Loading Sunshine SBOM...

Sunshine - SBOM visualization tool


Analyzed CycloneDX JSON file: sbom-with-vulns.cdx.json

Summary

No. of ComponentsVulnerabilitiesMain ComponentSpec VersionVersion
101Critical: 0,  High: 0,  Medium: 1,  Low: 12,  Information: 1,
Max EPSS → 0.00552,
Vulnerabilities in CISA KEV → 0		Type → application,
Name → Apex,
Version → master		1.61


Components chart

This chart visualizes components and their dependencies, with each segment representing a single component. The chart provides a hierarchical view of the dependency structure, with relationships radiating outward from the core components.
Note: If there is only one circle, it means that no dependency relationships are defined in the input file.

The colors of the segments indicate the vulnerability status of the components: The chart is interactive:

Components table

This table visualizes components, their dependencies, vulnerabilities and licenses.
The colors of the elements in columns "Component", "Depends on" and "Dependency of" indicate the vulnerability status of the components:
The colors of the elements in columns "Direct vulnerabilities" and "Transitive vulnerabilities" indicate the severity of the vulnerabilities:

Component Depends on Dependency of Direct
vulnerabilities		 Transitive
vulnerabilities		 License
Apex masterorg.jacoco:org.jacoco.agent 0.8.8,
org.jacoco:org.jacoco.ant 0.8.8,
internal:sonar-apex-ast-visitor 1.0.0,
org.sonarsource.slang:slang-checks 1.19.0.6612,
org.sonarsource.analyzer-commons:sonar-analyzer-commons 2.18.0.3393,
org.sonarsource.sonarqube:sonar-ws 10.0.0.68432,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625,
org.junit.jupiter:junit-jupiter-api 5.11.0,
org.sonarsource.analyzer-commons:sonar-xml-parsing 2.18.0.3393,
org.sonarsource.sonarlint.core:sonarlint-core 9.0.0.74282,
com.sonarsource.license:license-api 3.4,
org.jacoco:org.jacoco.ant 0.8.7,
org.sonarsource.slang:slang-plugin 1.19.0.6612,
org.assertj:assertj-core 3.26.3,
org.mockito:mockito-core 5.13.0,
com.salesforce:apex-jorje-lsp-minimized 61.11.0,
com.yworks:yguard 4.1.1,
org.jacoco:org.jacoco.agent 0.8.7,
org.sonarsource.slang:slang-testing 1.19.0.6612,
org.sonarsource.api.plugin:sonar-plugin-api-test-fixtures 10.10.0.2391,
javax.annotation:javax.annotation-api 1.3.2,
org.sonarsource.slang:slang-api 1.19.0.6612,
org.sonarsource.api.plugin:sonar-plugin-api 10.10.0.2391		--Medium → CVE-2022-40152,
Low → CVE-2020-36518,
Low → CVE-2022-42003,
Low → CVE-2022-42004,
Low → CVE-2023-3635,
Low → CVE-2023-6481,
Low → CVE-2024-12798,
Low → CVE-2024-12801,
Low → CVE-2024-38460,
Low → CVE-2024-47554,
Low → CVE-2024-7254,
Low → CVE-2025-48924,
Low → CVE-2025-52999,
Information → CVE-2023-35116		-
ch.qos.logback:logback-classic 1.2.13org.slf4j:slf4j-api 1.7.32,
ch.qos.logback:logback-core 1.2.13		org.sonarsource.slang:slang-testing 1.19.0.6612-Low → CVE-2024-12798,
Low → CVE-2024-12801		-
ch.qos.logback:logback-classic 1.3.12org.slf4j:slf4j-api 2.0.11,
ch.qos.logback:logback-core 1.3.12		org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625Low → CVE-2023-6481Low → CVE-2023-6481,
Low → CVE-2024-12798,
Low → CVE-2024-12801		-
ch.qos.logback:logback-core 1.2.13-ch.qos.logback:logback-classic 1.2.13Low → CVE-2024-12798,
Low → CVE-2024-12801		--
ch.qos.logback:logback-core 1.3.12-ch.qos.logback:logback-classic 1.3.12Low → CVE-2023-6481,
Low → CVE-2024-12798,
Low → CVE-2024-12801		--
com.eclipsesource.minimal-json:minimal-json 0.9.5-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
org.sonarsource.slang:slang-api 1.19.0.6612		---
com.fasterxml.jackson.core:jackson-annotations 2.13.2-com.fasterxml.jackson:jackson-bom 2.13.2---
com.fasterxml.jackson.core:jackson-core 2.13.2com.fasterxml.jackson:jackson-bom 2.13.2com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2Low → CVE-2025-52999Low → CVE-2020-36518,
Low → CVE-2022-42003,
Low → CVE-2022-42004,
Information → CVE-2023-35116		-
com.fasterxml.jackson.core:jackson-databind 2.13.2-com.fasterxml.jackson:jackson-bom 2.13.2Low → CVE-2020-36518,
Low → CVE-2022-42003,
Low → CVE-2022-42004,
Information → CVE-2023-35116		--
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2com.fasterxml.jackson.core:jackson-core 2.13.2,
com.fasterxml.woodstox:woodstox-core 6.2.7,
org.codehaus.woodstox:stax2-api 4.2.1		org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625-Medium → CVE-2022-40152,
Low → CVE-2020-36518,
Low → CVE-2022-42003,
Low → CVE-2022-42004,
Low → CVE-2025-52999,
Information → CVE-2023-35116		-
com.fasterxml.jackson:jackson-bom 2.13.2com.fasterxml.jackson.core:jackson-databind 2.13.2,
com.fasterxml.jackson.core:jackson-annotations 2.13.2		com.fasterxml.jackson.core:jackson-core 2.13.2-Low → CVE-2020-36518,
Low → CVE-2022-42003,
Low → CVE-2022-42004,
Information → CVE-2023-35116		-
com.fasterxml.woodstox:woodstox-core 6.2.7-com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2Medium → CVE-2022-40152--
com.fasterxml.woodstox:woodstox-core 6.4.0org.codehaus.woodstox:stax2-api 4.2.1org.sonarsource.analyzer-commons:sonar-xml-parsing 2.18.0.3393---
com.google.code.findbugs:jsr305 3.0.2-org.sonarsource.analyzer-commons:sonar-xml-parsing 2.18.0.3393,
org.sonarsource.sonarqube:sonar-ws 10.0.0.68432		---
com.google.code.gson:gson 2.10.1-org.sonarsource.sonarqube:sonar-ws 10.0.0.68432---
com.google.protobuf:protobuf-java 3.21.12-org.sonarsource.sonarqube:sonar-ws 10.0.0.68432Low → CVE-2024-7254--
com.h2database:h2 2.2.222-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625---
commons-codec:commons-codec 1.13-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625---
commons-codec:commons-codec 1.18.0-org.sonarsource.slang:slang-plugin 1.19.0.6612---
commons-io:commons-io 2.16.1-org.sonarsource.sonarqube:sonar-plugin-api-impl 10.6.0.92116---
commons-io:commons-io 2.7-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625Low → CVE-2024-47554--
commons-lang:commons-lang 2.6-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625Low → CVE-2025-48924--
com.salesforce:apex-jorje-lsp-minimized 61.11.0-Apex master---
com.sonarsource.license:license-api 3.4-Apex master---
com.squareup.okhttp3:okhttp 4.10.0com.squareup.okio:okio 3.0.0org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625-Low → CVE-2023-3635-
com.squareup.okio:okio 3.0.0com.squareup.okio:okio-jvm 3.0.0com.squareup.okhttp3:okhttp 4.10.0Low → CVE-2023-3635Low → CVE-2023-3635-
com.squareup.okio:okio-jvm 3.0.0org.jetbrains.kotlin:kotlin-stdlib-jdk8 1.5.31com.squareup.okio:okio 3.0.0Low → CVE-2023-3635--
com.yworks:annotation 4.1.1-com.yworks:yguard 4.1.1---
com.yworks:yguard 4.1.1org.apache.ant:ant 1.10.14,
org.ow2.asm:asm 9.6,
com.yworks:annotation 4.1.1		Apex master---
internal:sonar-apex-ast-visitor 1.0.0javax.annotation:javax.annotation-api 1.3.2Apex master---
io.github.classgraph:classgraph 4.8.162-org.sonarsource.slang:slang-testing 1.19.0.6612---
javax.annotation:javax.annotation-api 1.3.2-Apex master,
internal:sonar-apex-ast-visitor 1.0.0,
org.sonarsource.sonarqube:sonar-ws 10.0.0.68432		---
junit:junit 4.13.2org.hamcrest:hamcrest-core 1.3org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625,
org.sonarsource.sonarqube:sonar-plugin-api-impl 10.6.0.92116		---
net.bytebuddy:byte-buddy 1.14.18-org.assertj:assertj-core 3.26.3---
net.bytebuddy:byte-buddy 1.15.0-org.assertj:assertj-core 3.26.3---
net.bytebuddy:byte-buddy-agent 1.15.0-org.mockito:mockito-core 5.13.0---
org.apache.ant:ant 1.10.14org.apache.ant:ant-launcher 1.10.14com.yworks:yguard 4.1.1---
org.apache.ant:ant-launcher 1.10.14-org.apache.ant:ant 1.10.14---
org.apache.commons:commons-csv 1.10.0-org.sonarsource.sonarqube:sonar-plugin-api-impl 10.6.0.92116---
org.apache.commons:commons-exec 1.3-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625---
org.apache.commons:commons-lang3 3.14.0-org.sonarsource.sonarqube:sonar-plugin-api-impl 10.6.0.92116Low → CVE-2025-48924--
org.apache.httpcomponents:httpclient 4.5.13org.apache.httpcomponents:httpcore 4.4.13org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625---
org.apache.httpcomponents:httpcore 4.4.13-org.apache.httpcomponents:httpclient 4.5.13---
org.apache.httpcomponents:httpmime 4.5.2-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625---
org.apiguardian:apiguardian-api 1.1.2-org.junit.platform:junit-platform-commons 1.11.0---
org.assertj:assertj-core 3.26.3net.bytebuddy:byte-buddy 1.15.0,
net.bytebuddy:byte-buddy 1.14.18		Apex master---
org.codehaus.woodstox:stax2-api 4.2.1-com.fasterxml.woodstox:woodstox-core 6.4.0,
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2		---
org.hamcrest:hamcrest-core 1.3-junit:junit 4.13.2---
org.jacoco:org.jacoco.agent 0.8.10-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625---
org.jacoco:org.jacoco.agent 0.8.7-Apex master---
org.jacoco:org.jacoco.agent 0.8.8-Apex master---
org.jacoco:org.jacoco.ant 0.8.7org.jacoco:org.jacoco.report 0.8.7,
org.jacoco:org.jacoco.core 0.8.7		Apex master---
org.jacoco:org.jacoco.ant 0.8.8org.jacoco:org.jacoco.report 0.8.8,
org.jacoco:org.jacoco.core 0.8.8		Apex master---
org.jacoco:org.jacoco.core 0.8.7org.ow2.asm:asm 9.1,
org.ow2.asm:asm-commons 9.1		org.jacoco:org.jacoco.ant 0.8.7---
org.jacoco:org.jacoco.core 0.8.8org.ow2.asm:asm-commons 9.2,
org.ow2.asm:asm 9.2		org.jacoco:org.jacoco.ant 0.8.8---
org.jacoco:org.jacoco.report 0.8.7-org.jacoco:org.jacoco.ant 0.8.7---
org.jacoco:org.jacoco.report 0.8.8-org.jacoco:org.jacoco.ant 0.8.8---
org.jetbrains:annotations 13.0-org.jetbrains.kotlin:kotlin-stdlib 1.6.20---
org.jetbrains.kotlin:kotlin-stdlib 1.6.20org.jetbrains.kotlin:kotlin-stdlib-common 1.6.20,
org.jetbrains:annotations 13.0		org.jetbrains.kotlin:kotlin-stdlib-jdk8 1.5.31---
org.jetbrains.kotlin:kotlin-stdlib-common 1.6.20-org.jetbrains.kotlin:kotlin-stdlib 1.6.20---
org.jetbrains.kotlin:kotlin-stdlib-jdk7 1.5.31-org.jetbrains.kotlin:kotlin-stdlib-jdk8 1.5.31---
org.jetbrains.kotlin:kotlin-stdlib-jdk8 1.5.31org.jetbrains.kotlin:kotlin-stdlib-jdk7 1.5.31,
org.jetbrains.kotlin:kotlin-stdlib 1.6.20		com.squareup.okio:okio-jvm 3.0.0---
org.junit:junit-bom 5.11.0org.junit.jupiter:junit-jupiter-engine 5.11.0,
org.junit.jupiter:junit-jupiter-api 5.11.0,
org.junit.platform:junit-platform-engine 1.11.0,
org.junit.platform:junit-platform-commons 1.11.0		org.junit.jupiter:junit-jupiter-engine 5.11.0,
org.junit.jupiter:junit-jupiter-api 5.11.0		---
org.junit.jupiter:junit-jupiter-api 5.11.0org.junit:junit-bom 5.11.0,
org.opentest4j:opentest4j 1.3.0		Apex master,
org.junit:junit-bom 5.11.0		---
org.junit.jupiter:junit-jupiter-engine 5.11.0org.junit:junit-bom 5.11.0org.sonarsource.slang:slang-testing 1.19.0.6612,
org.junit:junit-bom 5.11.0		---
org.junit.platform:junit-platform-commons 1.11.0org.apiguardian:apiguardian-api 1.1.2org.junit:junit-bom 5.11.0---
org.junit.platform:junit-platform-engine 1.11.0org.opentest4j:opentest4j 1.3.0org.junit:junit-bom 5.11.0---
org.mockito:mockito-core 5.13.0org.objenesis:objenesis 3.3,
net.bytebuddy:byte-buddy-agent 1.15.0		Apex master---
org.objenesis:objenesis 3.3-org.mockito:mockito-core 5.13.0---
org.opentest4j:opentest4j 1.3.0-org.junit.platform:junit-platform-engine 1.11.0,
org.junit.jupiter:junit-jupiter-api 5.11.0		---
org.ow2.asm:asm 9.1-org.jacoco:org.jacoco.core 0.8.7---
org.ow2.asm:asm 9.2-org.jacoco:org.jacoco.core 0.8.8---
org.ow2.asm:asm 9.6-com.yworks:yguard 4.1.1---
org.ow2.asm:asm-analysis 9.1-org.ow2.asm:asm-commons 9.1---
org.ow2.asm:asm-analysis 9.2-org.ow2.asm:asm-commons 9.2---
org.ow2.asm:asm-commons 9.1org.ow2.asm:asm-tree 9.1,
org.ow2.asm:asm-analysis 9.1		org.jacoco:org.jacoco.core 0.8.7---
org.ow2.asm:asm-commons 9.2org.ow2.asm:asm-analysis 9.2,
org.ow2.asm:asm-tree 9.2		org.jacoco:org.jacoco.core 0.8.8---
org.ow2.asm:asm-tree 9.1-org.ow2.asm:asm-commons 9.1---
org.ow2.asm:asm-tree 9.2-org.ow2.asm:asm-commons 9.2---
org.slf4j:jcl-over-slf4j 2.0.11-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625---
org.slf4j:log4j-over-slf4j 2.0.11-org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625---
org.slf4j:slf4j-api 1.7.30-org.sonarsource.api.plugin:sonar-plugin-api 10.10.0.2391---
org.slf4j:slf4j-api 1.7.32-ch.qos.logback:logback-classic 1.2.13---
org.slf4j:slf4j-api 2.0.11-ch.qos.logback:logback-classic 1.3.12---
org.sonarsource.analyzer-commons:sonar-analyzer-commons 2.18.0.3393-Apex master---
org.sonarsource.analyzer-commons:sonar-analyzer-test-commons 2.16.0.3141-org.sonarsource.slang:slang-testing 1.19.0.6612---
org.sonarsource.analyzer-commons:sonar-xml-parsing 2.18.0.3393com.fasterxml.woodstox:woodstox-core 6.4.0,
com.google.code.findbugs:jsr305 3.0.2,
xerces:xercesImpl 2.12.2		Apex master---
org.sonarsource.api.plugin:sonar-plugin-api 10.10.0.2391org.slf4j:slf4j-api 1.7.30Apex master---
org.sonarsource.api.plugin:sonar-plugin-api 9.14.0.375-org.sonarsource.sonarqube:sonar-ws 10.0.0.68432---
org.sonarsource.api.plugin:sonar-plugin-api-test-fixtures 10.10.0.2391-Apex master---
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625commons-lang:commons-lang 2.6,
com.squareup.okhttp3:okhttp 4.10.0,
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2,
org.apache.httpcomponents:httpclient 4.5.13,
org.slf4j:jcl-over-slf4j 2.0.11,
ch.qos.logback:logback-classic 1.3.12,
com.h2database:h2 2.2.222,
commons-io:commons-io 2.7,
org.apache.commons:commons-exec 1.3,
org.apache.httpcomponents:httpmime 4.5.2,
com.eclipsesource.minimal-json:minimal-json 0.9.5,
org.slf4j:log4j-over-slf4j 2.0.11,
org.jacoco:org.jacoco.agent 0.8.10,
commons-codec:commons-codec 1.13		org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625-Medium → CVE-2022-40152,
Low → CVE-2020-36518,
Low → CVE-2022-42003,
Low → CVE-2022-42004,
Low → CVE-2023-3635,
Low → CVE-2023-6481,
Low → CVE-2024-12798,
Low → CVE-2024-12801,
Low → CVE-2024-47554,
Low → CVE-2025-48924,
Low → CVE-2025-52999,
Information → CVE-2023-35116		-
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
junit:junit 4.13.2		Apex master-Medium → CVE-2022-40152,
Low → CVE-2020-36518,
Low → CVE-2022-42003,
Low → CVE-2022-42004,
Low → CVE-2023-3635,
Low → CVE-2023-6481,
Low → CVE-2024-12798,
Low → CVE-2024-12801,
Low → CVE-2024-47554,
Low → CVE-2025-48924,
Low → CVE-2025-52999,
Information → CVE-2023-35116		-
org.sonarsource.slang:slang-api 1.19.0.6612com.eclipsesource.minimal-json:minimal-json 0.9.5Apex master---
org.sonarsource.slang:slang-checks 1.19.0.6612-Apex master---
org.sonarsource.slang:slang-plugin 1.19.0.6612commons-codec:commons-codec 1.18.0Apex master---
org.sonarsource.slang:slang-testing 1.19.0.6612io.github.classgraph:classgraph 4.8.162,
ch.qos.logback:logback-classic 1.2.13,
org.junit.jupiter:junit-jupiter-engine 5.11.0,
org.sonarsource.sonarqube:sonar-plugin-api-impl 10.6.0.92116,
org.sonarsource.analyzer-commons:sonar-analyzer-test-commons 2.16.0.3141		Apex master-Low → CVE-2024-12798,
Low → CVE-2024-12801,
Low → CVE-2025-48924		-
org.sonarsource.sonarlint.core:sonarlint-core 9.0.0.74282-Apex master---
org.sonarsource.sonarqube:sonar-plugin-api-impl 10.6.0.92116org.apache.commons:commons-csv 1.10.0,
org.apache.commons:commons-lang3 3.14.0,
commons-io:commons-io 2.16.1,
junit:junit 4.13.2		org.sonarsource.slang:slang-testing 1.19.0.6612-Low → CVE-2025-48924-
org.sonarsource.sonarqube:sonar-ws 10.0.0.68432com.google.code.findbugs:jsr305 3.0.2,
javax.annotation:javax.annotation-api 1.3.2,
com.google.code.gson:gson 2.10.1,
com.google.protobuf:protobuf-java 3.21.12,
org.sonarsource.api.plugin:sonar-plugin-api 9.14.0.375		Apex masterLow → CVE-2024-38460Low → CVE-2024-7254-
xerces:xercesImpl 2.12.2xml-apis:xml-apis 1.4.01org.sonarsource.analyzer-commons:sonar-xml-parsing 2.18.0.3393---
xml-apis:xml-apis 1.4.01-xerces:xercesImpl 2.12.2---

Vulnerabilities table

This table focuses on vulnerabilities and shows the components that are affected either directly or transitively.
The colors of the elements in column "Vulnerability" indicate the severity of the vulnerabilities:
The colors of the elements in columns "Directly vulnerable components" and "Transitively vulnerable components" indicate the vulnerability status of the components:

Vulnerability Severity Score Vector EPSS CISA KEV Date Directly vulnerable
components		 Transitively vulnerable
components
CVE-2024-38460Low4.9-0.00104-org.sonarsource.sonarqube:sonar-ws 10.0.0.68432Apex master
CVE-2024-7254Low8.7-0.00189-com.google.protobuf:protobuf-java 3.21.12Apex master,
org.sonarsource.sonarqube:sonar-ws 10.0.0.68432
CVE-2025-48924Low6.5-0.00309-commons-lang:commons-lang 2.6,
org.apache.commons:commons-lang3 3.14.0		Apex master,
org.sonarsource.slang:slang-testing 1.19.0.6612,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
org.sonarsource.sonarqube:sonar-plugin-api-impl 10.6.0.92116,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625
CVE-2023-3635Low7.5-0.00301-com.squareup.okio:okio 3.0.0,
com.squareup.okio:okio-jvm 3.0.0		Apex master,
com.squareup.okhttp3:okhttp 4.10.0,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
com.squareup.okio:okio 3.0.0,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625
CVE-2025-52999Low8.7-0.00069-com.fasterxml.jackson.core:jackson-core 2.13.2Apex master,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2
CVE-2020-36518Low7.5-0.0049-com.fasterxml.jackson.core:jackson-databind 2.13.2Apex master,
com.fasterxml.jackson:jackson-bom 2.13.2,
com.fasterxml.jackson.core:jackson-core 2.13.2,
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625
CVE-2022-42003Low7.5-0.00278-com.fasterxml.jackson.core:jackson-databind 2.13.2Apex master,
com.fasterxml.jackson:jackson-bom 2.13.2,
com.fasterxml.jackson.core:jackson-core 2.13.2,
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625
CVE-2022-42004Low7.5-0.00239-com.fasterxml.jackson.core:jackson-databind 2.13.2Apex master,
com.fasterxml.jackson:jackson-bom 2.13.2,
com.fasterxml.jackson.core:jackson-core 2.13.2,
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625
CVE-2023-35116Information4.7-0.00015-com.fasterxml.jackson.core:jackson-databind 2.13.2Apex master,
com.fasterxml.jackson:jackson-bom 2.13.2,
com.fasterxml.jackson.core:jackson-core 2.13.2,
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625
CVE-2022-40152Medium7.5-0.00552-com.fasterxml.woodstox:woodstox-core 6.2.7Apex master,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.13.2
CVE-2023-6481Low7.5-0.00312-ch.qos.logback:logback-classic 1.3.12,
ch.qos.logback:logback-core 1.3.12		Apex master,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625,
ch.qos.logback:logback-classic 1.3.12
CVE-2024-12798Low5.9-0.00161-ch.qos.logback:logback-core 1.3.12,
ch.qos.logback:logback-core 1.2.13		Apex master,
ch.qos.logback:logback-classic 1.2.13,
org.sonarsource.slang:slang-testing 1.19.0.6612,
ch.qos.logback:logback-classic 1.3.12,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625
CVE-2024-12801Low2.4-0.00042-ch.qos.logback:logback-core 1.3.12,
ch.qos.logback:logback-core 1.2.13		Apex master,
ch.qos.logback:logback-classic 1.2.13,
org.sonarsource.slang:slang-testing 1.19.0.6612,
ch.qos.logback:logback-classic 1.3.12,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625
CVE-2024-47554Low4.3-0.00213-commons-io:commons-io 2.7Apex master,
org.sonarsource.orchestrator:sonar-orchestrator-junit4 5.6.2.2625,
org.sonarsource.orchestrator:sonar-orchestrator 5.6.2.2625