Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: restore compile scope for maven dependencies #101

Merged
merged 1 commit into from
Feb 22, 2022
Merged

build: restore compile scope for maven dependencies #101

merged 1 commit into from
Feb 22, 2022

Conversation

nblair
Copy link
Contributor

@nblair nblair commented Feb 22, 2022

Following suggestion from #96 (comment).

@nblair nblair requested a review from mpiggott February 22, 2022 19:42
sonatype-lift[bot]
sonatype-lift bot reviewed Feb 22, 2022
View reviewed changes
m2settings/maven-plugin/pom.xml
@@ -54,13 +54,11 @@
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
<scope>provided</scope>
</dependency>

<dependency>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severe OSS Vulnerability:

pkg:maven/org.apache.maven/maven-core@3.0.4

0 Critical, 16 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 16 dependencies

Components
    pkg:maven/org.apache.maven/maven-core@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-settings@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-settings-builder@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-settings@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-repository-metadata@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-artifact@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-plugin-api@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-artifact@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model-builder@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-aether-provider@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model-builder@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-repository-metadata@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

(at-me [in a reply](https://help.sonatype.com/lift/talking-to-lift) with `help` or `ignore`)

sonatype-lift[bot]
sonatype-lift bot reviewed Feb 22, 2022
View reviewed changes
m2settings/maven-plugin/pom.xml
@@ -54,13 +54,11 @@
<dependency>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severe OSS Vulnerability:

pkg:maven/org.apache.maven/maven-plugin-api@3.0.4

0 Critical, 3 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 3 dependencies

Components
    pkg:maven/org.apache.maven/maven-plugin-api@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-artifact@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

(at-me [in a reply](https://help.sonatype.com/lift/talking-to-lift) with `help` or `ignore`)

sonatype-lift[bot]
sonatype-lift bot reviewed Feb 22, 2022
View reviewed changes
staging/maven-plugin/pom.xml
</dependency>

<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-compat</artifactId>
<scope>provided</scope>
</dependency>

<dependency>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severe OSS Vulnerability:

pkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.2

0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/org.apache.maven/maven-artifact@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

(at-me [in a reply](https://help.sonatype.com/lift/talking-to-lift) with `help` or `ignore`)

sonatype-lift[bot]
sonatype-lift bot reviewed Feb 22, 2022
View reviewed changes
staging/maven-plugin/pom.xml
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-model</artifactId>
<scope>provided</scope>
</dependency>

<dependency>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severe OSS Vulnerability:

pkg:maven/org.apache.maven/maven-compat@3.0.4

0 Critical, 21 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 21 dependencies

Components
    pkg:maven/org.apache.maven/maven-compat@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model-builder@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-settings@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-artifact@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-core@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-settings@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-settings-builder@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-settings@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-repository-metadata@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-artifact@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-plugin-api@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-artifact@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model-builder@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-aether-provider@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model-builder@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-repository-metadata@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

(at-me [in a reply](https://help.sonatype.com/lift/talking-to-lift) with `help` or `ignore`)

sonatype-lift[bot]
sonatype-lift bot reviewed Feb 22, 2022
View reviewed changes
staging/maven-plugin/pom.xml
<artifactId>maven-core</artifactId>
<scope>provided</scope>
</dependency>

<dependency>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severe OSS Vulnerability:

pkg:maven/org.apache.maven/maven-model@3.0.4

0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

(at-me [in a reply](https://help.sonatype.com/lift/talking-to-lift) with `help` or `ignore`)

sonatype-lift[bot]
sonatype-lift bot reviewed Feb 22, 2022
View reviewed changes
staging/maven-plugin/pom.xml
@@ -57,7 +57,6 @@
<dependency>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severe OSS Vulnerability:

pkg:maven/org.apache.maven/maven-plugin-api@3.0.4

0 Critical, 3 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 3 dependencies

Components
    pkg:maven/org.apache.maven/maven-plugin-api@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-model@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

    pkg:maven/org.apache.maven/maven-artifact@3.0.4
      SEVERE Vulnerabilities (1)

        [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, dis...

        The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

        CVSS Score: 5.8

        CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

(at-me [in a reply](https://help.sonatype.com/lift/talking-to-lift) with `help` or `ignore`)

@nblair nblair merged commit bc40dc0 into main Feb 22, 2022
@nblair nblair deleted the maven-scope branch February 22, 2022 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift left review comments

@mpiggott mpiggott Awaiting requested review from mpiggott

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@nblair