Path to dependency file: /app-to-app-java/app-to-app/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom
Path to dependency file: /app-to-app-java/app-to-app/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom
Path to dependency file: /app-to-app-java/app-to-app/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Kotlin Standard Library for JVM
Library home page: https://kotlinlang.org/
Path to dependency file: /app-to-app-java/app-to-app/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom
Found in HEAD commit: 691e25809d42cce5a487504aa376638500c5b492
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-24329
### Vulnerable Library - kotlin-stdlib-1.3.72.jarKotlin Standard Library for JVM
Library home page: https://kotlinlang.org/
Path to dependency file: /app-to-app-java/app-to-app/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom
Dependency Hierarchy: - :x: **kotlin-stdlib-1.3.72.jar** (Vulnerable Library)
Found in HEAD commit: 691e25809d42cce5a487504aa376638500c5b492
Found in base branch: main
### Vulnerability DetailsIn JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
Publish Date: 2022-02-25
URL: CVE-2022-24329
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-2qp4-g3q3-f92w
Release Date: 2022-02-25
Fix Resolution: 1.6.0-M1
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2020-29582
### Vulnerable Library - kotlin-stdlib-1.3.72.jarKotlin Standard Library for JVM
Library home page: https://kotlinlang.org/
Path to dependency file: /app-to-app-java/app-to-app/app/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom,/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.3.72/aecbe532bd46a37d2217a63cc0fed4eca0bd71cc/kotlin-stdlib-1.3.72.pom
Dependency Hierarchy: - :x: **kotlin-stdlib-1.3.72.jar** (Vulnerable Library)
Found in HEAD commit: 691e25809d42cce5a487504aa376638500c5b492
Found in base branch: main
### Vulnerability DetailsIn JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Publish Date: 2021-02-03
URL: CVE-2020-29582
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-cqj8-47ch-rvvq
Release Date: 2021-02-03
Fix Resolution: 1.4.21
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.