Skip to content

Instantly share code, notes, and snippets.

@Pururun
Last active June 26, 2024 14:10
Show Gist options
  • Save Pururun/89199a37e9794bac5969193f2a5ed685 to your computer and use it in GitHub Desktop.
Save Pururun/89199a37e9794bac5969193f2a5ed685 to your computer and use it in GitHub Desktop.
CVE
> Task :dependencyCheckAnalyze
Verifying dependencies for project android
Checking for updates and analyzing dependencies for vulnerabilities
An NVD API Key was not provided - it is highly recommended to use an NVD API key as the update can take a VERY long time without an API Key
----------------------------------------------------
.NET Assembly Analyzer could not be initialized and at least one 'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the path; either disable the Assembly Analyzer or add the path to dotnet core in the configuration.
The dotnet 6.0 core runtime or SDK is required to analyze assemblies
----------------------------------------------------
Generating report for project android
Found 0 vulnerabilities in project android
Region [NODEAUDIT] : Not alive and dispose was called, filename: NODEAUDIT
Region [CENTRAL] : Not alive and dispose was called, filename: CENTRAL
Region [POM] : Not alive and dispose was called, filename: POM
> Task :app:dependencyCheckAnalyze
Verifying dependencies for project app
Failed to fetch URL https://dl.google.com/android/repository/sys-img/android-automotive-distantdisplay/sys-img2-4.xml/sys-img.xml, reason: File not found
Failed to fetch URL: File not found
Errors during XML parse:
https://dl.google.com/android/repository/sys-img/android-automotive-distantdisplay/sys-img2-4.xml parsing problem. unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
Additionally, the fallback loader failed to parse the XML.
Failed to fetch URL https://dl.google.com/android/repository/sys-img/google-tv/sys-img2-4.xml/sys-img.xml, reason: File not found
Failed to fetch URL: File not found
Errors during XML parse:
https://dl.google.com/android/repository/sys-img/google-tv/sys-img2-4.xml parsing problem. unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
Additionally, the fallback loader failed to parse the XML.
Errors during XML parse:
https://dl.google.com/android/repository/sys-img/android-automotive/sys-img2-4.xml parsing problem. unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
Additionally, the fallback loader failed to parse the XML.
Found Android TV Intel x86 Atom System Image, Android API 21, revision 3
Found Android TV ARM EABI v7a System Image, Android API 21, revision 3
Found Android TV Intel x86 Atom System Image, Android API 22, revision 3
Found Android TV Intel x86 Atom System Image, Android API 23, revision 19
Found Android TV ARM EABI v7a System Image, Android API 23, revision 12
Found Android TV Intel x86 Atom System Image, Android API 24, revision 20
Found Android TV Intel x86 Atom System Image, Android API 25, revision 14
Found Android TV Intel x86 Atom System Image, Android API 26, revision 12
Found Android TV Intel x86 Atom System Image, Android API 27, revision 7
Found Android TV Intel x86 Atom System Image, Android API 28, revision 8
Found Android TV Intel x86 Atom System Image, Android API Q, revision 1
Failed to fetch URL https://dl.google.com/android/repository/sys-img/google_atd/sys-img2-4.xml/sys-img.xml, reason: File not found
Failed to fetch URL: File not found
Errors during XML parse:
https://dl.google.com/android/repository/sys-img/google_atd/sys-img2-4.xml parsing problem. unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
Additionally, the fallback loader failed to parse the XML.
Found Android Wear ARM EABI v7a System Image, Android API 23, revision 6
Found Android Wear Intel x86 Atom System Image, Android API 23, revision 6
Found Android Wear ARM EABI v7a System Image, Android API 25, revision 3
Found Android Wear Intel x86 Atom System Image, Android API 25, revision 3
Found Android Wear Intel x86 Atom System Image, Android API 26, revision 4
Found Wear OS Intel x86 Atom System Image, Android API 28, revision 3
Found ARM EABI v7a System Image, Android API 10, revision 5
Found ARM EABI v7a System Image, Android API 14, revision 2
Found ARM EABI v7a System Image, Android API 15, revision 5
Found ARM EABI v7a System Image, Android API 16, revision 6
Found ARM EABI v7a System Image, Android API 17, revision 6
Found ARM EABI v7a System Image, Android API 18, revision 5
Found ARM EABI v7a System Image, Android API 19, revision 5
Found ARM EABI v7a System Image, Android API 21, revision 4
Found ARM EABI v7a System Image, Android API 22, revision 2
Found ARM EABI v7a System Image, Android API 23, revision 6
Found ARM EABI v7a System Image, Android API 24, revision 7
Found ARM 64 v8a System Image, Android API 24, revision 7
Found MIPS System Image, Android API 16, revision 1
Found MIPS System Image, Android API 17, revision 1
Found Intel x86 Atom System Image, Android API 10, revision 5
Found Intel x86 Atom System Image, Android API 15, revision 5
Found Intel x86 Atom System Image, Android API 16, revision 6
Found Intel x86 Atom System Image, Android API 17, revision 4
Found Intel x86 Atom System Image, Android API 18, revision 4
Found Intel x86 Atom System Image, Android API 19, revision 6
Found Intel x86 Atom System Image, Android API 21, revision 5
Found Intel x86 Atom System Image, Android API 22, revision 6
Found Intel x86 Atom System Image, Android API 23, revision 10
Found Intel x86 Atom System Image, Android API 24, revision 8
Found Intel x86 Atom System Image, Android API 25, revision 1
Found Intel x86 Atom System Image, Android API 26, revision 1
Found Intel x86 Atom System Image, Android API 27, revision 1
Found Intel x86 Atom System Image, Android API 28, revision 4
Found Intel x86 Atom System Image, Android API 29, revision 7
Found Intel x86 Atom System Image, Android API 29, revision 7
Found Intel x86 Atom_64 System Image, Android API 21, revision 5
Found Intel x86 Atom_64 System Image, Android API 22, revision 6
Found Intel x86 Atom_64 System Image, Android API 23, revision 10
Found Intel x86 Atom_64 System Image, Android API 24, revision 8
Found Intel x86 Atom_64 System Image, Android API 25, revision 1
Found Intel x86 Atom_64 System Image, Android API 26, revision 1
Found Intel x86 Atom_64 System Image, Android API 27, revision 1
Found Intel x86 Atom_64 System Image, Android API 28, revision 4
Found Intel x86 Atom_64 System Image, Android API 29, revision 7
Found Intel x86 Atom_64 System Image, Android API 29, revision 7
Failed to fetch URL https://dl.google.com/android/repository/sys-img/android-wear-cn/sys-img2-4.xml/sys-img.xml, reason: File not found
Failed to fetch URL: File not found
Errors during XML parse:
https://dl.google.com/android/repository/sys-img/android-wear-cn/sys-img2-4.xml parsing problem. unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
Additionally, the fallback loader failed to parse the XML.
Failed to fetch URL https://dl.google.com/android/repository/sys-img/aosp_atd/sys-img2-4.xml/sys-img.xml, reason: File not found
Failed to fetch URL: File not found
Errors during XML parse:
https://dl.google.com/android/repository/sys-img/aosp_atd/sys-img2-4.xml parsing problem. unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"abi"). Expected elements are <{}vendor>,<{}translatedAbis>,<{}abis>,<{}codename>,<{}base-extension>,<{}api-level>,<{}extension-level>,<{}tag>
Additionally, the fallback loader failed to parse the XML.
Failed to fetch URL https://dl.google.com/android/repository/sys-img/android-desktop/sys-img2-4.xml/sys-img.xml, reason: File not found
Failed to fetch URL: File not found
Errors during XML parse:
https://dl.google.com/android/repository/sys-img/android-desktop/sys-img2-4.xml parsing problem. Errors limit exceeded. To receive all errors set com.sun.xml.bind logger to FINEST level.
javax.xml.bind.UnmarshalException: Errors limit exceeded. To receive all errors set com.sun.xml.bind logger to FINEST level.
Additionally, the fallback loader failed to parse the XML.
Checking the license for package Android SDK Build-Tools 34 in /opt/android/licenses
License for package Android SDK Build-Tools 34 accepted.
Preparing "Install Android SDK Build-Tools 34 v.34.0.0".
"Install Android SDK Build-Tools 34 v.34.0.0" ready.
Installing Android SDK Build-Tools 34 in /opt/android/build-tools/34.0.0
"Install Android SDK Build-Tools 34 v.34.0.0" complete.
"Install Android SDK Build-Tools 34 v.34.0.0" finished.
Checking the license for package Android SDK Platform 34 in /opt/android/licenses
License for package Android SDK Platform 34 accepted.
Preparing "Install Android SDK Platform 34 (revision 3)".
"Install Android SDK Platform 34 (revision 3)" ready.
Installing Android SDK Platform 34 in /opt/android/platforms/android-34
"Install Android SDK Platform 34 (revision 3)" complete.
"Install Android SDK Platform 34 (revision 3)" finished.
Checking for updates and analyzing dependencies for vulnerabilities
----------------------------------------------------
.NET Assembly Analyzer could not be initialized and at least one 'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the path; either disable the Assembly Analyzer or add the path to dotnet core in the configuration.
The dotnet 6.0 core runtime or SDK is required to analyze assemblies
----------------------------------------------------
Generating report for project app
Found 70 vulnerabilities in project app
Region [NODEAUDIT] : Not alive and dispose was called, filename: NODEAUDIT
Region [CENTRAL] : Not alive and dispose was called, filename: CENTRAL
Region [POM] : Not alive and dispose was called, filename: POM
One or more dependencies were identified with known vulnerabilities in app:
android-device-provider-local-0.0.9-alpha02.jar/META-INF/maven/com.google.guava/guava/pom.xml (pkg:maven/com.google.guava/[email protected], cpe:2.3:a:google:guava:28.1:*:*:*:*:*:*:*) : CVE-2023-2976, CVE-2020-8908
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-buffer/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2023-34462, CVE-2022-24823
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-codec-http2/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2023-34462, CVE-2022-24823
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-codec-http/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2023-34462, CVE-2022-24823, CVE-2024-29025
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-codec-socks/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2023-34462, CVE-2022-24823
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-codec/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2022-41915, CVE-2023-34462, CVE-2022-24823
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-common/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2023-34462, CVE-2022-24823
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-handler-proxy/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2023-34462, CVE-2022-24823
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-handler/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2023-34462, CVE-2022-24823
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-resolver/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2023-34462, CVE-2022-24823
core-0.0.9-alpha02.jar/META-INF/maven/io.netty/netty-transport/pom.xml (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.72:*:*:*:*:*:*:*) : CVE-2022-41881, CVE-2023-44487, CVE-2023-34462, CVE-2022-24823
launcher-0.0.9-alpha02.jar/META-INF/maven/com.google.protobuf/protobuf-kotlin/pom.xml (pkg:maven/com.google.protobuf/[email protected], cpe:2.3:a:google:protobuf-kotlin:3.18.0:*:*:*:*:*:*:*, cpe:2.3:a:protobuf:protobuf:3.18.0:*:*:*:*:*:*:*) : CVE-2022-3171, CVE-2022-3510, CVE-2021-22569
netty-buffer-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
netty-codec-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
netty-codec-http-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462, CVE-2024-29025
netty-codec-http2-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
netty-codec-socks-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
netty-common-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
netty-handler-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
netty-handler-proxy-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
netty-resolver-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
netty-transport-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
netty-transport-native-unix-common-4.1.93.Final.jar (pkg:maven/io.netty/[email protected], cpe:2.3:a:netty:netty:4.1.93:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-34462
See the dependency-check report for more details.
> Task :app:dependencyCheckAnalyze FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':app:dependencyCheckAnalyze'.
>
Dependency-Analyze Failure:
One or more dependencies were identified with vulnerabilities that have a CVSS score greater than '0.0': CVE-2023-2976, CVE-2022-41881, CVE-2022-3510, CVE-2021-22569, CVE-2022-24823, CVE-2023-34462, CVE-2023-44487, CVE-2022-3171, CVE-2022-41915, CVE-2020-8908, CVE-2024-29025
See the dependency-check report for more details.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment