42.6969674Z "severity": "critical", 2024-10-08T07:23:42.6970053Z "baseScore": 9.8, 2024-10-08T07:23:42.6970444Z "cvssVersion": "3.1", 2024-10-08T07:23:42.6970995Z "modificationTime": "2024-03-11T09:46:36.869045Z" 2024-10-08T07:23:42.6971414Z }, 2024-10-08T07:23:42.6971720Z { 2024-10-08T07:23:42.6972074Z "type": "secondary", 2024-10-08T07:23:42.6972528Z "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:23:42.6972997Z "assigner": "Red Hat", 2024-10-08T07:23:42.6973433Z "severity": "high", 2024-10-08T07:23:42.6973807Z "baseScore": 7.8, 2024-10-08T07:23:42.6974151Z "cvssVersion": "3.0", 2024-10-08T07:23:42.6974691Z "modificationTime": "2024-03-11T09:53:54.737412Z" 2024-10-08T07:23:42.6975148Z } 2024-10-08T07:23:42.6975433Z ], 2024-10-08T07:23:42.6978895Z "description": "## Overview\r\n[`Codehaus Plexus`](https://codehaus-plexus.github.io/) is a collection of components used by Apache Maven.\r\n\r\nAffected versions of this package are vulnerable to Shell Command Injection. The Commandline class in plexus-utils does not correctly quote the contents of double-quoted strings.\r\n\r\n## Remediation\r\nUpgrade _Codehaus Plexus_ to version `3.0.16` or higher.\r\n\r\n## References\r\n- [Github Commit](https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41)\r\n- [PLXUTILS-161 - Raw Jira Ticket JSON](https://raw.githubusercontent.com/sonatype/plexus-utils/master/jira/PLXUTILS-161.json)", 2024-10-08T07:23:42.6982119Z "epssDetails": { 2024-10-08T07:23:42.6982446Z "percentile": "0.73724", 2024-10-08T07:23:42.6982898Z "probability": "0.00395", 2024-10-08T07:23:42.6983337Z "modelVersion": "v2023.03.01" 2024-10-08T07:23:42.6983776Z }, 2024-10-08T07:23:42.6984044Z "identifiers": { 2024-10-08T07:23:42.6984394Z "CVE": [ 2024-10-08T07:23:42.6984813Z "CVE-2017-1000487" 2024-10-08T07:23:42.6985244Z ], 2024-10-08T07:23:42.6985537Z "CWE": [ 2024-10-08T07:23:42.6985922Z "CWE-77" 2024-10-08T07:23:42.6986247Z ] 2024-10-08T07:23:42.6986498Z }, 2024-10-08T07:23:42.6986966Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:23:42.6987615Z "proprietary": false, 2024-10-08T07:23:42.6988024Z "creationTime": "2016-09-20T00:00:00Z", 2024-10-08T07:23:42.6988526Z "functions_new": [ 2024-10-08T07:23:42.6988864Z { 2024-10-08T07:23:42.6989354Z "version": [ 2024-10-08T07:23:42.6989735Z "[,3.0.16)" 2024-10-08T07:23:42.6990208Z ], 2024-10-08T07:23:42.6990546Z "functionId": { 2024-10-08T07:23:42.6991036Z "className": "org.codehaus.plexus.util.cli.Commandline", 2024-10-08T07:23:42.6991567Z "functionName": "execute" 2024-10-08T07:23:42.6992250Z } 2024-10-08T07:23:42.6992790Z } 2024-10-08T07:23:42.6993207Z ], 2024-10-08T07:23:42.6993561Z "alternativeIds": [], 2024-10-08T07:23:42.6994116Z "disclosureTime": "2016-05-08T00:00:00Z", 2024-10-08T07:23:42.6994579Z "exploitDetails": { 2024-10-08T07:23:42.6994900Z "sources": [], 2024-10-08T07:23:42.6995304Z "maturityLevels": [ 2024-10-08T07:23:42.6995671Z { 2024-10-08T07:23:42.6995952Z "type": "secondary", 2024-10-08T07:23:42.6996395Z "level": "Not Defined", 2024-10-08T07:23:42.6996866Z "format": "CVSSv3" 2024-10-08T07:23:42.6997259Z }, 2024-10-08T07:23:42.6997524Z { 2024-10-08T07:23:42.6997852Z "type": "primary", 2024-10-08T07:23:42.6998284Z "level": "Not Defined", 2024-10-08T07:23:42.6998693Z "format": "CVSSv4" 2024-10-08T07:23:42.6999326Z } 2024-10-08T07:23:42.6999696Z ] 2024-10-08T07:23:42.7000013Z }, 2024-10-08T07:23:42.7000293Z "packageManager": "maven", 2024-10-08T07:23:42.7000738Z "mavenModuleName": { 2024-10-08T07:23:42.7001153Z "groupId": "org.codehaus.plexus", 2024-10-08T07:23:42.7001644Z "artifactId": "plexus-utils" 2024-10-08T07:23:42.7002046Z }, 2024-10-08T07:23:42.7002456Z "publicationTime": "2016-09-20T00:00:00Z", 2024-10-08T07:23:42.7002910Z "severityBasedOn": "CVSS", 2024-10-08T07:23:42.7003466Z "modificationTime": "2024-03-11T09:53:54.737412Z", 2024-10-08T07:23:42.7003897Z "socialTrendAlert": false, 2024-10-08T07:23:42.7004310Z "severityWithCritical": "critical", 2024-10-08T07:23:42.7004783Z "from": [ 2024-10-08T07:23:42.7005174Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:23:42.7005708Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:23:42.7006268Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:23:42.7006770Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:23:42.7007160Z ], 2024-10-08T07:23:42.7007527Z "upgradePath": [ 2024-10-08T07:23:42.7007865Z false, 2024-10-08T07:23:42.7008276Z "org.apache.maven:maven-embedder@3.2.1", 2024-10-08T07:23:42.7008797Z "org.apache.maven:maven-core@3.2.1", 2024-10-08T07:23:42.7009498Z "org.codehaus.plexus:plexus-utils@3.0.17" 2024-10-08T07:23:42.7009954Z ], 2024-10-08T07:23:42.7010492Z "isUpgradable": true, 2024-10-08T07:23:42.7010866Z "isPatchable": false, 2024-10-08T07:23:42.7011384Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:23:42.7011834Z "version": "1.0.4" 2024-10-08T07:23:42.7012150Z }, 2024-10-08T07:23:42.7012474Z { 2024-10-08T07:23:42.7012871Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-461102", 2024-10-08T07:23:42.7013399Z "title": "XML External Entity (XXE) Injection", 2024-10-08T07:23:42.7014000Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U", 2024-10-08T07:23:42.7014525Z "credit": [ 2024-10-08T07:23:42.7014869Z "Florian Weimer" 2024-10-08T07:23:42.7015252Z ], 2024-10-08T07:23:42.7015525Z "semver": { 2024-10-08T07:23:42.7015862Z "vulnerable": [ 2024-10-08T07:23:42.7016245Z "[,3.0.24)" 2024-10-08T07:23:42.7016550Z ] 2024-10-08T07:23:42.7016838Z }, 2024-10-08T07:23:42.7017190Z "exploit": "Unproven", 2024-10-08T07:23:42.7017734Z "fixedIn": [ 2024-10-08T07:23:42.7018017Z "3.0.24" 2024-10-08T07:23:42.7018393Z ], 2024-10-08T07:23:42.7018690Z "patches": [], 2024-10-08T07:23:42.7019100Z "insights": { 2024-10-08T07:23:42.7019519Z "triageAdvice": null 2024-10-08T07:23:42.7019877Z }, 2024-10-08T07:23:42.7020181Z "language": "java", 2024-10-08T07:23:42.7020861Z "severity": "medium", 2024-10-08T07:23:42.7021245Z "cvssScore": 4.3, 2024-10-08T07:23:42.7021607Z "functions": [ 2024-10-08T07:23:42.7021949Z { 2024-10-08T07:23:42.7022249Z "version": [ 2024-10-08T07:23:42.7022603Z "(1.5.3,3.0.24)" 2024-10-08T07:23:42.7023171Z ], 2024-10-08T07:23:42.7023449Z "functionId": { 2024-10-08T07:23:42.7023953Z "filePath": "org/codehaus/plexus/util/xml/XmlWriterUtil.java", 2024-10-08T07:23:42.7024560Z "className": "XmlWriterUtil", 2024-10-08T07:23:42.7025016Z "functionName": "writeComment" 2024-10-08T07:23:42.7025394Z } 2024-10-08T07:23:42.7025735Z } 2024-10-08T07:23:42.7026039Z ], 2024-10-08T07:23:42.7026305Z "malicious": false, 2024-10-08T07:23:42.7026717Z "isDisputed": false, 2024-10-08T07:23:42.7027230Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:23:42.7027743Z "references": [ 2024-10-08T07:23:42.7028039Z { 2024-10-08T07:23:42.7028765Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de", 2024-10-08T07:23:42.7029824Z "title": "GitHub Commit" 2024-10-08T07:23:42.7030226Z }, 2024-10-08T07:23:42.7030488Z { 2024-10-08T07:23:42.7031049Z "url": "https://github.com/codehaus-plexus/plexus-utils/issues/3", 2024-10-08T07:23:42.7031609Z "title": "GitHub Issue" 2024-10-08T07:23:42.7031946Z } 2024-10-08T07:23:42.7032282Z ], 2024-10-08T07:23:42.7032599Z "cvssDetails": [ 2024-10-08T07:23:42.7032936Z { 2024-10-08T07:23:42.7033248Z "assigner": "NVD", 2024-10-08T07:23:42.7033636Z "severity": "medium", 2024-10-08T07:23:42.7034123Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:23:42.7034708Z "cvssV3BaseScore": 4.3, 2024-10-08T07:23:42.7035181Z "modificationTime": "2024-03-11T09:53:38.966298Z" 2024-10-08T07:23:42.7035629Z }, 2024-10-08T07:23:42.7035987Z { 2024-10-08T07:23:42.7036261Z "assigner": "Red Hat", 2024-10-08T07:23:42.7036644Z "severity": "medium", 2024-10-08T07:23:42.7037195Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:23:42.7037703Z "cvssV3BaseScore": 4.3, 2024-10-08T07:23:42.7038164Z "modificationTime": "2024-03-11T09:53:59.734097Z" 2024-10-08T07:23:42.7038669Z } 2024-10-08T07:23:42.7039104Z ], 2024-10-08T07:23:42.7039447Z "cvssSources": [ 2024-10-08T07:23:42.7039806Z { 2024-10-08T07:23:42.7040119Z "type": "primary", 2024-10-08T07:23:42.7040633Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U", 2024-10-08T07:23:42.7041184Z "assigner": "Snyk", 2024-10-08T07:23:42.7041556Z "severity": "medium", 2024-10-08T07:23:42.7041949Z "baseScore": 4.3, 2024-10-08T07:23:42.7042365Z "cvssVersion": "3.1", 2024-10-08T07:23:42.7042837Z "modificationTime": "2024-03-06T14:09:20.690133Z" 2024-10-08T07:23:42.7043299Z }, 2024-10-08T07:23:42.7043641Z { 2024-10-08T07:23:42.7043964Z "type": "secondary", 2024-10-08T07:23:42.7044381Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:23:42.7044904Z "assigner": "NVD", 2024-10-08T07:23:42.7045285Z "severity": "medium", 2024-10-08T07:23:42.7045703Z "baseScore": 4.3, 2024-10-08T07:23:42.7046035Z "cvssVersion": "3.1", 2024-10-08T07:23:42.7046532Z "modificationTime": "2024-03-11T09:53:38.966298Z" 2024-10-08T07:23:42.7047176Z }, 2024-10-08T07:23:42.7047452Z { 2024-10-08T07:23:42.7047757Z "type": "secondary", 2024-10-08T07:23:42.7048251Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:23:42.7048751Z "assigner": "Red Hat", 2024-10-08T07:23:42.7049209Z "severity": "medium", 2024-10-08T07:23:42.7049798Z "baseScore": 4.3, 2024-10-08T07:23:42.7050177Z "cvssVersion": "3.1", 2024-10-08T07:23:42.7050674Z "modificationTime": "2024-03-11T09:53:59.734097Z" 2024-10-08T07:23:42.7051162Z } 2024-10-08T07:23:42.7051449Z ], 2024-10-08T07:23:42.7055619Z "description": "## Overview\n[org.codehaus.plexus:plexus-utils](https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-utils) is a collection of various utility classes to ease working with strings, files, command lines, XML and more.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. `org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment` fails to sanitize comments for a `-->` sequence. This means that text contained in the command string could be interpreted as XML and allow for XML injection.\n## Remediation\nUpgrade `org.codehaus.plexus:plexus-utils` to version 3.0.24 or higher.\n## References\n- [GitHub Commit](https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de)\n- [GitHub Issue](https://github.com/codehaus-plexus/plexus-utils/issues/3)\n", 2024-10-08T07:23:42.7059534Z "epssDetails": { 2024-10-08T07:23:42.7059892Z "percentile": "0.30216", 2024-10-08T07:23:42.7060247Z "probability": "0.00067", 2024-10-08T07:23:42.7060710Z "modelVersion": "v2023.03.01" 2024-10-08T07:23:42.7061095Z }, 2024-10-08T07:23:42.7061409Z "identifiers": { 2024-10-08T07:23:42.7061761Z "CVE": [ 2024-10-08T07:23:42.7062157Z "CVE-2022-4245" 2024-10-08T07:23:42.7062526Z ], 2024-10-08T07:23:42.7062877Z "CWE": [ 2024-10-08T07:23:42.7063179Z "CWE-91" 2024-10-08T07:23:42.7063509Z ] 2024-10-08T07:23:42.7063849Z }, 2024-10-08T07:23:42.7064244Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:23:42.7064739Z "proprietary": false, 2024-10-08T07:23:42.7065248Z "creationTime": "2019-09-06T15:46:47.546130Z", 2024-10-08T07:23:42.7065708Z "functions_new": [ 2024-10-08T07:23:42.7066010Z { 2024-10-08T07:23:42.7066354Z "version": [ 2024-10-08T07:23:42.7066704Z "(1.5.3,3.0.24)" 2024-10-08T07:23:42.7067014Z ], 2024-10-08T07:23:42.7067376Z "functionId": { 2024-10-08T07:23:42.7067868Z "className": "org.codehaus.plexus.util.xml.XmlWriterUtil", 2024-10-08T07:23:42.7068462Z "functionName": "writeComment" 2024-10-08T07:23:42.7068833Z } 2024-10-08T07:23:42.7069434Z } 2024-10-08T07:23:42.7069799Z ], 2024-10-08T07:23:42.7070136Z "alternativeIds": [], 2024-10-08T07:23:42.7070580Z "disclosureTime": "2015-09-21T15:48:37Z", 2024-10-08T07:23:42.7071066Z "exploitDetails": { 2024-10-08T07:23:42.7071435Z "sources": [ 2024-10-08T07:23:42.7071726Z "Snyk" 2024-10-08T07:23:42.7072081Z ], 2024-10-08T07:23:42.7072404Z "maturityLevels": [ 2024-10-08T07:23:42.7072758Z { 2024-10-08T07:23:42.7073086Z "type": "secondary", 2024-10-08T07:23:42.7073494Z "level": "Not Defined", 2024-10-08T07:23:42.7073890Z "format": "CVSSv3" 2024-10-08T07:23:42.7074274Z }, 2024-10-08T07:23:42.7074575Z { 2024-10-08T07:23:42.7074881Z "type": "primary", 2024-10-08T07:23:42.7075336Z "level": "Proof of Concept", 2024-10-08T07:23:42.7075718Z "format": "CVSSv4" 2024-10-08T07:23:42.7076071Z } 2024-10-08T07:23:42.7076429Z ] 2024-10-08T07:23:42.7076719Z }, 2024-10-08T07:23:42.7076995Z "packageManager": "maven", 2024-10-08T07:23:42.7077609Z "mavenModuleName": { 2024-10-08T07:23:42.7078001Z "groupId": "org.codehaus.plexus", 2024-10-08T07:23:42.7078464Z "artifactId": "plexus-utils" 2024-10-08T07:23:42.7078906Z }, 2024-10-08T07:23:42.7079829Z "publicationTime": "2019-09-06T15:46:00Z", 2024-10-08T07:23:42.7080300Z "severityBasedOn": "CVSS", 2024-10-08T07:23:42.7080950Z "modificationTime": "2024-03-11T09:53:59.734097Z", 2024-10-08T07:23:42.7081448Z "socialTrendAlert": false, 2024-10-08T07:23:42.7081857Z "severityWithCritical": "medium", 2024-10-08T07:23:42.7082315Z "from": [ 2024-10-08T07:23:42.7082722Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:23:42.7083249Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:23:42.7083811Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:23:42.7084329Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:23:42.7084753Z ], 2024-10-08T07:23:42.7085124Z "upgradePath": [ 2024-10-08T07:23:42.7085465Z false, 2024-10-08T07:23:42.7085825Z "org.apache.maven:maven-embedder@3.5.0", 2024-10-08T07:23:42.7086392Z "org.apache.maven:maven-core@3.5.0", 2024-10-08T07:23:42.7086899Z "org.codehaus.plexus:plexus-utils@3.0.24" 2024-10-08T07:23:42.7087376Z ], 2024-10-08T07:23:42.7087666Z "isUpgradable": true, 2024-10-08T07:23:42.7088043Z "isPatchable": false, 2024-10-08T07:23:42.7088562Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:23:42.7089075Z "version": "1.0.4" 2024-10-08T07:23:42.7089421Z } 2024-10-08T07:23:42.7089765Z ], 2024-10-08T07:23:42.7090051Z "ok": false, 2024-10-08T07:23:42.7090338Z "dependencyCount": 28, 2024-10-08T07:23:42.7090751Z "org": "itsarraj", 2024-10-08T07:23:42.7091524Z "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", 2024-10-08T07:23:42.7092313Z "isPrivate": true, 2024-10-08T07:23:42.7092686Z "licensesPolicy": { 2024-10-08T07:23:42.7093040Z "severities": {}, 2024-10-08T07:23:42.7093403Z "orgLicenseRules": { 2024-10-08T07:23:42.7093809Z "AGPL-1.0": { 2024-10-08T07:23:42.7094196Z "licenseType": "AGPL-1.0", 2024-10-08T07:23:42.7094610Z "severity": "high", 2024-10-08T07:23:42.7095024Z "instructions": "" 2024-10-08T07:23:42.7095333Z }, 2024-10-08T07:23:42.7095674Z "AGPL-3.0": { 2024-10-08T07:23:42.7096095Z "licenseType": "AGPL-3.0", 2024-10-08T07:23:42.7096486Z "severity": "high", 2024-10-08T07:23:42.7096831Z "instructions": "" 2024-10-08T07:23:42.7097215Z }, 2024-10-08T07:23:42.7097558Z "Artistic-1.0": { 2024-10-08T07:23:42.7097926Z "licenseType": "Artistic-1.0", 2024-10-08T07:23:42.7098397Z "severity": "medium", 2024-10-08T07:23:42.7098782Z "instructions": "" 2024-10-08T07:23:42.7099308Z }, 2024-10-08T07:23:42.7099672Z "Artistic-2.0": { 2024-10-08T07:23:42.7100090Z "licenseType": "Artistic-2.0", 2024-10-08T07:23:42.7100502Z "severity": "medium", 2024-10-08T07:23:42.7100881Z "instructions": "" 2024-10-08T07:23:42.7101240Z }, 2024-10-08T07:23:42.7101570Z "CDDL-1.0": { 2024-10-08T07:23:42.7102008Z "licenseType": "CDDL-1.0", 2024-10-08T07:23:42.7102363Z "severity": "medium", 2024-10-08T07:23:42.7102725Z "instructions": "" 2024-10-08T07:23:42.7103134Z }, 2024-10-08T07:23:42.7103455Z "CPOL-1.02": { 2024-10-08T07:23:42.7103805Z "licenseType": "CPOL-1.02", 2024-10-08T07:23:42.7104264Z "severity": "high", 2024-10-08T07:23:42.7104624Z "instructions": "" 2024-10-08T07:23:42.7104931Z }, 2024-10-08T07:23:42.7105313Z "EPL-1.0": { 2024-10-08T07:23:42.7105681Z "licenseType": "EPL-1.0", 2024-10-08T07:23:42.7106130Z "severity": "medium", 2024-10-08T07:23:42.7106460Z "instructions": "" 2024-10-08T07:23:42.7106802Z }, 2024-10-08T07:23:42.7107686Z "GPL-2.0": { 2024-10-08T07:23:42.7108174Z "licenseType": "GPL-2.0", 2024-10-08T07:23:42.7108562Z "severity": "high", 2024-10-08T07:23:42.7109217Z "instructions": "" 2024-10-08T07:23:42.7109681Z }, 2024-10-08T07:23:42.7110012Z "GPL-3.0": { 2024-10-08T07:23:42.7110454Z "licenseType": "GPL-3.0", 2024-10-08T07:23:42.7110849Z "severity": "high", 2024-10-08T07:23:42.7111371Z "instructions": "" 2024-10-08T07:23:42.7111760Z }, 2024-10-08T07:23:42.7112114Z "LGPL-2.0": { 2024-10-08T07:23:42.7112492Z "licenseType": "LGPL-2.0", 2024-10-08T07:23:42.7112901Z "severity": "medium", 2024-10-08T07:23:42.7113288Z "instructions": "" 2024-10-08T07:23:42.7113628Z }, 2024-10-08T07:23:42.7113999Z "LGPL-2.1": { 2024-10-08T07:23:42.7114365Z "licenseType": "LGPL-2.1", 2024-10-08T07:23:42.7114756Z "severity": "medium", 2024-10-08T07:23:42.7115180Z "instructions": "" 2024-10-08T07:23:42.7115508Z }, 2024-10-08T07:23:42.7115828Z "LGPL-3.0": { 2024-10-08T07:23:42.7116283Z "licenseType": "LGPL-3.0", 2024-10-08T07:23:42.7116677Z "severity": "medium", 2024-10-08T07:23:42.7117009Z "instructions": "" 2024-10-08T07:23:42.7117419Z }, 2024-10-08T07:23:42.7117737Z "MPL-1.1": { 2024-10-08T07:23:42.7118104Z "licenseType": "MPL-1.1", 2024-10-08T07:23:42.7118527Z "severity": "medium", 2024-10-08T07:23:42.7118898Z "instructions": "" 2024-10-08T07:23:42.7119485Z }, 2024-10-08T07:23:42.7119870Z "MPL-2.0": { 2024-10-08T07:23:42.7120249Z "licenseType": "MPL-2.0", 2024-10-08T07:23:42.7120657Z "severity": "medium", 2024-10-08T07:23:42.7121230Z "instructions": "" 2024-10-08T07:23:42.7121585Z }, 2024-10-08T07:23:42.7121946Z "MS-RL": { 2024-10-08T07:23:42.7122387Z "licenseType": "MS-RL", 2024-10-08T07:23:42.7122740Z "severity": "medium", 2024-10-08T07:23:42.7123126Z "instructions": "" 2024-10-08T07:23:42.7123514Z }, 2024-10-08T07:23:42.7123843Z "SimPL-2.0": { 2024-10-08T07:23:42.7124219Z "licenseType": "SimPL-2.0", 2024-10-08T07:23:42.7124671Z "severity": "high", 2024-10-08T07:23:42.7125052Z "instructions": "" 2024-10-08T07:23:42.7125438Z } 2024-10-08T07:23:42.7125688Z } 2024-10-08T07:23:42.7125989Z }, 2024-10-08T07:23:42.7126337Z "packageManager": "maven", 2024-10-08T07:23:42.7126802Z "projectId": "585b6b28-57da-4dbb-bda8-0387c1c59e27", 2024-10-08T07:23:42.7127285Z "ignoreSettings": { 2024-10-08T07:23:42.7127676Z "adminOnly": false, 2024-10-08T07:23:42.7128032Z "reasonRequired": false, 2024-10-08T07:23:42.7128415Z "disregardFilesystemIgnores": false 2024-10-08T07:23:42.7128863Z }, 2024-10-08T07:23:42.7129350Z "summary": "4 vulnerable dependency paths", 2024-10-08T07:23:42.7129758Z "remediation": { 2024-10-08T07:23:42.7130149Z "unresolved": [], 2024-10-08T07:23:42.7130514Z "upgrade": { 2024-10-08T07:23:42.7130931Z "org.apache.maven:maven-embedder@2.0": { 2024-10-08T07:23:42.7131514Z "upgradeTo": "org.apache.maven:maven-embedder@3.8.1", 2024-10-08T07:23:42.7132004Z "upgrades": [ 2024-10-08T07:23:42.7132416Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:23:42.7132977Z "org.codehaus.plexus:plexus-utils@1.0.4", 2024-10-08T07:23:42.7133508Z "org.codehaus.plexus:plexus-utils@1.0.4", 2024-10-08T07:23:42.7134045Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:23:42.7134539Z ], 2024-10-08T07:23:42.7134840Z "vulns": [ 2024-10-08T07:23:42.7135219Z "SNYK-JAVA-ORGAPACHEMAVEN-6144614", 2024-10-08T07:23:42.7135806Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-31521", 2024-10-08T07:23:42.7136335Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-461102", 2024-10-08T07:23:42.7136819Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-31522" 2024-10-08T07:23:42.7137314Z ] 2024-10-08T07:23:42.7137602Z } 2024-10-08T07:23:42.7137880Z }, 2024-10-08T07:23:42.7138196Z "patch": {}, 2024-10-08T07:23:42.7138665Z "ignore": {}, 2024-10-08T07:23:42.7139112Z "pin": {} 2024-10-08T07:23:42.7139445Z }, 2024-10-08T07:23:42.7139753Z "filesystemPolicy": false, 2024-10-08T07:23:42.7140150Z "filtered": { 2024-10-08T07:23:42.7140507Z "ignore": [], 2024-10-08T07:23:42.7140787Z "patch": [] 2024-10-08T07:23:42.7141107Z }, 2024-10-08T07:23:42.7141443Z "uniqueCount": 4, 2024-10-08T07:23:42.7141926Z "projectName": "jenkins.mvn.demo:mvnwebapp", 2024-10-08T07:23:42.7142380Z "foundProjectCount": 1, 2024-10-08T07:23:42.7142808Z "displayTargetFile": "pom.xml", 2024-10-08T07:23:42.7143230Z "hasUnknownVersions": false, 2024-10-08T07:23:42.7143632Z "path": "/home/runner/work/PRBotCheck/PRBotCheck" 2024-10-08T07:23:42.7144116Z } 2024-10-08T07:23:46.3406220Z 2024-10-08T07:23:46.3408361Z Monitoring /home/runner/work/PRBotCheck/PRBotCheck/package-lock.json... 2024-10-08T07:23:46.3409912Z 2024-10-08T07:23:46.3412231Z Dependency express was not found in package-lock.json. Your package.json and package-lock.json are probably out of sync. Please run "npm install" and try again. 2024-10-08T07:23:46.3414706Z 2024-10-08T07:23:46.3415200Z ------------------------------------------------------- 2024-10-08T07:23:46.3415944Z 2024-10-08T07:23:46.3416781Z Monitoring /home/runner/work/PRBotCheck/PRBotCheck (jenkins.mvn.demo:mvnwebapp)... 2024-10-08T07:23:46.3417890Z 2024-10-08T07:23:46.3419897Z Explore this snapshot at https://app.snyk.io/org/itsarraj/project/585b6b28-57da-4dbb-bda8-0387c1c59e27/history/11c07b50-c86b-4994-9be8-0bf0c87370ed 2024-10-08T07:23:46.3421775Z 2024-10-08T07:23:46.3422758Z Notifications about newly disclosed issues related to these dependencies will be emailed to you. 2024-10-08T07:23:46.3424056Z 2024-10-08T07:23:46.3429364Z 2024-10-08T07:23:46.3430335Z You have reached your monthly limit of 200 private tests for your itsarraj org. 2024-10-08T07:23:46.3431799Z To learn more about our plans and increase your tests limit visit https://snyk.io/plans. 2024-10-08T07:23:47.0955859Z Post job cleanup. 2024-10-08T07:23:47.1661612Z [command]/usr/bin/git version 2024-10-08T07:23:47.1695230Z git version 2.46.1 2024-10-08T07:23:47.1742474Z Temporarily overriding HOME='/home/runner/work/_temp/74eee867-2a84-4f27-9440-a9d111759574' before making global git config changes 2024-10-08T07:23:47.1743602Z Adding repository directory to the temporary git global config as a safe directory 2024-10-08T07:23:47.1745870Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:23:47.1775323Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-10-08T07:23:47.1805946Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-10-08T07:23:47.2031983Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-10-08T07:23:47.2052149Z http.https://github.com/.extraheader 2024-10-08T07:23:47.2062824Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader 2024-10-08T07:23:47.2091532Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-10-08T07:23:47.2537752Z Cleaning up orphan processes

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

[github-actions]

Hey @itsarraj0test 👋, Thanks for contributing the new Pull Request !!

Secrets Bot

2024-10-08T07:28:09.2882384Z Current runner version: '2.320.0'
2024-10-08T07:28:09.2906448Z ##[group]Operating System
2024-10-08T07:28:09.2907095Z Ubuntu
2024-10-08T07:28:09.2907527Z 22.04.5
2024-10-08T07:28:09.2907821Z LTS
2024-10-08T07:28:09.2908173Z ##[endgroup]
2024-10-08T07:28:09.2908603Z ##[group]Runner Image
2024-10-08T07:28:09.2909002Z Image: ubuntu-22.04
2024-10-08T07:28:09.2909413Z Version: 20240922.1.0
2024-10-08T07:28:09.2910437Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md
2024-10-08T07:28:09.2911911Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1
2024-10-08T07:28:09.2912764Z ##[endgroup]
2024-10-08T07:28:09.2913352Z ##[group]Runner Image Provisioner
2024-10-08T07:28:09.2913820Z 2.0.384.1
2024-10-08T07:28:09.2914159Z ##[endgroup]
2024-10-08T07:28:09.2928554Z ##[group]GITHUB_TOKEN Permissions
2024-10-08T07:28:09.2930131Z Issues: write
2024-10-08T07:28:09.2930650Z Metadata: read
2024-10-08T07:28:09.2931211Z PullRequests: write
2024-10-08T07:28:09.2931730Z ##[endgroup]
2024-10-08T07:28:09.2934855Z Secret source: Actions
2024-10-08T07:28:09.2935566Z Prepare workflow directory
2024-10-08T07:28:09.3553541Z Prepare all required actions
2024-10-08T07:28:09.3720676Z Getting action download info
2024-10-08T07:28:09.5951068Z Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744)
2024-10-08T07:28:09.7312706Z Download action repository 'trufflesecurity/TruffleHog-Enterprise-Github-Action@main' (SHA:896eb9c43cebe80ae73e5aa5948595121ac7229c)
2024-10-08T07:28:10.2826020Z Complete job name: TruffleHog Bot scan
2024-10-08T07:28:10.3437579Z ##[group]Build container for action use: '/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main/Dockerfile'.
2024-10-08T07:28:10.3495082Z ##[command]/usr/bin/docker build -t 7c6d21:8fc100a260884d1688d333590282326e -f "/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main/Dockerfile" "/home/runner/work/_actions/trufflesecurity/TruffleHog-Enterprise-Github-Action/main"
2024-10-08T07:28:10.9462786Z #0 building with "default" instance using docker driver
2024-10-08T07:28:10.9463496Z
2024-10-08T07:28:10.9463719Z #1 [internal] load build definition from Dockerfile
2024-10-08T07:28:10.9464305Z #1 transferring dockerfile: 153B done
2024-10-08T07:28:10.9464845Z #1 DONE 0.0s
2024-10-08T07:28:10.9465044Z
2024-10-08T07:28:10.9465436Z #2 [internal] load metadata for us-docker.pkg.dev/thog-artifacts/public/scanner:latest
2024-10-08T07:28:11.5796515Z #2 DONE 0.8s
2024-10-08T07:28:11.7014450Z
2024-10-08T07:28:11.7015333Z #3 [internal] load .dockerignore
2024-10-08T07:28:11.7016392Z #3 transferring context: 2B done
2024-10-08T07:28:11.7016962Z #3 DONE 0.0s
2024-10-08T07:28:11.7017193Z
2024-10-08T07:28:11.7017369Z #4 [internal] load build context
2024-10-08T07:28:11.7018016Z #4 transferring context: 112B done
2024-10-08T07:28:11.7018553Z #4 DONE 0.0s
2024-10-08T07:28:11.7018784Z
2024-10-08T07:28:11.7019578Z #5 [1/2] FROM us-docker.pkg.dev/thog-artifacts/public/scanner:latest@sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1
2024-10-08T07:28:11.7021500Z #5 resolve us-docker.pkg.dev/thog-artifacts/public/scanner:latest@sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1 done
2024-10-08T07:28:11.7023214Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 0B / 70.83MB 0.1s
2024-10-08T07:28:11.7024145Z #5 sha256:3ddf1817b36313e28549c98fae955474c963929488c2762a3e17d8cd9ad7f7d1 743B / 743B done
2024-10-08T07:28:11.7025111Z #5 sha256:6d9d40a1eb71b3a08e69ca6dff5dc75a671389eacefdb46fe572b48990c1777f 1.16kB / 1.16kB done
2024-10-08T07:28:11.7026088Z #5 sha256:73e5984d21eba9ed309a98a73bea0f5005954f47397b7ebf5ee5fdfe62c1b2b3 1.84kB / 1.84kB done
2024-10-08T07:28:11.7027030Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 0B / 3.63MB 0.1s
2024-10-08T07:28:11.7028011Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0B / 10.43MB 0.1s
2024-10-08T07:28:12.0007179Z #5 sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 3.63MB / 3.63MB 0.4s done
2024-10-08T07:28:12.0008937Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 1.05MB / 10.43MB 0.4s
2024-10-08T07:28:12.1008988Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 12.39MB / 70.83MB 0.5s
2024-10-08T07:28:12.1011151Z #5 sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 10.43MB / 10.43MB 0.5s done
2024-10-08T07:28:12.1014969Z #5 extracting sha256:32b772fa507186eddade1aa8a0f01f5ceacba1fa94a5bb968eb355ac417baca3 0.1s done
2024-10-08T07:28:12.1016664Z #5 sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 0B / 184B 0.5s
2024-10-08T07:28:12.2253181Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 37.63MB / 70.83MB 0.6s
2024-10-08T07:28:12.2255003Z #5 extracting sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0.1s
2024-10-08T07:28:12.3275163Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 61.87MB / 70.83MB 0.7s
2024-10-08T07:28:12.3277184Z #5 sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 184B / 184B 0.7s done
2024-10-08T07:28:12.5340753Z #5 sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 70.83MB / 70.83MB 0.8s done
2024-10-08T07:28:12.5343180Z #5 extracting sha256:21ecfc38e68b3aeecee7c524fa165b63cf445f093e3c2197f8099ece79d61f2d 0.3s done
2024-10-08T07:28:12.5344910Z #5 extracting sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c
2024-10-08T07:28:12.9538694Z #5 extracting sha256:168a6eafcab8a6ddbd4c7ffa6d817c1b68663a5288cc3e5b96e7a342759a067c 0.3s done
2024-10-08T07:28:12.9540209Z #5 extracting sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61
2024-10-08T07:28:13.1548226Z #5 extracting sha256:0beab322d5169c30c34fd495071b4ecda5d29e324dfc70a397df0b13fcce9b61 done
2024-10-08T07:28:13.1549109Z #5 DONE 1.4s
2024-10-08T07:28:13.1549355Z
2024-10-08T07:28:13.1549525Z #6 [2/2] COPY entrypoint.sh /entrypoint.sh
2024-10-08T07:28:13.1549998Z #6 DONE 0.0s
2024-10-08T07:28:13.1550264Z
2024-10-08T07:28:13.1550403Z #7 exporting to image
2024-10-08T07:28:13.1550798Z #7 exporting layers
2024-10-08T07:28:14.0078645Z #7 exporting layers 1.0s done
2024-10-08T07:28:14.0418127Z #7 writing image sha256:885a4ec1a9c303b0d9cf5fc9b98e3595abb66905a962014c45a36ed8935f49b2 done
2024-10-08T07:28:14.0419264Z #7 naming to docker.io/library/7c6d21:8fc100a260884d1688d333590282326e done
2024-10-08T07:28:14.0420618Z #7 DONE 1.0s
2024-10-08T07:28:14.0473777Z ##[endgroup]
2024-10-08T07:28:14.0874647Z ##[group]Run actions/checkout@v3
2024-10-08T07:28:14.0875119Z with:
2024-10-08T07:28:14.0875565Z fetch-depth: 0
2024-10-08T07:28:14.0875899Z repository: itsarraj/PRBotCheck
2024-10-08T07:28:14.0876472Z token: ***
2024-10-08T07:28:14.0876902Z ssh-strict: true
2024-10-08T07:28:14.0877259Z persist-credentials: true
2024-10-08T07:28:14.0877618Z clean: true
2024-10-08T07:28:14.0878046Z sparse-checkout-cone-mode: true
2024-10-08T07:28:14.0878452Z fetch-tags: false
2024-10-08T07:28:14.0878746Z lfs: false
2024-10-08T07:28:14.0879139Z submodules: false
2024-10-08T07:28:14.0879486Z set-safe-directory: true
2024-10-08T07:28:14.0879834Z ##[endgroup]
2024-10-08T07:28:14.3134108Z Syncing repository: itsarraj/PRBotCheck
2024-10-08T07:28:14.3136084Z ##[group]Getting Git version info
2024-10-08T07:28:14.3136954Z Working directory is '/home/runner/work/PRBotCheck/PRBotCheck'
2024-10-08T07:28:14.3137809Z [command]/usr/bin/git version
2024-10-08T07:28:14.3138420Z git version 2.46.1
2024-10-08T07:28:14.3139817Z ##[endgroup]
2024-10-08T07:28:14.3151301Z Temporarily overriding HOME='/home/runner/work/_temp/ca079894-9805-4e54-a16c-c6b676499a09' before making global git config changes
2024-10-08T07:28:14.3152366Z Adding repository directory to the temporary git global config as a safe directory
2024-10-08T07:28:14.3153506Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:28:14.3170765Z Deleting the contents of '/home/runner/work/PRBotCheck/PRBotCheck'
2024-10-08T07:28:14.3174737Z ##[group]Initializing the repository
2024-10-08T07:28:14.3177517Z [command]/usr/bin/git init /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:28:14.3245923Z hint: Using 'master' as the name for the initial branch. This default branch name
2024-10-08T07:28:14.3246960Z hint: is subject to change. To configure the initial branch name to use in all
2024-10-08T07:28:14.3247753Z hint: of your new repositories, which will suppress this warning, call:
2024-10-08T07:28:14.3248310Z hint:
2024-10-08T07:28:14.3248825Z hint: git config --global init.defaultBranch
2024-10-08T07:28:14.3249302Z hint:
2024-10-08T07:28:14.3249865Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
2024-10-08T07:28:14.3250709Z hint: 'development'. The just-created branch can be renamed via this command:
2024-10-08T07:28:14.3251793Z hint:
2024-10-08T07:28:14.3252382Z hint: git branch -m
2024-10-08T07:28:14.3253512Z Initialized empty Git repository in /home/runner/work/PRBotCheck/PRBotCheck/.git/
2024-10-08T07:28:14.3262113Z [command]/usr/bin/git remote add origin https://github.com/itsarraj/PRBotCheck
2024-10-08T07:28:14.3295528Z ##[endgroup]
2024-10-08T07:28:14.3296687Z ##[group]Disabling automatic garbage collection
2024-10-08T07:28:14.3298563Z [command]/usr/bin/git config --local gc.auto 0
2024-10-08T07:28:14.3325219Z ##[endgroup]
2024-10-08T07:28:14.3326225Z ##[group]Setting up auth
2024-10-08T07:28:14.3331250Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
2024-10-08T07:28:14.3358650Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-10-08T07:28:14.3894045Z [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
2024-10-08T07:28:14.3921090Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-10-08T07:28:14.4143681Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2024-10-08T07:28:14.4174261Z ##[endgroup]
2024-10-08T07:28:14.4175345Z ##[group]Fetching the repository
2024-10-08T07:28:14.4182927Z [command]/usr/bin/git -c protocol.version=2 fetch --prune --progress --no-recurse-submodules origin +refs/heads/:refs/remotes/origin/ +refs/tags/:refs/tags/
2024-10-08T07:28:14.8734058Z remote: Enumerating objects: 42, done.
2024-10-08T07:28:14.8734967Z remote: Counting objects: 2% (1/42)
2024-10-08T07:28:14.8736313Z remote: Counting objects: 4% (2/42)
2024-10-08T07:28:14.8737203Z remote: Counting objects: 7% (3/42)
2024-10-08T07:28:14.8738214Z remote: Counting objects: 9% (4/42)
2024-10-08T07:28:14.8739122Z remote: Counting objects: 11% (5/42)
2024-10-08T07:28:14.8740011Z remote: Counting objects: 14% (6/42)
2024-10-08T07:28:14.8740975Z remote: Counting objects: 16% (7/42)
2024-10-08T07:28:14.8741868Z remote: Counting objects: 19% (8/42)
2024-10-08T07:28:14.8753823Z remote: Counting objects: 21% (9/42)
2024-10-08T07:28:14.8755053Z remote: Counting objects: 23% (10/42)
2024-10-08T07:28:14.8756248Z remote: Counting objects: 26% (11/42)
2024-10-08T07:28:14.8757496Z remote: Counting objects: 28% (12/42)
2024-10-08T07:28:14.8759091Z remote: Counting objects: 30% (13/42)
2024-10-08T07:28:14.8760180Z remote: Counting objects: 33% (14/42)
2024-10-08T07:28:14.8761198Z remote: Counting objects: 35% (15/42)
2024-10-08T07:28:14.8761990Z remote: Counting objects: 38% (16/42)
2024-10-08T07:28:14.8762806Z remote: Counting objects: 40% (17/42)
2024-10-08T07:28:14.8764153Z remote: Counting objects: 42% (18/42)
2024-10-08T07:28:14.8764932Z remote: Counting objects: 45% (19/42)
2024-10-08T07:28:14.8765725Z remote: Counting objects: 47% (20/42)
2024-10-08T07:28:14.8766522Z remote: Counting objects: 50% (21/42)
2024-10-08T07:28:14.8767284Z remote: Counting objects: 52% (22/42)
2024-10-08T07:28:14.8768064Z remote: Counting objects: 54% (23/42)
2024-10-08T07:28:14.8768863Z remote: Counting objects: 57% (24/42)
2024-10-08T07:28:14.8769640Z remote: Counting objects: 59% (25/42)
2024-10-08T07:28:14.8770538Z remote: Counting objects: 61% (26/42)
2024-10-08T07:28:14.8771511Z remote: Counting objects: 64% (27/42)
2024-10-08T07:28:14.8772335Z remote: Counting objects: 66% (28/42)
2024-10-08T07:28:14.8773311Z remote: Counting objects: 69% (29/42)
2024-10-08T07:28:14.8774148Z remote: Counting objects: 71% (30/42)
2024-10-08T07:28:14.8774939Z remote: Counting objects: 73% (31/42)
2024-10-08T07:28:14.8775700Z remote: Counting objects: 76% (32/42)
2024-10-08T07:28:14.8776485Z remote: Counting objects: 78% (33/42)
2024-10-08T07:28:14.8777274Z remote: Counting objects: 80% (34/42)
2024-10-08T07:28:14.8778030Z remote: Counting objects: 83% (35/42)
2024-10-08T07:28:14.8778818Z remote: Counting objects: 85% (36/42)
2024-10-08T07:28:14.8779602Z remote: Counting objects: 88% (37/42)
2024-10-08T07:28:14.8780352Z remote: Counting objects: 90% (38/42)
2024-10-08T07:28:14.8781376Z remote: Counting objects: 92% (39/42)
2024-10-08T07:28:14.8782205Z remote: Counting objects: 95% (40/42)
2024-10-08T07:28:14.8783225Z remote: Counting objects: 97% (41/42)
2024-10-08T07:28:14.8784311Z remote: Counting objects: 100% (42/42)
2024-10-08T07:28:14.8785075Z remote: Counting objects: 100% (42/42), done.
2024-10-08T07:28:14.8785900Z remote: Compressing objects: 3% (1/28)
2024-10-08T07:28:14.8787407Z remote: Compressing objects: 7% (2/28)
2024-10-08T07:28:14.8788382Z remote: Compressing objects: 10% (3/28)
2024-10-08T07:28:14.8789298Z remote: Compressing objects: 14% (4/28)
2024-10-08T07:28:14.8790118Z remote: Compressing objects: 17% (5/28)
2024-10-08T07:28:14.8790847Z remote: Compressing objects: 21% (6/28)
2024-10-08T07:28:14.8791446Z remote: Compressing objects: 25% (7/28)
2024-10-08T07:28:14.8791968Z remote: Compressing objects: 28% (8/28)
2024-10-08T07:28:14.8792412Z remote: Compressing objects: 32% (9/28)
2024-10-08T07:28:14.8793399Z remote: Compressing objects: 35% (10/28)
2024-10-08T07:28:14.8793999Z remote: Compressing objects: 39% (11/28)
2024-10-08T07:28:14.8794516Z remote: Compressing objects: 42% (12/28)
2024-10-08T07:28:14.8795091Z remote: Compressing objects: 46% (13/28)
2024-10-08T07:28:14.8795603Z remote: Compressing objects: 50% (14/28)
2024-10-08T07:28:14.8796109Z remote: Compressing objects: 53% (15/28)
2024-10-08T07:28:14.8796633Z remote: Compressing objects: 57% (16/28)
2024-10-08T07:28:14.8797130Z remote: Compressing objects: 60% (17/28)
2024-10-08T07:28:14.8797619Z remote: Compressing objects: 64% (18/28)
2024-10-08T07:28:14.8798151Z remote: Compressing objects: 67% (19/28)
2024-10-08T07:28:14.8798643Z remote: Compressing objects: 71% (20/28)
2024-10-08T07:28:14.8799142Z remote: Compressing objects: 75% (21/28)
2024-10-08T07:28:14.8799696Z remote: Compressing objects: 78% (22/28)
2024-10-08T07:28:14.8800139Z remote: Compressing objects: 82% (23/28)
2024-10-08T07:28:14.8800638Z remote: Compressing objects: 85% (24/28)
2024-10-08T07:28:14.8801178Z remote: Compressing objects: 89% (25/28)
2024-10-08T07:28:14.8801619Z remote: Compressing objects: 92% (26/28)
2024-10-08T07:28:14.8802111Z remote: Compressing objects: 96% (27/28)
2024-10-08T07:28:14.8802862Z remote: Compressing objects: 100% (28/28)
2024-10-08T07:28:14.8803636Z remote: Compressing objects: 100% (28/28), done.
2024-10-08T07:28:14.8804551Z remote: Total 42 (delta 18), reused 31 (delta 7), pack-reused 0 (from 0)
2024-10-08T07:28:14.8971263Z From https://github.com/itsarraj/PRBotCheck
2024-10-08T07:28:14.8973827Z * [new branch] master -> origin/master
2024-10-08T07:28:14.9012248Z [command]/usr/bin/git branch --list --remote origin/master
2024-10-08T07:28:14.9035136Z origin/master
2024-10-08T07:28:14.9042945Z [command]/usr/bin/git rev-parse refs/remotes/origin/master
2024-10-08T07:28:14.9063321Z 4cbda30
2024-10-08T07:28:14.9070279Z ##[endgroup]
2024-10-08T07:28:14.9071489Z ##[group]Determining the checkout info
2024-10-08T07:28:14.9074355Z ##[endgroup]
2024-10-08T07:28:14.9075361Z ##[group]Checking out the ref
2024-10-08T07:28:14.9076741Z [command]/usr/bin/git checkout --progress --force -B master refs/remotes/origin/master
2024-10-08T07:28:14.9119046Z Reset branch 'master'
2024-10-08T07:28:14.9124422Z branch 'master' set up to track 'origin/master'.
2024-10-08T07:28:14.9131685Z ##[endgroup]
2024-10-08T07:28:14.9164947Z [command]/usr/bin/git log -1 --format='%H'
2024-10-08T07:28:14.9186864Z '4cbda301eb789969326b13f508a574592660713b'
2024-10-08T07:28:14.9484201Z ##[group]Run trufflesecurity/TruffleHog-Enterprise-Github-Action@main
2024-10-08T07:28:14.9484879Z with:
2024-10-08T07:28:14.9485256Z args: --fail-verified master HEAD --json
2024-10-08T07:28:14.9485703Z ##[endgroup]
2024-10-08T07:28:14.9720979Z ##[command]/usr/bin/docker run --name c6d218fc100a260884d1688d333590282326e_f6fecf --label 7c6d21 --workdir /github/workspace --rm -e "INPUT_ARGS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/PRBotCheck/PRBotCheck":"/github/workspace" 7c6d21:8fc100a260884d1688d333590282326e "--fail-verified master HEAD --json"
2024-10-08T07:28:17.2863860Z {"level":"info-0","ts":"2024-10-08T07:28:17Z","logger":"thog/scanner","msg":"running trufflehog","pid":"3RCfB","version":"v1.90.20"}
2024-10-08T07:28:17.2864892Z
2024-10-08T07:28:17.2866276Z 🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷
2024-10-08T07:28:17.2867084Z version: v1.90.20
2024-10-08T07:28:17.2867431Z
2024-10-08T07:28:17.2868126Z {"level":"info-0","ts":"2024-10-08T07:28:17Z","logger":"thog/scanner","msg":"log level set","pid":"3RCfB","version":"v1.90.20","level":0}
2024-10-08T07:28:17.2870032Z {"level":"info-0","ts":"2024-10-08T07:28:17Z","logger":"thog/scanner","msg":"resolved base reference","pid":"3RCfB","version":"v1.90.20","commit":"4cbda301eb789969326b13f508a574592660713b"}
2024-10-08T07:28:17.2872608Z {"level":"info-0","ts":"2024-10-08T07:28:17Z","logger":"thog/scanner","msg":"resolved head reference","pid":"3RCfB","version":"v1.90.20","commit":"4cbda301eb789969326b13f508a574592660713b"}
2024-10-08T07:28:17.2875079Z {"level":"info-0","ts":"2024-10-08T07:28:17Z","logger":"thog/scanner","msg":"resolved common merge base between references","pid":"3RCfB","version":"v1.90.20","commit":"4cbda301eb789969326b13f508a574592660713b"}
2024-10-08T07:28:17.2877329Z {"level":"info-0","ts":"2024-10-08T07:28:17Z","logger":"thog/scanner","msg":"scanning repo","pid":"3RCfB","version":"v1.90.20","repo":"https://github.com/itsarraj/PRBotCheck","base":"4cbda301eb789969326b13f508a574592660713b","head":"4cbda301eb789969326b13f508a574592660713b"}
2024-10-08T07:28:17.2920176Z {"level":"info-0","ts":"2024-10-08T07:28:17Z","logger":"thog/scanner","msg":"finished scanning commits","pid":"3RCfB","version":"v1.90.20","commits_scanned":0}
2024-10-08T07:28:17.2922343Z {"level":"info-0","ts":"2024-10-08T07:28:17Z","logger":"thog/scanner","msg":"no secrets found","pid":"3RCfB","version":"v1.90.20"}
2024-10-08T07:28:17.3824515Z Post job cleanup.
2024-10-08T07:28:17.4537114Z [command]/usr/bin/git version
2024-10-08T07:28:17.4572189Z git version 2.46.1
2024-10-08T07:28:17.4618520Z Temporarily overriding HOME='/home/runner/work/_temp/0ba01995-4794-42bd-aba7-0912b59c6d8f' before making global git config changes
2024-10-08T07:28:17.4619623Z Adding repository directory to the temporary git global config as a safe directory
2024-10-08T07:28:17.4622020Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck
2024-10-08T07:28:17.4655644Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
2024-10-08T07:28:17.4684883Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-10-08T07:28:17.4912250Z [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
2024-10-08T07:28:17.4933474Z http.https://github.com/.extraheader
2024-10-08T07:28:17.4944983Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2024-10-08T07:28:17.4975800Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-10-08T07:28:17.5409608Z Cleaning up orphan processes

SCA Bot

2024-10-08T07:28:09.9771245Z Current runner version: '2.320.0' 2024-10-08T07:28:09.9796433Z ##[group]Operating System 2024-10-08T07:28:09.9797125Z Ubuntu 2024-10-08T07:28:09.9797479Z 22.04.5 2024-10-08T07:28:09.9797858Z LTS 2024-10-08T07:28:09.9798222Z ##[endgroup] 2024-10-08T07:28:09.9798609Z ##[group]Runner Image 2024-10-08T07:28:09.9799118Z Image: ubuntu-22.04 2024-10-08T07:28:09.9799492Z Version: 20240922.1.0 2024-10-08T07:28:09.9800481Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md 2024-10-08T07:28:09.9802053Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1 2024-10-08T07:28:09.9802921Z ##[endgroup] 2024-10-08T07:28:09.9803290Z ##[group]Runner Image Provisioner 2024-10-08T07:28:09.9803852Z 2.0.384.1 2024-10-08T07:28:09.9804200Z ##[endgroup] 2024-10-08T07:28:09.9819527Z ##[group]GITHUB_TOKEN Permissions 2024-10-08T07:28:09.9821144Z Issues: write 2024-10-08T07:28:09.9821683Z Metadata: read 2024-10-08T07:28:09.9822260Z PullRequests: write 2024-10-08T07:28:09.9822852Z ##[endgroup] 2024-10-08T07:28:09.9826213Z Secret source: Actions 2024-10-08T07:28:09.9826898Z Prepare workflow directory 2024-10-08T07:28:10.0451283Z Prepare all required actions 2024-10-08T07:28:10.0611173Z Getting action download info 2024-10-08T07:28:10.2891229Z Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744) 2024-10-08T07:28:10.5064633Z Complete job name: Snyk Bot scan 2024-10-08T07:28:10.5981968Z ##[group]Run actions/checkout@v3 2024-10-08T07:28:10.5982737Z with: 2024-10-08T07:28:10.5983175Z repository: itsarraj/PRBotCheck 2024-10-08T07:28:10.5983898Z token: *** 2024-10-08T07:28:10.5984269Z ssh-strict: true 2024-10-08T07:28:10.5984709Z persist-credentials: true 2024-10-08T07:28:10.5985606Z clean: true 2024-10-08T07:28:10.5986038Z sparse-checkout-cone-mode: true 2024-10-08T07:28:10.5986629Z fetch-depth: 1 2024-10-08T07:28:10.5987044Z fetch-tags: false 2024-10-08T07:28:10.5987472Z lfs: false 2024-10-08T07:28:10.5987890Z submodules: false 2024-10-08T07:28:10.5988312Z set-safe-directory: true 2024-10-08T07:28:10.5988829Z ##[endgroup] 2024-10-08T07:28:10.7897386Z Syncing repository: itsarraj/PRBotCheck 2024-10-08T07:28:10.7899401Z ##[group]Getting Git version info 2024-10-08T07:28:10.7900323Z Working directory is '/home/runner/work/PRBotCheck/PRBotCheck' 2024-10-08T07:28:10.7901382Z [command]/usr/bin/git version 2024-10-08T07:28:10.7930432Z git version 2.46.1 2024-10-08T07:28:10.7957856Z ##[endgroup] 2024-10-08T07:28:10.8057469Z Temporarily overriding HOME='/home/runner/work/_temp/750a87cc-56c3-443e-9b1f-95d5f2528112' before making global git config changes 2024-10-08T07:28:10.8059445Z Adding repository directory to the temporary git global config as a safe directory 2024-10-08T07:28:10.8061264Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:28:10.8094440Z Deleting the contents of '/home/runner/work/PRBotCheck/PRBotCheck' 2024-10-08T07:28:10.8098392Z ##[group]Initializing the repository 2024-10-08T07:28:10.8102086Z [command]/usr/bin/git init /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:28:10.8169051Z hint: Using 'master' as the name for the initial branch. This default branch name 2024-10-08T07:28:10.8170339Z hint: is subject to change. To configure the initial branch name to use in all 2024-10-08T07:28:10.8171559Z hint: of your new repositories, which will suppress this warning, call: 2024-10-08T07:28:10.8172418Z hint: 2024-10-08T07:28:10.8173343Z hint: git config --global init.defaultBranch 2024-10-08T07:28:10.8174246Z hint: 2024-10-08T07:28:10.8175231Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and 2024-10-08T07:28:10.8177261Z hint: 'development'. The just-created branch can be renamed via this command: 2024-10-08T07:28:10.8178612Z hint: 2024-10-08T07:28:10.8179323Z hint: git branch -m 2024-10-08T07:28:10.8180843Z Initialized empty Git repository in /home/runner/work/PRBotCheck/PRBotCheck/.git/ 2024-10-08T07:28:10.8185435Z [command]/usr/bin/git remote add origin https://github.com/itsarraj/PRBotCheck 2024-10-08T07:28:10.8216770Z ##[endgroup] 2024-10-08T07:28:10.8218151Z ##[group]Disabling automatic garbage collection 2024-10-08T07:28:10.8219899Z [command]/usr/bin/git config --local gc.auto 0 2024-10-08T07:28:10.8249384Z ##[endgroup] 2024-10-08T07:28:10.8250220Z ##[group]Setting up auth 2024-10-08T07:28:10.8257585Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-10-08T07:28:10.8288165Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-10-08T07:28:10.8578063Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-10-08T07:28:10.8606471Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-10-08T07:28:10.8828703Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic *** 2024-10-08T07:28:10.8861001Z ##[endgroup] 2024-10-08T07:28:10.8861898Z ##[group]Fetching the repository 2024-10-08T07:28:10.8870011Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +4cbda301eb789969326b13f508a574592660713b:refs/remotes/origin/master 2024-10-08T07:28:11.2532155Z remote: Enumerating objects: 12, done. 2024-10-08T07:28:11.2533288Z remote: Counting objects: 8% (1/12) 2024-10-08T07:28:11.2534155Z remote: Counting objects: 16% (2/12) 2024-10-08T07:28:11.2535234Z remote: Counting objects: 25% (3/12) 2024-10-08T07:28:11.2535981Z remote: Counting objects: 33% (4/12) 2024-10-08T07:28:11.2536848Z remote: Counting objects: 41% (5/12) 2024-10-08T07:28:11.2537516Z remote: Counting objects: 50% (6/12) 2024-10-08T07:28:11.2538419Z remote: Counting objects: 58% (7/12) 2024-10-08T07:28:11.2539434Z remote: Counting objects: 66% (8/12) 2024-10-08T07:28:11.2540255Z remote: Counting objects: 75% (9/12) 2024-10-08T07:28:11.2541027Z remote: Counting objects: 83% (10/12) 2024-10-08T07:28:11.2541889Z remote: Counting objects: 91% (11/12) 2024-10-08T07:28:11.2542651Z remote: Counting objects: 100% (12/12) 2024-10-08T07:28:11.2543425Z remote: Counting objects: 100% (12/12), done. 2024-10-08T07:28:11.2544261Z remote: Compressing objects: 9% (1/11) 2024-10-08T07:28:11.2545273Z remote: Compressing objects: 18% (2/11) 2024-10-08T07:28:11.2546062Z remote: Compressing objects: 27% (3/11) 2024-10-08T07:28:11.2546905Z remote: Compressing objects: 36% (4/11) 2024-10-08T07:28:11.2547587Z remote: Compressing objects: 45% (5/11) 2024-10-08T07:28:11.2548365Z remote: Compressing objects: 54% (6/11) 2024-10-08T07:28:11.2549220Z remote: Compressing objects: 63% (7/11) 2024-10-08T07:28:11.2549955Z remote: Compressing objects: 72% (8/11) 2024-10-08T07:28:11.2550648Z remote: Compressing objects: 81% (9/11) 2024-10-08T07:28:11.2551618Z remote: Compressing objects: 90% (10/11) 2024-10-08T07:28:11.2552404Z remote: Compressing objects: 100% (11/11) 2024-10-08T07:28:11.2553336Z remote: Compressing objects: 100% (11/11), done. 2024-10-08T07:28:11.2554651Z remote: Total 12 (delta 0), reused 9 (delta 0), pack-reused 0 (from 0) 2024-10-08T07:28:11.2618029Z From https://github.com/itsarraj/PRBotCheck 2024-10-08T07:28:11.2619357Z * [new ref] 4cbda30 -> origin/master 2024-10-08T07:28:11.2644401Z ##[endgroup] 2024-10-08T07:28:11.2645451Z ##[group]Determining the checkout info 2024-10-08T07:28:11.2646626Z ##[endgroup] 2024-10-08T07:28:11.2647501Z ##[group]Checking out the ref 2024-10-08T07:28:11.2650800Z [command]/usr/bin/git checkout --progress --force -B master refs/remotes/origin/master 2024-10-08T07:28:11.2693521Z Reset branch 'master' 2024-10-08T07:28:11.2697233Z branch 'master' set up to track 'origin/master'. 2024-10-08T07:28:11.2702752Z ##[endgroup] 2024-10-08T07:28:11.2734546Z [command]/usr/bin/git log -1 --format='%H' 2024-10-08T07:28:11.2755402Z '4cbda301eb789969326b13f508a574592660713b' 2024-10-08T07:28:11.3129690Z ##[group]Run rm -rf node_modules 2024-10-08T07:28:11.3130753Z �[36;1mrm -rf node_modules�[0m 2024-10-08T07:28:11.3131840Z �[36;1mrm -f package-lock.json�[0m 2024-10-08T07:28:11.3132777Z �[36;1mnpm install�[0m 2024-10-08T07:28:11.3133849Z �[36;1mecho "Downloading and authenticating Snyk CLI..."�[0m 2024-10-08T07:28:11.3135941Z �[36;1mcurl -Lo ./snyk "https://github.com/snyk/snyk/releases/download/v1.1100.0/snyk-linux"�[0m 2024-10-08T07:28:11.3137526Z �[36;1mchmod +x snyk�[0m 2024-10-08T07:28:11.3138635Z �[36;1m./snyk auth ***�[0m 2024-10-08T07:28:11.3139677Z �[36;1mecho "Running Snyk test and monitor..."�[0m 2024-10-08T07:28:11.3140936Z �[36;1m./snyk test --all-projects --color --json || true�[0m 2024-10-08T07:28:11.3142195Z �[36;1m./snyk monitor --all-projects || true�[0m 2024-10-08T07:28:11.3171440Z shell: /usr/bin/bash -e {0} 2024-10-08T07:28:11.3171934Z ##[endgroup] 2024-10-08T07:28:18.4769712Z npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. 2024-10-08T07:28:18.5211463Z npm warn deprecated hoek@4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial). 2024-10-08T07:28:18.5654252Z npm warn deprecated formatio@1.1.1: This package is unmaintained. Use @sinonjs/formatio instead 2024-10-08T07:28:18.5761983Z npm warn deprecated samsam@1.1.2: This package has been deprecated in favour of @sinonjs/samsam 2024-10-08T07:28:18.5864219Z npm warn deprecated glob@7.1.1: Glob versions prior to v9 are no longer supported 2024-10-08T07:28:18.5878101Z npm warn deprecated mkdirp@0.3.3: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) 2024-10-08T07:28:18.5920509Z npm warn deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3 2024-10-08T07:28:18.6081915Z npm warn deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) 2024-10-08T07:28:18.7683412Z npm warn deprecated formidable@1.0.11: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau 2024-10-08T07:28:18.8410808Z npm warn deprecated sinon@1.17.0: 16.1.1 2024-10-08T07:28:18.8445598Z npm warn deprecated connect@2.6.0: connect 2.x series is deprecated 2024-10-08T07:28:19.1111909Z 2024-10-08T07:28:19.1112810Z added 112 packages, and audited 113 packages in 6s 2024-10-08T07:28:19.1119873Z 2024-10-08T07:28:19.1120305Z 15 packages are looking for funding 2024-10-08T07:28:19.1121211Z run `npm fund` for details 2024-10-08T07:28:19.1310528Z 2024-10-08T07:28:19.1311265Z 22 vulnerabilities (1 low, 2 moderate, 12 high, 7 critical) 2024-10-08T07:28:19.1314142Z 2024-10-08T07:28:19.1315694Z To address all issues possible (including breaking changes), run: 2024-10-08T07:28:19.1319253Z npm audit fix --force 2024-10-08T07:28:19.1319837Z 2024-10-08T07:28:19.1320239Z Some issues need review, and may require choosing 2024-10-08T07:28:19.1323254Z a different dependency. 2024-10-08T07:28:19.1323683Z 2024-10-08T07:28:19.1323924Z Run `npm audit` for details. 2024-10-08T07:28:19.1488312Z Downloading and authenticating Snyk CLI... 2024-10-08T07:28:19.1558423Z % Total % Received % Xferd Average Speed Time Time Time Current 2024-10-08T07:28:19.1559870Z Dload Upload Total Spent Left Speed 2024-10-08T07:28:19.1560481Z 2024-10-08T07:28:19.2023366Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:28:19.3665447Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:28:19.3666684Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:28:19.5131167Z 2024-10-08T07:28:19.5132343Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-08T07:28:20.1899592Z 2024-10-08T07:28:20.2773635Z 56 67.1M 56 37.7M 0 0 36.4M 0 0:00:01 0:00:01 --:--:-- 36.4M 2024-10-08T07:28:20.2774810Z 100 67.1M 100 67.1M 0 0 59.9M 0 0:00:01 0:00:01 --:--:-- 338M 2024-10-08T07:28:21.2331920Z 2024-10-08T07:28:21.2332844Z Your account has been authenticated. Snyk is now ready to be used. 2024-10-08T07:28:21.2333695Z 2024-10-08T07:28:21.7366963Z Running Snyk test and monitor... 2024-10-08T07:28:28.7295331Z { 2024-10-08T07:28:28.7295949Z "vulnerabilities": [ 2024-10-08T07:28:28.7296571Z { 2024-10-08T07:28:28.7297727Z "id": "SNYK-JAVA-ORGAPACHEMAVEN-6144614", 2024-10-08T07:28:28.7298681Z "title": "Resources Downloaded over Insecure Protocol", 2024-10-08T07:28:28.7299613Z "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", 2024-10-08T07:28:28.7300479Z "credit": [ 2024-10-08T07:28:28.7301053Z "Unknown" 2024-10-08T07:28:28.7301796Z ], 2024-10-08T07:28:28.7302352Z "semver": { 2024-10-08T07:28:28.7303055Z "vulnerable": [ 2024-10-08T07:28:28.7303773Z "[,3.8.1)" 2024-10-08T07:28:28.7304334Z ] 2024-10-08T07:28:28.7304843Z }, 2024-10-08T07:28:28.7305793Z "exploit": "Not Defined", 2024-10-08T07:28:28.7306464Z "fixedIn": [ 2024-10-08T07:28:28.7307110Z "3.8.1" 2024-10-08T07:28:28.7307730Z ], 2024-10-08T07:28:28.7308316Z "patches": [], 2024-10-08T07:28:28.7308931Z "insights": { 2024-10-08T07:28:28.7309542Z "triageAdvice": null 2024-10-08T07:28:28.7310180Z }, 2024-10-08T07:28:28.7310646Z "language": "java", 2024-10-08T07:28:28.7311389Z "severity": "high", 2024-10-08T07:28:28.7312020Z "cvssScore": 7.1, 2024-10-08T07:28:28.7312660Z "functions": [], 2024-10-08T07:28:28.7313302Z "malicious": false, 2024-10-08T07:28:28.7313929Z "isDisputed": false, 2024-10-08T07:28:28.7314877Z "moduleName": "org.apache.maven:maven-core", 2024-10-08T07:28:28.7315805Z "references": [ 2024-10-08T07:28:28.7316368Z { 2024-10-08T07:28:28.7317832Z "url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E", 2024-10-08T07:28:28.7319464Z "title": "Apache Security Advisory" 2024-10-08T07:28:28.7320149Z }, 2024-10-08T07:28:28.7320707Z { 2024-10-08T07:28:28.7321638Z "url": "https://github.com/apache/maven/commit/28b4ea92d38365d0f27a5bd044ac4927580147f8", 2024-10-08T07:28:28.7322825Z "title": "GitHub Commit" 2024-10-08T07:28:28.7324306Z }, 2024-10-08T07:28:28.7325135Z { 2024-10-08T07:28:28.7326175Z "url": "https://github.com/apache/maven/commit/3b21386c3f1ab85060f6c950fb2fb17123df8647", 2024-10-08T07:28:28.7327310Z "title": "GitHub Commit" 2024-10-08T07:28:28.7328043Z }, 2024-10-08T07:28:28.7328568Z { 2024-10-08T07:28:28.7329578Z "url": "https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f", 2024-10-08T07:28:28.7331001Z "title": "GitHub Commit" 2024-10-08T07:28:28.7331631Z } 2024-10-08T07:28:28.7332275Z ], 2024-10-08T07:28:28.7332872Z "cvssDetails": [ 2024-10-08T07:28:28.7333430Z { 2024-10-08T07:28:28.7334102Z "assigner": "NVD", 2024-10-08T07:28:28.7334804Z "severity": "critical", 2024-10-08T07:28:28.7336335Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:28:28.7337379Z "cvssV3BaseScore": 9.1, 2024-10-08T07:28:28.7338393Z "modificationTime": "2024-03-11T09:50:36.020732Z" 2024-10-08T07:28:28.7339139Z }, 2024-10-08T07:28:28.7339798Z { 2024-10-08T07:28:28.7340564Z "assigner": "Red Hat", 2024-10-08T07:28:28.7341247Z "severity": "high", 2024-10-08T07:28:28.7342287Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:28:28.7343228Z "cvssV3BaseScore": 7.4, 2024-10-08T07:28:28.7344254Z "modificationTime": "2024-03-11T09:53:46.595598Z" 2024-10-08T07:28:28.7345409Z } 2024-10-08T07:28:28.7345938Z ], 2024-10-08T07:28:28.7346444Z "cvssSources": [ 2024-10-08T07:28:28.7347168Z { 2024-10-08T07:28:28.7347808Z "type": "primary", 2024-10-08T07:28:28.7348661Z "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", 2024-10-08T07:28:28.7349708Z "assigner": "Snyk", 2024-10-08T07:28:28.7350334Z "severity": "high", 2024-10-08T07:28:28.7351044Z "baseScore": 7.1, 2024-10-08T07:28:28.7351821Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7352752Z "modificationTime": "2024-03-06T14:09:37.073828Z" 2024-10-08T07:28:28.7353986Z }, 2024-10-08T07:28:28.7354540Z { 2024-10-08T07:28:28.7355329Z "type": "secondary", 2024-10-08T07:28:28.7356214Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:28:28.7357161Z "assigner": "NVD", 2024-10-08T07:28:28.7357821Z "severity": "critical", 2024-10-08T07:28:28.7358653Z "baseScore": 9.1, 2024-10-08T07:28:28.7359303Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7360254Z "modificationTime": "2024-03-11T09:50:36.020732Z" 2024-10-08T07:28:28.7361237Z }, 2024-10-08T07:28:28.7361752Z { 2024-10-08T07:28:28.7362226Z "type": "secondary", 2024-10-08T07:28:28.7363159Z "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", 2024-10-08T07:28:28.7364013Z "assigner": "Red Hat", 2024-10-08T07:28:28.7364665Z "severity": "high", 2024-10-08T07:28:28.7365717Z "baseScore": 7.4, 2024-10-08T07:28:28.7366394Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7367458Z "modificationTime": "2024-03-11T09:53:46.595598Z" 2024-10-08T07:28:28.7368287Z } 2024-10-08T07:28:28.7368841Z ], 2024-10-08T07:28:28.7382345Z "description": "## Overview\n\nAffected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls.\r\n\r\nIf you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. For more information about repository management, visit [this page](https://maven.apache.org/repository-management.html).\n## Remediation\nUpgrade `org.apache.maven:maven-core` to version 3.8.1 or higher.\n## References\n- [Apache Security Advisory](https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E)\n- [GitHub Commit](https://github.com/apache/maven/commit/28b4ea92d38365d0f27a5bd044ac4927580147f8)\n- [GitHub Commit](https://github.com/apache/maven/commit/3b21386c3f1ab85060f6c950fb2fb17123df8647)\n- [GitHub Commit](https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f)\n", 2024-10-08T07:28:28.7390084Z "epssDetails": { 2024-10-08T07:28:28.7390583Z "percentile": "0.57700", 2024-10-08T07:28:28.7390996Z "probability": "0.00197", 2024-10-08T07:28:28.7391389Z "modelVersion": "v2023.03.01" 2024-10-08T07:28:28.7391846Z }, 2024-10-08T07:28:28.7392153Z "identifiers": { 2024-10-08T07:28:28.7392475Z "CVE": [ 2024-10-08T07:28:28.7393109Z "CVE-2021-26291" 2024-10-08T07:28:28.7393505Z ], 2024-10-08T07:28:28.7393806Z "CWE": [ 2024-10-08T07:28:28.7394179Z "CWE-494" 2024-10-08T07:28:28.7394519Z ], 2024-10-08T07:28:28.7394819Z "GHSA": [ 2024-10-08T07:28:28.7395580Z "GHSA-2f88-5hg8-9x2x" 2024-10-08T07:28:28.7395959Z ] 2024-10-08T07:28:28.7396256Z }, 2024-10-08T07:28:28.7396731Z "packageName": "org.apache.maven:maven-core", 2024-10-08T07:28:28.7397188Z "proprietary": false, 2024-10-08T07:28:28.7397667Z "creationTime": "2024-01-04T15:15:05.020423Z", 2024-10-08T07:28:28.7398193Z "functions_new": [], 2024-10-08T07:28:28.7398560Z "alternativeIds": [], 2024-10-08T07:28:28.7398975Z "disclosureTime": "2021-04-26T09:21:36Z", 2024-10-08T07:28:28.7399487Z "exploitDetails": { 2024-10-08T07:28:28.7399868Z "sources": [], 2024-10-08T07:28:28.7400268Z "maturityLevels": [ 2024-10-08T07:28:28.7400606Z { 2024-10-08T07:28:28.7400938Z "type": "secondary", 2024-10-08T07:28:28.7401380Z "level": "Not Defined", 2024-10-08T07:28:28.7401764Z "format": "CVSSv3" 2024-10-08T07:28:28.7402124Z }, 2024-10-08T07:28:28.7402492Z { 2024-10-08T07:28:28.7402804Z "type": "primary", 2024-10-08T07:28:28.7403148Z "level": "Not Defined", 2024-10-08T07:28:28.7403605Z "format": "CVSSv4" 2024-10-08T07:28:28.7403956Z } 2024-10-08T07:28:28.7404216Z ] 2024-10-08T07:28:28.7404565Z }, 2024-10-08T07:28:28.7404883Z "packageManager": "maven", 2024-10-08T07:28:28.7405560Z "mavenModuleName": { 2024-10-08T07:28:28.7406006Z "groupId": "org.apache.maven", 2024-10-08T07:28:28.7406503Z "artifactId": "maven-core" 2024-10-08T07:28:28.7406921Z }, 2024-10-08T07:28:28.7407409Z "publicationTime": "2024-01-04T15:16:41.308178Z", 2024-10-08T07:28:28.7407849Z "severityBasedOn": "CVSS", 2024-10-08T07:28:28.7408377Z "modificationTime": "2024-03-11T09:53:46.595598Z", 2024-10-08T07:28:28.7408902Z "socialTrendAlert": false, 2024-10-08T07:28:28.7409276Z "severityWithCritical": "high", 2024-10-08T07:28:28.7409790Z "from": [ 2024-10-08T07:28:28.7410265Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:28:28.7410804Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:28:28.7411296Z "org.apache.maven:maven-core@2.0" 2024-10-08T07:28:28.7411756Z ], 2024-10-08T07:28:28.7412079Z "upgradePath": [ 2024-10-08T07:28:28.7412422Z false, 2024-10-08T07:28:28.7412845Z "org.apache.maven:maven-embedder@3.8.1", 2024-10-08T07:28:28.7413371Z "org.apache.maven:maven-core@3.8.1" 2024-10-08T07:28:28.7413784Z ], 2024-10-08T07:28:28.7414118Z "isUpgradable": true, 2024-10-08T07:28:28.7414510Z "isPatchable": false, 2024-10-08T07:28:28.7415193Z "name": "org.apache.maven:maven-core", 2024-10-08T07:28:28.7415733Z "version": "2.0" 2024-10-08T07:28:28.7416057Z }, 2024-10-08T07:28:28.7416341Z { 2024-10-08T07:28:28.7416821Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-31521", 2024-10-08T07:28:28.7417300Z "title": "Directory Traversal", 2024-10-08T07:28:28.7417762Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:28:28.7418308Z "credit": [ 2024-10-08T07:28:28.7418630Z "Unknown" 2024-10-08T07:28:28.7418904Z ], 2024-10-08T07:28:28.7419266Z "semver": { 2024-10-08T07:28:28.7419595Z "vulnerable": [ 2024-10-08T07:28:28.7419984Z "[,3.0.24)" 2024-10-08T07:28:28.7420466Z ] 2024-10-08T07:28:28.7420764Z }, 2024-10-08T07:28:28.7421157Z "exploit": "Not Defined", 2024-10-08T07:28:28.7421506Z "fixedIn": [ 2024-10-08T07:28:28.7421832Z "3.0.24" 2024-10-08T07:28:28.7422205Z ], 2024-10-08T07:28:28.7422508Z "patches": [], 2024-10-08T07:28:28.7422811Z "insights": { 2024-10-08T07:28:28.7423335Z "triageAdvice": null 2024-10-08T07:28:28.7423709Z }, 2024-10-08T07:28:28.7423995Z "language": "java", 2024-10-08T07:28:28.7424414Z "severity": "medium", 2024-10-08T07:28:28.7424782Z "cvssScore": 5.3, 2024-10-08T07:28:28.7425335Z "functions": [ 2024-10-08T07:28:28.7425711Z { 2024-10-08T07:28:28.7426022Z "version": [ 2024-10-08T07:28:28.7426383Z "[,3.0.24)" 2024-10-08T07:28:28.7426763Z ], 2024-10-08T07:28:28.7427061Z "functionId": { 2024-10-08T07:28:28.7427499Z "filePath": "org/codehaus/plexus/util/Expand.java", 2024-10-08T07:28:28.7428048Z "className": "Expand", 2024-10-08T07:28:28.7428446Z "functionName": "extractFile" 2024-10-08T07:28:28.7428850Z } 2024-10-08T07:28:28.7429196Z } 2024-10-08T07:28:28.7429502Z ], 2024-10-08T07:28:28.7429770Z "malicious": false, 2024-10-08T07:28:28.7430180Z "isDisputed": false, 2024-10-08T07:28:28.7430710Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:28:28.7431206Z "references": [ 2024-10-08T07:28:28.7431620Z { 2024-10-08T07:28:28.7432307Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef", 2024-10-08T07:28:28.7433023Z "title": "GitHub Commit" 2024-10-08T07:28:28.7433467Z }, 2024-10-08T07:28:28.7433758Z { 2024-10-08T07:28:28.7434215Z "url": "https://github.com/codehaus-plexus/plexus-utils/issues/4", 2024-10-08T07:28:28.7434826Z "title": "GitHub Issue" 2024-10-08T07:28:28.7435319Z } 2024-10-08T07:28:28.7435684Z ], 2024-10-08T07:28:28.7435952Z "cvssDetails": [ 2024-10-08T07:28:28.7436293Z { 2024-10-08T07:28:28.7436664Z "assigner": "NVD", 2024-10-08T07:28:28.7437000Z "severity": "high", 2024-10-08T07:28:28.7437484Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:28:28.7438070Z "cvssV3BaseScore": 7.5, 2024-10-08T07:28:28.7438590Z "modificationTime": "2024-03-11T09:53:39.008801Z" 2024-10-08T07:28:28.7439018Z }, 2024-10-08T07:28:28.7439376Z { 2024-10-08T07:28:28.7439683Z "assigner": "Red Hat", 2024-10-08T07:28:28.7440087Z "severity": "high", 2024-10-08T07:28:28.7440576Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:28:28.7441106Z "cvssV3BaseScore": 7.5, 2024-10-08T07:28:28.7441629Z "modificationTime": "2024-03-11T09:53:59.688096Z" 2024-10-08T07:28:28.7442130Z } 2024-10-08T07:28:28.7442387Z ], 2024-10-08T07:28:28.7442712Z "cvssSources": [ 2024-10-08T07:28:28.7443093Z { 2024-10-08T07:28:28.7443369Z "type": "primary", 2024-10-08T07:28:28.7443835Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:28:28.7444363Z "assigner": "Snyk", 2024-10-08T07:28:28.7444753Z "severity": "medium", 2024-10-08T07:28:28.7445332Z "baseScore": 5.3, 2024-10-08T07:28:28.7445789Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7446347Z "modificationTime": "2024-05-09T13:34:27.533160Z" 2024-10-08T07:28:28.7446798Z }, 2024-10-08T07:28:28.7447107Z { 2024-10-08T07:28:28.7447481Z "type": "secondary", 2024-10-08T07:28:28.7447947Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:28:28.7448448Z "assigner": "NVD", 2024-10-08T07:28:28.7448834Z "severity": "high", 2024-10-08T07:28:28.7449210Z "baseScore": 7.5, 2024-10-08T07:28:28.7449640Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7450265Z "modificationTime": "2024-03-11T09:53:39.008801Z" 2024-10-08T07:28:28.7450712Z }, 2024-10-08T07:28:28.7451080Z { 2024-10-08T07:28:28.7451388Z "type": "secondary", 2024-10-08T07:28:28.7451804Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", 2024-10-08T07:28:28.7452370Z "assigner": "Red Hat", 2024-10-08T07:28:28.7452864Z "severity": "high", 2024-10-08T07:28:28.7453233Z "baseScore": 7.5, 2024-10-08T07:28:28.7453662Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7454164Z "modificationTime": "2024-03-11T09:53:59.688096Z" 2024-10-08T07:28:28.7454679Z } 2024-10-08T07:28:28.7455131Z ], 2024-10-08T07:28:28.7459203Z "description": "## Overview\nAn attacker could access arbitrary files and directories stored on the file system by manipulating files with `dot-dot-slash (../)` sequences and their variations or by using absolute file paths. \r\n\r\n**Note:**\r\n\r\nThere is no indication that access to the filesystem beyond that of the application user can be achieved. So typical deployments will have only limited confidentiality impact from this vulnerability.\n\n## References\n- [https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef](https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef)\n- [https://github.com/codehaus-plexus/plexus-utils/issues/4](https://github.com/codehaus-plexus/plexus-utils/issues/4)\n", 2024-10-08T07:28:28.7462880Z "epssDetails": { 2024-10-08T07:28:28.7463210Z "percentile": "0.26522", 2024-10-08T07:28:28.7463623Z "probability": "0.00060", 2024-10-08T07:28:28.7464073Z "modelVersion": "v2023.03.01" 2024-10-08T07:28:28.7464475Z }, 2024-10-08T07:28:28.7464739Z "identifiers": { 2024-10-08T07:28:28.7465304Z "CVE": [ 2024-10-08T07:28:28.7465717Z "CVE-2022-4244" 2024-10-08T07:28:28.7466034Z ], 2024-10-08T07:28:28.7466392Z "CWE": [ 2024-10-08T07:28:28.7466759Z "CWE-22" 2024-10-08T07:28:28.7467073Z ] 2024-10-08T07:28:28.7467376Z }, 2024-10-08T07:28:28.7467828Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:28:28.7468316Z "proprietary": false, 2024-10-08T07:28:28.7468783Z "creationTime": "2017-09-20T00:00:00Z", 2024-10-08T07:28:28.7469232Z "functions_new": [ 2024-10-08T07:28:28.7469572Z { 2024-10-08T07:28:28.7469940Z "version": [ 2024-10-08T07:28:28.7470241Z "[,3.0.24)" 2024-10-08T07:28:28.7470572Z ], 2024-10-08T07:28:28.7470946Z "functionId": { 2024-10-08T07:28:28.7471378Z "className": "org.codehaus.plexus.util.Expand", 2024-10-08T07:28:28.7471843Z "functionName": "extractFile" 2024-10-08T07:28:28.7472313Z } 2024-10-08T07:28:28.7472604Z } 2024-10-08T07:28:28.7472854Z ], 2024-10-08T07:28:28.7473226Z "alternativeIds": [], 2024-10-08T07:28:28.7473683Z "disclosureTime": "2016-05-08T00:00:00Z", 2024-10-08T07:28:28.7474179Z "exploitDetails": { 2024-10-08T07:28:28.7474497Z "sources": [], 2024-10-08T07:28:28.7474846Z "maturityLevels": [ 2024-10-08T07:28:28.7475374Z { 2024-10-08T07:28:28.7475656Z "type": "secondary", 2024-10-08T07:28:28.7476045Z "level": "Not Defined", 2024-10-08T07:28:28.7476508Z "format": "CVSSv3" 2024-10-08T07:28:28.7476867Z }, 2024-10-08T07:28:28.7477127Z { 2024-10-08T07:28:28.7477492Z "type": "primary", 2024-10-08T07:28:28.7477868Z "level": "Not Defined", 2024-10-08T07:28:28.7478264Z "format": "CVSSv4" 2024-10-08T07:28:28.7478627Z } 2024-10-08T07:28:28.7478915Z ] 2024-10-08T07:28:28.7479215Z }, 2024-10-08T07:28:28.7479531Z "packageManager": "maven", 2024-10-08T07:28:28.7479922Z "mavenModuleName": { 2024-10-08T07:28:28.7480325Z "groupId": "org.codehaus.plexus", 2024-10-08T07:28:28.7481020Z "artifactId": "plexus-utils" 2024-10-08T07:28:28.7481399Z }, 2024-10-08T07:28:28.7481827Z "publicationTime": "2017-09-20T00:00:00Z", 2024-10-08T07:28:28.7482326Z "severityBasedOn": "CVSS", 2024-10-08T07:28:28.7482841Z "modificationTime": "2024-05-09T13:34:27.533160Z", 2024-10-08T07:28:28.7483270Z "socialTrendAlert": false, 2024-10-08T07:28:28.7483877Z "severityWithCritical": "medium", 2024-10-08T07:28:28.7484298Z "from": [ 2024-10-08T07:28:28.7484705Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:28:28.7485609Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:28:28.7486121Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:28:28.7486638Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:28:28.7487101Z ], 2024-10-08T07:28:28.7487408Z "upgradePath": [ 2024-10-08T07:28:28.7487767Z false, 2024-10-08T07:28:28.7488221Z "org.apache.maven:maven-embedder@3.5.0", 2024-10-08T07:28:28.7488713Z "org.apache.maven:maven-core@3.5.0", 2024-10-08T07:28:28.7489250Z "org.codehaus.plexus:plexus-utils@3.0.24" 2024-10-08T07:28:28.7489733Z ], 2024-10-08T07:28:28.7490010Z "isUpgradable": true, 2024-10-08T07:28:28.7490405Z "isPatchable": false, 2024-10-08T07:28:28.7490911Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:28:28.7491376Z "version": "1.0.4" 2024-10-08T07:28:28.7491695Z }, 2024-10-08T07:28:28.7492045Z { 2024-10-08T07:28:28.7492462Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-31522", 2024-10-08T07:28:28.7492999Z "title": "Shell Command Injection", 2024-10-08T07:28:28.7493469Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:28:28.7493963Z "credit": [ 2024-10-08T07:28:28.7494337Z "Charles Duffy" 2024-10-08T07:28:28.7494640Z ], 2024-10-08T07:28:28.7495230Z "semver": { 2024-10-08T07:28:28.7495634Z "vulnerable": [ 2024-10-08T07:28:28.7495992Z "[,3.0.16)" 2024-10-08T07:28:28.7496304Z ] 2024-10-08T07:28:28.7496641Z }, 2024-10-08T07:28:28.7496969Z "exploit": "Not Defined", 2024-10-08T07:28:28.7497311Z "fixedIn": [ 2024-10-08T07:28:28.7497678Z "3.0.16" 2024-10-08T07:28:28.7498004Z ], 2024-10-08T07:28:28.7498303Z "patches": [], 2024-10-08T07:28:28.7498655Z "insights": { 2024-10-08T07:28:28.7499022Z "triageAdvice": null 2024-10-08T07:28:28.7499383Z }, 2024-10-08T07:28:28.7499726Z "language": "java", 2024-10-08T07:28:28.7500070Z "severity": "critical", 2024-10-08T07:28:28.7500444Z "cvssScore": 9.8, 2024-10-08T07:28:28.7500859Z "functions": [ 2024-10-08T07:28:28.7501166Z { 2024-10-08T07:28:28.7501460Z "version": [ 2024-10-08T07:28:28.7501868Z "[,3.0.16)" 2024-10-08T07:28:28.7502198Z ], 2024-10-08T07:28:28.7502474Z "functionId": { 2024-10-08T07:28:28.7503005Z "filePath": "org/codehaus/plexus/util/cli/Commandline.java", 2024-10-08T07:28:28.7503546Z "className": "Commandline", 2024-10-08T07:28:28.7503936Z "functionName": "execute" 2024-10-08T07:28:28.7504387Z } 2024-10-08T07:28:28.7504683Z } 2024-10-08T07:28:28.7505142Z ], 2024-10-08T07:28:28.7505481Z "malicious": false, 2024-10-08T07:28:28.7505845Z "isDisputed": false, 2024-10-08T07:28:28.7506369Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:28:28.7506896Z "references": [ 2024-10-08T07:28:28.7507194Z { 2024-10-08T07:28:28.7507920Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41", 2024-10-08T07:28:28.7508698Z "title": "GitHub Commit" 2024-10-08T07:28:28.7509043Z }, 2024-10-08T07:28:28.7509352Z { 2024-10-08T07:28:28.7510054Z "url": "https://raw.githubusercontent.com/sonatype/plexus-utils/master/jira/PLXUTILS-161.json", 2024-10-08T07:28:28.7511017Z "title": "PLXUTILS-161 - Raw Jira Ticket JSON" 2024-10-08T07:28:28.7511433Z } 2024-10-08T07:28:28.7511778Z ], 2024-10-08T07:28:28.7512094Z "cvssDetails": [ 2024-10-08T07:28:28.7512473Z { 2024-10-08T07:28:28.7512744Z "assigner": "NVD", 2024-10-08T07:28:28.7513137Z "severity": "critical", 2024-10-08T07:28:28.7513794Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:28:28.7514350Z "cvssV3BaseScore": 9.8, 2024-10-08T07:28:28.7514829Z "modificationTime": "2024-03-11T09:46:36.869045Z" 2024-10-08T07:28:28.7515461Z }, 2024-10-08T07:28:28.7515780Z { 2024-10-08T07:28:28.7516057Z "assigner": "Red Hat", 2024-10-08T07:28:28.7516491Z "severity": "high", 2024-10-08T07:28:28.7516995Z "cvssV3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:28:28.7517515Z "cvssV3BaseScore": 7.8, 2024-10-08T07:28:28.7518054Z "modificationTime": "2024-03-11T09:53:54.737412Z" 2024-10-08T07:28:28.7518511Z } 2024-10-08T07:28:28.7518798Z ], 2024-10-08T07:28:28.7519158Z "cvssSources": [ 2024-10-08T07:28:28.7519464Z { 2024-10-08T07:28:28.7519769Z "type": "primary", 2024-10-08T07:28:28.7520276Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:28:28.7520733Z "assigner": "Snyk", 2024-10-08T07:28:28.7521107Z "severity": "critical", 2024-10-08T07:28:28.7521555Z "baseScore": 9.8, 2024-10-08T07:28:28.7521925Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7522398Z "modificationTime": "2024-03-06T13:58:02.476253Z" 2024-10-08T07:28:28.7522893Z }, 2024-10-08T07:28:28.7523186Z { 2024-10-08T07:28:28.7523509Z "type": "secondary", 2024-10-08T07:28:28.7523980Z "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:28:28.7524462Z "assigner": "NVD", 2024-10-08T07:28:28.7524864Z "severity": "critical", 2024-10-08T07:28:28.7525527Z "baseScore": 9.8, 2024-10-08T07:28:28.7525908Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7526437Z "modificationTime": "2024-03-11T09:46:36.869045Z" 2024-10-08T07:28:28.7526942Z }, 2024-10-08T07:28:28.7527214Z { 2024-10-08T07:28:28.7527526Z "type": "secondary", 2024-10-08T07:28:28.7528033Z "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", 2024-10-08T07:28:28.7528535Z "assigner": "Red Hat", 2024-10-08T07:28:28.7528882Z "severity": "high", 2024-10-08T07:28:28.7529300Z "baseScore": 7.8, 2024-10-08T07:28:28.7529681Z "cvssVersion": "3.0", 2024-10-08T07:28:28.7530136Z "modificationTime": "2024-03-11T09:53:54.737412Z" 2024-10-08T07:28:28.7530634Z } 2024-10-08T07:28:28.7530938Z ], 2024-10-08T07:28:28.7534472Z "description": "## Overview\r\n[`Codehaus Plexus`](https://codehaus-plexus.github.io/) is a collection of components used by Apache Maven.\r\n\r\nAffected versions of this package are vulnerable to Shell Command Injection. The Commandline class in plexus-utils does not correctly quote the contents of double-quoted strings.\r\n\r\n## Remediation\r\nUpgrade _Codehaus Plexus_ to version `3.0.16` or higher.\r\n\r\n## References\r\n- [Github Commit](https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41)\r\n- [PLXUTILS-161 - Raw Jira Ticket JSON](https://raw.githubusercontent.com/sonatype/plexus-utils/master/jira/PLXUTILS-161.json)", 2024-10-08T07:28:28.7538023Z "epssDetails": { 2024-10-08T07:28:28.7538394Z "percentile": "0.73724", 2024-10-08T07:28:28.7538804Z "probability": "0.00395", 2024-10-08T07:28:28.7539226Z "modelVersion": "v2023.03.01" 2024-10-08T07:28:28.7539611Z }, 2024-10-08T07:28:28.7539921Z "identifiers": { 2024-10-08T07:28:28.7540276Z "CVE": [ 2024-10-08T07:28:28.7540650Z "CVE-2017-1000487" 2024-10-08T07:28:28.7541062Z ], 2024-10-08T07:28:28.7541491Z "CWE": [ 2024-10-08T07:28:28.7541846Z "CWE-77" 2024-10-08T07:28:28.7542235Z ] 2024-10-08T07:28:28.7542491Z }, 2024-10-08T07:28:28.7542924Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:28:28.7543483Z "proprietary": false, 2024-10-08T07:28:28.7543927Z "creationTime": "2016-09-20T00:00:00Z", 2024-10-08T07:28:28.7544449Z "functions_new": [ 2024-10-08T07:28:28.7544850Z { 2024-10-08T07:28:28.7545325Z "version": [ 2024-10-08T07:28:28.7545691Z "[,3.0.16)" 2024-10-08T07:28:28.7546050Z ], 2024-10-08T07:28:28.7546379Z "functionId": { 2024-10-08T07:28:28.7546854Z "className": "org.codehaus.plexus.util.cli.Commandline", 2024-10-08T07:28:28.7547425Z "functionName": "execute" 2024-10-08T07:28:28.7547835Z } 2024-10-08T07:28:28.7548136Z } 2024-10-08T07:28:28.7548487Z ], 2024-10-08T07:28:28.7548777Z "alternativeIds": [], 2024-10-08T07:28:28.7549256Z "disclosureTime": "2016-05-08T00:00:00Z", 2024-10-08T07:28:28.7549741Z "exploitDetails": { 2024-10-08T07:28:28.7550119Z "sources": [], 2024-10-08T07:28:28.7550435Z "maturityLevels": [ 2024-10-08T07:28:28.7550853Z { 2024-10-08T07:28:28.7551170Z "type": "secondary", 2024-10-08T07:28:28.7551534Z "level": "Not Defined", 2024-10-08T07:28:28.7552063Z "format": "CVSSv3" 2024-10-08T07:28:28.7552416Z }, 2024-10-08T07:28:28.7552764Z { 2024-10-08T07:28:28.7553040Z "type": "primary", 2024-10-08T07:28:28.7553421Z "level": "Not Defined", 2024-10-08T07:28:28.7553880Z "format": "CVSSv4" 2024-10-08T07:28:28.7554235Z } 2024-10-08T07:28:28.7554495Z ] 2024-10-08T07:28:28.7554845Z }, 2024-10-08T07:28:28.7555271Z "packageManager": "maven", 2024-10-08T07:28:28.7555634Z "mavenModuleName": { 2024-10-08T07:28:28.7556100Z "groupId": "org.codehaus.plexus", 2024-10-08T07:28:28.7556594Z "artifactId": "plexus-utils" 2024-10-08T07:28:28.7557002Z }, 2024-10-08T07:28:28.7557409Z "publicationTime": "2016-09-20T00:00:00Z", 2024-10-08T07:28:28.7557858Z "severityBasedOn": "CVSS", 2024-10-08T07:28:28.7558372Z "modificationTime": "2024-03-11T09:53:54.737412Z", 2024-10-08T07:28:28.7558899Z "socialTrendAlert": false, 2024-10-08T07:28:28.7559281Z "severityWithCritical": "critical", 2024-10-08T07:28:28.7559713Z "from": [ 2024-10-08T07:28:28.7560188Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:28:28.7560687Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:28:28.7561201Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:28:28.7561767Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:28:28.7562217Z ], 2024-10-08T07:28:28.7562483Z "upgradePath": [ 2024-10-08T07:28:28.7562871Z false, 2024-10-08T07:28:28.7563289Z "org.apache.maven:maven-embedder@3.2.1", 2024-10-08T07:28:28.7563863Z "org.apache.maven:maven-core@3.2.1", 2024-10-08T07:28:28.7564351Z "org.codehaus.plexus:plexus-utils@3.0.17" 2024-10-08T07:28:28.7564801Z ], 2024-10-08T07:28:28.7565540Z "isUpgradable": true, 2024-10-08T07:28:28.7565908Z "isPatchable": false, 2024-10-08T07:28:28.7566415Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:28:28.7566921Z "version": "1.0.4" 2024-10-08T07:28:28.7567278Z }, 2024-10-08T07:28:28.7567526Z { 2024-10-08T07:28:28.7567974Z "id": "SNYK-JAVA-ORGCODEHAUSPLEXUS-461102", 2024-10-08T07:28:28.7568505Z "title": "XML External Entity (XXE) Injection", 2024-10-08T07:28:28.7569092Z "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U", 2024-10-08T07:28:28.7569632Z "credit": [ 2024-10-08T07:28:28.7569975Z "Florian Weimer" 2024-10-08T07:28:28.7570326Z ], 2024-10-08T07:28:28.7570636Z "semver": { 2024-10-08T07:28:28.7571151Z "vulnerable": [ 2024-10-08T07:28:28.7571500Z "[,3.0.24)" 2024-10-08T07:28:28.7571895Z ] 2024-10-08T07:28:28.7572151Z }, 2024-10-08T07:28:28.7572463Z "exploit": "Unproven", 2024-10-08T07:28:28.7572896Z "fixedIn": [ 2024-10-08T07:28:28.7573182Z "3.0.24" 2024-10-08T07:28:28.7573491Z ], 2024-10-08T07:28:28.7573850Z "patches": [], 2024-10-08T07:28:28.7574306Z "insights": { 2024-10-08T07:28:28.7574646Z "triageAdvice": null 2024-10-08T07:28:28.7575434Z }, 2024-10-08T07:28:28.7575753Z "language": "java", 2024-10-08T07:28:28.7576151Z "severity": "medium", 2024-10-08T07:28:28.7576552Z "cvssScore": 4.3, 2024-10-08T07:28:28.7576910Z "functions": [ 2024-10-08T07:28:28.7577261Z { 2024-10-08T07:28:28.7577575Z "version": [ 2024-10-08T07:28:28.7577934Z "(1.5.3,3.0.24)" 2024-10-08T07:28:28.7578282Z ], 2024-10-08T07:28:28.7578644Z "functionId": { 2024-10-08T07:28:28.7579120Z "filePath": "org/codehaus/plexus/util/xml/XmlWriterUtil.java", 2024-10-08T07:28:28.7579673Z "className": "XmlWriterUtil", 2024-10-08T07:28:28.7580162Z "functionName": "writeComment" 2024-10-08T07:28:28.7580554Z } 2024-10-08T07:28:28.7580850Z } 2024-10-08T07:28:28.7581182Z ], 2024-10-08T07:28:28.7581513Z "malicious": false, 2024-10-08T07:28:28.7581843Z "isDisputed": false, 2024-10-08T07:28:28.7582419Z "moduleName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:28:28.7582889Z "references": [ 2024-10-08T07:28:28.7583265Z { 2024-10-08T07:28:28.7583966Z "url": "https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de", 2024-10-08T07:28:28.7584681Z "title": "GitHub Commit" 2024-10-08T07:28:28.7585356Z }, 2024-10-08T07:28:28.7585646Z { 2024-10-08T07:28:28.7586159Z "url": "https://github.com/codehaus-plexus/plexus-utils/issues/3", 2024-10-08T07:28:28.7586766Z "title": "GitHub Issue" 2024-10-08T07:28:28.7587159Z } 2024-10-08T07:28:28.7587410Z ], 2024-10-08T07:28:28.7587771Z "cvssDetails": [ 2024-10-08T07:28:28.7588110Z { 2024-10-08T07:28:28.7588411Z "assigner": "NVD", 2024-10-08T07:28:28.7588814Z "severity": "medium", 2024-10-08T07:28:28.7589306Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:28:28.7589825Z "cvssV3BaseScore": 4.3, 2024-10-08T07:28:28.7590363Z "modificationTime": "2024-03-11T09:53:38.966298Z" 2024-10-08T07:28:28.7590813Z }, 2024-10-08T07:28:28.7591103Z { 2024-10-08T07:28:28.7591468Z "assigner": "Red Hat", 2024-10-08T07:28:28.7591818Z "severity": "medium", 2024-10-08T07:28:28.7592313Z "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:28:28.7592879Z "cvssV3BaseScore": 4.3, 2024-10-08T07:28:28.7593378Z "modificationTime": "2024-03-11T09:53:59.734097Z" 2024-10-08T07:28:28.7593804Z } 2024-10-08T07:28:28.7594143Z ], 2024-10-08T07:28:28.7594442Z "cvssSources": [ 2024-10-08T07:28:28.7594754Z { 2024-10-08T07:28:28.7595287Z "type": "primary", 2024-10-08T07:28:28.7595789Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U", 2024-10-08T07:28:28.7596375Z "assigner": "Snyk", 2024-10-08T07:28:28.7596766Z "severity": "medium", 2024-10-08T07:28:28.7597158Z "baseScore": 4.3, 2024-10-08T07:28:28.7597522Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7598077Z "modificationTime": "2024-03-06T14:09:20.690133Z" 2024-10-08T07:28:28.7598504Z }, 2024-10-08T07:28:28.7598795Z { 2024-10-08T07:28:28.7599148Z "type": "secondary", 2024-10-08T07:28:28.7599620Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:28:28.7600072Z "assigner": "NVD", 2024-10-08T07:28:28.7600498Z "severity": "medium", 2024-10-08T07:28:28.7601070Z "baseScore": 4.3, 2024-10-08T07:28:28.7601407Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7601994Z "modificationTime": "2024-03-11T09:53:38.966298Z" 2024-10-08T07:28:28.7602444Z }, 2024-10-08T07:28:28.7602792Z { 2024-10-08T07:28:28.7603083Z "type": "secondary", 2024-10-08T07:28:28.7603652Z "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", 2024-10-08T07:28:28.7604222Z "assigner": "Red Hat", 2024-10-08T07:28:28.7604606Z "severity": "medium", 2024-10-08T07:28:28.7605113Z "baseScore": 4.3, 2024-10-08T07:28:28.7605698Z "cvssVersion": "3.1", 2024-10-08T07:28:28.7606243Z "modificationTime": "2024-03-11T09:53:59.734097Z" 2024-10-08T07:28:28.7606662Z } 2024-10-08T07:28:28.7607026Z ], 2024-10-08T07:28:28.7611307Z "description": "## Overview\n[org.codehaus.plexus:plexus-utils](https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-utils) is a collection of various utility classes to ease working with strings, files, command lines, XML and more.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. `org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment` fails to sanitize comments for a `-->` sequence. This means that text contained in the command string could be interpreted as XML and allow for XML injection.\n## Remediation\nUpgrade `org.codehaus.plexus:plexus-utils` to version 3.0.24 or higher.\n## References\n- [GitHub Commit](https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de)\n- [GitHub Issue](https://github.com/codehaus-plexus/plexus-utils/issues/3)\n", 2024-10-08T07:28:28.7615541Z "epssDetails": { 2024-10-08T07:28:28.7616002Z "percentile": "0.30216", 2024-10-08T07:28:28.7616401Z "probability": "0.00067", 2024-10-08T07:28:28.7616784Z "modelVersion": "v2023.03.01" 2024-10-08T07:28:28.7617222Z }, 2024-10-08T07:28:28.7617532Z "identifiers": { 2024-10-08T07:28:28.7617895Z "CVE": [ 2024-10-08T07:28:28.7618283Z "CVE-2022-4245" 2024-10-08T07:28:28.7618642Z ], 2024-10-08T07:28:28.7618937Z "CWE": [ 2024-10-08T07:28:28.7619293Z "CWE-91" 2024-10-08T07:28:28.7619627Z ] 2024-10-08T07:28:28.7619920Z }, 2024-10-08T07:28:28.7620402Z "packageName": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:28:28.7620871Z "proprietary": false, 2024-10-08T07:28:28.7621343Z "creationTime": "2019-09-06T15:46:47.546130Z", 2024-10-08T07:28:28.7621840Z "functions_new": [ 2024-10-08T07:28:28.7622200Z { 2024-10-08T07:28:28.7622464Z "version": [ 2024-10-08T07:28:28.7622863Z "(1.5.3,3.0.24)" 2024-10-08T07:28:28.7623209Z ], 2024-10-08T07:28:28.7623486Z "functionId": { 2024-10-08T07:28:28.7624027Z "className": "org.codehaus.plexus.util.xml.XmlWriterUtil", 2024-10-08T07:28:28.7624575Z "functionName": "writeComment" 2024-10-08T07:28:28.7625217Z } 2024-10-08T07:28:28.7625510Z } 2024-10-08T07:28:28.7625802Z ], 2024-10-08T07:28:28.7626159Z "alternativeIds": [], 2024-10-08T07:28:28.7626608Z "disclosureTime": "2015-09-21T15:48:37Z", 2024-10-08T07:28:28.7627050Z "exploitDetails": { 2024-10-08T07:28:28.7627469Z "sources": [ 2024-10-08T07:28:28.7627804Z "Snyk" 2024-10-08T07:28:28.7628079Z ], 2024-10-08T07:28:28.7628456Z "maturityLevels": [ 2024-10-08T07:28:28.7628809Z { 2024-10-08T07:28:28.7629121Z "type": "secondary", 2024-10-08T07:28:28.7629537Z "level": "Not Defined", 2024-10-08T07:28:28.7629935Z "format": "CVSSv3" 2024-10-08T07:28:28.7630301Z }, 2024-10-08T07:28:28.7630632Z { 2024-10-08T07:28:28.7630946Z "type": "primary", 2024-10-08T07:28:28.7631354Z "level": "Proof of Concept", 2024-10-08T07:28:28.7631817Z "format": "CVSSv4" 2024-10-08T07:28:28.7632295Z } 2024-10-08T07:28:28.7632604Z ] 2024-10-08T07:28:28.7632955Z }, 2024-10-08T07:28:28.7633232Z "packageManager": "maven", 2024-10-08T07:28:28.7633644Z "mavenModuleName": { 2024-10-08T07:28:28.7634085Z "groupId": "org.codehaus.plexus", 2024-10-08T07:28:28.7634582Z "artifactId": "plexus-utils" 2024-10-08T07:28:28.7635168Z }, 2024-10-08T07:28:28.7635661Z "publicationTime": "2019-09-06T15:46:00Z", 2024-10-08T07:28:28.7636137Z "severityBasedOn": "CVSS", 2024-10-08T07:28:28.7636633Z "modificationTime": "2024-03-11T09:53:59.734097Z", 2024-10-08T07:28:28.7637129Z "socialTrendAlert": false, 2024-10-08T07:28:28.7637557Z "severityWithCritical": "medium", 2024-10-08T07:28:28.7637964Z "from": [ 2024-10-08T07:28:28.7638417Z "jenkins.mvn.demo:mvnwebapp@0.0.1-SNAPSHOT", 2024-10-08T07:28:28.7638951Z "org.apache.maven:maven-embedder@2.0", 2024-10-08T07:28:28.7639448Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:28:28.7640031Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:28:28.7640426Z ], 2024-10-08T07:28:28.7640728Z "upgradePath": [ 2024-10-08T07:28:28.7641135Z false, 2024-10-08T07:28:28.7641544Z "org.apache.maven:maven-embedder@3.5.0", 2024-10-08T07:28:28.7642023Z "org.apache.maven:maven-core@3.5.0", 2024-10-08T07:28:28.7642617Z "org.codehaus.plexus:plexus-utils@3.0.24" 2024-10-08T07:28:28.7643051Z ], 2024-10-08T07:28:28.7643425Z "isUpgradable": true, 2024-10-08T07:28:28.7643767Z "isPatchable": false, 2024-10-08T07:28:28.7644223Z "name": "org.codehaus.plexus:plexus-utils", 2024-10-08T07:28:28.7644739Z "version": "1.0.4" 2024-10-08T07:28:28.7645291Z } 2024-10-08T07:28:28.7645635Z ], 2024-10-08T07:28:28.7646017Z "ok": false, 2024-10-08T07:28:28.7646359Z "dependencyCount": 28, 2024-10-08T07:28:28.7646686Z "org": "itsarraj", 2024-10-08T07:28:28.7647570Z "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", 2024-10-08T07:28:28.7648389Z "isPrivate": true, 2024-10-08T07:28:28.7648755Z "licensesPolicy": { 2024-10-08T07:28:28.7649120Z "severities": {}, 2024-10-08T07:28:28.7649473Z "orgLicenseRules": { 2024-10-08T07:28:28.7649896Z "AGPL-1.0": { 2024-10-08T07:28:28.7650304Z "licenseType": "AGPL-1.0", 2024-10-08T07:28:28.7650704Z "severity": "high", 2024-10-08T07:28:28.7651090Z "instructions": "" 2024-10-08T07:28:28.7651495Z }, 2024-10-08T07:28:28.7651817Z "AGPL-3.0": { 2024-10-08T07:28:28.7652209Z "licenseType": "AGPL-3.0", 2024-10-08T07:28:28.7652651Z "severity": "high", 2024-10-08T07:28:28.7652996Z "instructions": "" 2024-10-08T07:28:28.7653340Z }, 2024-10-08T07:28:28.7653718Z "Artistic-1.0": { 2024-10-08T07:28:28.7654140Z "licenseType": "Artistic-1.0", 2024-10-08T07:28:28.7654554Z "severity": "medium", 2024-10-08T07:28:28.7655285Z "instructions": "" 2024-10-08T07:28:28.7655674Z }, 2024-10-08T07:28:28.7656014Z "Artistic-2.0": { 2024-10-08T07:28:28.7656468Z "licenseType": "Artistic-2.0", 2024-10-08T07:28:28.7656915Z "severity": "medium", 2024-10-08T07:28:28.7657294Z "instructions": "" 2024-10-08T07:28:28.7657668Z }, 2024-10-08T07:28:28.7657998Z "CDDL-1.0": { 2024-10-08T07:28:28.7658372Z "licenseType": "CDDL-1.0", 2024-10-08T07:28:28.7658827Z "severity": "medium", 2024-10-08T07:28:28.7659158Z "instructions": "" 2024-10-08T07:28:28.7659498Z }, 2024-10-08T07:28:28.7659883Z "CPOL-1.02": { 2024-10-08T07:28:28.7660232Z "licenseType": "CPOL-1.02", 2024-10-08T07:28:28.7660644Z "severity": "high", 2024-10-08T07:28:28.7661060Z "instructions": "" 2024-10-08T07:28:28.7661406Z }, 2024-10-08T07:28:28.7661710Z "EPL-1.0": { 2024-10-08T07:28:28.7662129Z "licenseType": "EPL-1.0", 2024-10-08T07:28:28.7662693Z "severity": "medium", 2024-10-08T07:28:28.7663116Z "instructions": "" 2024-10-08T07:28:28.7663427Z }, 2024-10-08T07:28:28.7663765Z "GPL-2.0": { 2024-10-08T07:28:28.7664184Z "licenseType": "GPL-2.0", 2024-10-08T07:28:28.7664537Z "severity": "high", 2024-10-08T07:28:28.7665039Z "instructions": "" 2024-10-08T07:28:28.7665627Z }, 2024-10-08T07:28:28.7665990Z "GPL-3.0": { 2024-10-08T07:28:28.7666327Z "licenseType": "GPL-3.0", 2024-10-08T07:28:28.7666774Z "severity": "high", 2024-10-08T07:28:28.7667155Z "instructions": "" 2024-10-08T07:28:28.7667463Z }, 2024-10-08T07:28:28.7667835Z "LGPL-2.0": { 2024-10-08T07:28:28.7668227Z "licenseType": "LGPL-2.0", 2024-10-08T07:28:28.7668620Z "severity": "medium", 2024-10-08T07:28:28.7668997Z "instructions": "" 2024-10-08T07:28:28.7669355Z }, 2024-10-08T07:28:28.7669677Z "LGPL-2.1": { 2024-10-08T07:28:28.7670117Z "licenseType": "LGPL-2.1", 2024-10-08T07:28:28.7670482Z "severity": "medium", 2024-10-08T07:28:28.7670843Z "instructions": "" 2024-10-08T07:28:28.7671247Z }, 2024-10-08T07:28:28.7671533Z "LGPL-3.0": { 2024-10-08T07:28:28.7671902Z "licenseType": "LGPL-3.0", 2024-10-08T07:28:28.7672352Z "severity": "medium", 2024-10-08T07:28:28.7672720Z "instructions": "" 2024-10-08T07:28:28.7673033Z }, 2024-10-08T07:28:28.7673416Z "MPL-1.1": { 2024-10-08T07:28:28.7673785Z "licenseType": "MPL-1.1", 2024-10-08T07:28:28.7674138Z "severity": "medium", 2024-10-08T07:28:28.7674571Z "instructions": "" 2024-10-08T07:28:28.7674910Z }, 2024-10-08T07:28:28.7675360Z "MPL-2.0": { 2024-10-08T07:28:28.7675749Z "licenseType": "MPL-2.0", 2024-10-08T07:28:28.7676135Z "severity": "medium", 2024-10-08T07:28:28.7676511Z "instructions": "" 2024-10-08T07:28:28.7676904Z }, 2024-10-08T07:28:28.7677189Z "MS-RL": { 2024-10-08T07:28:28.7677574Z "licenseType": "MS-RL", 2024-10-08T07:28:28.7678001Z "severity": "medium", 2024-10-08T07:28:28.7678332Z "instructions": "" 2024-10-08T07:28:28.7678690Z }, 2024-10-08T07:28:28.7679058Z "SimPL-2.0": { 2024-10-08T07:28:28.7679459Z "licenseType": "SimPL-2.0", 2024-10-08T07:28:28.7679823Z "severity": "high", 2024-10-08T07:28:28.7680232Z "instructions": "" 2024-10-08T07:28:28.7680591Z } 2024-10-08T07:28:28.7680836Z } 2024-10-08T07:28:28.7681162Z }, 2024-10-08T07:28:28.7681483Z "packageManager": "maven", 2024-10-08T07:28:28.7682030Z "projectId": "585b6b28-57da-4dbb-bda8-0387c1c59e27", 2024-10-08T07:28:28.7682462Z "ignoreSettings": { 2024-10-08T07:28:28.7682938Z "adminOnly": false, 2024-10-08T07:28:28.7683347Z "reasonRequired": false, 2024-10-08T07:28:28.7683769Z "disregardFilesystemIgnores": false 2024-10-08T07:28:28.7684141Z }, 2024-10-08T07:28:28.7684524Z "summary": "4 vulnerable dependency paths", 2024-10-08T07:28:28.7685178Z "remediation": { 2024-10-08T07:28:28.7685575Z "unresolved": [], 2024-10-08T07:28:28.7685999Z "upgrade": { 2024-10-08T07:28:28.7686470Z "org.apache.maven:maven-embedder@2.0": { 2024-10-08T07:28:28.7687051Z "upgradeTo": "org.apache.maven:maven-embedder@3.8.1", 2024-10-08T07:28:28.7687545Z "upgrades": [ 2024-10-08T07:28:28.7687993Z "org.apache.maven:maven-core@2.0", 2024-10-08T07:28:28.7688532Z "org.codehaus.plexus:plexus-utils@1.0.4", 2024-10-08T07:28:28.7689145Z "org.codehaus.plexus:plexus-utils@1.0.4", 2024-10-08T07:28:28.7689650Z "org.codehaus.plexus:plexus-utils@1.0.4" 2024-10-08T07:28:28.7690084Z ], 2024-10-08T07:28:28.7690447Z "vulns": [ 2024-10-08T07:28:28.7690831Z "SNYK-JAVA-ORGAPACHEMAVEN-6144614", 2024-10-08T07:28:28.7691360Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-31521", 2024-10-08T07:28:28.7691974Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-461102", 2024-10-08T07:28:28.7692662Z "SNYK-JAVA-ORGCODEHAUSPLEXUS-31522" 2024-10-08T07:28:28.7693074Z ] 2024-10-08T07:28:28.7693421Z } 2024-10-08T07:28:28.7693706Z }, 2024-10-08T07:28:28.7694013Z "patch": {}, 2024-10-08T07:28:28.7694348Z "ignore": {}, 2024-10-08T07:28:28.7694666Z "pin": {} 2024-10-08T07:28:28.7695259Z }, 2024-10-08T07:28:28.7695629Z "filesystemPolicy": false, 2024-10-08T07:28:28.7696163Z "filtered": { 2024-10-08T07:28:28.7696496Z "ignore": [], 2024-10-08T07:28:28.7696874Z "patch": [] 2024-10-08T07:28:28.7697165Z }, 2024-10-08T07:28:28.7697455Z "uniqueCount": 4, 2024-10-08T07:28:28.7697901Z "projectName": "jenkins.mvn.demo:mvnwebapp", 2024-10-08T07:28:28.7698320Z "foundProjectCount": 1, 2024-10-08T07:28:28.7698707Z "displayTargetFile": "pom.xml", 2024-10-08T07:28:28.7699184Z "hasUnknownVersions": false, 2024-10-08T07:28:28.7699630Z "path": "/home/runner/work/PRBotCheck/PRBotCheck" 2024-10-08T07:28:28.7700039Z } 2024-10-08T07:28:33.4529710Z 2024-10-08T07:28:33.4531586Z Monitoring /home/runner/work/PRBotCheck/PRBotCheck/package-lock.json... 2024-10-08T07:28:33.4532601Z 2024-10-08T07:28:33.4534612Z Dependency express was not found in package-lock.json. Your package.json and package-lock.json are probably out of sync. Please run "npm install" and try again. 2024-10-08T07:28:33.4536822Z 2024-10-08T07:28:33.4537316Z ------------------------------------------------------- 2024-10-08T07:28:33.4537978Z 2024-10-08T07:28:33.4538760Z Monitoring /home/runner/work/PRBotCheck/PRBotCheck (jenkins.mvn.demo:mvnwebapp)... 2024-10-08T07:28:33.4539874Z 2024-10-08T07:28:33.4541601Z Explore this snapshot at https://app.snyk.io/org/itsarraj/project/585b6b28-57da-4dbb-bda8-0387c1c59e27/history/417a4e8d-cc19-4810-b521-efe063f05a3e 2024-10-08T07:28:33.4543031Z 2024-10-08T07:28:33.4543802Z Notifications about newly disclosed issues related to these dependencies will be emailed to you. 2024-10-08T07:28:33.4544771Z 2024-10-08T07:28:33.4551749Z 2024-10-08T07:28:33.4552574Z You have reached your monthly limit of 200 private tests for your itsarraj org. 2024-10-08T07:28:33.4554197Z To learn more about our plans and increase your tests limit visit https://snyk.io/plans. 2024-10-08T07:28:34.6520563Z Post job cleanup. 2024-10-08T07:28:34.7231751Z [command]/usr/bin/git version 2024-10-08T07:28:34.7265312Z git version 2.46.1 2024-10-08T07:28:34.7312590Z Temporarily overriding HOME='/home/runner/work/_temp/bc69ca9d-3343-436e-a587-23734895bc25' before making global git config changes 2024-10-08T07:28:34.7314408Z Adding repository directory to the temporary git global config as a safe directory 2024-10-08T07:28:34.7316242Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/PRBotCheck/PRBotCheck 2024-10-08T07:28:34.7347322Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-10-08T07:28:34.7378824Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-10-08T07:28:34.7609908Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-10-08T07:28:34.7628820Z http.https://github.com/.extraheader 2024-10-08T07:28:34.7639876Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader 2024-10-08T07:28:34.7672630Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-10-08T07:28:34.8112280Z Cleaning up orphan processes

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.