Hboutemy

**Name of the Vulnerable Software and Affected Versions** PMD (affected versions not specified) **Description** PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in a jar published to Maven Central. Although the private key itself is not known to have been compromised, its potential compromise must be considered due to the exposed passphrase. As a mitigation, both compromised keys have been revoked to prevent future use. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.