Vulnerabilities

 3 via 87 paths

Dependencies

 99

Source

 GitHub

Commit

 3b8184c3

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 2
  • 1
Status
  • 3
  • 0
  • 0

high severity

Arbitrary Code Execution

  • Vulnerable module: org.apache.velocity:velocity
  • Introduced through: org.apache.maven.reporting:maven-reporting-impl@3.1.0

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity@1.7
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity-tools@2.0 org.apache.velocity:velocity@1.7
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.codehaus.plexus:plexus-velocity@1.2 org.apache.velocity:velocity@1.7

Overview

org.apache.velocity:velocity is a None

Affected versions of this package are vulnerable to Arbitrary Code Execution. An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine.

Note Users of org.apache.velocity:velocity should update to org.apache.velocity:velocity-engine-core version 2.3 to mitigate this vulnerability.

Remediation

There is no fixed version for org.apache.velocity:velocity.

References

Arbitrary Code Execution vulnerability report

high severity

Resources Downloaded over Insecure Protocol

  • Vulnerable module: org.apache.maven:maven-core
  • Introduced through: org.apache.maven.reporting:maven-reporting-impl@3.1.0

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4

Overview

Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls.

If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. For more information about repository management, visit this page.

Remediation

Upgrade org.apache.maven:maven-core to version 3.8.1 or higher.

References

Resources Downloaded over Insecure Protocol vulnerability report

low severity

Information Exposure

  • Vulnerable module: org.jetbrains.kotlin:kotlin-stdlib
  • Introduced through: org.jetbrains.kotlin:kotlin-stdlib-jdk8@2.0.0-RC1, com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 and others

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 org.jetbrains.kotlin:kotlin-stdlib-jdk8@2.0.0-RC1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-checkstyle@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-json@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-plain@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 org.jetbrains.kotlin:kotlin-stdlib-jdk8@2.0.0-RC1 org.jetbrains.kotlin:kotlin-stdlib-jdk7@2.0.0-RC1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.github.gantsign.maven.doxia:doxia-sink-api-ktx@1.6.0 org.jetbrains.kotlin:kotlin-stdlib-jdk8@2.0.0-RC1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-checkstyle@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-json@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-plain@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-checkstyle@1.2.1 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-json@1.2.1 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-plain@1.2.1 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.github.gantsign.maven.doxia:doxia-sink-api-ktx@1.6.0 org.jetbrains.kotlin:kotlin-stdlib-jdk8@2.0.0-RC1 org.jetbrains.kotlin:kotlin-stdlib-jdk7@2.0.0-RC1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-checkstyle@1.2.1 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-json@1.2.1 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-plain@1.2.1 com.pinterest.ktlint:ktlint-cli-reporter-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 io.github.oshai:kotlin-logging-jvm@6.0.3 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 io.github.oshai:kotlin-logging-jvm@6.0.3 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 io.github.oshai:kotlin-logging-jvm@6.0.3 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 io.github.oshai:kotlin-logging-jvm@6.0.3 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-reflect@1.6.10 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-reflect@1.6.10 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 io.github.oshai:kotlin-logging-jvm@6.0.3 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 io.github.oshai:kotlin-logging-jvm@6.0.3 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 io.github.oshai:kotlin-logging-jvm@6.0.3 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 io.github.oshai:kotlin-logging-jvm@6.0.3 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-reflect@1.6.10 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-reflect@1.6.10 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-rule-engine@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-reflect@1.6.10 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-reflect@1.6.10 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 dev.drewhamilton.poko:poko-annotations-jvm@0.15.2 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 com.pinterest.ktlint:ktlint-logger@1.2.1 io.github.oshai:kotlin-logging-jvm@6.0.3 org.jetbrains.kotlin:kotlin-stdlib@1.9.22
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#3b8184c382b29fc7905c56796d0e44b28feefb47 com.pinterest.ktlint:ktlint-ruleset-standard@1.2.1 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.2.1 com.pinterest.ktlint:ktlint-rule-engine-core@1.2.1 org.jetbrains.kotlin:kotlin-compiler-embeddable@1.9.22 org.jetbrains.kotlin:kotlin-reflect@1.6.10 org.jetbrains.kotlin:kotlin-stdlib@1.9.22

Overview

org.jetbrains.kotlin:kotlin-stdlib is a Kotlin Standard Library for JVM.

Affected versions of this package are vulnerable to Information Exposure. A Kotlin application using createTempDir or createTempFile and placing sensitive information within either of these locations would be leaking this information in a read-only way to other users also on this system.

Note: As of version 1.4.21, the vulnerable functions have been marked as deprecated. Due to still being usable, this advisory is kept as "unfixed".

PoC by JLLeitschuh

package org.jlleitschuh.sandbox

import org.junit.jupiter.api.Test
import java.io.BufferedReader
import java.io.File
import java.io.IOException
import java.io.InputStreamReader
import java.nio.file.Files

class KotlinTempDirectoryPermissionCheck {
    @Test
    fun `kotlin check default directory permissions`() {
        val dir = createTempDir()
        runLS(dir.parentFile, dir) // Prints drwxr-xr-x
    }

    @Test
    fun `Files check default directory permissions`() {
        val dir = Files.createTempDirectory("random-directory")
        runLS(dir.toFile().parentFile, dir.toFile()) // Prints drwx------
    }

    @Test
    fun `kotlin check default file permissions`() {
        val file = createTempFile()
        runLS(file.parentFile, file) // Prints -rw-r--r--
    }

    @Test
    fun `Files check default file permissions`() {
        val file = Files.createTempFile("random-file", ".txt")
        runLS(file.toFile().parentFile, file.toFile()) // Prints -rw-------
    }

    private fun runLS(file: File, lookingFor: File) {
        val processBuilder = ProcessBuilder()
        processBuilder.command("ls", "-l", file.absolutePath)
        try {
            val process = processBuilder.start()
            val output = StringBuilder()
            val reader = BufferedReader(
                InputStreamReader(process.inputStream)
            )
            reader.lines().forEach { line ->
                if (line.contains("total")) {
                    output.append(line).append('\n')
                }
                if (line.contains(lookingFor.name)) {
                    output.append(line).append('\n')
                }
            }
            val exitVal = process.waitFor()
            if (exitVal == 0) {
                println("Success!")
                println(output)
            } else {
                //abnormal...
            }
        } catch (e: IOException) {
            e.printStackTrace()
        } catch (e: InterruptedException) {
            e.printStackTrace()
        }
    }
}

Remediation

There is no fixed version for org.jetbrains.kotlin:kotlin-stdlib.

References

Information Exposure vulnerability report