Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
Vulnerability Description
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered potentially compromised. As a mitigation, both compromised keys have been revoked so that no future use of the keys are possible. Note, that the published artifacts in Maven Central under the group id net.sourceforge.pmd are not compromised and the signatures are valid.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
PMD 安全漏洞
Vulnerability Description
PMD是一种可扩展的多语言静态源代码分析器。 PMD存在安全漏洞,该漏洞源于发布签名密钥的密码可能被泄露。
CVSS Information
N/A
Vulnerability Type
N/A