rjackson64840 / test-project-1109 Goto Github PK

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2018-8014] The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to ...

Details about the vulnerability are available on the OSS Index page for [CVE-2018-8014] The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to ....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: com.fasterxml.jackson.core:jackson-databind:2.9.0
CVSS Score: 9.9
Vulnerability: [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data

Details about the vulnerability are available on the OSS Index page for [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 8.1
Vulnerability: [CVE-2017-12617] When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC...

Details about the vulnerability are available on the OSS Index page for [CVE-2017-12617] When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2017-7675] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

Details about the vulnerability are available on the OSS Index page for [CVE-2017-7675] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 9.1
Vulnerability: [CVE-2017-5648] Improper Access Control

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5648] Improper Access Control.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of com.ning:async-http-client:1.9.0 results in the following vulnerability(s):

• (CVSS 4.3) [CVE-2013-7398] Insufficient Verification of Data Authenticity
• (CVSS 4.3) [CVE-2013-7397] Insufficient Verification of Data Authenticity

Occurrences

com.ning:async-http-client:1.9.0 is a transitive dependency introduced by the following direct dependency(s):

• com.ning\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 9.3
Vulnerability: [CVE-2013-2134] Improper Control of Generation of Code ("Code Injection")

Details about the vulnerability are available on the OSS Index page for [CVE-2013-2134] Improper Control of Generation of Code ("Code Injection").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of com.fasterxml.jackson.core:jackson-databind:2.9.0 results in the following vulnerability(s):

• (CVSS 9.9) [CVE-2017-15095] Deserialization of Untrusted Data
• (CVSS 9.9) [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data
• (CVSS 8.1) [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data

Occurrences

com.fasterxml.jackson.core:jackson-databind:2.9.0 is a transitive dependency introduced by the following direct dependency(s):

• com.fasterxml.jackson.core\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 9.8
Vulnerability: [CVE-2016-3082] Improper Input Validation

Details about the vulnerability are available on the OSS Index page for [CVE-2016-3082] Improper Input Validation.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 8.8
Vulnerability: [CVE-2016-0785] Improper Input Validation

Details about the vulnerability are available on the OSS Index page for [CVE-2016-0785] Improper Input Validation.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 9.8
Vulnerability: [CVE-2016-4436] Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have uns...

Details about the vulnerability are available on the OSS Index page for [CVE-2016-4436] Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have uns....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 8.8
Vulnerability: [CVE-2016-4461] Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary cod...

Details about the vulnerability are available on the OSS Index page for [CVE-2016-4461] Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary cod....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: com.fasterxml.jackson.core:jackson-databind:2.9.0
CVSS Score: 8.1
Vulnerability: [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data

Details about the vulnerability are available on the OSS Index page for [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.1
Vulnerability: [CVE-2016-6816] Improper Input Validation

Details about the vulnerability are available on the OSS Index page for [CVE-2016-6816] Improper Input Validation.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2016-6797] Improper Access Control

Details about the vulnerability are available on the OSS Index page for [CVE-2016-6797] Improper Access Control.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 10.0
Vulnerability: [CVE-2013-4316] null, Improper Access Control

Details about the vulnerability are available on the OSS Index page for [CVE-2013-4316] null, Improper Access Control.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2017-5647] Information Exposure

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5647] Information Exposure.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2016-8745] A bug in the error handling of the send file code for the NIO HTTP connector in ...

Details about the vulnerability are available on the OSS Index page for [CVE-2016-8745] A bug in the error handling of the send file code for the NIO HTTP connector in ....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 9.8
Vulnerability: [CVE-2017-12611] In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintenti...

Details about the vulnerability are available on the OSS Index page for [CVE-2017-12611] In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintenti....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 9.3
Vulnerability: [CVE-2013-1966] Improper Control of Generation of Code ("Code Injection")

Details about the vulnerability are available on the OSS Index page for [CVE-2013-1966] Improper Control of Generation of Code ("Code Injection").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of ognl:ognl:3.0.3 results in the following vulnerability(s):

• (CVSS 5.3) [CVE-2016-3093] Improper Input Validation

Occurrences

ognl:ognl:3.0.3 is a transitive dependency introduced by the following direct dependency(s):

• org.apache.struts\[email protected]
        └─ ognl\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of io.netty:netty:3.9.5.Final results in the following vulnerability(s):

• (CVSS 7.5) [CVE-2015-2156] Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final,...

Occurrences

io.netty:netty:3.9.5.Final is a transitive dependency introduced by the following direct dependency(s):

• com.ning\[email protected]
        └─ io.netty\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of org.apache.tomcat.embed:tomcat-embed-core:8.5.0 results in the following vulnerability(s):

• (CVSS 9.8) [CVE-2017-5651] Data Handling
• (CVSS 9.1) [CVE-2017-5648] Improper Access Control
• (CVSS 8.1) [CVE-2017-12617] When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC...
• (CVSS 8.1) [CVE-2016-5388] Improper Access Control
• (CVSS 7.5) [CVE-2018-8014] The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to ...
• (CVSS 7.5) [CVE-2017-5664] The error page mechanism of the Java Servlet Specification requires that, when a...
• (CVSS 7.5) [CVE-2016-6817] Improper Restriction of Operations within the Bounds of a Memory Buffer
• (CVSS 7.5) [CVE-2017-7675] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")
• (CVSS 7.5) [CVE-2017-5650] Resource Management Errors
• (CVSS 7.5) [CVE-2016-8745] A bug in the error handling of the send file code for the NIO HTTP connector in ...
• (CVSS 7.5) [CVE-2017-5647] Information Exposure
• (CVSS 7.5) [CVE-2016-6797] Improper Access Control
• (CVSS 7.1) [CVE-2016-6816] Improper Input Validation

Occurrences

org.apache.tomcat.embed:tomcat-embed-core:8.5.0 is a transitive dependency introduced by the following direct dependency(s):

• org.apache.tomcat.embed\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 8.1
Vulnerability: [CVE-2016-3081] Improper Neutralization of Special Elements used in a Command (Command Injection)

Details about the vulnerability are available on the OSS Index page for [CVE-2016-3081] Improper Neutralization of Special Elements used in a Command (Command Injection).

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2016-6817] Improper Restriction of Operations within the Bounds of a Memory Buffer

Details about the vulnerability are available on the OSS Index page for [CVE-2016-6817] Improper Restriction of Operations within the Bounds of a Memory Buffer.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 9.4
Vulnerability: [CVE-2013-2251] Improper Input Validation

Details about the vulnerability are available on the OSS Index page for [CVE-2013-2251] Improper Input Validation.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 8.1
Vulnerability: [CVE-2016-5388] Improper Access Control

Details about the vulnerability are available on the OSS Index page for [CVE-2016-5388] Improper Access Control.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 7.5
Vulnerability: [CVE-2015-5209] Improper Input Validation

Details about the vulnerability are available on the OSS Index page for [CVE-2015-5209] Improper Input Validation.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 9.3
Vulnerability: [CVE-2013-2115] Improper Control of Generation of Code ("Code Injection")

Details about the vulnerability are available on the OSS Index page for [CVE-2013-2115] Improper Control of Generation of Code ("Code Injection").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of org.apache.struts:struts2-core:2.3.1 results in the following vulnerability(s):

• (CVSS 10.0) [CVE-2013-4316] null, Improper Access Control
• (CVSS 9.8) [CVE-2016-4436] Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have uns...
• (CVSS 9.8) [CVE-2016-3082] Improper Input Validation
• (CVSS 9.8) [CVE-2017-12611] In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintenti...
• (CVSS 9.8) [CVE-2018-11776] Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remo...
• (CVSS 9.4) [CVE-2013-2251] Improper Input Validation
• (CVSS 9.3) [CVE-2013-2134] Improper Control of Generation of Code ("Code Injection")
• (CVSS 9.3) [CVE-2013-2135] Improper Control of Generation of Code ("Code Injection")
• (CVSS 9.3) [CVE-2013-1966] Improper Control of Generation of Code ("Code Injection")
• (CVSS 9.3) [CVE-2013-2115] Improper Control of Generation of Code ("Code Injection")
• (CVSS 8.8) [CVE-2016-4461] Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary cod...
• (CVSS 8.8) [CVE-2016-3090] The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 a...
• (CVSS 8.8) [CVE-2016-0785] Improper Input Validation
• (CVSS 8.1) [CVE-2016-3081] Improper Neutralization of Special Elements used in a Command (Command Injection)
• (CVSS 7.5) [CVE-2014-0112] Permissions, Privileges, and Access Controls
• (CVSS 7.5) [CVE-2014-0113] Permissions, Privileges, and Access Controls
• (CVSS 7.5) [CVE-2015-5209] Improper Input Validation
• (CVSS 6.8) [CVE-2014-7809] Cross-Site Request Forgery (CSRF)
• (CVSS 6.8) [CVE-2012-4386] Cross-Site Request Forgery (CSRF)
• (CVSS 6.4) [CVE-2012-0393] Permissions, Privileges, and Access Controls
• (CVSS 6.1) [CVE-2016-2162] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
• (CVSS 6.1) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
• (CVSS 6.1) [CVE-2015-5169] Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.
• (CVSS 6.1) [CVE-2016-4003] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
• (CVSS 5.8) [CVE-2013-4310] Permissions, Privileges, and Access Controls
• (CVSS 5.8) [CVE-2014-0116] Permissions, Privileges, and Access Controls
• (CVSS 5.8) [CVE-2013-2248] Improper Input Validation
• (CVSS 5.3) [CVE-2016-3093] Improper Input Validation
• (CVSS 5.0) [CVE-2014-0094] The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attacke...
• (CVSS 5.0) [CVE-2012-4387] Permissions, Privileges, and Access Controls

Occurrences

org.apache.struts:struts2-core:2.3.1 is a transitive dependency introduced by the following direct dependency(s):

• org.apache.struts\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2017-5664] The error page mechanism of the Java Servlet Specification requires that, when a...

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5664] The error page mechanism of the Java Servlet Specification requires that, when a....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 8.8
Vulnerability: [CVE-2016-3090] The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 a...

Details about the vulnerability are available on the OSS Index page for [CVE-2016-3090] The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 a....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2017-5650] Resource Management Errors

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5650] Resource Management Errors.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 9.3
Vulnerability: [CVE-2013-2135] Improper Control of Generation of Code ("Code Injection")

Details about the vulnerability are available on the OSS Index page for [CVE-2013-2135] Improper Control of Generation of Code ("Code Injection").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 7.5
Vulnerability: [CVE-2014-0113] Permissions, Privileges, and Access Controls

Details about the vulnerability are available on the OSS Index page for [CVE-2014-0113] Permissions, Privileges, and Access Controls.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.struts:struts2-core:2.3.1
CVSS Score: 7.5
Vulnerability: [CVE-2014-0112] Permissions, Privileges, and Access Controls

Details about the vulnerability are available on the OSS Index page for [CVE-2014-0112] Permissions, Privileges, and Access Controls.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 9.8
Vulnerability: [CVE-2017-5651] Data Handling

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5651] Data Handling.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of org.apache.struts.xwork:xwork-core:2.3.1 results in the following vulnerability(s):

• (CVSS 9.3) [CVE-2013-1966] Improper Control of Generation of Code ("Code Injection")
• (CVSS 9.3) [CVE-2012-0392] Permissions, Privileges, and Access Controls
• (CVSS 9.3) [CVE-2013-2135] Improper Control of Generation of Code ("Code Injection")
• (CVSS 8.8) [CVE-2016-0785] Improper Input Validation
• (CVSS 7.5) [CVE-2014-0112] Permissions, Privileges, and Access Controls
• (CVSS 6.8) [CVE-2012-0394] Improper Control of Generation of Code ("Code Injection")
• (CVSS 6.4) [CVE-2012-0393] Permissions, Privileges, and Access Controls
• (CVSS 6.1) [CVE-2016-2162] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
• (CVSS 5.3) [CVE-2016-3093] Improper Input Validation
• (CVSS 5.0) [CVE-2012-4387] Permissions, Privileges, and Access Controls

Occurrences

org.apache.struts.xwork:xwork-core:2.3.1 is a transitive dependency introduced by the following direct dependency(s):

• org.apache.struts\[email protected]
        └─ org.apache.struts.xwork\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Component: com.fasterxml.jackson.core:jackson-databind:2.9.0
CVSS Score: 9.9
Vulnerability: [CVE-2017-15095] Deserialization of Untrusted Data

Details about the vulnerability are available on the OSS Index page for [CVE-2017-15095] Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}