Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 7.4.4
Report Generated On: Mon, 24 Feb 2025 16:02:18 GMT
Dependencies Scanned: 177 (137 unique)
Vulnerable Dependencies: 22
Vulnerabilities Found: 38
Vulnerabilities Suppressed: 0
...
NVD CVE Checked: 2025-02-24T15:28:01
NVD CVE Modified: 2025-02-24T15:00:00
VersionCheckOn: 2025-01-29T15:55:14

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
ffl-admindentaire-api-1.0.4.jar		pkg:maven/com.sintia.ffl.admindentaire/ffl-admindentaire-api@1.0.4		0		21
ffl-admindentaire-dal-1.0.4.jar		pkg:maven/com.sintia.ffl.admindentaire/ffl-admindentaire-dal@1.0.4		0		21
ffl-admindentaire-packaging-1.0.4.jar		pkg:maven/com.sintia.ffl.admindentaire/ffl-admindentaire-packaging@1.0.4		0		29
ffl-admindentaire-packaging-1.0.4.jar: HdrHistogram-2.1.12.jar		pkg:maven/org.hdrhistogram/HdrHistogram@2.1.12		0		29
ffl-admindentaire-packaging-1.0.4.jar: HikariCP-4.0.3.jar		pkg:maven/com.zaxxer/HikariCP@4.0.3		0		39
ffl-admindentaire-packaging-1.0.4.jar: LatencyUtils-2.0.3.jar	cpe:2.3:a:utils_project:utils:2.0.3:::::::*	pkg:maven/org.latencyutils/LatencyUtils@2.0.3	MEDIUM	1	Highest	19
ffl-admindentaire-packaging-1.0.4.jar: accessors-smart-2.4.11.jar	cpe:2.3:a:json-java_project:json-java:2.4.11:::::::* cpe:2.3:a:json-smart_project:json-smart:2.4.11:::::::* cpe:2.3:a:json-smart_project:json-smart-v2:2.4.11:::::::*	pkg:maven/net.minidev/accessors-smart@2.4.11	HIGH	2	Low	42
ffl-admindentaire-packaging-1.0.4.jar: android-json-0.0.20131108.vaadin1.jar	cpe:2.3:a:json-java_project:json-java:0.0:20131108::::::	pkg:maven/com.vaadin.external.google/android-json@0.0.20131108.vaadin1	HIGH	2	Low	38
ffl-admindentaire-packaging-1.0.4.jar: antlr-2.7.7.jar		pkg:maven/antlr/antlr@2.7.7		0		17
ffl-admindentaire-packaging-1.0.4.jar: apiguardian-api-1.1.2.jar		pkg:maven/org.apiguardian/apiguardian-api@1.1.2		0		47
ffl-admindentaire-packaging-1.0.4.jar: asm-9.3.jar		pkg:maven/org.ow2.asm/asm@9.3		0		59
ffl-admindentaire-packaging-1.0.4.jar: aspectjweaver-1.9.7.jar		pkg:maven/org.aspectj/aspectjweaver@1.9.7		0		45
ffl-admindentaire-packaging-1.0.4.jar: assertj-core-3.22.0.jar		pkg:maven/org.assertj/assertj-core@3.22.0		0		34
ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-1.12.23.jar		pkg:maven/net.bytebuddy/byte-buddy@1.12.23		0		28
ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-agent-1.12.23.jar		pkg:maven/net.bytebuddy/byte-buddy-agent@1.12.23		0		34
ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-agent-1.12.23.jar: attach_hotspot_windows.dll				0		2
ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-agent-1.12.23.jar: attach_hotspot_windows.dll				0		2
ffl-admindentaire-packaging-1.0.4.jar: cache-api-1.1.1.jar		pkg:maven/javax.cache/cache-api@1.1.1		0		22
ffl-admindentaire-packaging-1.0.4.jar: checker-qual-3.5.0.jar		pkg:maven/org.checkerframework/checker-qual@3.5.0		0		65
ffl-admindentaire-packaging-1.0.4.jar: classmate-1.5.1.jar		pkg:maven/com.fasterxml/classmate@1.5.1		0		56
ffl-admindentaire-packaging-1.0.4.jar: commons-collections4-4.4.jar	cpe:2.3:a:apache:commons_collections:4.4:::::::*	pkg:maven/org.apache.commons/commons-collections4@4.4		0	Highest	106
ffl-admindentaire-packaging-1.0.4.jar: commons-io-2.15.1.jar	cpe:2.3:a:apache:commons_io:2.15.1:::::::*	pkg:maven/commons-io/commons-io@2.15.1		0	Highest	126
ffl-admindentaire-packaging-1.0.4.jar: commons-lang3-3.12.0.jar		pkg:maven/org.apache.commons/commons-lang3@3.12.0		0		140
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-107:3.10.8)		pkg:maven/org.ehcache.modules/ehcache-107@3.10.8		0		21
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-api:3.10.8)		pkg:maven/org.ehcache.modules/ehcache-api@3.10.8		0		21
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-core:3.10.8)		pkg:maven/org.ehcache.modules/ehcache-core@3.10.8		0		21
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-impl:3.10.8)		pkg:maven/org.ehcache.modules/ehcache-impl@3.10.8		0		21
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml-spi:3.10.8)		pkg:maven/org.ehcache.modules/ehcache-xml-spi@3.10.8		0		21
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml:3.10.8)		pkg:maven/org.ehcache.modules/ehcache-xml@3.10.8		0		21
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache:sizeof:0.4.3)		pkg:maven/org.ehcache/sizeof@0.4.3		0		13
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.terracotta:offheap-store:2.5.3)		pkg:maven/org.terracotta/offheap-store@2.5.3		0		17
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.terracotta:statistics:2.1.2)		pkg:maven/org.terracotta/statistics@2.1.2		0		25
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.15)		pkg:maven/org.terracotta/terracotta-utilities-tools@0.0.15		0		19
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar	cpe:2.3:a:service_project:service:3.10.8:::::::*	pkg:maven/org.ehcache/ehcache@3.10.8		0	Low	59
ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar: sizeof-agent.jar				0		8
ffl-admindentaire-packaging-1.0.4.jar: ffl-admin-staging-1.0.8.jar		pkg:maven/com.sintia.ffl.admin/ffl-admin-staging@1.0.8		0		25
ffl-admindentaire-packaging-1.0.4.jar: ffl-adminuicommons-1.0.8.jar		pkg:maven/com.sintia.ffl.adminuicommons/ffl-adminuicommons@1.0.8		0		23
ffl-admindentaire-packaging-1.0.4.jar: ffl-core-api-1.0.22.jar		pkg:maven/com.sintia.ffl.core/ffl-core-api@1.0.22		0		25
ffl-admindentaire-packaging-1.0.4.jar: ffl-core-commons-1.0.22.jar		pkg:maven/com.sintia.ffl.core/ffl-core-commons@1.0.22		0		25
ffl-admindentaire-packaging-1.0.4.jar: ffl-core-dal-1.0.22.jar		pkg:maven/com.sintia.ffl.core/ffl-core-dal@1.0.22		0		25
ffl-admindentaire-packaging-1.0.4.jar: ffl-core-services-1.0.22.jar		pkg:maven/com.sintia.ffl.core/ffl-core-services@1.0.22		0		25
ffl-admindentaire-packaging-1.0.4.jar: ffl-core-sia-1.0.22.jar		pkg:maven/com.sintia.ffl.core/ffl-core-sia@1.0.22		0		25
ffl-admindentaire-packaging-1.0.4.jar: ffl-test-1.0.22.jar		pkg:maven/com.sintia.ffl.core/ffl-test@1.0.22		0		23
ffl-admindentaire-packaging-1.0.4.jar: hamcrest-core-2.2.jar	cpe:2.3:a:steve_project:steve:2.2:::::::*	pkg:maven/org.hamcrest/hamcrest-core@2.2		0	Low	45
ffl-admindentaire-packaging-1.0.4.jar: hibernate-commons-annotations-5.1.2.Final.jar		pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.1.2.Final		0		54
ffl-admindentaire-packaging-1.0.4.jar: hibernate-core-5.6.15.Final.jar	cpe:2.3:a:hibernate:hibernate_orm:5.6.15:::::::*	pkg:maven/org.hibernate/hibernate-core@5.6.15.Final		0	Low	52
ffl-admindentaire-packaging-1.0.4.jar: istack-commons-runtime-3.0.12.jar	cpe:2.3:a:oracle:java_se:3.0.12:::::::*	pkg:maven/com.sun.istack/istack-commons-runtime@3.0.12		0	Low	34
ffl-admindentaire-packaging-1.0.4.jar: jackson-annotations-2.13.5.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.13.5		0	Low	41
ffl-admindentaire-packaging-1.0.4.jar: jackson-core-2.13.5.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:::::::* cpe:2.3:a:json-java_project:json-java:2.13.5:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.5	HIGH	2	Low	50
ffl-admindentaire-packaging-1.0.4.jar: jackson-databind-2.13.5.jar	cpe:2.3:a:fasterxml:jackson-databind:2.13.5:::::::* cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.5	MEDIUM	1	Highest	44
ffl-admindentaire-packaging-1.0.4.jar: jackson-dataformat-yaml-2.13.5.jar	cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.13.5:::::::*	pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.13.5		0	Highest	42
ffl-admindentaire-packaging-1.0.4.jar: jakarta.activation-1.2.2.jar	cpe:2.3:a:oracle:java_se:1.2.2:::::::*	pkg:maven/com.sun.activation/jakarta.activation@1.2.2		0	Low	34
ffl-admindentaire-packaging-1.0.4.jar: jakarta.activation-api-1.2.2.jar		pkg:maven/jakarta.activation/jakarta.activation-api@1.2.2		0		32
ffl-admindentaire-packaging-1.0.4.jar: jakarta.annotation-api-1.3.5.jar	cpe:2.3:a:oracle:java_se:1.3.5:::::::* cpe:2.3:a:oracle:projects:1.3.5:::::::*	pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5		0	Low	36
ffl-admindentaire-packaging-1.0.4.jar: jakarta.jws-api-2.1.0.jar	cpe:2.3:a:web_project:web:2.1.0:::::::*	pkg:maven/jakarta.jws/jakarta.jws-api@2.1.0		0	Low	42
ffl-admindentaire-packaging-1.0.4.jar: jakarta.persistence-api-2.2.3.jar		pkg:maven/jakarta.persistence/jakarta.persistence-api@2.2.3		0		37
ffl-admindentaire-packaging-1.0.4.jar: jakarta.transaction-api-1.3.3.jar	cpe:2.3:a:oracle:projects:1.3.3:::::::*	pkg:maven/jakarta.transaction/jakarta.transaction-api@1.3.3		0	Low	45
ffl-admindentaire-packaging-1.0.4.jar: jakarta.validation-api-2.0.2.jar		pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2		0		57
ffl-admindentaire-packaging-1.0.4.jar: jakarta.xml.bind-api-2.3.3.jar		pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3		0		34
ffl-admindentaire-packaging-1.0.4.jar: jakarta.xml.soap-api-1.4.2.jar	cpe:2.3:a:oracle:java_se:1.4.2:::::::*	pkg:maven/jakarta.xml.soap/jakarta.xml.soap-api@1.4.2		0	Low	43
ffl-admindentaire-packaging-1.0.4.jar: jakarta.xml.ws-api-2.3.3.jar	cpe:2.3:a:web_project:web:2.3.3:::::::*	pkg:maven/jakarta.xml.ws/jakarta.xml.ws-api@2.3.3		0	Low	58
ffl-admindentaire-packaging-1.0.4.jar: jandex-2.4.2.Final.jar		pkg:maven/org.jboss/jandex@2.4.2.Final		0		41
ffl-admindentaire-packaging-1.0.4.jar: java-jwt-4.4.0.jar		pkg:maven/com.auth0/java-jwt@4.4.0		0		42
ffl-admindentaire-packaging-1.0.4.jar: javassist-3.27.0-GA.jar		pkg:maven/org.javassist/javassist@3.27.0-GA		0		57
ffl-admindentaire-packaging-1.0.4.jar: javax.batch-api-1.0.jar		pkg:maven/javax.batch/javax.batch-api@1.0		0		23
ffl-admindentaire-packaging-1.0.4.jar: javax.jws-api-1.1.jar	cpe:2.3:a:oracle:java_se:1.1:::::::*	pkg:maven/javax.jws/javax.jws-api@1.1		0	Low	45
ffl-admindentaire-packaging-1.0.4.jar: jaxb-runtime-2.3.9.jar	cpe:2.3:a:eclipse:glassfish:2.3.9:::::::*	pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9	MEDIUM	1	Highest	48
ffl-admindentaire-packaging-1.0.4.jar: jboss-logging-3.4.3.Final.jar		pkg:maven/org.jboss.logging/jboss-logging@3.4.3.Final		0		44
ffl-admindentaire-packaging-1.0.4.jar: json-path-2.7.0.jar	cpe:2.3:a:json-path:jayway_jsonpath:2.7.0:::::::*	pkg:maven/com.jayway.jsonpath/json-path@2.7.0	MEDIUM	1	Highest	40
ffl-admindentaire-packaging-1.0.4.jar: json-smart-2.4.11.jar	cpe:2.3:a:json-smart_project:json-smart:2.4.11:::::::* cpe:2.3:a:json-smart_project:json-smart-v2:2.4.11:::::::*	pkg:maven/net.minidev/json-smart@2.4.11		0	Highest	52
ffl-admindentaire-packaging-1.0.4.jar: jsonassert-1.5.1.jar		pkg:maven/org.skyscreamer/jsonassert@1.5.1		0		37
ffl-admindentaire-packaging-1.0.4.jar: jul-to-slf4j-1.7.36.jar		pkg:maven/org.slf4j/jul-to-slf4j@1.7.36		0		27
ffl-admindentaire-packaging-1.0.4.jar: junit-4.13.2.jar	cpe:2.3:a:junit:junit4:4.13.2:::::::*	pkg:maven/junit/junit@4.13.2		0	Low	55
ffl-admindentaire-packaging-1.0.4.jar: junit-jupiter-5.11.0.jar		pkg:maven/org.junit.jupiter/junit-jupiter@5.11.0		0		74
ffl-admindentaire-packaging-1.0.4.jar: junit-jupiter-api-5.11.0.jar	cpe:2.3:a:fan_platform_project:fan_platform:5.11.0:::::::*	pkg:maven/org.junit.jupiter/junit-jupiter-api@5.11.0		0	Low	86
ffl-admindentaire-packaging-1.0.4.jar: junit-jupiter-engine-5.11.0.jar		pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.11.0		0		88
ffl-admindentaire-packaging-1.0.4.jar: junit-jupiter-params-5.11.0.jar		pkg:maven/org.junit.jupiter/junit-jupiter-params@5.11.0		0		87
ffl-admindentaire-packaging-1.0.4.jar: junit-platform-engine-1.11.0.jar	cpe:2.3:a:fan_platform_project:fan_platform:1.11.0:::::::*	pkg:maven/org.junit.platform/junit-platform-engine@1.11.0		0	Low	88
ffl-admindentaire-packaging-1.0.4.jar: log4j-api-2.17.2.jar	cpe:2.3:a:apache:log4j:2.17.2:::::::*	pkg:maven/org.apache.logging.log4j/log4j-api@2.17.2		0	Highest	45
ffl-admindentaire-packaging-1.0.4.jar: log4j-to-slf4j-2.17.2.jar		pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2		0		45
ffl-admindentaire-packaging-1.0.4.jar: logback-classic-1.2.12.jar	cpe:2.3:a:qos:logback:1.2.12:::::::*	pkg:maven/ch.qos.logback/logback-classic@1.2.12	HIGH	2	Highest	34
ffl-admindentaire-packaging-1.0.4.jar: logback-core-1.2.12.jar	cpe:2.3:a:qos:logback:1.2.12:::::::*	pkg:maven/ch.qos.logback/logback-core@1.2.12	HIGH	4	Highest	34
ffl-admindentaire-packaging-1.0.4.jar: mapstruct-1.5.5.Final.jar		pkg:maven/org.mapstruct/mapstruct@1.5.5.Final		0		24
ffl-admindentaire-packaging-1.0.4.jar: micrometer-core-1.9.17.jar		pkg:maven/io.micrometer/micrometer-core@1.9.17		0		69
ffl-admindentaire-packaging-1.0.4.jar: mockito-core-5.2.0.jar		pkg:maven/org.mockito/mockito-core@5.2.0		0		46
ffl-admindentaire-packaging-1.0.4.jar: mockito-junit-jupiter-5.2.0.jar		pkg:maven/org.mockito/mockito-junit-jupiter@5.2.0		0		51
ffl-admindentaire-packaging-1.0.4.jar: objenesis-3.3.jar		pkg:maven/org.objenesis/objenesis@3.3		0		35
ffl-admindentaire-packaging-1.0.4.jar: opentest4j-1.3.0.jar		pkg:maven/org.opentest4j/opentest4j@1.3.0		0		66
ffl-admindentaire-packaging-1.0.4.jar: postgresql-42.3.8.jar	cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.3.8:::::::*	pkg:maven/org.postgresql/postgresql@42.3.8	CRITICAL	1	Low	74
ffl-admindentaire-packaging-1.0.4.jar: powermock-api-mockito2-2.0.9.jar		pkg:maven/org.powermock/powermock-api-mockito2@2.0.9		0		44
ffl-admindentaire-packaging-1.0.4.jar: powermock-api-support-2.0.9.jar		pkg:maven/org.powermock/powermock-api-support@2.0.9		0		45
ffl-admindentaire-packaging-1.0.4.jar: powermock-core-2.0.9.jar		pkg:maven/org.powermock/powermock-core@2.0.9		0		41
ffl-admindentaire-packaging-1.0.4.jar: powermock-module-junit4-2.0.9.jar	cpe:2.3:a:junit:junit4:2.0.9:::::::*	pkg:maven/org.powermock/powermock-module-junit4@2.0.9		0	Highest	44
ffl-admindentaire-packaging-1.0.4.jar: powermock-reflect-2.0.9.jar		pkg:maven/org.powermock/powermock-reflect@2.0.9		0		43
ffl-admindentaire-packaging-1.0.4.jar: reactive-streams-1.0.4.jar		pkg:maven/org.reactivestreams/reactive-streams@1.0.4		0		33
ffl-admindentaire-packaging-1.0.4.jar: reactor-core-3.4.34.jar		pkg:maven/io.projectreactor/reactor-core@3.4.34		0		50
ffl-admindentaire-packaging-1.0.4.jar: saaj-impl-1.5.3.jar	cpe:2.3:a:oracle:java_se:1.5.3:::::::*	pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3		0	Low	35
ffl-admindentaire-packaging-1.0.4.jar: slf4j-api-1.7.36.jar		pkg:maven/org.slf4j/slf4j-api@1.7.36		0		28
ffl-admindentaire-packaging-1.0.4.jar: snakeyaml-2.3.jar	cpe:2.3:a:snakeyaml_project:snakeyaml:2.3:::::::*	pkg:maven/org.yaml/snakeyaml@2.3		0	Highest	43
ffl-admindentaire-packaging-1.0.4.jar: spring-batch-core-4.3.10.jar	cpe:2.3:a:pivotal_software:spring_batch:4.3.10:::::::*	pkg:maven/org.springframework.batch/spring-batch-core@4.3.10		0	Highest	84
ffl-admindentaire-packaging-1.0.4.jar: spring-boot-2.7.18.jar	cpe:2.3:a:vmware:spring_boot:2.7.18:::::::*	pkg:maven/org.springframework.boot/spring-boot@2.7.18		0	Highest	42
ffl-admindentaire-packaging-1.0.4.jar: spring-boot-jarmode-layertools-2.7.18.jar	cpe:2.3:a:vmware:spring_boot:2.7.18:::::::* cpe:2.3:a:vmware:spring_boot_tools:2.7.18:::::::* cpe:2.3:a:vmware:spring_tools:2.7.18:::::::*	pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.7.18		0	Highest	49
ffl-admindentaire-packaging-1.0.4.jar: spring-core-5.3.31.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.31:::::::* cpe:2.3:a:springsource:spring_framework:5.3.31:::::::* cpe:2.3:a:vmware:spring_framework:5.3.31:::::::*	pkg:maven/org.springframework/spring-core@5.3.31	MEDIUM	1	Highest	39
ffl-admindentaire-packaging-1.0.4.jar: spring-data-commons-2.7.18.jar	cpe:2.3:a:pivotal_software:spring_data_commons:2.7.18:::::::*	pkg:maven/org.springframework.data/spring-data-commons@2.7.18		0	Highest	29
ffl-admindentaire-packaging-1.0.4.jar: spring-data-jpa-2.7.18.jar	cpe:2.3:a:pivotal_software:spring_data_jpa:2.7.18:::::::*	pkg:maven/org.springframework.data/spring-data-jpa@2.7.18		0	Highest	31
ffl-admindentaire-packaging-1.0.4.jar: spring-expression-5.3.31.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.31:::::::* cpe:2.3:a:springsource:spring_framework:5.3.31:::::::* cpe:2.3:a:vmware:spring_framework:5.3.31:::::::*	pkg:maven/org.springframework/spring-expression@5.3.31	MEDIUM	2	Highest	41
ffl-admindentaire-packaging-1.0.4.jar: spring-integration-core-5.5.20.jar	cpe:2.3:a:vmware:spring_integration:5.5.20:::::::*	pkg:maven/org.springframework.integration/spring-integration-core@5.5.20		0	Highest	57
ffl-admindentaire-packaging-1.0.4.jar: spring-retry-1.3.4.jar		pkg:maven/org.springframework.retry/spring-retry@%24%7Brevision%7D		0		35
ffl-admindentaire-packaging-1.0.4.jar: spring-security-core-5.7.11.jar	cpe:2.3:a:pivotal_software:spring_security:5.7.11:::::::* cpe:2.3:a:vmware:spring_security:5.7.11:::::::*	pkg:maven/org.springframework.security/spring-security-core@5.7.11	HIGH	1	Highest	42
ffl-admindentaire-packaging-1.0.4.jar: spring-security-crypto-5.7.11.jar	cpe:2.3:a:pivotal_software:spring_security:5.7.11:::::::* cpe:2.3:a:vmware:spring_security:5.7.11:::::::*	pkg:maven/org.springframework.security/spring-security-crypto@5.7.11	MEDIUM	1	Highest	44
ffl-admindentaire-packaging-1.0.4.jar: spring-security-test-5.7.11.jar	cpe:2.3:a:pivotal_software:spring_security:5.7.11:::::::* cpe:2.3:a:vmware:spring_security:5.7.11:::::::*	pkg:maven/org.springframework.security/spring-security-test@5.7.11		0	Highest	45
ffl-admindentaire-packaging-1.0.4.jar: spring-security-web-5.7.11.jar	cpe:2.3:a:pivotal_software:spring_security:5.7.11:::::::* cpe:2.3:a:vmware:spring_security:5.7.11:::::::* cpe:2.3:a:web_project:web:5.7.11:::::::*	pkg:maven/org.springframework.security/spring-security-web@5.7.11	HIGH	1	Highest	44
ffl-admindentaire-packaging-1.0.4.jar: spring-web-5.3.31.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.31:::::::* cpe:2.3:a:springsource:spring_framework:5.3.31:::::::* cpe:2.3:a:vmware:spring_framework:5.3.31:::::::* cpe:2.3:a:web_project:web:5.3.31:::::::*	pkg:maven/org.springframework/spring-web@5.3.31	CRITICAL	6	Highest	39
ffl-admindentaire-packaging-1.0.4.jar: spring-webmvc-5.3.31.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.31:::::::* cpe:2.3:a:springsource:spring_framework:5.3.31:::::::* cpe:2.3:a:vmware:spring_framework:5.3.31:::::::*	pkg:maven/org.springframework/spring-webmvc@5.3.31	HIGH	2	Highest	39
ffl-admindentaire-packaging-1.0.4.jar: spring-ws-core-3.1.8.jar	cpe:2.3:a:pivotal_software:spring_web_services:3.1.8:::::::*	pkg:maven/org.springframework.ws/spring-ws-core@3.1.8		0	Low	23
ffl-admindentaire-packaging-1.0.4.jar: springdoc-openapi-common-1.8.0.jar		pkg:maven/org.springdoc/springdoc-openapi-common@1.8.0		0		18
ffl-admindentaire-packaging-1.0.4.jar: springdoc-openapi-ui-1.8.0.jar		pkg:maven/org.springdoc/springdoc-openapi-ui@1.8.0		0		20
ffl-admindentaire-packaging-1.0.4.jar: springdoc-openapi-webmvc-core-1.8.0.jar		pkg:maven/org.springdoc/springdoc-openapi-webmvc-core@1.8.0		0		22
ffl-admindentaire-packaging-1.0.4.jar: stax-ex-1.8.3.jar	cpe:2.3:a:oracle:java_se:1.8.3:::::::* cpe:2.3:a:oracle:projects:1.8.3:::::::*	pkg:maven/org.jvnet.staxex/stax-ex@1.8.3		0	Low	50
ffl-admindentaire-packaging-1.0.4.jar: swagger-core-2.2.20.jar	cpe:2.3:a:http-swagger_project:http-swagger:2.2.20:::::::*	pkg:maven/io.swagger.core.v3/swagger-core@2.2.20		0	Low	39
ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar		pkg:maven/org.webjars/swagger-ui@5.11.8		0		24
ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-initializer.js				0		0
ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui-bundle.js		pkg:javascript/DOMPurify@3.0.9	high	2		3
ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui-es-bundle-core.js				0		0
ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui-es-bundle.js		pkg:javascript/DOMPurify@3.0.9	high	2		3
ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui-standalone-preset.js				0		0
ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui.js				0		0
ffl-admindentaire-packaging-1.0.4.jar: tika-core-2.9.2.jar	cpe:2.3:a:apache:tika:2.9.2:::::::*	pkg:maven/org.apache.tika/tika-core@2.9.2		0	Highest	42
ffl-admindentaire-packaging-1.0.4.jar: tomcat-embed-core-9.0.83.jar	cpe:2.3:a:apache:tomcat:9.0.83:::::::* cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.83:::::::*	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83	HIGH	1	Highest	75
ffl-admindentaire-packaging-1.0.4.jar: tomcat-embed-el-9.0.83.jar		pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.83		0		41
ffl-admindentaire-packaging-1.0.4.jar: txw2-2.3.9.jar	cpe:2.3:a:eclipse:glassfish:2.3.9:::::::*	pkg:maven/org.glassfish.jaxb/txw2@2.3.9	MEDIUM	1	Highest	34
ffl-admindentaire-packaging-1.0.4.jar: validation-api-2.0.1.Final.jar		pkg:maven/javax.validation/validation-api@2.0.1.Final		0		51
ffl-admindentaire-packaging-1.0.4.jar: wsdl4j-1.6.3.jar		pkg:maven/wsdl4j/wsdl4j@1.6.3		0		33
ffl-admindentaire-packaging-1.0.4.jar: xmlunit-core-2.9.1.jar		pkg:maven/org.xmlunit/xmlunit-core@2.9.1	HIGH	1		38
ffl-admindentaire-services-1.0.4.jar		pkg:maven/com.sintia.ffl.admindentaire/ffl-admindentaire-services@1.0.4		0		21
prettify.js				0		0
sort.js				0		0

Dependencies

ffl-admindentaire-api-1.0.4.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-api/target/ffl-admindentaire-api-1.0.4.jar
MD5: a3a706dae2f56390ec553b003ec1b7b5
SHA1: 63d0a4b4702d3339cf867c74e7c57919b29afc22
SHA256:5a9cbbeb8d2fcb32d018a134fec03fe700c4fd403441fce851e8a48210afcd51

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-admindentaire-api	High
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-admindentaire-api	Low
Vendor	pom	groupid	com.sintia.ffl.admindentaire	Highest
Vendor	pom	parent-artifactid	ffl-api-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-admindentaire-api	High
Product	jar	package name	ffl	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-admindentaire-api	High
Product	pom	artifactid	ffl-admindentaire-api	Highest
Product	pom	groupid	com.sintia.ffl.admindentaire	Highest
Product	pom	parent-artifactid	ffl-api-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.4	High
Version	Manifest	Implementation-Version	1.0.4	High
Version	pom	parent-version	1.0.4	Low
Version	pom	version	1.0.4	Highest

Related Dependencies

Identifiers

pkg:maven/com.sintia.ffl.admindentaire/ffl-admindentaire-api@1.0.4 (Confidence:High)

ffl-admindentaire-dal-1.0.4.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-dal/target/ffl-admindentaire-dal-1.0.4.jar
MD5: 4c0a3cddbb1975732c5a622de4b880e3
SHA1: 33095355588d42d4f0c2426be43e7b5f4bd287ca
SHA256:e3aadcae59838a7e8fe54f14129426b1599f57f4f40ca651dcd1db86e4ea6d27

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-admindentaire-dal	High
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-admindentaire-dal	Low
Vendor	pom	groupid	com.sintia.ffl.admindentaire	Highest
Vendor	pom	parent-artifactid	ffl-dal-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-admindentaire-dal	High
Product	jar	package name	ffl	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-admindentaire-dal	High
Product	pom	artifactid	ffl-admindentaire-dal	Highest
Product	pom	groupid	com.sintia.ffl.admindentaire	Highest
Product	pom	parent-artifactid	ffl-dal-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.4	High
Version	Manifest	Implementation-Version	1.0.4	High
Version	pom	parent-version	1.0.4	Low
Version	pom	version	1.0.4	Highest

Related Dependencies

Identifiers

pkg:maven/com.sintia.ffl.admindentaire/ffl-admindentaire-dal@1.0.4 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar
MD5: 3f3cdc2a5392ddaa3bc5606436f9a23f
SHA1: f81294a13fc7d70cf213ce47a53fdb21001ebe0a
SHA256:99b6ae82dbe805acea96512c91dc72dc53eceb7253fc88c6be6352fca47a9111

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-admindentaire-packaging	High
Vendor	jar	package name	com	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	spring-boot-classes	BOOT-INF/classes/	Low
Vendor	Manifest	spring-boot-classpath-index	BOOT-INF/classpath.idx	Low
Vendor	Manifest	spring-boot-layers-index	BOOT-INF/layers.idx	Low
Vendor	Manifest	spring-boot-lib	BOOT-INF/lib/	Low
Vendor	pom	artifactid	ffl-admindentaire-packaging	Low
Vendor	pom	groupid	com.sintia.ffl.admindentaire	Highest
Vendor	pom	parent-artifactid	ffl-admindentaire	Low
Product	file	name	ffl-admindentaire-packaging	High
Product	jar	package name	boot	Highest
Product	jar	package name	boot-inf	Highest
Product	jar	package name	classes	Highest
Product	jar	package name	com	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-admindentaire-packaging	High
Product	Manifest	spring-boot-classes	BOOT-INF/classes/	Low
Product	Manifest	spring-boot-classpath-index	BOOT-INF/classpath.idx	Low
Product	Manifest	spring-boot-layers-index	BOOT-INF/layers.idx	Low
Product	Manifest	spring-boot-lib	BOOT-INF/lib/	Low
Product	pom	artifactid	ffl-admindentaire-packaging	Highest
Product	pom	groupid	com.sintia.ffl.admindentaire	Highest
Product	pom	parent-artifactid	ffl-admindentaire	Medium
Version	file	version	1.0.4	High
Version	Manifest	Implementation-Version	1.0.4	High
Version	pom	version	1.0.4	Highest

Identifiers

pkg:maven/com.sintia.ffl.admindentaire/ffl-admindentaire-packaging@1.0.4 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: HdrHistogram-2.1.12.jar

Description:

        HdrHistogram supports the recording and analyzing sampled data value
        counts across a configurable integer value range with configurable value
        precision within the range. Value precision is expressed as the number of
        significant digits in the value recording, and provides control over value
        quantization behavior across the value range and the subsequent value
        resolution at any given level.

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
BSD-2-Clause: https://opensource.org/licenses/BSD-2-Clause

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/HdrHistogram-2.1.12.jar
MD5: 4b1acf3448b750cb485da7e37384fcd8
SHA1: 6eb7552156e0d517ae80cc2247be1427c8d90452
SHA256:9b47fbae444feaac4b7e04f0ea294569e4bc282bc69d8c2ce2ac3f23577281e2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	HdrHistogram	High
Vendor	jar	package name	hdrhistogram	Highest
Vendor	Manifest	bundle-symbolicname	org.hdrhistogram.HdrHistogram	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.hdrhistogram	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	pom	artifactid	HdrHistogram	Low
Vendor	pom	developer id	giltene	Medium
Vendor	pom	developer name	Gil Tene	Medium
Vendor	pom	groupid	org.hdrhistogram	Highest
Vendor	pom	name	HdrHistogram	High
Vendor	pom	url	http://hdrhistogram.github.io/HdrHistogram/	Highest
Product	file	name	HdrHistogram	High
Product	jar	package name	hdrhistogram	Highest
Product	jar	package name	version	Highest
Product	Manifest	Bundle-Name	HdrHistogram	Medium
Product	Manifest	bundle-symbolicname	org.hdrhistogram.HdrHistogram	Medium
Product	Manifest	Implementation-Title	HdrHistogram	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	Manifest	specification-title	HdrHistogram	Medium
Product	pom	artifactid	HdrHistogram	Highest
Product	pom	developer id	giltene	Low
Product	pom	developer name	Gil Tene	Low
Product	pom	groupid	org.hdrhistogram	Highest
Product	pom	name	HdrHistogram	High
Product	pom	url	http://hdrhistogram.github.io/HdrHistogram/	Medium
Version	file	version	2.1.12	High
Version	Manifest	Bundle-Version	2.1.12	High
Version	Manifest	Implementation-Version	2.1.12	High
Version	pom	version	2.1.12	Highest

Identifiers

pkg:maven/org.hdrhistogram/HdrHistogram@2.1.12 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: HikariCP-4.0.3.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/HikariCP-4.0.3.jar
MD5: e725642926105cd1bbf4ad7fdff5d5a9
SHA1: 107cbdf0db6780a065f895ae9d8fbf3bb0e1c21f
SHA256:7c024aeff1c1063576d74453513f9de6447d8e624d17f8e27f30a2e97688c6c9

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	HikariCP	High
Vendor	jar	package name	pool	Highest
Vendor	jar	package name	zaxxer	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://github.com/brettwooldridge	Low
Vendor	Manifest	bundle-symbolicname	com.zaxxer.HikariCP	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	HikariCP	Low
Vendor	pom	developer email	brett.wooldridge@gmail.com	Low
Vendor	pom	developer name	Brett Wooldridge	Medium
Vendor	pom	groupid	com.zaxxer	Highest
Vendor	pom	name	HikariCP	High
Vendor	pom	organization name	Zaxxer.com	High
Vendor	pom	organization url	brettwooldridge	Medium
Vendor	pom	url	brettwooldridge/HikariCP	Highest
Product	file	name	HikariCP	High
Product	jar	package name	11	Highest
Product	jar	package name	pool	Highest
Product	jar	package name	zaxxer	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://github.com/brettwooldridge	Low
Product	Manifest	Bundle-Name	HikariCP	Medium
Product	Manifest	bundle-symbolicname	com.zaxxer.HikariCP	Medium
Product	Manifest	multi-release	true	Low
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	HikariCP	Highest
Product	pom	developer email	brett.wooldridge@gmail.com	Low
Product	pom	developer name	Brett Wooldridge	Low
Product	pom	groupid	com.zaxxer	Highest
Product	pom	name	HikariCP	High
Product	pom	organization name	Zaxxer.com	Low
Product	pom	url	brettwooldridge	High
Product	pom	url	brettwooldridge/HikariCP	High
Version	file	version	4.0.3	High
Version	Manifest	Bundle-Version	4.0.3	High
Version	pom	version	4.0.3	Highest

Identifiers

pkg:maven/com.zaxxer/HikariCP@4.0.3 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: LatencyUtils-2.0.3.jar

Description:

        LatencyUtils is a package that provides latency recording and reporting utilities.

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/LatencyUtils-2.0.3.jar
MD5: 2ad12e1ef7614cecfb0483fa9ac6da73
SHA1: 769c0b82cb2421c8256300e907298a9410a2a3d3
SHA256:a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	LatencyUtils	High
Vendor	jar	package name	latencyutils	Highest
Vendor	jar	package name	latencyutils	Low
Vendor	pom	artifactid	LatencyUtils	Low
Vendor	pom	developer id	giltene	Medium
Vendor	pom	developer name	Gil Tene	Medium
Vendor	pom	groupid	org.latencyutils	Highest
Vendor	pom	name	LatencyUtils	High
Vendor	pom	url	http://latencyutils.github.io/LatencyUtils/	Highest
Product	file	name	LatencyUtils	High
Product	jar	package name	latencyutils	Highest
Product	pom	artifactid	LatencyUtils	Highest
Product	pom	developer id	giltene	Low
Product	pom	developer name	Gil Tene	Low
Product	pom	groupid	org.latencyutils	Highest
Product	pom	name	LatencyUtils	High
Product	pom	url	http://latencyutils.github.io/LatencyUtils/	Medium
Version	file	version	2.0.3	High
Version	pom	version	2.0.3	Highest

Identifiers

pkg:maven/org.latencyutils/LatencyUtils@2.0.3 (Confidence:High)
cpe:2.3:a:utils_project:utils:2.0.3:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-4277

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.

CWE-330 Use of Insufficiently Random Values

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:utils_project:utils:*:*:*:*:*:*:*:* versions up to (excluding) 2021-05-14

ffl-admindentaire-packaging-1.0.4.jar: accessors-smart-2.4.11.jar

Description:

Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/accessors-smart-2.4.11.jar
MD5: 80590f80d4ddf575548ff83c7235297c
SHA1: 245ceca7bdf3190fbb977045c852d5f3c8efece1
SHA256:2ea7ac03b1b7796d9ec59fcfa271b66ff50cd8019b8c1c997f5883bc30f5a492

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	accessors-smart	High
Vendor	jar	package name	asm	Highest
Vendor	jar	package name	minidev	Highest
Vendor	jar	package name	net	Highest
Vendor	Manifest	bundle-docurl	https://urielch.github.io/	Low
Vendor	Manifest	bundle-symbolicname	net.minidev.accessors-smart	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	accessors-smart	Low
Vendor	pom	developer email	shoothzj@gmail.com	Low
Vendor	pom	developer email	uchemouni@gmail.com	Low
Vendor	pom	developer id	Shoothzj	Medium
Vendor	pom	developer id	uriel	Medium
Vendor	pom	developer name	Uriel Chemouni	Medium
Vendor	pom	developer name	ZhangJian He	Medium
Vendor	pom	groupid	net.minidev	Highest
Vendor	pom	name	ASM based accessors helper used by json-smart	High
Vendor	pom	organization name	Chemouni Uriel	High
Vendor	pom	organization url	https://urielch.github.io/	Medium
Vendor	pom	url	https://urielch.github.io/	Highest
Product	file	name	accessors-smart	High
Product	jar	package name	asm	Highest
Product	jar	package name	minidev	Highest
Product	jar	package name	net	Highest
Product	Manifest	bundle-docurl	https://urielch.github.io/	Low
Product	Manifest	Bundle-Name	accessors-smart	Medium
Product	Manifest	bundle-symbolicname	net.minidev.accessors-smart	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	accessors-smart	Highest
Product	pom	developer email	shoothzj@gmail.com	Low
Product	pom	developer email	uchemouni@gmail.com	Low
Product	pom	developer id	Shoothzj	Low
Product	pom	developer id	uriel	Low
Product	pom	developer name	Uriel Chemouni	Low
Product	pom	developer name	ZhangJian He	Low
Product	pom	groupid	net.minidev	Highest
Product	pom	name	ASM based accessors helper used by json-smart	High
Product	pom	organization name	Chemouni Uriel	Low
Product	pom	organization url	https://urielch.github.io/	Low
Product	pom	url	https://urielch.github.io/	Medium
Version	file	version	2.4.11	High
Version	Manifest	Bundle-Version	2.4.11	High
Version	pom	version	2.4.11	Highest

Identifiers

pkg:maven/net.minidev/accessors-smart@2.4.11 (Confidence:High)
cpe:2.3:a:json-java_project:json-java:2.4.11:*:*:*:*:*:*:* (Confidence:Low)
cpe:2.3:a:json-smart_project:json-smart:2.4.11:*:*:*:*:*:*:* (Confidence:Low)
cpe:2.3:a:json-smart_project:json-smart-v2:2.4.11:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

CWE-787 Out-of-bounds Write

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:* versions up to (including) 20230618

ffl-admindentaire-packaging-1.0.4.jar: android-json-0.0.20131108.vaadin1.jar

Description:

      JSON (JavaScript Object Notation) is a lightweight data-interchange format.
      This is the org.json compatible Android implementation extracted from the Android SDK

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/android-json-0.0.20131108.vaadin1.jar
MD5: 10612241a9cc269501a7a2b8a984b949
SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f
SHA256:dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	android-json	Highest
Vendor	central	groupid	com.vaadin.external.google	Highest
Vendor	file	name	android-json	High
Vendor	jar	package name	json	Highest
Vendor	jar	package name	json	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Vendor	Manifest	bundle-symbolicname	org.json	Medium
Vendor	Manifest	implementation-url	http://developer.android.com/sdk	Low
Vendor	Manifest	Implementation-Vendor	Google	High
Vendor	pom	artifactid	android-json	Low
Vendor	pom	developer email	androiddev	Low
Vendor	pom	developer id	id	Medium
Vendor	pom	developer name	Android Dev	Medium
Vendor	pom	developer org	Google	Medium
Vendor	pom	developer org URL	http://www.google.com	Medium
Vendor	pom	groupid	com.vaadin.external.google	Highest
Vendor	pom	name	JSON library from Android SDK	High
Vendor	pom	url	http://developer.android.com/sdk	Highest
Product	central	artifactid	android-json	Highest
Product	file	name	android-json	High
Product	jar	package name	json	Highest
Product	Manifest	Bundle-Name	json-android	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Product	Manifest	bundle-symbolicname	org.json	Medium
Product	Manifest	implementation-url	http://developer.android.com/sdk	Low
Product	pom	artifactid	android-json	Highest
Product	pom	developer email	androiddev	Low
Product	pom	developer id	id	Low
Product	pom	developer name	Android Dev	Low
Product	pom	developer org	Google	Low
Product	pom	developer org URL	http://www.google.com	Low
Product	pom	groupid	com.vaadin.external.google	Highest
Product	pom	name	JSON library from Android SDK	High
Product	pom	url	http://developer.android.com/sdk	Medium
Version	central	version	0.0.20131108.vaadin1	Highest
Version	Manifest	Bundle-Version	0.0.20131108.vaadin1	High
Version	Manifest	Implementation-Version	0.0.20131108.vaadin1	High
Version	pom	version	0.0.20131108.vaadin1	Highest

Identifiers

pkg:maven/com.vaadin.external.google/android-json@0.0.20131108.vaadin1 (Confidence:High)
cpe:2.3:a:json-java_project:json-java:0.0:20131108:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

CWE-787 Out-of-bounds Write

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:* versions up to (including) 20230618

ffl-admindentaire-packaging-1.0.4.jar: antlr-2.7.7.jar

Description:

    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	antlr	Highest
Vendor	central	groupid	antlr	Highest
Vendor	file	name	antlr	High
Vendor	jar	package name	antlr	Low
Vendor	pom	artifactid	antlr	Low
Vendor	pom	groupid	antlr	Highest
Vendor	pom	name	AntLR Parser Generator	High
Vendor	pom	url	http://www.antlr.org/	Highest
Product	central	artifactid	antlr	Highest
Product	file	name	antlr	High
Product	pom	artifactid	antlr	Highest
Product	pom	groupid	antlr	Highest
Product	pom	name	AntLR Parser Generator	High
Product	pom	url	http://www.antlr.org/	Medium
Version	central	version	2.7.7	Highest
Version	file	version	2.7.7	High
Version	pom	version	2.7.7	Highest

Identifiers

pkg:maven/antlr/antlr@2.7.7 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: apiguardian-api-1.1.2.jar

Description:

@API Guardian

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/apiguardian-api-1.1.2.jar
MD5: 8c7de3f82037fa4a2e8be2a2f13092af
SHA1: a231e0d844d2721b0fa1b238006d15c6ded6842a
SHA256:b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	apiguardian-api	Highest
Vendor	central	groupid	org.apiguardian	Highest
Vendor	file	name	apiguardian-api	High
Vendor	jar	package name	api	Low
Vendor	jar	package name	apiguardian	Highest
Vendor	jar	package name	apiguardian	Low
Vendor	Manifest	build-date	2021-06-27	Low
Vendor	Manifest	build-revision	aa952a1b9d5b4e9cc0af853e2c140c2455b397be	Low
Vendor	Manifest	build-time	14:53:10.089+0200	Low
Vendor	Manifest	bundle-docurl	https://github.com/apiguardian-team/apiguardian	Low
Vendor	Manifest	bundle-symbolicname	org.apiguardian.api	Medium
Vendor	Manifest	Implementation-Vendor	apiguardian.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	Manifest	specification-vendor	apiguardian.org	Low
Vendor	pom	artifactid	apiguardian-api	Low
Vendor	pom	developer email	team@apiguardian.org	Low
Vendor	pom	developer id	apiguardian	Medium
Vendor	pom	developer name	@API Guardian Team	Medium
Vendor	pom	groupid	org.apiguardian	Highest
Vendor	pom	name	org.apiguardian:apiguardian-api	High
Vendor	pom	url	apiguardian-team/apiguardian	Highest
Product	central	artifactid	apiguardian-api	Highest
Product	file	name	apiguardian-api	High
Product	jar	package name	api	Highest
Product	jar	package name	api	Low
Product	jar	package name	apiguardian	Highest
Product	Manifest	build-date	2021-06-27	Low
Product	Manifest	build-revision	aa952a1b9d5b4e9cc0af853e2c140c2455b397be	Low
Product	Manifest	build-time	14:53:10.089+0200	Low
Product	Manifest	bundle-docurl	https://github.com/apiguardian-team/apiguardian	Low
Product	Manifest	Bundle-Name	apiguardian-api	Medium
Product	Manifest	bundle-symbolicname	org.apiguardian.api	Medium
Product	Manifest	Implementation-Title	apiguardian-api	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	specification-title	apiguardian-api	Medium
Product	pom	artifactid	apiguardian-api	Highest
Product	pom	developer email	team@apiguardian.org	Low
Product	pom	developer id	apiguardian	Low
Product	pom	developer name	@API Guardian Team	Low
Product	pom	groupid	org.apiguardian	Highest
Product	pom	name	org.apiguardian:apiguardian-api	High
Product	pom	url	apiguardian-team/apiguardian	High
Version	central	version	1.1.2	Highest
Version	file	version	1.1.2	High
Version	Manifest	Bundle-Version	1.1.2	High
Version	Manifest	Implementation-Version	1.1.2	High
Version	pom	version	1.1.2	Highest

Identifiers

pkg:maven/org.apiguardian/apiguardian-api@1.1.2 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: asm-9.3.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/asm-9.3.jar
MD5: e1c3b96035117ab516ffe0de9bd696e0
SHA1: 8e6300ef51c1d801a7ed62d07cd221aca3a90640
SHA256:1263369b59e29c943918de11d6d6152e2ec6085ce63e5710516f8c67d368e4bc

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	asm	Highest
Vendor	central	groupid	org.ow2.asm	Highest
Vendor	file	name	asm	High
Vendor	jar	package name	asm	Highest
Vendor	jar	package name	asm	Low
Vendor	jar	package name	objectweb	Highest
Vendor	jar	package name	objectweb	Low
Vendor	Manifest	bundle-docurl	http://asm.ow2.org	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	org.objectweb.asm	Medium
Vendor	pom	artifactid	asm	Low
Vendor	pom	developer email	ebruneton@free.fr	Low
Vendor	pom	developer email	eu@javatx.org	Low
Vendor	pom	developer email	forax@univ-mlv.fr	Low
Vendor	pom	developer id	ebruneton	Medium
Vendor	pom	developer id	eu	Medium
Vendor	pom	developer id	forax	Medium
Vendor	pom	developer name	Eric Bruneton	Medium
Vendor	pom	developer name	Eugene Kuleshov	Medium
Vendor	pom	developer name	Remi Forax	Medium
Vendor	pom	groupid	org.ow2.asm	Highest
Vendor	pom	name	asm	High
Vendor	pom	organization name	OW2	High
Vendor	pom	organization url	http://www.ow2.org/	Medium
Vendor	pom	parent-artifactid	ow2	Low
Vendor	pom	parent-groupid	org.ow2	Medium
Vendor	pom	url	http://asm.ow2.io/	Highest
Product	central	artifactid	asm	Highest
Product	file	name	asm	High
Product	jar	package name	asm	Highest
Product	jar	package name	asm	Low
Product	jar	package name	objectweb	Highest
Product	Manifest	bundle-docurl	http://asm.ow2.org	Low
Product	Manifest	Bundle-Name	org.objectweb.asm	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	org.objectweb.asm	Medium
Product	Manifest	Implementation-Title	ASM, a very small and fast Java bytecode manipulation framework	High
Product	pom	artifactid	asm	Highest
Product	pom	developer email	ebruneton@free.fr	Low
Product	pom	developer email	eu@javatx.org	Low
Product	pom	developer email	forax@univ-mlv.fr	Low
Product	pom	developer id	ebruneton	Low
Product	pom	developer id	eu	Low
Product	pom	developer id	forax	Low
Product	pom	developer name	Eric Bruneton	Low
Product	pom	developer name	Eugene Kuleshov	Low
Product	pom	developer name	Remi Forax	Low
Product	pom	groupid	org.ow2.asm	Highest
Product	pom	name	asm	High
Product	pom	organization name	OW2	Low
Product	pom	organization url	http://www.ow2.org/	Low
Product	pom	parent-artifactid	ow2	Medium
Product	pom	parent-groupid	org.ow2	Medium
Product	pom	url	http://asm.ow2.io/	Medium
Version	central	version	9.3	Highest
Version	file	version	9.3	High
Version	Manifest	Implementation-Version	9.3	High
Version	pom	parent-version	9.3	Low
Version	pom	version	9.3	Highest

Identifiers

pkg:maven/org.ow2.asm/asm@9.3 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: aspectjweaver-1.9.7.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/aspectjweaver-1.9.7.jar
MD5: a4d97c5a2f94b8b5d132761a769e5eeb
SHA1: 158f5c255cd3e4408e795b79f7c3fbae9b53b7ca
SHA256:1b448d82bd0f8a8c1842506e6c7edb95ff1a1275ce39f766e7884122b866fe5d

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	aspectjweaver	Highest
Vendor	central	groupid	org.aspectj	Highest
Vendor	file	name	aspectjweaver	High
Vendor	jar	package name	aspectj	Highest
Vendor	jar	package name	aspectj	Low
Vendor	jar	package name	org	Highest
Vendor	jar	package name	weaver	Highest
Vendor	jar	package name	weaver	Low
Vendor	Manifest	automatic-module-name	org.aspectj.weaver	Medium
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	manifest: org/aspectj/weaver/	Implementation-Vendor	https://www.eclipse.org/aspectj/	Medium
Vendor	pom	artifactid	aspectjweaver	Low
Vendor	pom	developer email	aclement@vmware.com	Low
Vendor	pom	developer email	kriegaex@aspectj.dev	Low
Vendor	pom	developer id	aclement	Medium
Vendor	pom	developer id	kriegaex	Medium
Vendor	pom	developer name	Alexander Kriegisch	Medium
Vendor	pom	developer name	Andy Clement	Medium
Vendor	pom	groupid	org.aspectj	Highest
Vendor	pom	name	AspectJ Weaver	High
Vendor	pom	url	https://www.eclipse.org/aspectj/	Highest
Product	central	artifactid	aspectjweaver	Highest
Product	file	name	aspectjweaver	High
Product	jar	package name	aspectj	Highest
Product	jar	package name	org	Highest
Product	jar	package name	weaver	Highest
Product	jar	package name	weaver	Low
Product	Manifest	automatic-module-name	org.aspectj.weaver	Medium
Product	Manifest	can-redefine-classes	true	Low
Product	manifest: org/aspectj/weaver/	Implementation-Title	org.aspectj.weaver	Medium
Product	manifest: org/aspectj/weaver/	Specification-Title	AspectJ Weaver Classes	Medium
Product	pom	artifactid	aspectjweaver	Highest
Product	pom	developer email	aclement@vmware.com	Low
Product	pom	developer email	kriegaex@aspectj.dev	Low
Product	pom	developer id	aclement	Low
Product	pom	developer id	kriegaex	Low
Product	pom	developer name	Alexander Kriegisch	Low
Product	pom	developer name	Andy Clement	Low
Product	pom	groupid	org.aspectj	Highest
Product	pom	name	AspectJ Weaver	High
Product	pom	url	https://www.eclipse.org/aspectj/	Medium
Version	central	version	1.9.7	Highest
Version	file	version	1.9.7	High
Version	manifest: org/aspectj/weaver/	Implementation-Version	1.9.7	Medium
Version	pom	version	1.9.7	Highest

Identifiers

pkg:maven/org.aspectj/aspectjweaver@1.9.7 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: assertj-core-3.22.0.jar

Description:

Rich and fluent assertions for testing for Java

License:

"Apache License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/assertj-core-3.22.0.jar
MD5: 6999964a5d8f78541b1997f873a4206c
SHA1: c300c0c6a24559f35fa0bd3a5472dc1edcd0111e
SHA256:419b7594a869147ee9578f5af2297fdd2c03c07c835927dbf4a7b32ad22cb411

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	assertj-core	High
Vendor	jar	package name	assertions	Highest
Vendor	jar	package name	assertj	Highest
Vendor	jar	package name	core	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-developers	joel-costigliola;email="joel.costigliola at gmail.com";name="Joel Costigliola";roles="Owner,Developer",scordio;name="Stefano Cordio";roles=Developer,PascalSchumacher;name="Pascal Schumacher";roles=Developer,epeee;name="Erhard Pointl";roles=Developer,croesch;name="Christian Rösch";roles=Developer,VanRoy;name="Julien Roy";roles=Developer,regis1512;name="Régis Pouiller";roles=Developer,fbiville;name="Florent Biville";roles=Developer,Patouche;name="Patrick Allain";roles=Developer	Low
Vendor	Manifest	bundle-docurl	https://assertj.github.io/doc/assertj-core/	Low
Vendor	Manifest	bundle-symbolicname	assertj-core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	assertj-core	Low
Vendor	pom	groupid	org.assertj	Highest
Vendor	pom	name	AssertJ fluent assertions	High
Vendor	pom	parent-artifactid	assertj-parent-pom	Low
Product	file	name	assertj-core	High
Product	jar	package name	assertions	Highest
Product	jar	package name	assertj	Highest
Product	jar	package name	core	Highest
Product	jar	package name	filter	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-developers	joel-costigliola;email="joel.costigliola at gmail.com";name="Joel Costigliola";roles="Owner,Developer",scordio;name="Stefano Cordio";roles=Developer,PascalSchumacher;name="Pascal Schumacher";roles=Developer,epeee;name="Erhard Pointl";roles=Developer,croesch;name="Christian Rösch";roles=Developer,VanRoy;name="Julien Roy";roles=Developer,regis1512;name="Régis Pouiller";roles=Developer,fbiville;name="Florent Biville";roles=Developer,Patouche;name="Patrick Allain";roles=Developer	Low
Product	Manifest	bundle-docurl	https://assertj.github.io/doc/assertj-core/	Low
Product	Manifest	Bundle-Name	AssertJ fluent assertions	Medium
Product	Manifest	bundle-symbolicname	assertj-core	Medium
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	assertj-core	Highest
Product	pom	groupid	org.assertj	Highest
Product	pom	name	AssertJ fluent assertions	High
Product	pom	parent-artifactid	assertj-parent-pom	Medium
Version	file	version	3.22.0	High
Version	Manifest	Bundle-Version	3.22.0	High
Version	pom	parent-version	3.22.0	Low
Version	pom	version	3.22.0	Highest

Identifiers

pkg:maven/org.assertj/assertj-core@3.22.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-1.12.23.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/byte-buddy-1.12.23.jar
MD5: bdf44dc7543f6bf2728b6e7d32e3bf8c
SHA1: d470526e8c4566c04e9ae5d3ccb62d1a7aa58986
SHA256:0433a8e4efcc5e137ceb6e7e1d83c2f1f95057c13b66fb92a901f883cb4df4b4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	byte-buddy	High
Vendor	jar	package name	asm	Highest
Vendor	jar	package name	build	Highest
Vendor	jar	package name	bytebuddy	Highest
Vendor	jar	package name	net	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-symbolicname	net.bytebuddy.byte-buddy	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	byte-buddy	Low
Vendor	pom	groupid	net.bytebuddy	Highest
Vendor	pom	name	Byte Buddy (without dependencies)	High
Vendor	pom	parent-artifactid	byte-buddy-parent	Low
Product	file	name	byte-buddy	High
Product	jar	package name	asm	Highest
Product	jar	package name	build	Highest
Product	jar	package name	bytebuddy	Highest
Product	jar	package name	net	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	Byte Buddy (without dependencies)	Medium
Product	Manifest	bundle-symbolicname	net.bytebuddy.byte-buddy	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	byte-buddy	Highest
Product	pom	groupid	net.bytebuddy	Highest
Product	pom	name	Byte Buddy (without dependencies)	High
Product	pom	parent-artifactid	byte-buddy-parent	Medium
Version	file	version	1.12.23	High
Version	Manifest	Bundle-Version	1.12.23	High
Version	pom	version	1.12.23	Highest

Identifiers

pkg:maven/net.bytebuddy/byte-buddy@1.12.23 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-agent-1.12.23.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/byte-buddy-agent-1.12.23.jar
MD5: 15cd1a3d076537256a99562195b98349
SHA1: 1cba11fdb72c383edacb909f79ae6870efd275e4
SHA256:5817228bb0ed87129e9e36fb38c8cba9c2a2d5ecccce30b7606440bccf6f79e0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	byte-buddy-agent	High
Vendor	jar	package name	agent	Highest
Vendor	jar	package name	bytebuddy	Highest
Vendor	jar	package name	net	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-symbolicname	net.bytebuddy.byte-buddy-agent	Medium
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	Manifest	can-retransform-classes	true	Low
Vendor	Manifest	can-set-native-method-prefix	true	Low
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"	Low
Vendor	pom	artifactid	byte-buddy-agent	Low
Vendor	pom	groupid	net.bytebuddy	Highest
Vendor	pom	name	Byte Buddy agent	High
Vendor	pom	parent-artifactid	byte-buddy-parent	Low
Product	file	name	byte-buddy-agent	High
Product	jar	package name	agent	Highest
Product	jar	package name	bytebuddy	Highest
Product	jar	package name	net	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	Byte Buddy agent	Medium
Product	Manifest	bundle-symbolicname	net.bytebuddy.byte-buddy-agent	Medium
Product	Manifest	can-redefine-classes	true	Low
Product	Manifest	can-retransform-classes	true	Low
Product	Manifest	can-set-native-method-prefix	true	Low
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"	Low
Product	pom	artifactid	byte-buddy-agent	Highest
Product	pom	groupid	net.bytebuddy	Highest
Product	pom	name	Byte Buddy agent	High
Product	pom	parent-artifactid	byte-buddy-parent	Medium
Version	file	version	1.12.23	High
Version	Manifest	Bundle-Version	1.12.23	High
Version	pom	version	1.12.23	Highest

Identifiers

pkg:maven/net.bytebuddy/byte-buddy-agent@1.12.23 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-agent-1.12.23.jar: attach_hotspot_windows.dll

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/byte-buddy-agent-1.12.23.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	attach_hotspot_windows	High
Product	file	name	attach_hotspot_windows	High

Identifiers

None

ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-agent-1.12.23.jar: attach_hotspot_windows.dll

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/byte-buddy-agent-1.12.23.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	attach_hotspot_windows	High
Product	file	name	attach_hotspot_windows	High

Identifiers

None

ffl-admindentaire-packaging-1.0.4.jar: cache-api-1.1.1.jar

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/cache-api-1.1.1.jar
MD5: dfdac9358e140e61c574abb1ada84dc9
SHA1: c56fb980eb5208bfee29a9a5b9d951aba076bd91
SHA256:9f34e007edfa82a7b2a2e1b969477dcf5099ce7f4f926fb54ce7e27c4a0cd54b

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	cache-api	High
Vendor	jar	package name	cache	Highest
Vendor	jar	package name	javax	Highest
Vendor	jar	package name	spi	Highest
Vendor	Manifest	bundle-symbolicname	javax.cache.api	Medium
Vendor	pom	artifactid	cache-api	Low
Vendor	pom	groupid	javax.cache	Highest
Vendor	pom	name	JSR107 API and SPI	High
Vendor	pom	url	jsr107/jsr107spec	Highest
Product	file	name	cache-api	High
Product	jar	package name	cache	Highest
Product	jar	package name	javax	Highest
Product	jar	package name	spi	Highest
Product	Manifest	Bundle-Name	JSR107 API and SPI	Medium
Product	Manifest	bundle-symbolicname	javax.cache.api	Medium
Product	pom	artifactid	cache-api	Highest
Product	pom	groupid	javax.cache	Highest
Product	pom	name	JSR107 API and SPI	High
Product	pom	url	jsr107/jsr107spec	High
Version	file	version	1.1.1	High
Version	Manifest	Bundle-Version	1.1.1	High
Version	pom	version	1.1.1	Highest

Identifiers

pkg:maven/javax.cache/cache-api@1.1.1 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: checker-qual-3.5.0.jar

Description:

        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.

        Please
        see artifact:
        org.checkerframework:checker

License:

The MIT License: http://opensource.org/licenses/MIT

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/checker-qual-3.5.0.jar
MD5: 4464def1ed5c10f248ebfe1bccbedf1a
SHA1: 2f50520c8abea66fbd8d26e481d3aef5c673b510
SHA256:729990b3f18a95606fc2573836b6958bcdb44cb52bfbd1b7aa9c339cff35a5a4

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	checker-qual	Highest
Vendor	central	groupid	org.checkerframework	Highest
Vendor	file	name	checker-qual	High
Vendor	jar	package name	checker	Highest
Vendor	jar	package name	checker	Low
Vendor	jar	package name	checkerframework	Highest
Vendor	jar	package name	checkerframework	Low
Vendor	jar	package name	qual	Highest
Vendor	Manifest	automatic-module-name	org.checkerframework.checker.qual	Medium
Vendor	Manifest	bundle-symbolicname	checker-qual	Medium
Vendor	Manifest	implementation-url	https://checkerframework.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	checker-qual	Low
Vendor	pom	developer email	mernst@cs.washington.edu	Low
Vendor	pom	developer email	smillst@cs.washington.edu	Low
Vendor	pom	developer email	wdietl@uwaterloo.ca	Low
Vendor	pom	developer id	mernst	Medium
Vendor	pom	developer id	smillst	Medium
Vendor	pom	developer id	wmdietl	Medium
Vendor	pom	developer name	Michael Ernst	Medium
Vendor	pom	developer name	Suzanne Millstein	Medium
Vendor	pom	developer name	Werner M. Dietl	Medium
Vendor	pom	developer org	University of Washington	Medium
Vendor	pom	developer org	University of Waterloo	Medium
Vendor	pom	developer org URL	http://uwaterloo.ca/	Medium
Vendor	pom	developer org URL	https://www.cs.washington.edu/	Medium
Vendor	pom	developer org URL	https://www.cs.washington.edu/research/plse/	Medium
Vendor	pom	groupid	org.checkerframework	Highest
Vendor	pom	name	Checker Qual	High
Vendor	pom	url	https://checkerframework.org	Highest
Product	central	artifactid	checker-qual	Highest
Product	file	name	checker-qual	High
Product	jar	package name	checker	Highest
Product	jar	package name	checker	Low
Product	jar	package name	checkerframework	Highest
Product	jar	package name	qual	Highest
Product	jar	package name	qual	Low
Product	Manifest	automatic-module-name	org.checkerframework.checker.qual	Medium
Product	Manifest	Bundle-Name	checker-qual	Medium
Product	Manifest	bundle-symbolicname	checker-qual	Medium
Product	Manifest	implementation-url	https://checkerframework.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	checker-qual	Highest
Product	pom	developer email	mernst@cs.washington.edu	Low
Product	pom	developer email	smillst@cs.washington.edu	Low
Product	pom	developer email	wdietl@uwaterloo.ca	Low
Product	pom	developer id	mernst	Low
Product	pom	developer id	smillst	Low
Product	pom	developer id	wmdietl	Low
Product	pom	developer name	Michael Ernst	Low
Product	pom	developer name	Suzanne Millstein	Low
Product	pom	developer name	Werner M. Dietl	Low
Product	pom	developer org	University of Washington	Low
Product	pom	developer org	University of Waterloo	Low
Product	pom	developer org URL	http://uwaterloo.ca/	Low
Product	pom	developer org URL	https://www.cs.washington.edu/	Low
Product	pom	developer org URL	https://www.cs.washington.edu/research/plse/	Low
Product	pom	groupid	org.checkerframework	Highest
Product	pom	name	Checker Qual	High
Product	pom	url	https://checkerframework.org	Medium
Version	central	version	3.5.0	Highest
Version	file	version	3.5.0	High
Version	Manifest	Bundle-Version	3.5.0	High
Version	Manifest	Implementation-Version	3.5.0	High
Version	pom	version	3.5.0	Highest

Identifiers

pkg:maven/org.checkerframework/checker-qual@3.5.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: classmate-1.5.1.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256:aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	classmate	High
Vendor	jar	package name	classmate	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	types	Highest
Vendor	Manifest	automatic-module-name	com.fasterxml.classmate	Medium
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/java-classmate	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.classmate	Medium
Vendor	Manifest	implementation-build-date	2019-10-19 22:46:35+0000	Low
Vendor	Manifest	Implementation-Vendor	fasterxml.com	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	Manifest	specification-vendor	fasterxml.com	Low
Vendor	pom	artifactid	classmate	Low
Vendor	pom	developer email	blangel@ocheyedan.net	Low
Vendor	pom	developer email	tatu@fasterxml.com	Low
Vendor	pom	developer id	blangel	Medium
Vendor	pom	developer id	tatu	Medium
Vendor	pom	developer name	Brian Langel	Medium
Vendor	pom	developer name	Tatu Saloranta	Medium
Vendor	pom	groupid	com.fasterxml	Highest
Vendor	pom	name	ClassMate	High
Vendor	pom	organization name	fasterxml.com	High
Vendor	pom	organization url	https://fasterxml.com	Medium
Vendor	pom	parent-artifactid	oss-parent	Low
Vendor	pom	url	FasterXML/java-classmate	Highest
Product	file	name	classmate	High
Product	jar	package name	classmate	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	filter	Highest
Product	jar	package name	types	Highest
Product	Manifest	automatic-module-name	com.fasterxml.classmate	Medium
Product	Manifest	bundle-docurl	https://github.com/FasterXML/java-classmate	Low
Product	Manifest	Bundle-Name	ClassMate	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.classmate	Medium
Product	Manifest	implementation-build-date	2019-10-19 22:46:35+0000	Low
Product	Manifest	Implementation-Title	ClassMate	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	specification-title	ClassMate	Medium
Product	pom	artifactid	classmate	Highest
Product	pom	developer email	blangel@ocheyedan.net	Low
Product	pom	developer email	tatu@fasterxml.com	Low
Product	pom	developer id	blangel	Low
Product	pom	developer id	tatu	Low
Product	pom	developer name	Brian Langel	Low
Product	pom	developer name	Tatu Saloranta	Low
Product	pom	groupid	com.fasterxml	Highest
Product	pom	name	ClassMate	High
Product	pom	organization name	fasterxml.com	Low
Product	pom	organization url	https://fasterxml.com	Low
Product	pom	parent-artifactid	oss-parent	Medium
Product	pom	url	FasterXML/java-classmate	High
Version	file	version	1.5.1	High
Version	Manifest	Bundle-Version	1.5.1	High
Version	Manifest	Implementation-Version	1.5.1	High
Version	pom	parent-version	1.5.1	Low
Version	pom	version	1.5.1	Highest

Identifiers

pkg:maven/com.fasterxml/classmate@1.5.1 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-collections4	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	collections4	Highest
Vendor	jar	package name	commons	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.collections4	Medium
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-collections/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-collections4	Medium
Vendor	Manifest	implementation-url	https://commons.apache.org/proper/commons-collections/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache.commons	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-collections4	Low
Vendor	pom	developer id	adriannistor	Medium
Vendor	pom	developer id	amamment	Medium
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	dlaha	Medium
Vendor	pom	developer id	geirm	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	luc	Medium
Vendor	pom	developer id	matth	Medium
Vendor	pom	developer id	mbenson	Medium
Vendor	pom	developer id	morgand	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer id	tn	Medium
Vendor	pom	developer name	Adrian Nistor	Medium
Vendor	pom	developer name	Arun M. Thomas	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	Dipanjan Laha	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Geir Magnusson	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Luc Maisonobe	Medium
Vendor	pom	developer name	Matt Benson	Medium
Vendor	pom	developer name	Matthew Hawthorne	Medium
Vendor	pom	developer name	Morgan Delagrange	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Thomas Neidhart	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Collections	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-collections/	Highest
Product	file	name	commons-collections4	High
Product	jar	package name	apache	Highest
Product	jar	package name	collections4	Highest
Product	jar	package name	commons	Highest
Product	Manifest	automatic-module-name	org.apache.commons.collections4	Medium
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-collections/	Low
Product	Manifest	Bundle-Name	Apache Commons Collections	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-collections4	Medium
Product	Manifest	Implementation-Title	Apache Commons Collections	High
Product	Manifest	implementation-url	https://commons.apache.org/proper/commons-collections/	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Commons Collections	Medium
Product	pom	artifactid	commons-collections4	Highest
Product	pom	developer id	adriannistor	Low
Product	pom	developer id	amamment	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	dlaha	Low
Product	pom	developer id	geirm	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	luc	Low
Product	pom	developer id	matth	Low
Product	pom	developer id	mbenson	Low
Product	pom	developer id	morgand	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer id	tn	Low
Product	pom	developer name	Adrian Nistor	Low
Product	pom	developer name	Arun M. Thomas	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	Dipanjan Laha	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Geir Magnusson	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Luc Maisonobe	Low
Product	pom	developer name	Matt Benson	Low
Product	pom	developer name	Matthew Hawthorne	Low
Product	pom	developer name	Morgan Delagrange	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Thomas Neidhart	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Collections	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-collections/	Medium
Version	file	version	4.4	High
Version	Manifest	Implementation-Version	4.4	High
Version	pom	parent-version	4.4	Low
Version	pom	version	4.4	Highest

Identifiers

pkg:maven/org.apache.commons/commons-collections4@4.4 (Confidence:High)
cpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: commons-io-2.15.1.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/commons-io-2.15.1.jar
MD5: 84351f7991a0e6722f00e96a4ccc376f
SHA1: f11560da189ab563a5c8e351941415430e9304ea
SHA256:a58af12ee1b68cfd2ebb0c27caef164f084381a00ec81a48cc275fd7ea54e154

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-io	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	file	Highest
Vendor	jar	package name	io	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.io	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-io/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-io	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-io	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	dion@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jeremias@apache.org	Low
Vendor	pom	developer email	jochen.wiedmann@gmail.com	Low
Vendor	pom	developer email	krosenvold@apache.org	Low
Vendor	pom	developer email	martinc@apache.org	Low
Vendor	pom	developer email	matth@apache.org	Low
Vendor	pom	developer email	nicolaken@apache.org	Low
Vendor	pom	developer email	roxspring@apache.org	Low
Vendor	pom	developer email	sanders@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	dion	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jeremias	Medium
Vendor	pom	developer id	jochen	Medium
Vendor	pom	developer id	jukka	Medium
Vendor	pom	developer id	krosenvold	Medium
Vendor	pom	developer id	martinc	Medium
Vendor	pom	developer id	matth	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	nicolaken	Medium
Vendor	pom	developer id	roxspring	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	dIon Gillard	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	Jeremias Maerki	Medium
Vendor	pom	developer name	Jochen Wiedmann	Medium
Vendor	pom	developer name	Jukka Zitting	Medium
Vendor	pom	developer name	Kristian Rosenvold	Medium
Vendor	pom	developer name	Martin Cooper	Medium
Vendor	pom	developer name	Matthew Hawthorne	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Nicola Ken Barozzi	Medium
Vendor	pom	developer name	Rob Oxspring	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-io	Highest
Vendor	pom	name	Apache Commons IO	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-io/	Highest
Product	file	name	commons-io	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	file	Highest
Product	jar	package name	io	Highest
Product	Manifest	automatic-module-name	org.apache.commons.io	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-io/	Low
Product	Manifest	Bundle-Name	Apache Commons IO	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-io	Medium
Product	Manifest	Implementation-Title	Apache Commons IO	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Commons IO	Medium
Product	pom	artifactid	commons-io	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	dion@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jeremias@apache.org	Low
Product	pom	developer email	jochen.wiedmann@gmail.com	Low
Product	pom	developer email	krosenvold@apache.org	Low
Product	pom	developer email	martinc@apache.org	Low
Product	pom	developer email	matth@apache.org	Low
Product	pom	developer email	nicolaken@apache.org	Low
Product	pom	developer email	roxspring@apache.org	Low
Product	pom	developer email	sanders@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	dion	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jeremias	Low
Product	pom	developer id	jochen	Low
Product	pom	developer id	jukka	Low
Product	pom	developer id	krosenvold	Low
Product	pom	developer id	martinc	Low
Product	pom	developer id	matth	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	nicolaken	Low
Product	pom	developer id	roxspring	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	dIon Gillard	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	Jeremias Maerki	Low
Product	pom	developer name	Jochen Wiedmann	Low
Product	pom	developer name	Jukka Zitting	Low
Product	pom	developer name	Kristian Rosenvold	Low
Product	pom	developer name	Martin Cooper	Low
Product	pom	developer name	Matthew Hawthorne	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Nicola Ken Barozzi	Low
Product	pom	developer name	Rob Oxspring	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-io	Highest
Product	pom	name	Apache Commons IO	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-io/	Medium
Version	file	version	2.15.1	High
Version	Manifest	Bundle-Version	2.15.1	High
Version	Manifest	Implementation-Version	2.15.1	High
Version	pom	parent-version	2.15.1	Low
Version	pom	version	2.15.1	Highest

Identifiers

pkg:maven/commons-io/commons-io@2.15.1 (Confidence:High)
cpe:2.3:a:apache:commons_io:2.15.1:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: commons-lang3-3.12.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/commons-lang3-3.12.0.jar
MD5: 19fe50567358922bdad277959ea69545
SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
SHA256:d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-lang3	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	lang3	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-lang3	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory@apache.org	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	joerg.schaible@gmx.de	Low
Vendor	pom	developer email	lguibert@apache.org	Low
Vendor	pom	developer email	oheger@apache.org	Low
Vendor	pom	developer email	pbenedict@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	scolebourne@joda.org	Low
Vendor	pom	developer email	stevencaswell@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	fredrik	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	joehni	Medium
Vendor	pom	developer id	lguibert	Medium
Vendor	pom	developer id	mbenson	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	oheger	Medium
Vendor	pom	developer id	pbenedict	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	scaswell	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Fredrik Westermarck	Medium
Vendor	pom	developer name	Gary D. Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Joerg Schaible	Medium
Vendor	pom	developer name	Loic Guibert	Medium
Vendor	pom	developer name	Matt Benson	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Oliver Heger	Medium
Vendor	pom	developer name	Paul Benedict	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Steven Caswell	Medium
Vendor	pom	developer org	Carman Consulting, Inc.	Medium
Vendor	pom	developer org	CollabNet, Inc.	Medium
Vendor	pom	developer org	SITA ATS Ltd	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Lang	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-lang/	Highest
Product	file	name	commons-lang3	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	lang3	Highest
Product	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Product	Manifest	Bundle-Name	Apache Commons Lang	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Product	Manifest	Implementation-Title	Apache Commons Lang	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Commons Lang	Medium
Product	pom	artifactid	commons-lang3	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory@apache.org	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	joerg.schaible@gmx.de	Low
Product	pom	developer email	lguibert@apache.org	Low
Product	pom	developer email	oheger@apache.org	Low
Product	pom	developer email	pbenedict@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	scolebourne@joda.org	Low
Product	pom	developer email	stevencaswell@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	fredrik	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	joehni	Low
Product	pom	developer id	lguibert	Low
Product	pom	developer id	mbenson	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	oheger	Low
Product	pom	developer id	pbenedict	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	scaswell	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Fredrik Westermarck	Low
Product	pom	developer name	Gary D. Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Joerg Schaible	Low
Product	pom	developer name	Loic Guibert	Low
Product	pom	developer name	Matt Benson	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Oliver Heger	Low
Product	pom	developer name	Paul Benedict	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Steven Caswell	Low
Product	pom	developer org	Carman Consulting, Inc.	Low
Product	pom	developer org	CollabNet, Inc.	Low
Product	pom	developer org	SITA ATS Ltd	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Lang	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-lang/	Medium
Version	file	version	3.12.0	High
Version	Manifest	Bundle-Version	3.12.0	High
Version	Manifest	Implementation-Version	3.12.0	High
Version	pom	parent-version	3.12.0	Low
Version	pom	version	3.12.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-lang3@3.12.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-107:3.10.8)

Description:

The JSR-107 compatibility module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-107/pom.xml
MD5: cbb6582f7bae2d80eba99428ba1fa879
SHA1: 93ece0b8696af1b39d5a59f4ac001ff67ade031b
SHA256:881431ccba0094c52fde3d05f6800c5fa488f21ce8e0c253b3080868822362cb

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	ehcache-107	Low
Vendor	pom	developer email	tc-oss@softwareag.com	Low
Vendor	pom	developer name	Terracotta Engineers	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	http://ehcache.org	Medium
Vendor	pom	groupid	org.ehcache.modules	Highest
Vendor	pom	name	Ehcache 3 JSR-107 module	High
Vendor	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	High
Vendor	pom	organization url	http://terracotta.org	Medium
Vendor	pom	url	http://ehcache.org	Highest
Product	pom	artifactid	ehcache-107	Highest
Product	pom	developer email	tc-oss@softwareag.com	Low
Product	pom	developer name	Terracotta Engineers	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	http://ehcache.org	Low
Product	pom	groupid	org.ehcache.modules	Highest
Product	pom	name	Ehcache 3 JSR-107 module	High
Product	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	organization url	http://terracotta.org	Low
Product	pom	url	http://ehcache.org	Medium
Version	pom	version	3.10.8	Highest

Identifiers

pkg:maven/org.ehcache.modules/ehcache-107@3.10.8 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-api:3.10.8)

Description:

The API module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-api/pom.xml
MD5: 684f68673f7e1877dd8710c9c20b66a8
SHA1: 5cb0644b5714e1cd3b9ed067db5b74c1d2f90405
SHA256:8cb81dbe787af826481c2a79ad85bef6e46cf429a982a765581142a823db54e5

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	ehcache-api	Low
Vendor	pom	developer email	tc-oss@softwareag.com	Low
Vendor	pom	developer name	Terracotta Engineers	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	http://ehcache.org	Medium
Vendor	pom	groupid	org.ehcache.modules	Highest
Vendor	pom	name	Ehcache 3 API module	High
Vendor	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	High
Vendor	pom	organization url	http://terracotta.org	Medium
Vendor	pom	url	http://ehcache.org	Highest
Product	pom	artifactid	ehcache-api	Highest
Product	pom	developer email	tc-oss@softwareag.com	Low
Product	pom	developer name	Terracotta Engineers	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	http://ehcache.org	Low
Product	pom	groupid	org.ehcache.modules	Highest
Product	pom	name	Ehcache 3 API module	High
Product	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	organization url	http://terracotta.org	Low
Product	pom	url	http://ehcache.org	Medium
Version	pom	version	3.10.8	Highest

Identifiers

pkg:maven/org.ehcache.modules/ehcache-api@3.10.8 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-core:3.10.8)

Description:

The Core module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-core/pom.xml
MD5: 81e4d90adf09bff8de32a927f13fa7dd
SHA1: 1603c939dbc836b9a67ba29c8e3f5bde24a35345
SHA256:d26e487336af1baa60250c41d3f30d6f62fed549c8f282ecccdbb9a905f00a3f

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	ehcache-core	Low
Vendor	pom	developer email	tc-oss@softwareag.com	Low
Vendor	pom	developer name	Terracotta Engineers	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	http://ehcache.org	Medium
Vendor	pom	groupid	org.ehcache.modules	Highest
Vendor	pom	name	Ehcache 3 Core module	High
Vendor	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	High
Vendor	pom	organization url	http://terracotta.org	Medium
Vendor	pom	url	http://ehcache.org	Highest
Product	pom	artifactid	ehcache-core	Highest
Product	pom	developer email	tc-oss@softwareag.com	Low
Product	pom	developer name	Terracotta Engineers	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	http://ehcache.org	Low
Product	pom	groupid	org.ehcache.modules	Highest
Product	pom	name	Ehcache 3 Core module	High
Product	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	organization url	http://terracotta.org	Low
Product	pom	url	http://ehcache.org	Medium
Version	pom	version	3.10.8	Highest

Identifiers

pkg:maven/org.ehcache.modules/ehcache-core@3.10.8 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-impl:3.10.8)

Description:

The implementation module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-impl/pom.xml
MD5: 68666160c19c3a231099a0d5d61f364f
SHA1: 99176e4618d2a09bbef35ab175273edf50b72f3c
SHA256:9ccbc05db652fe94233c346648fb06d503bfbf27f13aaaec4be87752b14f1d9c

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	ehcache-impl	Low
Vendor	pom	developer email	tc-oss@softwareag.com	Low
Vendor	pom	developer name	Terracotta Engineers	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	http://ehcache.org	Medium
Vendor	pom	groupid	org.ehcache.modules	Highest
Vendor	pom	name	Ehcache 3 Implementation module	High
Vendor	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	High
Vendor	pom	organization url	http://terracotta.org	Medium
Vendor	pom	url	http://ehcache.org	Highest
Product	pom	artifactid	ehcache-impl	Highest
Product	pom	developer email	tc-oss@softwareag.com	Low
Product	pom	developer name	Terracotta Engineers	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	http://ehcache.org	Low
Product	pom	groupid	org.ehcache.modules	Highest
Product	pom	name	Ehcache 3 Implementation module	High
Product	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	organization url	http://terracotta.org	Low
Product	pom	url	http://ehcache.org	Medium
Version	pom	version	3.10.8	Highest

Identifiers

pkg:maven/org.ehcache.modules/ehcache-impl@3.10.8 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml-spi:3.10.8)

Description:

This module contains the XML parsing SPI for Ehcache 3. This allows Ehcache extension services to provide XML configuration capabilities.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-xml-spi/pom.xml
MD5: d692ac727407f129dc07ce98a6c309b2
SHA1: 35f69aaa6f9b7b413aa6c12c969f0e91ba1ffb1f
SHA256:aecb4a20f1ce69a777649b65343557329e031641481841a233973d857d2ba32d

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	ehcache-xml-spi	Low
Vendor	pom	developer email	tc-oss@softwareag.com	Low
Vendor	pom	developer name	Terracotta Engineers	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	http://ehcache.org	Medium
Vendor	pom	groupid	org.ehcache.modules	Highest
Vendor	pom	name	Ehcache 3 XML Parsing SPI Module	High
Vendor	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	High
Vendor	pom	organization url	http://terracotta.org	Medium
Vendor	pom	url	http://ehcache.org	Highest
Product	pom	artifactid	ehcache-xml-spi	Highest
Product	pom	developer email	tc-oss@softwareag.com	Low
Product	pom	developer name	Terracotta Engineers	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	http://ehcache.org	Low
Product	pom	groupid	org.ehcache.modules	Highest
Product	pom	name	Ehcache 3 XML Parsing SPI Module	High
Product	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	organization url	http://terracotta.org	Low
Product	pom	url	http://ehcache.org	Medium
Version	pom	version	3.10.8	Highest

Identifiers

pkg:maven/org.ehcache.modules/ehcache-xml-spi@3.10.8 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml:3.10.8)

Description:

The module containing all XML parsing logic Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-xml/pom.xml
MD5: c0cfdd21ebfc0207a9516d08ab7e2858
SHA1: 0cec45ad454b3eb0d5cd4a5f4fffd71b1e462e31
SHA256:bd6c0ce56beca6eb6b0b6a55fcf3c86a652b8ddc0bb2cf390c8c3f3e660603fe

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	ehcache-xml	Low
Vendor	pom	developer email	tc-oss@softwareag.com	Low
Vendor	pom	developer name	Terracotta Engineers	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	http://ehcache.org	Medium
Vendor	pom	groupid	org.ehcache.modules	Highest
Vendor	pom	name	Ehcache 3 XML Parsing module	High
Vendor	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	High
Vendor	pom	organization url	http://terracotta.org	Medium
Vendor	pom	url	http://ehcache.org	Highest
Product	pom	artifactid	ehcache-xml	Highest
Product	pom	developer email	tc-oss@softwareag.com	Low
Product	pom	developer name	Terracotta Engineers	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	http://ehcache.org	Low
Product	pom	groupid	org.ehcache.modules	Highest
Product	pom	name	Ehcache 3 XML Parsing module	High
Product	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	organization url	http://terracotta.org	Low
Product	pom	url	http://ehcache.org	Medium
Version	pom	version	3.10.8	Highest

Identifiers

pkg:maven/org.ehcache.modules/ehcache-xml@3.10.8 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache:sizeof:0.4.3)

Description:

SizeOf engine, extracted from Ehcache

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.ehcache/sizeof/pom.xml
MD5: c0ad3baef0ef03d4ca849743f1f26b70
SHA1: 8589b7bd18f4b3e12cd222a44bdcbbada5363da8
SHA256:9c03a981dbff96ff6b7d74dffb5e8a9a46bb66e06ba98d18f6b8ff4472bd0709

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	sizeof	Low
Vendor	pom	groupid	org.ehcache	Highest
Vendor	pom	name	Ehcache SizeOf Engine	High
Vendor	pom	organization name	Terracotta	High
Vendor	pom	organization url	http://terracotta.org	Medium
Vendor	pom	url	ehcache/sizeof	Highest
Product	pom	artifactid	sizeof	Highest
Product	pom	groupid	org.ehcache	Highest
Product	pom	name	Ehcache SizeOf Engine	High
Product	pom	organization name	Terracotta	Low
Product	pom	organization url	http://terracotta.org	Low
Product	pom	url	ehcache/sizeof	High
Version	pom	version	0.4.3	Highest

Identifiers

pkg:maven/org.ehcache/sizeof@0.4.3 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.terracotta:offheap-store:2.5.3)

Description:

A library that offers data structures allocated off the java heap.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.terracotta/offheap-store/pom.xml
MD5: f5ad26371f4a3b04c5b8a0a089639d87
SHA1: 1979a0cbe0be10a6d5215bb9cbbb5635b9314924
SHA256:d8ae272530d98560cf81066b0409bcba2648a2528c00bd0147253695bb5f0949

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	offheap-store	Low
Vendor	pom	developer email	chris.dennis@terracottatech.com	Low
Vendor	pom	developer name	Chris Dennis	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	https://terracotta.org	Medium
Vendor	pom	groupid	org.terracotta	Highest
Vendor	pom	name	Terracotta Off-Heap Store	High
Vendor	pom	url	Terracotta-OSS/offheap-store/	Highest
Product	pom	artifactid	offheap-store	Highest
Product	pom	developer email	chris.dennis@terracottatech.com	Low
Product	pom	developer name	Chris Dennis	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	https://terracotta.org	Low
Product	pom	groupid	org.terracotta	Highest
Product	pom	name	Terracotta Off-Heap Store	High
Product	pom	url	Terracotta-OSS/offheap-store/	High
Version	pom	version	2.5.3	Highest

Identifiers

pkg:maven/org.terracotta/offheap-store@2.5.3 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.terracotta:statistics:2.1.2)

Description:

A statistics framework used inside Ehcache and the Terracotta products

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.terracotta/statistics/pom.xml
MD5: 9df3f5a18142de19c1c7f379885a4391
SHA1: 305a0214578ebf1c14e8d78adce1a5af028c8132
SHA256:25c36806fdcd2ab5e4c1c1c5625bc4f966c10a4a93ab3dd321aa82b3f9e43081

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	statistics	Low
Vendor	pom	developer email	chris.dennis@terracottatech.com	Low
Vendor	pom	developer email	Chris.Schanck@terracottatech.com	Low
Vendor	pom	developer email	ludovic.orban@terracottatech.com	Low
Vendor	pom	developer name	Chris Dennis	Medium
Vendor	pom	developer name	Chris Schanck	Medium
Vendor	pom	developer name	Ludovic Orban	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	https://terracotta.org	Medium
Vendor	pom	groupid	org.terracotta	Highest
Vendor	pom	name	Terracotta Statistics	High
Vendor	pom	url	Terracotta-OSS/statistics	Highest
Product	pom	artifactid	statistics	Highest
Product	pom	developer email	chris.dennis@terracottatech.com	Low
Product	pom	developer email	Chris.Schanck@terracottatech.com	Low
Product	pom	developer email	ludovic.orban@terracottatech.com	Low
Product	pom	developer name	Chris Dennis	Low
Product	pom	developer name	Chris Schanck	Low
Product	pom	developer name	Ludovic Orban	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	https://terracotta.org	Low
Product	pom	groupid	org.terracotta	Highest
Product	pom	name	Terracotta Statistics	High
Product	pom	url	Terracotta-OSS/statistics	High
Version	pom	version	2.1.2	Highest

Identifiers

pkg:maven/org.terracotta/statistics@2.1.2 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.15)

Description:

Utility classes/methods for common Java tasks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/META-INF/maven/org.terracotta/terracotta-utilities-tools/pom.xml
MD5: e4749433aaf243a0fbc14ddad08bbe55
SHA1: 9b7960438f39f7be178e17bba391f38c7b38c860
SHA256:144603b5fb19b5900a9a28a3a5d7a74f4deeddbdc34d1de8a716f79f91854ada

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	terracotta-utilities-tools	Low
Vendor	pom	developer email	clifford.johnson@softwareag.com	Low
Vendor	pom	developer name	Clifford W Johnson	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	https://terracotta.org	Medium
Vendor	pom	groupid	org.terracotta	Highest
Vendor	pom	name	Terracotta Utilities Tools	High
Vendor	pom	parent-artifactid	terracotta-utilities-parent	Low
Vendor	pom	url	Terracotta-OSS/terracotta-utilities/	Highest
Product	pom	artifactid	terracotta-utilities-tools	Highest
Product	pom	developer email	clifford.johnson@softwareag.com	Low
Product	pom	developer name	Clifford W Johnson	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	https://terracotta.org	Low
Product	pom	groupid	org.terracotta	Highest
Product	pom	name	Terracotta Utilities Tools	High
Product	pom	parent-artifactid	terracotta-utilities-parent	Medium
Product	pom	url	Terracotta-OSS/terracotta-utilities/	High
Version	pom	version	0.0.15	Highest

Identifiers

pkg:maven/org.terracotta/terracotta-utilities-tools@0.0.15 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar

Description:

End-user ehcache3 jar artifact

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar
MD5: 35f94bd99bae66088df39d8a45e73468
SHA1: f0d50ede46609db78413ca7f4250d348a597b101
SHA256:bed87f71d8cd25a8a4ef65f274cc58301f28929a01417d0bee8d73953dc30bac

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	ehcache	Highest
Vendor	central	groupid	org.ehcache	Highest
Vendor	file	name	ehcache	High
Vendor	jar	package name	ehcache	Highest
Vendor	jar	package name	ehcache	Low
Vendor	jar	package name	org	Highest
Vendor	Manifest	bundle-docurl	http://ehcache.org	Low
Vendor	Manifest	bundle-symbolicname	org.ehcache	Medium
Vendor	Manifest	implementation-revision	e8c3b4a333f3ffc60d5b8d60ac3f64741efc81e9	Low
Vendor	Manifest	Implementation-Vendor-Id	org.ehcache	Medium
Vendor	Manifest	provide-capability	osgi.service;objectClass:List="javax.cache.spi.CachingProvider";uses:="javax.cache.spi",osgi.service;objectClass:List="org.ehcache.core.spi.service.ServiceFactory";uses:="org.ehcache.core.spi.service",osgi.service;objectClass:List="org.ehcache.xml.CacheManagerServiceConfigurationParser";uses:="org.ehcache.xml",osgi.service;objectClass:List="org.ehcache.xml.CacheServiceConfigurationParser";uses:="org.ehcache.xml"	Low
Vendor	Manifest	require-capability	osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.3.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	service-component	OSGI-INF/*.xml	Low
Vendor	pom	artifactid	ehcache	Low
Vendor	pom	developer email	tc-oss@softwareag.com	Low
Vendor	pom	developer name	Terracotta Engineers	Medium
Vendor	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Medium
Vendor	pom	developer org URL	http://ehcache.org	Medium
Vendor	pom	groupid	org.ehcache	Highest
Vendor	pom	name	Ehcache	High
Vendor	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	High
Vendor	pom	organization url	http://terracotta.org	Medium
Vendor	pom	url	http://ehcache.org	Highest
Product	central	artifactid	ehcache	Highest
Product	file	name	ehcache	High
Product	jar	package name	cache	Highest
Product	jar	package name	cachemanagerserviceconfigurationparser	Highest
Product	jar	package name	cacheserviceconfigurationparser	Highest
Product	jar	package name	core	Highest
Product	jar	package name	ehcache	Highest
Product	jar	package name	filter	Highest
Product	jar	package name	org	Highest
Product	jar	package name	osgi	Highest
Product	jar	package name	service	Highest
Product	jar	package name	spi	Highest
Product	jar	package name	xml	Highest
Product	Manifest	bundle-docurl	http://ehcache.org	Low
Product	Manifest	Bundle-Name	Ehcache 3	Medium
Product	Manifest	bundle-symbolicname	org.ehcache	Medium
Product	Manifest	implementation-revision	e8c3b4a333f3ffc60d5b8d60ac3f64741efc81e9	Low
Product	Manifest	Implementation-Title	ehcache	High
Product	Manifest	provide-capability	osgi.service;objectClass:List="javax.cache.spi.CachingProvider";uses:="javax.cache.spi",osgi.service;objectClass:List="org.ehcache.core.spi.service.ServiceFactory";uses:="org.ehcache.core.spi.service",osgi.service;objectClass:List="org.ehcache.xml.CacheManagerServiceConfigurationParser";uses:="org.ehcache.xml",osgi.service;objectClass:List="org.ehcache.xml.CacheServiceConfigurationParser";uses:="org.ehcache.xml"	Low
Product	Manifest	require-capability	osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.3.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	service-component	OSGI-INF/*.xml	Low
Product	pom	artifactid	ehcache	Highest
Product	pom	developer email	tc-oss@softwareag.com	Low
Product	pom	developer name	Terracotta Engineers	Low
Product	pom	developer org	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	developer org URL	http://ehcache.org	Low
Product	pom	groupid	org.ehcache	Highest
Product	pom	name	Ehcache	High
Product	pom	organization name	Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.	Low
Product	pom	organization url	http://terracotta.org	Low
Product	pom	url	http://ehcache.org	Medium
Version	central	version	3.10.8	Highest
Version	file	version	3.10.8	High
Version	Manifest	Bundle-Version	3.10.8	High
Version	Manifest	Implementation-Version	3.10.8	High
Version	pom	version	3.10.8	Highest

Identifiers

pkg:maven/org.ehcache/ehcache@3.10.8 (Confidence:High)
cpe:2.3:a:service_project:service:3.10.8:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar: sizeof-agent.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ehcache-3.10.8.jar/org/ehcache/sizeof/impl/sizeof-agent.jar
MD5: 532dbbf741bfb7f531938786bc0bb970
SHA1: 4e5d8c485b09104825c0d8ec635f775ab522be06
SHA256:60e093acb08d3bc30235ef15941380195cbb85b1ec8b4afd672249f9c530e356

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	sizeof-agent	High
Vendor	jar	package name	ehcache	Low
Vendor	jar	package name	impl	Low
Vendor	jar	package name	sizeof	Low
Product	file	name	sizeof-agent	High
Product	jar	package name	impl	Low
Product	jar	package name	sizeof	Low
Product	jar	package name	sizeofagent	Low

Identifiers

None

ffl-admindentaire-packaging-1.0.4.jar: ffl-admin-staging-1.0.8.jar

Description:

Module commun aux microservices de l'AdminUI fournissant les mécanismes de base du staging

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ffl-admin-staging-1.0.8.jar
MD5: ca26146ec15828d15a84e25fa3a4f004
SHA1: d6456c1df82fae25a927e12b412f80503930c087
SHA256:2b6339b369fc3f432748cdd7906a361a152f090786fac4dad981774665518244

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-admin-staging	High
Vendor	jar	package name	admin	Highest
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sintia	Highest
Vendor	jar	package name	staging	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-admin-staging	Low
Vendor	pom	groupid	com.sintia.ffl.admin	Highest
Vendor	pom	parent-artifactid	ffl-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-admin-staging	High
Product	jar	package name	admin	Highest
Product	jar	package name	ffl	Highest
Product	jar	package name	sintia	Highest
Product	jar	package name	staging	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-admin-staging	High
Product	pom	artifactid	ffl-admin-staging	Highest
Product	pom	groupid	com.sintia.ffl.admin	Highest
Product	pom	parent-artifactid	ffl-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.8	High
Version	Manifest	Implementation-Version	1.0.8	High
Version	pom	parent-version	1.0.8	Low
Version	pom	version	1.0.8	Highest

Identifiers

pkg:maven/com.sintia.ffl.admin/ffl-admin-staging@1.0.8 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ffl-adminuicommons-1.0.8.jar

Description:

Module commun aux différents constituants de l’AdminUI

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ffl-adminuicommons-1.0.8.jar
MD5: 2a1a909b46f1ae4e1b4ea8f31ec1095c
SHA1: b3a79068c2be304de9fa802c39ad42756cd15dd3
SHA256:de08e1735ac66d7e426bb2463784d2f31daf9230a48ff546bed4a487e84065e2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-adminuicommons	High
Vendor	jar	package name	adminui	Highest
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-adminuicommons	Low
Vendor	pom	groupid	com.sintia.ffl.adminuicommons	Highest
Vendor	pom	parent-artifactid	ffl-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-adminuicommons	High
Product	jar	package name	adminui	Highest
Product	jar	package name	ffl	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-adminuicommons	High
Product	pom	artifactid	ffl-adminuicommons	Highest
Product	pom	groupid	com.sintia.ffl.adminuicommons	Highest
Product	pom	parent-artifactid	ffl-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.8	High
Version	Manifest	Implementation-Version	1.0.8	High
Version	pom	parent-version	1.0.8	Low
Version	pom	version	1.0.8	Highest

Identifiers

pkg:maven/com.sintia.ffl.adminuicommons/ffl-adminuicommons@1.0.8 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ffl-core-api-1.0.22.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ffl-core-api-1.0.22.jar
MD5: 0f90546e5add06f01a7608c3239786c7
SHA1: 94e06f40d0c89806c1fa37d5d5c1dc11e8929022
SHA256:c96d032ac83dad451726c27cca2d5821feed2d8b3275ab3023e6b4c3189bc0e7

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-core-api	High
Vendor	jar	package name	api	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-core-api	Low
Vendor	pom	groupid	com.sintia.ffl.core	Highest
Vendor	pom	parent-artifactid	ffl-api-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-core-api	High
Product	jar	package name	api	Highest
Product	jar	package name	core	Highest
Product	jar	package name	ffl	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-core-api	High
Product	pom	artifactid	ffl-core-api	Highest
Product	pom	groupid	com.sintia.ffl.core	Highest
Product	pom	parent-artifactid	ffl-api-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.22	High
Version	Manifest	Implementation-Version	1.0.22	High
Version	pom	parent-version	1.0.22	Low
Version	pom	version	1.0.22	Highest

Identifiers

pkg:maven/com.sintia.ffl.core/ffl-core-api@1.0.22 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ffl-core-commons-1.0.22.jar

Description:

Module contenant le core du back-office

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ffl-core-commons-1.0.22.jar
MD5: 56af9aebc981a104d71301cfb3deaf8b
SHA1: 2f9b3ba116257f32d6a8a71b389d29fa4e9e1a18
SHA256:3ce5b6a1719f780a9cb82f868c82726ff326a83e6f64f61a1e1e4beef9ce82cc

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-core-commons	High
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-core-commons	Low
Vendor	pom	groupid	com.sintia.ffl.core	Highest
Vendor	pom	parent-artifactid	ffl-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-core-commons	High
Product	jar	package name	commons	Highest
Product	jar	package name	core	Highest
Product	jar	package name	ffl	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-core-commons	High
Product	pom	artifactid	ffl-core-commons	Highest
Product	pom	groupid	com.sintia.ffl.core	Highest
Product	pom	parent-artifactid	ffl-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.22	High
Version	Manifest	Implementation-Version	1.0.22	High
Version	pom	parent-version	1.0.22	Low
Version	pom	version	1.0.22	Highest

Identifiers

pkg:maven/com.sintia.ffl.core/ffl-core-commons@1.0.22 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ffl-core-dal-1.0.22.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ffl-core-dal-1.0.22.jar
MD5: cb46ef1693c07ef6c28dd086628687fd
SHA1: 44e9edfd5ae2456416be6d21b252c8e7711684ed
SHA256:855145ff0fa99646accc21bafc3238686bbbaf4586c364b1e676db300687eba6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-core-dal	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	dal	Highest
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-core-dal	Low
Vendor	pom	groupid	com.sintia.ffl.core	Highest
Vendor	pom	parent-artifactid	ffl-dal-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-core-dal	High
Product	jar	package name	core	Highest
Product	jar	package name	dal	Highest
Product	jar	package name	ffl	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-core-dal	High
Product	pom	artifactid	ffl-core-dal	Highest
Product	pom	groupid	com.sintia.ffl.core	Highest
Product	pom	parent-artifactid	ffl-dal-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.22	High
Version	Manifest	Implementation-Version	1.0.22	High
Version	pom	parent-version	1.0.22	Low
Version	pom	version	1.0.22	Highest

Identifiers

pkg:maven/com.sintia.ffl.core/ffl-core-dal@1.0.22 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ffl-core-services-1.0.22.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ffl-core-services-1.0.22.jar
MD5: 3fe465fd97c8a2d54d781f758cc9a978
SHA1: c3e85c858472a3eb60819c57a182fdc27d1ec0e0
SHA256:33d2152c36e36983836f89aeedbd78eedfbec3bc9383bb498cd79881ee31b6e3

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-core-services	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	services	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-core-services	Low
Vendor	pom	groupid	com.sintia.ffl.core	Highest
Vendor	pom	parent-artifactid	ffl-services-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-core-services	High
Product	jar	package name	core	Highest
Product	jar	package name	ffl	Highest
Product	jar	package name	services	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-core-services	High
Product	pom	artifactid	ffl-core-services	Highest
Product	pom	groupid	com.sintia.ffl.core	Highest
Product	pom	parent-artifactid	ffl-services-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.22	High
Version	Manifest	Implementation-Version	1.0.22	High
Version	pom	parent-version	1.0.22	Low
Version	pom	version	1.0.22	Highest

Identifiers

pkg:maven/com.sintia.ffl.core/ffl-core-services@1.0.22 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ffl-core-sia-1.0.22.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ffl-core-sia-1.0.22.jar
MD5: 96ded4d646847023e8d3ec367ee6a57e
SHA1: 46e3f500e8733a7edcd7507f42229667dd096385
SHA256:90ce546c9fc409fa32c772c0327c8916354457b1383a4517e8864f8ff4f3bcf0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-core-sia	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sia	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-core-sia	Low
Vendor	pom	groupid	com.sintia.ffl.core	Highest
Vendor	pom	parent-artifactid	ffl-sia-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-core-sia	High
Product	jar	package name	core	Highest
Product	jar	package name	ffl	Highest
Product	jar	package name	sia	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-core-sia	High
Product	pom	artifactid	ffl-core-sia	Highest
Product	pom	groupid	com.sintia.ffl.core	Highest
Product	pom	parent-artifactid	ffl-sia-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.22	High
Version	Manifest	Implementation-Version	1.0.22	High
Version	pom	parent-version	1.0.22	Low
Version	pom	version	1.0.22	Highest

Identifiers

pkg:maven/com.sintia.ffl.core/ffl-core-sia@1.0.22 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: ffl-test-1.0.22.jar

Description:

Module d'outillage de test

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/ffl-test-1.0.22.jar
MD5: 570e5e473226464469146b7e2828c796
SHA1: 40ec2939d2669648ad7d5d6ed39e797f36b57b05
SHA256:21d545a5e42d761454edcef9631abb88ddc88c1e3d2c82d5563d6e87128e7484

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-test	High
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sintia	Highest
Vendor	jar	package name	test	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-test	Low
Vendor	pom	groupid	com.sintia.ffl.core	Highest
Vendor	pom	parent-artifactid	ffl-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-test	High
Product	jar	package name	ffl	Highest
Product	jar	package name	sintia	Highest
Product	jar	package name	test	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-test	High
Product	pom	artifactid	ffl-test	Highest
Product	pom	groupid	com.sintia.ffl.core	Highest
Product	pom	parent-artifactid	ffl-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.22	High
Version	Manifest	Implementation-Version	1.0.22	High
Version	pom	parent-version	1.0.22	Low
Version	pom	version	1.0.22	Highest

Identifiers

pkg:maven/com.sintia.ffl.core/ffl-test@1.0.22 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: hamcrest-core-2.2.jar

Description:

Core Hamcrest API - deprecated, please use "hamcrest" instead

License:

BSD License 3: http://opensource.org/licenses/BSD-3-Clause

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/hamcrest-core-2.2.jar
MD5: be43e37f4c7b4f6fadba382933006b15
SHA1: 3f2bd07716a31c395e2837254f37f21f0f0ab24b
SHA256:094f5d92b4b7d9c8a2bf53cc69d356243ae89c3499457bcb4b92f7ed3bf95879

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	hamcrest-core	Highest
Vendor	central	groupid	org.hamcrest	Highest
Vendor	file	name	hamcrest-core	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	core	Low
Vendor	jar	package name	deprecated	Highest
Vendor	jar	package name	deprecated	Low
Vendor	jar	package name	hamcrest	Highest
Vendor	jar	package name	hamcrest	Low
Vendor	Manifest	automatic-module-name	org.hamcrest.core.deprecated	Medium
Vendor	Manifest	Implementation-Vendor	hamcrest.org	High
Vendor	pom	artifactid	hamcrest-core	Low
Vendor	pom	developer id	joewalnes	Medium
Vendor	pom	developer id	npryce	Medium
Vendor	pom	developer id	sf105	Medium
Vendor	pom	developer name	Joe Walnes	Medium
Vendor	pom	developer name	Nat Pryce	Medium
Vendor	pom	developer name	Steve Freeman	Medium
Vendor	pom	groupid	org.hamcrest	Highest
Vendor	pom	name	Hamcrest Core	High
Vendor	pom	url	http://hamcrest.org/JavaHamcrest/	Highest
Product	central	artifactid	hamcrest-core	Highest
Product	file	name	hamcrest-core	High
Product	jar	package name	core	Highest
Product	jar	package name	core	Low
Product	jar	package name	deprecated	Highest
Product	jar	package name	deprecated	Low
Product	jar	package name	hamcrest	Highest
Product	jar	package name	hamcrestcoreisdeprecated	Low
Product	Manifest	automatic-module-name	org.hamcrest.core.deprecated	Medium
Product	Manifest	Implementation-Title	hamcrest-core	High
Product	pom	artifactid	hamcrest-core	Highest
Product	pom	developer id	joewalnes	Low
Product	pom	developer id	npryce	Low
Product	pom	developer id	sf105	Low
Product	pom	developer name	Joe Walnes	Low
Product	pom	developer name	Nat Pryce	Low
Product	pom	developer name	Steve Freeman	Low
Product	pom	groupid	org.hamcrest	Highest
Product	pom	name	Hamcrest Core	High
Product	pom	url	http://hamcrest.org/JavaHamcrest/	Medium
Version	central	version	2.2	Highest
Version	file	version	2.2	High
Version	Manifest	Implementation-Version	2.2	High
Version	pom	version	2.2	Highest

Related Dependencies

Identifiers

pkg:maven/org.hamcrest/hamcrest-core@2.2 (Confidence:High)
cpe:2.3:a:steve_project:steve:2.2:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: hibernate-commons-annotations-5.1.2.Final.jar

Description:

Common reflection code used in support of annotation processing

License:

GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/hibernate-commons-annotations-5.1.2.Final.jar
MD5: 2a2490b3eb8e7585a6a899d27d7ed43f
SHA1: e59ffdbc6ad09eeb33507b39ffcf287679a498c8
SHA256:1c7ce712b2679fea0a5441eb02a04144297125b768944819be0765befb996275

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	hibernate-commons-annotations	Highest
Vendor	central	groupid	org.hibernate.common	Highest
Vendor	file	name	hibernate-commons-annotations	High
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	annotations	Low
Vendor	jar	package name	common	Highest
Vendor	jar	package name	common	Low
Vendor	jar	package name	hibernate	Highest
Vendor	jar	package name	hibernate	Low
Vendor	Manifest	automatic-module-name	org.hibernate.commons.annotations	Medium
Vendor	Manifest	bundle-symbolicname	org.hibernate.common.hibernate-commons-annotations	Medium
Vendor	Manifest	implementation-url	http://hibernate.org	Low
Vendor	Manifest	Implementation-Vendor	Hibernate.org	High
Vendor	Manifest	Implementation-Vendor-Id	org.hibernate	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	hibernate-commons-annotations	Low
Vendor	pom	developer id	hibernate-team	Medium
Vendor	pom	developer name	The Hibernate Development Team	Medium
Vendor	pom	developer org	Hibernate.org	Medium
Vendor	pom	developer org URL	http://hibernate.org	Medium
Vendor	pom	groupid	org.hibernate.common	Highest
Vendor	pom	name	Hibernate Commons Annotations	High
Vendor	pom	organization name	Hibernate.org	High
Vendor	pom	organization url	http://hibernate.org	Medium
Vendor	pom	url	http://hibernate.org	Highest
Product	central	artifactid	hibernate-commons-annotations	Highest
Product	file	name	hibernate-commons-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	annotations	Low
Product	jar	package name	common	Highest
Product	jar	package name	common	Low
Product	jar	package name	hibernate	Highest
Product	jar	package name	reflection	Low
Product	jar	package name	version	Highest
Product	Manifest	automatic-module-name	org.hibernate.commons.annotations	Medium
Product	Manifest	Bundle-Name	hibernate-commons-annotations	Medium
Product	Manifest	bundle-symbolicname	org.hibernate.common.hibernate-commons-annotations	Medium
Product	Manifest	implementation-url	http://hibernate.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	hibernate-commons-annotations	Highest
Product	pom	developer id	hibernate-team	Low
Product	pom	developer name	The Hibernate Development Team	Low
Product	pom	developer org	Hibernate.org	Low
Product	pom	developer org URL	http://hibernate.org	Low
Product	pom	groupid	org.hibernate.common	Highest
Product	pom	name	Hibernate Commons Annotations	High
Product	pom	organization name	Hibernate.org	Low
Product	pom	organization url	http://hibernate.org	Low
Product	pom	url	http://hibernate.org	Medium
Version	central	version	5.1.2.Final	Highest
Version	Manifest	Bundle-Version	5.1.2.Final	High
Version	Manifest	Implementation-Version	5.1.2.Final	High
Version	pom	version	5.1.2.Final	Highest

Identifiers

pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.1.2.Final (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: hibernate-core-5.6.15.Final.jar

Description:

Hibernate's core ORM functionality

License:

GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/hibernate-core-5.6.15.Final.jar
MD5: 0bc0673435fbabce62a7a0d5fe967fd8
SHA1: ab14b7cef1fdff654ca81923048a6034d6c7cfa7
SHA256:9b5a7e1faf094d98c9e33b6a27c4cae42e52f65b139091c08b9a0b4a9858b207

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	hibernate-core	Highest
Vendor	central	groupid	org.hibernate	Highest
Vendor	file	name	hibernate-core	High
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	jar	package name	hibernate	Highest
Vendor	jar	package name	hibernate	Low
Vendor	Manifest	automatic-module-name	org.hibernate.orm.core	Medium
Vendor	Manifest	bundle-docurl	https://hibernate.org/orm/5.6	Low
Vendor	Manifest	bundle-symbolicname	org.hibernate.orm.core	Medium
Vendor	Manifest	implementation-url	https://hibernate.org/orm	Low
Vendor	Manifest	Implementation-Vendor	Hibernate.org	High
Vendor	Manifest	Implementation-Vendor-Id	org.hibernate	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Hibernate.org	Low
Vendor	pom	artifactid	hibernate-core	Low
Vendor	pom	developer id	hibernate-team	Medium
Vendor	pom	developer name	The Hibernate Development Team	Medium
Vendor	pom	developer org	Hibernate.org	Medium
Vendor	pom	developer org URL	https://hibernate.org	Medium
Vendor	pom	groupid	org.hibernate	Highest
Vendor	pom	name	Hibernate ORM - hibernate-core	High
Vendor	pom	organization name	Hibernate.org	High
Vendor	pom	organization url	https://hibernate.org	Medium
Vendor	pom	url	https://hibernate.org/orm	Highest
Product	central	artifactid	hibernate-core	Highest
Product	file	name	hibernate-core	High
Product	hint analyzer	product	orm	Highest
Product	jar	package name	filter	Highest
Product	jar	package name	hibernate	Highest
Product	jar	package name	version	Highest
Product	Manifest	automatic-module-name	org.hibernate.orm.core	Medium
Product	Manifest	bundle-docurl	https://hibernate.org/orm/5.6	Low
Product	Manifest	Bundle-Name	hibernate-core	Medium
Product	Manifest	bundle-symbolicname	org.hibernate.orm.core	Medium
Product	Manifest	Implementation-Title	hibernate-core	High
Product	Manifest	implementation-url	https://hibernate.org/orm	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	hibernate-core	Medium
Product	pom	artifactid	hibernate-core	Highest
Product	pom	developer id	hibernate-team	Low
Product	pom	developer name	The Hibernate Development Team	Low
Product	pom	developer org	Hibernate.org	Low
Product	pom	developer org URL	https://hibernate.org	Low
Product	pom	groupid	org.hibernate	Highest
Product	pom	name	Hibernate ORM - hibernate-core	High
Product	pom	organization name	Hibernate.org	Low
Product	pom	organization url	https://hibernate.org	Low
Product	pom	url	https://hibernate.org/orm	Medium
Version	central	version	5.6.15.Final	Highest
Version	Manifest	Bundle-Version	5.6.15.Final	High
Version	Manifest	Implementation-Version	5.6.15.Final	High
Version	pom	version	5.6.15.Final	Highest

Identifiers

pkg:maven/org.hibernate/hibernate-core@5.6.15.Final (Confidence:High)
cpe:2.3:a:hibernate:hibernate_orm:5.6.15:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: istack-commons-runtime-3.0.12.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/istack-commons-runtime-3.0.12.jar
MD5: 1952bd76321f8580cfaa57e332a68287
SHA1: cbbe1a62b0cc6c85972e99d52aaee350153dc530
SHA256:27d85fc134c9271d5c79d3300fc4669668f017e72409727c428f54f2417f04cd

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	istack-commons-runtime	High
Vendor	jar	package name	com	Highest
Vendor	jar	package name	istack	Highest
Vendor	jar	package name	sun	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	com.sun.istack.commons-runtime	Medium
Vendor	Manifest	implementation-build-id	3.0.12 - 7ed1368	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	com.sun.istack	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	istack-commons-runtime	Low
Vendor	pom	groupid	com.sun.istack	Highest
Vendor	pom	name	istack common utility code runtime	High
Vendor	pom	parent-artifactid	istack-commons	Low
Product	file	name	istack-commons-runtime	High
Product	jar	package name	com	Highest
Product	jar	package name	istack	Highest
Product	jar	package name	sun	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	istack common utility code runtime	Medium
Product	Manifest	bundle-symbolicname	com.sun.istack.commons-runtime	Medium
Product	Manifest	implementation-build-id	3.0.12 - 7ed1368	Low
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	istack-commons-runtime	Highest
Product	pom	groupid	com.sun.istack	Highest
Product	pom	name	istack common utility code runtime	High
Product	pom	parent-artifactid	istack-commons	Medium
Version	file	version	3.0.12	High
Version	Manifest	Bundle-Version	3.0.12	High
Version	Manifest	implementation-build-id	3.0.12	Low
Version	pom	version	3.0.12	Highest

Identifiers

pkg:maven/com.sun.istack/istack-commons-runtime@3.0.12 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.0.12:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jackson-annotations-2.13.5.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jackson-annotations-2.13.5.jar
MD5: 0b1245f3245cbfa53e61d9d366006041
SHA1: 136f77ab424f302c9e27230b4482e8000e142edf
SHA256:80aea8ed7232db5040ced4b3f982f29da95bb3d802343dbf6fd82ccd98c21c4f

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-annotations	High
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Vendor	Manifest	implementation-build-date	2023-01-23 00:03:36+0000	Low
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-annotations	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-annotations	High
Vendor	pom	parent-artifactid	jackson-parent	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	http://github.com/FasterXML/jackson	Highest
Product	file	name	jackson-annotations	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	Jackson-annotations	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Product	Manifest	implementation-build-date	2023-01-23 00:03:36+0000	Low
Product	Manifest	Implementation-Title	Jackson-annotations	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	specification-title	Jackson-annotations	Medium
Product	pom	artifactid	jackson-annotations	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-annotations	High
Product	pom	parent-artifactid	jackson-parent	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	http://github.com/FasterXML/jackson	Medium
Version	file	version	2.13.5	High
Version	Manifest	Bundle-Version	2.13.5	High
Version	Manifest	Implementation-Version	2.13.5	High
Version	pom	parent-version	2.13.5	Low
Version	pom	version	2.13.5	Highest

Related Dependencies

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.13.5 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jackson-core-2.13.5.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jackson-core-2.13.5.jar
MD5: 2272453c780d1383ecd2efde00c1a7a9
SHA1: 0d07c97d3de9ea658caf1ff1809fd9de930a286a
SHA256:48f36a025311d0464ad8dda4512a20c79e279a9550f63f3179d731d94482474b

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-core	High
Vendor	jar	package name	base	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	json	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Vendor	Manifest	implementation-build-date	2023-01-23 00:23:55+0000	Low
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-core	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-core	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson-core	Highest
Product	file	name	jackson-core	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	base	Highest
Product	jar	package name	core	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	filter	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	json	Highest
Product	jar	package name	version	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Product	Manifest	Bundle-Name	Jackson-core	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Product	Manifest	implementation-build-date	2023-01-23 00:23:55+0000	Low
Product	Manifest	Implementation-Title	Jackson-core	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	specification-title	Jackson-core	Medium
Product	pom	artifactid	jackson-core	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-core	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson-core	High
Version	file	version	2.13.5	High
Version	Manifest	Bundle-Version	2.13.5	High
Version	Manifest	Implementation-Version	2.13.5	High
Version	pom	version	2.13.5	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.5 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:* (Confidence:Low)
cpe:2.3:a:json-java_project:json-java:2.13.5:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

CWE-787 Out-of-bounds Write

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:* versions up to (including) 20230618

ffl-admindentaire-packaging-1.0.4.jar: jackson-databind-2.13.5.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jackson-databind-2.13.5.jar
MD5: 1dbb98839964a6967a428d868b2d8714
SHA1: aa95e46dbc32454f3983221d420e78ef19ddf844
SHA256:5fedb24b2356491815d18267f65da9a21dd67413345ad7795f221afa25c78984

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-databind	High
Vendor	jar	package name	databind	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Vendor	Manifest	implementation-build-date	2023-01-23 00:47:48+0000	Low
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-databind	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	jackson-databind	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	http://github.com/FasterXML/jackson	Highest
Product	file	name	jackson-databind	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	databind	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	jackson-databind	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Product	Manifest	implementation-build-date	2023-01-23 00:47:48+0000	Low
Product	Manifest	Implementation-Title	jackson-databind	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	jackson-databind	Medium
Product	pom	artifactid	jackson-databind	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	jackson-databind	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	http://github.com/FasterXML/jackson	Medium
Version	file	version	2.13.5	High
Version	Manifest	Bundle-Version	2.13.5	High
Version	Manifest	Implementation-Version	2.13.5	High
Version	pom	version	2.13.5	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.5 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-databind:2.13.5:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2023-35116

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:

Base Score: MEDIUM (4.7)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

- https://github.com/FasterXML/jackson-databind/issues/3972

Vulnerable Software & Versions:

cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.16.0

ffl-admindentaire-packaging-1.0.4.jar: jackson-dataformat-yaml-2.13.5.jar

Description:

Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jackson-dataformat-yaml-2.13.5.jar
MD5: fef4733925c9b64b00996ed874be2075
SHA1: fa79b136b42d37b588b5e7bb77e46897583b9fc8
SHA256:fb1161b565cbf7f5b8c5dcf3a229429a30ae87bc4ee496ef4891e17f8e12d074

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-dataformat-yaml	High
Vendor	jar	package name	dataformat	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	yaml	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-dataformats-text	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.dataformat.jackson-dataformat-yaml	Medium
Vendor	Manifest	implementation-build-date	2023-01-23 01:08:55+0000	Low
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.dataformat	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-dataformat-yaml	Low
Vendor	pom	groupid	com.fasterxml.jackson.dataformat	Highest
Vendor	pom	name	Jackson-dataformat-YAML	High
Vendor	pom	parent-artifactid	jackson-dataformats-text	Low
Vendor	pom	url	FasterXML/jackson-dataformats-text	Highest
Product	file	name	jackson-dataformat-yaml	High
Product	jar	package name	dataformat	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	yaml	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-dataformats-text	Low
Product	Manifest	Bundle-Name	Jackson-dataformat-YAML	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.dataformat.jackson-dataformat-yaml	Medium
Product	Manifest	implementation-build-date	2023-01-23 01:08:55+0000	Low
Product	Manifest	Implementation-Title	Jackson-dataformat-YAML	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Jackson-dataformat-YAML	Medium
Product	pom	artifactid	jackson-dataformat-yaml	Highest
Product	pom	groupid	com.fasterxml.jackson.dataformat	Highest
Product	pom	name	Jackson-dataformat-YAML	High
Product	pom	parent-artifactid	jackson-dataformats-text	Medium
Product	pom	url	FasterXML/jackson-dataformats-text	High
Version	file	version	2.13.5	High
Version	Manifest	Bundle-Version	2.13.5	High
Version	Manifest	Implementation-Version	2.13.5	High
Version	pom	version	2.13.5	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.13.5 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.13.5:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.activation-1.2.2.jar

Description:

Jakarta Activation

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.activation-1.2.2.jar
MD5: 0b8bee3bf29b9a015f8b992035581a7c
SHA1: 74548703f9851017ce2f556066659438019e7eb5
SHA256:02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.activation	High
Vendor	jar	package name	activation	Highest
Vendor	jar	package name	sun	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	com.sun.activation.jakarta.activation	Medium
Vendor	Manifest	extension-name	jakarta.activation	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))"	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.activation	Low
Vendor	pom	groupid	com.sun.activation	Highest
Vendor	pom	name	Jakarta Activation	High
Vendor	pom	parent-artifactid	all	Low
Product	file	name	jakarta.activation	High
Product	jar	package name	activation	Highest
Product	jar	package name	javax	Highest
Product	jar	package name	sun	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Activation	Medium
Product	Manifest	bundle-symbolicname	com.sun.activation.jakarta.activation	Medium
Product	Manifest	extension-name	jakarta.activation	Medium
Product	Manifest	Implementation-Title	javax.activation	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))"	Low
Product	Manifest	specification-title	Jakarta Activation Specification	Medium
Product	pom	artifactid	jakarta.activation	Highest
Product	pom	groupid	com.sun.activation	Highest
Product	pom	name	Jakarta Activation	High
Product	pom	parent-artifactid	all	Medium
Version	file	version	1.2.2	High
Version	Manifest	Bundle-Version	1.2.2	High
Version	Manifest	Implementation-Version	1.2.2	High
Version	pom	version	1.2.2	Highest

Identifiers

pkg:maven/com.sun.activation/jakarta.activation@1.2.2 (Confidence:High)
cpe:2.3:a:oracle:java_se:1.2.2:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.activation-api-1.2.2.jar

Description:

Jakarta Activation API jar

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.activation-api-1.2.2.jar
MD5: 1cbb480310fa1987f9db7a3ed7118af7
SHA1: 99f53adba383cb1bf7c3862844488574b559621f
SHA256:a187a939103aef5849a7af84bd7e27be2d120c410af291437375ffe061f4f09d

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.activation-api	High
Vendor	jar	package name	activation	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.activation-api	Medium
Vendor	Manifest	extension-name	jakarta.activation	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))"	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.activation-api	Low
Vendor	pom	groupid	jakarta.activation	Highest
Vendor	pom	name	Jakarta Activation API jar	High
Vendor	pom	parent-artifactid	all	Low
Vendor	pom	parent-groupid	com.sun.activation	Medium
Product	file	name	jakarta.activation-api	High
Product	jar	package name	activation	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Activation API jar	Medium
Product	Manifest	bundle-symbolicname	jakarta.activation-api	Medium
Product	Manifest	extension-name	jakarta.activation	Medium
Product	Manifest	Implementation-Title	jakarta.activation.jakarta.activation-api	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))"	Low
Product	Manifest	specification-title	jakarta.activation.jakarta.activation-api	Medium
Product	pom	artifactid	jakarta.activation-api	Highest
Product	pom	groupid	jakarta.activation	Highest
Product	pom	name	Jakarta Activation API jar	High
Product	pom	parent-artifactid	all	Medium
Product	pom	parent-groupid	com.sun.activation	Medium
Version	file	version	1.2.2	High
Version	Manifest	Bundle-Version	1.2.2	High
Version	Manifest	Implementation-Version	1.2.2	High
Version	pom	version	1.2.2	Highest

Identifiers

pkg:maven/jakarta.activation/jakarta.activation-api@1.2.2 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.annotation-api	High
Vendor	jar	package name	annotation	Highest
Vendor	Manifest	automatic-module-name	java.annotation	Medium
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.annotation-api	Medium
Vendor	Manifest	extension-name	jakarta.annotation	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.annotation-api	Low
Vendor	pom	developer name	Linda De Michiel	Medium
Vendor	pom	developer org	Oracle Corp.	Medium
Vendor	pom	groupid	jakarta.annotation	Highest
Vendor	pom	name	Jakarta Annotations API	High
Vendor	pom	parent-artifactid	ca-parent	Low
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.ca	Highest
Product	file	name	jakarta.annotation-api	High
Product	jar	package name	annotation	Highest
Product	Manifest	automatic-module-name	java.annotation	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Annotations API	Medium
Product	Manifest	bundle-symbolicname	jakarta.annotation-api	Medium
Product	Manifest	extension-name	jakarta.annotation	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	jakarta.annotation-api	Highest
Product	pom	developer name	Linda De Michiel	Low
Product	pom	developer org	Oracle Corp.	Low
Product	pom	groupid	jakarta.annotation	Highest
Product	pom	name	Jakarta Annotations API	High
Product	pom	parent-artifactid	ca-parent	Medium
Product	pom	url	https://projects.eclipse.org/projects/ee4j.ca	Medium
Version	file	version	1.3.5	High
Version	Manifest	Bundle-Version	1.3.5	High
Version	Manifest	Implementation-Version	1.3.5	High
Version	pom	version	1.3.5	Highest

Identifiers

pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 (Confidence:High)
cpe:2.3:a:oracle:java_se:1.3.5:*:*:*:*:*:*:* (Confidence:Low)
cpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.jws-api-2.1.0.jar

Description:

Jakarta Web Services Metadata API

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.jws-api-2.1.0.jar
MD5: 9e3bc505722b1e84535d7edb3d582ca1
SHA1: 7d283ef13e49c1422701e30639371edca788c609
SHA256:d4c321f47a72001977fa11d2df408db23bf5f46e954aeb2c6f1ecda4dfef8fd8

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.jws-api	High
Vendor	jar	package name	jws	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.jws-api	Medium
Vendor	Manifest	extension-name	jakarta.jws	Medium
Vendor	Manifest	implementation-build-id	2.1.0-RELEASE-2072849	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.jws-api	Low
Vendor	pom	developer id	lukasj	Medium
Vendor	pom	developer name	Lukas Jungmann	Medium
Vendor	pom	developer org	Oracle	Medium
Vendor	pom	groupid	jakarta.jws	Highest
Vendor	pom	name	Jakarta Web Services Metadata API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	eclipse-ee4j/jws-api	Highest
Vendor	pom (hint)	developer org	sun	Medium
Product	file	name	jakarta.jws-api	High
Product	jar	package name	jws	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Web Services Metadata API	Medium
Product	Manifest	bundle-symbolicname	jakarta.jws-api	Medium
Product	Manifest	extension-name	jakarta.jws	Medium
Product	Manifest	implementation-build-id	2.1.0-RELEASE-2072849	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	jakarta.jws-api	Highest
Product	pom	developer id	lukasj	Low
Product	pom	developer name	Lukas Jungmann	Low
Product	pom	developer org	Oracle	Low
Product	pom	groupid	jakarta.jws	Highest
Product	pom	name	Jakarta Web Services Metadata API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	eclipse-ee4j/jws-api	High
Version	file	version	2.1.0	High
Version	Manifest	Bundle-Version	2.1.0	High
Version	Manifest	Implementation-Version	2.1.0	High
Version	pom	parent-version	2.1.0	Low
Version	pom	version	2.1.0	Highest

Identifiers

pkg:maven/jakarta.jws/jakarta.jws-api@2.1.0 (Confidence:High)
cpe:2.3:a:web_project:web:2.1.0:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.persistence-api-2.2.3.jar

Description:

Jakarta Persistence 2.2 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.persistence-api-2.2.3.jar
MD5: e0a655f398f8e68e0afebb0f71fba4e5
SHA1: 8f6ea5daedc614f07a3654a455660145286f024e
SHA256:0c2d73ab36ad24eeed6e0bea928e9d0ef771de8df689e23b7754d366dda27c53

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.persistence-api	High
Vendor	jar	package name	persistence	Highest
Vendor	Manifest	automatic-module-name	java.persistence	Medium
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.persistence-api	Medium
Vendor	Manifest	extension-name	jakarta.persistence	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.persistence-api	Low
Vendor	pom	developer id	lukasj	Medium
Vendor	pom	developer name	Lukas Jungmann	Medium
Vendor	pom	developer org	Oracle, Inc.	Medium
Vendor	pom	groupid	jakarta.persistence	Highest
Vendor	pom	name	Jakarta Persistence API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	eclipse-ee4j/jpa-api	Highest
Product	file	name	jakarta.persistence-api	High
Product	jar	package name	persistence	Highest
Product	Manifest	automatic-module-name	java.persistence	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Persistence API jar	Medium
Product	Manifest	bundle-symbolicname	jakarta.persistence-api	Medium
Product	Manifest	extension-name	jakarta.persistence	Medium
Product	pom	artifactid	jakarta.persistence-api	Highest
Product	pom	developer id	lukasj	Low
Product	pom	developer name	Lukas Jungmann	Low
Product	pom	developer org	Oracle, Inc.	Low
Product	pom	groupid	jakarta.persistence	Highest
Product	pom	name	Jakarta Persistence API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	eclipse-ee4j/jpa-api	High
Version	file	version	2.2.3	High
Version	Manifest	Bundle-Version	2.2.3	High
Version	Manifest	Implementation-Version	2.2.3	High
Version	pom	parent-version	2.2.3	Low
Version	pom	version	2.2.3	Highest

Identifiers

pkg:maven/jakarta.persistence/jakarta.persistence-api@2.2.3 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.transaction-api-1.3.3.jar

Description:

Jakarta Transactions

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.transaction-api-1.3.3.jar
MD5: cc45726045cc9a0728f803f9db4c90c4
SHA1: c4179d48720a1e87202115fbed6089bdc4195405
SHA256:0b02a194dd04ee2e192dc9da9579e10955dd6e8ac707adfc91d92f119b0e67ab

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.transaction-api	High
Vendor	jar	package name	javax	Highest
Vendor	jar	package name	transaction	Highest
Vendor	Manifest	automatic-module-name	java.transaction	Medium
Vendor	Manifest	bundle-docurl	https://github.com/eclipse-ee4j	Low
Vendor	Manifest	bundle-symbolicname	jakarta.transaction-api	Medium
Vendor	Manifest	extension-name	javax.transaction	Medium
Vendor	Manifest	Implementation-Vendor	EE4J Community	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	artifactid	jakarta.transaction-api	Low
Vendor	pom	developer id	stephen_felts	Medium
Vendor	pom	developer name	Stephen Felts	Medium
Vendor	pom	developer org	Oracle, Inc.	Medium
Vendor	pom	groupid	jakarta.transaction	Highest
Vendor	pom	name	${extension.name} API	High
Vendor	pom	organization name	EE4J Community	High
Vendor	pom	organization url	eclipse-ee4j	Medium
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.jta	Highest
Product	file	name	jakarta.transaction-api	High
Product	jar	package name	javax	Highest
Product	jar	package name	transaction	Highest
Product	Manifest	automatic-module-name	java.transaction	Medium
Product	Manifest	bundle-docurl	https://github.com/eclipse-ee4j	Low
Product	Manifest	Bundle-Name	javax.transaction API	Medium
Product	Manifest	bundle-symbolicname	jakarta.transaction-api	Medium
Product	Manifest	extension-name	javax.transaction	Medium
Product	pom	artifactid	jakarta.transaction-api	Highest
Product	pom	developer id	stephen_felts	Low
Product	pom	developer name	Stephen Felts	Low
Product	pom	developer org	Oracle, Inc.	Low
Product	pom	groupid	jakarta.transaction	Highest
Product	pom	name	${extension.name} API	High
Product	pom	organization name	EE4J Community	Low
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	eclipse-ee4j	High
Product	pom	url	https://projects.eclipse.org/projects/ee4j.jta	Medium
Version	file	version	1.3.3	High
Version	Manifest	Bundle-Version	1.3.3	High
Version	Manifest	Implementation-Version	1.3.3	High
Version	pom	parent-version	1.3.3	Low
Version	pom	version	1.3.3	Highest

Identifiers

pkg:maven/jakarta.transaction/jakarta.transaction-api@1.3.3 (Confidence:High)
cpe:2.3:a:oracle:projects:1.3.3:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.validation-api-2.0.2.jar

Description:

        Jakarta Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.validation-api-2.0.2.jar
MD5: 77501d529c1928c9bac2500cc9f93fb0
SHA1: 5eacc6522521f7eacb081f95cee1e231648461e7
SHA256:b42d42428f3d922c892a909fa043287d577c0c5b165ad9b7d568cebf87fc9ea4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.validation-api	High
Vendor	jar	package name	validation	Highest
Vendor	Manifest	automatic-module-name	java.validation	Medium
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.validation.jakarta.validation-api	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	jakarta.validation-api	Low
Vendor	pom	developer email	emmanuel@hibernate.org	Low
Vendor	pom	developer email	guillaume.smet@hibernate.org	Low
Vendor	pom	developer email	gunnar@hibernate.org	Low
Vendor	pom	developer email	hferents@redhat.com	Low
Vendor	pom	developer id	emmanuelbernard	Medium
Vendor	pom	developer id	epbernard	Medium
Vendor	pom	developer id	guillaume.smet	Medium
Vendor	pom	developer id	gunnar.morling	Medium
Vendor	pom	developer id	hardy.ferentschik	Medium
Vendor	pom	developer name	Emmanuel Bernard	Medium
Vendor	pom	developer name	Guillaume Smet	Medium
Vendor	pom	developer name	Gunnar Morling	Medium
Vendor	pom	developer name	Hardy Ferentschik	Medium
Vendor	pom	developer org	Red Hat, Inc.	Medium
Vendor	pom	groupid	jakarta.validation	Highest
Vendor	pom	name	Jakarta Bean Validation API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	https://beanvalidation.org	Highest
Product	file	name	jakarta.validation-api	High
Product	jar	package name	validation	Highest
Product	Manifest	automatic-module-name	java.validation	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Bean Validation API	Medium
Product	Manifest	bundle-symbolicname	jakarta.validation.jakarta.validation-api	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	jakarta.validation-api	Highest
Product	pom	developer email	emmanuel@hibernate.org	Low
Product	pom	developer email	guillaume.smet@hibernate.org	Low
Product	pom	developer email	gunnar@hibernate.org	Low
Product	pom	developer email	hferents@redhat.com	Low
Product	pom	developer id	emmanuelbernard	Low
Product	pom	developer id	epbernard	Low
Product	pom	developer id	guillaume.smet	Low
Product	pom	developer id	gunnar.morling	Low
Product	pom	developer id	hardy.ferentschik	Low
Product	pom	developer name	Emmanuel Bernard	Low
Product	pom	developer name	Guillaume Smet	Low
Product	pom	developer name	Gunnar Morling	Low
Product	pom	developer name	Hardy Ferentschik	Low
Product	pom	developer org	Red Hat, Inc.	Low
Product	pom	groupid	jakarta.validation	Highest
Product	pom	name	Jakarta Bean Validation API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	https://beanvalidation.org	Medium
Version	file	version	2.0.2	High
Version	Manifest	Bundle-Version	2.0.2	High
Version	pom	parent-version	2.0.2	Low
Version	pom	version	2.0.2	Highest

Identifiers

pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.xml.bind-api-2.3.3.jar

Description:

Jakarta XML Binding API 2.3 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.xml.bind-api-2.3.3.jar
MD5: 61286918ca0192e9f87d1358aef718dd
SHA1: 48e3b9cfc10752fba3521d6511f4165bea951801
SHA256:c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.xml.bind-api	High
Vendor	jar	package name	bind	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Vendor	Manifest	extension-name	jakarta.xml.bind	Medium
Vendor	Manifest	implementation-build-id	2.3.3-RELEASE-fd06b2b	Low
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.xml.bind-api	Low
Vendor	pom	groupid	jakarta.xml.bind	Highest
Vendor	pom	name	Jakarta XML Binding API	High
Vendor	pom	parent-artifactid	jakarta.xml.bind-api-parent	Low
Product	file	name	jakarta.xml.bind-api	High
Product	jar	package name	bind	Highest
Product	jar	package name	xml	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta XML Binding API	Medium
Product	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Product	Manifest	extension-name	jakarta.xml.bind	Medium
Product	Manifest	implementation-build-id	2.3.3-RELEASE-fd06b2b	Low
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	jakarta.xml.bind-api	Highest
Product	pom	groupid	jakarta.xml.bind	Highest
Product	pom	name	Jakarta XML Binding API	High
Product	pom	parent-artifactid	jakarta.xml.bind-api-parent	Medium
Version	file	version	2.3.3	High
Version	Manifest	Bundle-Version	2.3.3	High
Version	Manifest	Implementation-Version	2.3.3	High
Version	pom	version	2.3.3	Highest

Identifiers

pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.xml.soap-api-1.4.2.jar

Description:

Provides the API for creating and building SOAP messages.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.xml.soap-api-1.4.2.jar
MD5: d19eb8a4a5401296985db733868425e0
SHA1: 4f71fa8ca30be4d04ba658339df3c927fa21209a
SHA256:0b2e9db574869c09b18e7fe87482be2e4e14b3f3cc8207646595806eede77706

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.xml.soap-api	High
Vendor	jar	package name	soap	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.xml.soap-api	Medium
Vendor	Manifest	extension-name	jakarta.xml.soap	Medium
Vendor	Manifest	implementation-build-id	1.4.2-RELEASE-27e9ccd	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.xml.soap-api	Low
Vendor	pom	developer id	lukasj	Medium
Vendor	pom	developer name	Lukas Jungmann	Medium
Vendor	pom	developer org	Oracle, Inc.	Medium
Vendor	pom	groupid	jakarta.xml.soap	Highest
Vendor	pom	name	Jakarta SOAP with Attachments API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	eclipse-ee4j/saaj-api	Highest
Product	file	name	jakarta.xml.soap-api	High
Product	jar	package name	soap	Highest
Product	jar	package name	xml	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta SOAP with Attachments API	Medium
Product	Manifest	bundle-symbolicname	jakarta.xml.soap-api	Medium
Product	Manifest	extension-name	jakarta.xml.soap	Medium
Product	Manifest	implementation-build-id	1.4.2-RELEASE-27e9ccd	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	jakarta.xml.soap-api	Highest
Product	pom	developer id	lukasj	Low
Product	pom	developer name	Lukas Jungmann	Low
Product	pom	developer org	Oracle, Inc.	Low
Product	pom	groupid	jakarta.xml.soap	Highest
Product	pom	name	Jakarta SOAP with Attachments API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	eclipse-ee4j/saaj-api	High
Version	file	version	1.4.2	High
Version	Manifest	Bundle-Version	1.4.2	High
Version	Manifest	Implementation-Version	1.4.2	High
Version	pom	parent-version	1.4.2	Low
Version	pom	version	1.4.2	Highest

Identifiers

pkg:maven/jakarta.xml.soap/jakarta.xml.soap-api@1.4.2 (Confidence:High)
cpe:2.3:a:oracle:java_se:1.4.2:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jakarta.xml.ws-api-2.3.3.jar

Description:

Jakarta XML Web Services API

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jakarta.xml.ws-api-2.3.3.jar
MD5: ce470c38b9dbdcb8e505d41d767be748
SHA1: 529fe0136be92861e5a255fbc99146f1943c4332
SHA256:c8e0ba03c47cd5e996fd5d83540caaeab69cd8d531f128318d88e15467d112c1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.xml.ws-api	High
Vendor	hint analyzer	vendor	web services	Medium
Vendor	jar	package name	ws	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.xml.ws-api	Medium
Vendor	Manifest	extension-name	jakarta.xml.ws	Medium
Vendor	Manifest	implementation-build-id	2.3.3-RELEASE-126af43	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.xml.ws-api	Low
Vendor	pom	developer email	lukas.jungmann@oracle.com	Low
Vendor	pom	developer email	Roman.Grigoriadi@oracle.com	Low
Vendor	pom	developer email	zheng.jun.li@oracle.com	Low
Vendor	pom	developer id	bravehorsie	Medium
Vendor	pom	developer id	zhengjl	Medium
Vendor	pom	developer name	Lukas Jungmann	Medium
Vendor	pom	developer name	Roman Grigoriadi	Medium
Vendor	pom	developer name	Zheng Jun Li	Medium
Vendor	pom	developer org	Oracle Corporation	Medium
Vendor	pom	groupid	jakarta.xml.ws	Highest
Vendor	pom	name	Jakarta XML Web Services API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	eclipse-ee4j/jax-ws-api	Highest
Product	file	name	jakarta.xml.ws-api	High
Product	hint analyzer	product	web services	Medium
Product	jar	package name	ws	Highest
Product	jar	package name	xml	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta XML Web Services API	Medium
Product	Manifest	bundle-symbolicname	jakarta.xml.ws-api	Medium
Product	Manifest	extension-name	jakarta.xml.ws	Medium
Product	Manifest	implementation-build-id	2.3.3-RELEASE-126af43	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	jakarta.xml.ws-api	Highest
Product	pom	developer email	lukas.jungmann@oracle.com	Low
Product	pom	developer email	Roman.Grigoriadi@oracle.com	Low
Product	pom	developer email	zheng.jun.li@oracle.com	Low
Product	pom	developer id	bravehorsie	Low
Product	pom	developer id	zhengjl	Low
Product	pom	developer name	Lukas Jungmann	Low
Product	pom	developer name	Roman Grigoriadi	Low
Product	pom	developer name	Zheng Jun Li	Low
Product	pom	developer org	Oracle Corporation	Low
Product	pom	groupid	jakarta.xml.ws	Highest
Product	pom	name	Jakarta XML Web Services API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	eclipse-ee4j/jax-ws-api	High
Version	file	version	2.3.3	High
Version	Manifest	Bundle-Version	2.3.3	High
Version	Manifest	Implementation-Version	2.3.3	High
Version	pom	parent-version	2.3.3	Low
Version	pom	version	2.3.3	Highest

Identifiers

pkg:maven/jakarta.xml.ws/jakarta.xml.ws-api@2.3.3 (Confidence:High)
cpe:2.3:a:web_project:web:2.3.3:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jandex-2.4.2.Final.jar

Description:

Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jandex-2.4.2.Final.jar
MD5: 489f7a97d2ed7ae34ea56d01b3566d57
SHA1: 1e1c385990b258ff1a24c801e84aebbacf70eb39
SHA256:3f2ce55c7d71e744581488dc5105806aa8084c08e6e916a019bab8f8698994f0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jandex	High
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	jar	package name	indexer	Highest
Vendor	jar	package name	jandex	Highest
Vendor	jar	package name	jboss	Highest
Vendor	Manifest	automatic-module-name	org.jboss.jandex	Medium
Vendor	Manifest	build-timestamp	Čt, 6 Led 2022 17:31:47 +0100	Low
Vendor	Manifest	bundle-docurl	http://www.jboss.org	Low
Vendor	Manifest	bundle-symbolicname	org.jboss.jandex	Medium
Vendor	Manifest	implementation-url	http://www.jboss.org/jandex	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	Implementation-Vendor-Id	org.jboss	Medium
Vendor	Manifest	os-arch	amd64	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	artifactid	jandex	Low
Vendor	pom	groupid	org.jboss	Highest
Vendor	pom	name	Java Annotation Indexer	High
Vendor	pom	parent-artifactid	jboss-parent	Low
Product	file	name	jandex	High
Product	jar	package name	indexer	Highest
Product	jar	package name	jandex	Highest
Product	jar	package name	jboss	Highest
Product	Manifest	automatic-module-name	org.jboss.jandex	Medium
Product	Manifest	build-timestamp	Čt, 6 Led 2022 17:31:47 +0100	Low
Product	Manifest	bundle-docurl	http://www.jboss.org	Low
Product	Manifest	Bundle-Name	Java Annotation Indexer	Medium
Product	Manifest	bundle-symbolicname	org.jboss.jandex	Medium
Product	Manifest	Implementation-Title	Java Annotation Indexer	High
Product	Manifest	implementation-url	http://www.jboss.org/jandex	Low
Product	Manifest	os-arch	amd64	Low
Product	Manifest	os-name	Linux	Medium
Product	Manifest	specification-title	Java Annotation Indexer	Medium
Product	pom	artifactid	jandex	Highest
Product	pom	groupid	org.jboss	Highest
Product	pom	name	Java Annotation Indexer	High
Product	pom	parent-artifactid	jboss-parent	Medium
Version	Manifest	Bundle-Version	2.4.2.Final	High
Version	Manifest	Implementation-Version	2.4.2.Final	High
Version	pom	parent-version	2.4.2.Final	Low
Version	pom	version	2.4.2.Final	Highest

Identifiers

pkg:maven/org.jboss/jandex@2.4.2.Final (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: java-jwt-4.4.0.jar

Description:

Java implementation of JSON Web Token (JWT)

License:

The MIT License (MIT): https://raw.githubusercontent.com/auth0/java-jwt/master/LICENSE

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/java-jwt-4.4.0.jar
MD5: 7fe567995099e1ee3f45adbc2f3c18c5
SHA1: 0e02407d19971bfa241441212901dd327a37722b
SHA256:173aab2a30727e5586e13055fb6c4e27112453f5d8cf1136b3369c674cbe011f

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	java-jwt	Highest
Vendor	central	groupid	com.auth0	Highest
Vendor	file	name	java-jwt	High
Vendor	jar	package name	auth0	Low
Vendor	jar	package name	jwt	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	java-jwt	Low
Vendor	pom	developer email	hernan@auth0.com	Low
Vendor	pom	developer email	luciano.balmaceda@auth0.com	Low
Vendor	pom	developer email	oss@auth0.com	Low
Vendor	pom	developer id	auth0	Medium
Vendor	pom	developer id	hzalaz	Medium
Vendor	pom	developer id	lbalmaceda	Medium
Vendor	pom	developer name	Auth0	Medium
Vendor	pom	developer name	Hernan Zalazar	Medium
Vendor	pom	developer name	Luciano Balmaceda	Medium
Vendor	pom	groupid	com.auth0	Highest
Vendor	pom	name	java jwt	High
Vendor	pom	url	auth0/java-jwt	Highest
Product	central	artifactid	java-jwt	Highest
Product	file	name	java-jwt	High
Product	jar	package name	jwt	Highest
Product	jar	package name	jwt	Low
Product	Manifest	Implementation-Title	java-jwt	High
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	java-jwt	Highest
Product	pom	developer email	hernan@auth0.com	Low
Product	pom	developer email	luciano.balmaceda@auth0.com	Low
Product	pom	developer email	oss@auth0.com	Low
Product	pom	developer id	auth0	Low
Product	pom	developer id	hzalaz	Low
Product	pom	developer id	lbalmaceda	Low
Product	pom	developer name	Auth0	Low
Product	pom	developer name	Hernan Zalazar	Low
Product	pom	developer name	Luciano Balmaceda	Low
Product	pom	groupid	com.auth0	Highest
Product	pom	name	java jwt	High
Product	pom	url	auth0/java-jwt	High
Version	central	version	4.4.0	Highest
Version	file	version	4.4.0	High
Version	Manifest	Implementation-Version	4.4.0	High
Version	pom	version	4.4.0	Highest

Identifiers

pkg:maven/com.auth0/java-jwt@4.4.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: javassist-3.27.0-GA.jar

Description:

  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/javassist-3.27.0-GA.jar
MD5: 05ea852668c9e38294d1bb823af95a70
SHA1: f63e6aa899e15eca8fdaa402a79af4c417252213
SHA256:0730bdb1547a5a3f458d60400d804078d80f329c5b5dbc2498a4e220de8f7013

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	javassist	High
Vendor	jar	package name	bytecode	Highest
Vendor	jar	package name	javassist	Highest
Vendor	Manifest	bundle-symbolicname	javassist	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Shigeru Chiba, www.javassist.org	Low
Vendor	pom	artifactid	javassist	Low
Vendor	pom	developer email	adinn@redhat.com	Low
Vendor	pom	developer email	chiba@javassist.org	Low
Vendor	pom	developer email	kabir.khan@jboss.com	Low
Vendor	pom	developer email	smarlow@redhat.com	Low
Vendor	pom	developer id	adinn	Medium
Vendor	pom	developer id	chiba	Medium
Vendor	pom	developer id	kabir.khan@jboss.com	Medium
Vendor	pom	developer id	scottmarlow	Medium
Vendor	pom	developer name	Andrew Dinn	Medium
Vendor	pom	developer name	Kabir Khan	Medium
Vendor	pom	developer name	Scott Marlow	Medium
Vendor	pom	developer name	Shigeru Chiba	Medium
Vendor	pom	developer org	JBoss	Medium
Vendor	pom	developer org	The Javassist Project	Medium
Vendor	pom	developer org URL	http://www.javassist.org/	Medium
Vendor	pom	developer org URL	http://www.jboss.org/	Medium
Vendor	pom	groupid	org.javassist	Highest
Vendor	pom	name	Javassist	High
Vendor	pom	organization name	Shigeru Chiba, www.javassist.org	High
Vendor	pom	url	http://www.javassist.org/	Highest
Product	file	name	javassist	High
Product	jar	package name	bytecode	Highest
Product	jar	package name	javassist	Highest
Product	Manifest	Bundle-Name	Javassist	Medium
Product	Manifest	bundle-symbolicname	javassist	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Javassist	Medium
Product	pom	artifactid	javassist	Highest
Product	pom	developer email	adinn@redhat.com	Low
Product	pom	developer email	chiba@javassist.org	Low
Product	pom	developer email	kabir.khan@jboss.com	Low
Product	pom	developer email	smarlow@redhat.com	Low
Product	pom	developer id	adinn	Low
Product	pom	developer id	chiba	Low
Product	pom	developer id	kabir.khan@jboss.com	Low
Product	pom	developer id	scottmarlow	Low
Product	pom	developer name	Andrew Dinn	Low
Product	pom	developer name	Kabir Khan	Low
Product	pom	developer name	Scott Marlow	Low
Product	pom	developer name	Shigeru Chiba	Low
Product	pom	developer org	JBoss	Low
Product	pom	developer org	The Javassist Project	Low
Product	pom	developer org URL	http://www.javassist.org/	Low
Product	pom	developer org URL	http://www.jboss.org/	Low
Product	pom	groupid	org.javassist	Highest
Product	pom	name	Javassist	High
Product	pom	organization name	Shigeru Chiba, www.javassist.org	Low
Product	pom	url	http://www.javassist.org/	Medium
Version	Manifest	specification-version	3.27.0-GA	High
Version	pom	version	3.27.0-GA	Highest

Identifiers

pkg:maven/org.javassist/javassist@3.27.0-GA (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: javax.batch-api-1.0.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/javax.batch-api-1.0.jar
MD5: d2c9b38431c46dc26a9eb722a6ff8903
SHA1: 65392d027a6eb369fd9fcd1b75cae150e25ac03c
SHA256:784190953892bab713a5dc5d2a611ec6b71c5d0adcd69c96db0870f3712ea24b

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	javax.batch-api	High
Vendor	jar	package name	api	Highest
Vendor	jar	package name	batch	Highest
Vendor	jar	package name	javax	Highest
Vendor	Manifest	bundle-symbolicname	javax.batch-api	Medium
Vendor	Manifest	extension-name	javax.batch	Medium
Vendor	pom	artifactid	javax.batch-api	Low
Vendor	pom	groupid	javax.batch	Highest
Vendor	pom	parent-artifactid	jbatch	Low
Product	file	name	javax.batch-api	High
Product	jar	package name	api	Highest
Product	jar	package name	batch	Highest
Product	jar	package name	javax	Highest
Product	Manifest	Bundle-Name	javax.batch-api	Medium
Product	Manifest	bundle-symbolicname	javax.batch-api	Medium
Product	Manifest	extension-name	javax.batch	Medium
Product	pom	artifactid	javax.batch-api	Highest
Product	pom	groupid	javax.batch	Highest
Product	pom	parent-artifactid	jbatch	Medium
Version	file	version	1.0	High
Version	Manifest	Bundle-Version	1.0	High
Version	Manifest	Implementation-Version	1.0	High
Version	pom	version	1.0	Highest

Identifiers

pkg:maven/javax.batch/javax.batch-api@1.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: javax.jws-api-1.1.jar

Description:

Java EE Web Services Metadata API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/javax.jws-api-1.1.jar
MD5: 69723c79242ebda0d321b5ec8fbdf4fb
SHA1: c623941ebd225bb05ea546dc81590a62e40e4fce
SHA256:9f20ab1fea3f9571ed52a9d98e3c651cc7c04c8a709addf238312b60987c6f2c

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	javax.jws-api	High
Vendor	jar	package name	javax	Highest
Vendor	jar	package name	jws	Highest
Vendor	Manifest	bundle-docurl	https://glassfish.java.net	Low
Vendor	Manifest	bundle-symbolicname	javax.jws-api	Medium
Vendor	Manifest	extension-name	javax.jws	Medium
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))"	Low
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	artifactid	javax.jws-api	Low
Vendor	pom	developer id	snajper	Medium
Vendor	pom	developer name	Martin Grebac	Medium
Vendor	pom	developer org	Oracle, Inc.	Medium
Vendor	pom	groupid	javax.jws	Highest
Vendor	pom	name	${extension.name} API	High
Vendor	pom	organization name	GlassFish Community	High
Vendor	pom	organization url	https://glassfish.java.net	Medium
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	pom	parent-groupid	net.java	Medium
Vendor	pom	url	http://glassfish.java.net	Highest
Product	file	name	javax.jws-api	High
Product	jar	package name	javax	Highest
Product	jar	package name	jws	Highest
Product	Manifest	bundle-docurl	https://glassfish.java.net	Low
Product	Manifest	Bundle-Name	javax.jws API	Medium
Product	Manifest	bundle-symbolicname	javax.jws-api	Medium
Product	Manifest	extension-name	javax.jws	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))"	Low
Product	pom	artifactid	javax.jws-api	Highest
Product	pom	developer id	snajper	Low
Product	pom	developer name	Martin Grebac	Low
Product	pom	developer org	Oracle, Inc.	Low
Product	pom	groupid	javax.jws	Highest
Product	pom	name	${extension.name} API	High
Product	pom	organization name	GlassFish Community	Low
Product	pom	organization url	https://glassfish.java.net	Low
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	pom	parent-groupid	net.java	Medium
Product	pom	url	http://glassfish.java.net	Medium
Version	file	version	1.1	High
Version	Manifest	Bundle-Version	1.1	High
Version	Manifest	Implementation-Version	1.1	High
Version	pom	parent-version	1.1	Low
Version	pom	version	1.1	Highest

Identifiers

pkg:maven/javax.jws/javax.jws-api@1.1 (Confidence:High)
cpe:2.3:a:oracle:java_se:1.1:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jaxb-runtime-2.3.9.jar

Description:

JAXB (JSR 222) Reference Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jaxb-runtime-2.3.9.jar
MD5: 9383286160dde0e1a0fec25aee8a44ef
SHA1: 9d42b4f19df7e20b625b2044a7de81d95f6dff29
SHA256:ba88e5bde7c0d878c3e1f2ec2fcabaf51d201eaf93b3bb9cfecfc1f11b2304d4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jaxb-runtime	High
Vendor	jar	package name	bind	Highest
Vendor	jar	package name	com	Highest
Vendor	jar	package name	sun	Highest
Vendor	jar	package name	xml	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	org.glassfish.jaxb.runtime	Medium
Vendor	Manifest	git-revision	143ffd0	Low
Vendor	Manifest	implementation-build-id	2.3.9 - 143ffd0	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish.jaxb	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	jaxb-runtime	Low
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	pom	name	JAXB Runtime	High
Vendor	pom	parent-artifactid	jaxb-runtime-parent	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	pom	url	https://eclipse-ee4j.github.io/jaxb-ri/	Highest
Product	file	name	jaxb-runtime	High
Product	jar	package name	9	Highest
Product	jar	package name	bind	Highest
Product	jar	package name	com	Highest
Product	jar	package name	sun	Highest
Product	jar	package name	xml	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	JAXB Runtime	Medium
Product	Manifest	bundle-symbolicname	org.glassfish.jaxb.runtime	Medium
Product	Manifest	git-revision	143ffd0	Low
Product	Manifest	implementation-build-id	2.3.9 - 143ffd0	Low
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	pom	artifactid	jaxb-runtime	Highest
Product	pom	groupid	org.glassfish.jaxb	Highest
Product	pom	name	JAXB Runtime	High
Product	pom	parent-artifactid	jaxb-runtime-parent	Medium
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	pom	url	https://eclipse-ee4j.github.io/jaxb-ri/	Medium
Version	file	version	2.3.9	High
Version	Manifest	build-id	2.3.9	Medium
Version	Manifest	Bundle-Version	2.3.9	High
Version	Manifest	implementation-build-id	2.3.9	Low
Version	Manifest	Implementation-Version	2.3.9	High
Version	Manifest	major-version	2.3.9	Medium
Version	pom	version	2.3.9	Highest

Identifiers

pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 (Confidence:High)
cpe:2.3:a:eclipse:glassfish:2.3.9:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-9329

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.17

ffl-admindentaire-packaging-1.0.4.jar: jboss-logging-3.4.3.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jboss-logging-3.4.3.Final.jar
MD5: b298d4b79e591843c1eb1458ea79f070
SHA1: c4bd7e12a745c0e7f6cf98c45cdcdf482fd827ea
SHA256:0b324cca4d550060e51e70cc0045a6cce62f264278ec1f5082aafeb670fcac49

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jboss-logging	High
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	jar	package name	jboss	Highest
Vendor	jar	package name	logging	Highest
Vendor	Manifest	automatic-module-name	org.jboss.logging	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	http://www.jboss.org	Low
Vendor	Manifest	bundle-symbolicname	org.jboss.logging.jboss-logging	Medium
Vendor	Manifest	implementation-url	http://www.jboss.org	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	artifactid	jboss-logging	Low
Vendor	pom	groupid	org.jboss.logging	Highest
Vendor	pom	name	JBoss Logging 3	High
Vendor	pom	parent-artifactid	jboss-parent	Low
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	pom	url	http://www.jboss.org	Highest
Product	file	name	jboss-logging	High
Product	jar	package name	jboss	Highest
Product	jar	package name	logging	Highest
Product	Manifest	automatic-module-name	org.jboss.logging	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	http://www.jboss.org	Low
Product	Manifest	Bundle-Name	JBoss Logging 3	Medium
Product	Manifest	bundle-symbolicname	org.jboss.logging.jboss-logging	Medium
Product	Manifest	Implementation-Title	JBoss Logging 3	High
Product	Manifest	implementation-url	http://www.jboss.org	Low
Product	Manifest	os-arch	amd64	Low
Product	Manifest	os-name	Linux	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	JBoss Logging 3	Medium
Product	pom	artifactid	jboss-logging	Highest
Product	pom	groupid	org.jboss.logging	Highest
Product	pom	name	JBoss Logging 3	High
Product	pom	parent-artifactid	jboss-parent	Medium
Product	pom	parent-groupid	org.jboss	Medium
Product	pom	url	http://www.jboss.org	Medium
Version	Manifest	Bundle-Version	3.4.3.Final	High
Version	Manifest	Implementation-Version	3.4.3.Final	High
Version	pom	parent-version	3.4.3.Final	Low
Version	pom	version	3.4.3.Final	Highest

Identifiers

pkg:maven/org.jboss.logging/jboss-logging@3.4.3.Final (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: json-path-2.7.0.jar

Description:

Java port of Stefan Goessner JsonPath.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/json-path-2.7.0.jar
MD5: 2db2100b179bd83518fef0b563433a15
SHA1: f9d7d9659f2694e61142046ff8a216c047f263e8
SHA256:de82f0e4602eea0187df36779ae8cfc1653b6d920125674af4d365d0bca59508

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	json-path	Highest
Vendor	central	groupid	com.jayway.jsonpath	Highest
Vendor	file	name	json-path	High
Vendor	jar	package name	internal	Low
Vendor	jar	package name	jayway	Low
Vendor	jar	package name	json	Highest
Vendor	jar	package name	jsonpath	Low
Vendor	jar	package name	path	Highest
Vendor	Manifest	bundle-symbolicname	json-path	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	json-path	Low
Vendor	pom	developer email	kalle.stenflo (a) gmail.com	Low
Vendor	pom	developer id	kalle.stenflo	Medium
Vendor	pom	developer name	Kalle Stenflo	Medium
Vendor	pom	groupid	com.jayway.jsonpath	Highest
Vendor	pom	name	project ':json-path'	High
Vendor	pom	url	jayway/JsonPath	Highest
Product	central	artifactid	json-path	Highest
Product	file	name	json-path	High
Product	jar	package name	filter	Highest
Product	jar	package name	internal	Low
Product	jar	package name	json	Highest
Product	jar	package name	jsonpath	Low
Product	jar	package name	path	Highest
Product	Manifest	Bundle-Name	json-path	Medium
Product	Manifest	bundle-symbolicname	json-path	Medium
Product	Manifest	Implementation-Title	json-path	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	json-path	Highest
Product	pom	developer email	kalle.stenflo (a) gmail.com	Low
Product	pom	developer id	kalle.stenflo	Low
Product	pom	developer name	Kalle Stenflo	Low
Product	pom	groupid	com.jayway.jsonpath	Highest
Product	pom	name	project ':json-path'	High
Product	pom	url	jayway/JsonPath	High
Version	central	version	2.7.0	Highest
Version	file	version	2.7.0	High
Version	Manifest	Bundle-Version	2.7.0	High
Version	Manifest	Implementation-Version	2.7.0	High
Version	pom	version	2.7.0	Highest

Identifiers

pkg:maven/com.jayway.jsonpath/json-path@2.7.0 (Confidence:High)
cpe:2.3:a:json-path:jayway_jsonpath:2.7.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2023-51074 (OSSINDEX)

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.

CWE-Other

CVSSv2:

Base Score: MEDIUM (5.3)
Vector: /AV:N/AC:L/Au:/C:N/I:N/A:L

References:

OSSINDEX - [CVE-2023-51074] CWE-Other
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51074
OSSIndex - https://github.com/json-path/JsonPath/issues/973

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.jayway.jsonpath:json-path:2.7.0:*:*:*:*:*:*:*

ffl-admindentaire-packaging-1.0.4.jar: json-smart-2.4.11.jar

Description:

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/json-smart-2.4.11.jar
MD5: 323dbbcafd96353661c283118e74bd99
SHA1: cc5888f14a5768f254b97bafe8b9fd29b31e872e
SHA256:f2ffb40160d85a246b4a4337edcaf812db2811af075f2de9e285f0be998a2ee0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	json-smart	High
Vendor	jar	package name	json	Highest
Vendor	jar	package name	minidev	Highest
Vendor	jar	package name	net	Highest
Vendor	jar	package name	parser	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://urielch.github.io/	Low
Vendor	Manifest	bundle-symbolicname	net.minidev.json-smart	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	json-smart	Low
Vendor	pom	developer email	adoneitan@gmail.com	Low
Vendor	pom	developer email	shoothzj@gmail.com	Low
Vendor	pom	developer email	uchemouni@gmail.com	Low
Vendor	pom	developer id	erav	Medium
Vendor	pom	developer id	Shoothzj	Medium
Vendor	pom	developer id	uriel	Medium
Vendor	pom	developer name	Eitan Raviv	Medium
Vendor	pom	developer name	Uriel Chemouni	Medium
Vendor	pom	developer name	ZhangJian He	Medium
Vendor	pom	groupid	net.minidev	Highest
Vendor	pom	name	JSON Small and Fast Parser	High
Vendor	pom	organization name	Chemouni Uriel	High
Vendor	pom	organization url	https://urielch.github.io/	Medium
Vendor	pom	url	https://urielch.github.io/	Highest
Product	file	name	json-smart	High
Product	jar	package name	json	Highest
Product	jar	package name	minidev	Highest
Product	jar	package name	net	Highest
Product	jar	package name	parser	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://urielch.github.io/	Low
Product	Manifest	Bundle-Name	json-smart	Medium
Product	Manifest	bundle-symbolicname	net.minidev.json-smart	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	json-smart	Highest
Product	pom	developer email	adoneitan@gmail.com	Low
Product	pom	developer email	shoothzj@gmail.com	Low
Product	pom	developer email	uchemouni@gmail.com	Low
Product	pom	developer id	erav	Low
Product	pom	developer id	Shoothzj	Low
Product	pom	developer id	uriel	Low
Product	pom	developer name	Eitan Raviv	Low
Product	pom	developer name	Uriel Chemouni	Low
Product	pom	developer name	ZhangJian He	Low
Product	pom	groupid	net.minidev	Highest
Product	pom	name	JSON Small and Fast Parser	High
Product	pom	organization name	Chemouni Uriel	Low
Product	pom	organization url	https://urielch.github.io/	Low
Product	pom	url	https://urielch.github.io/	Medium
Version	file	version	2.4.11	High
Version	Manifest	Bundle-Version	2.4.11	High
Version	pom	version	2.4.11	Highest

Identifiers

pkg:maven/net.minidev/json-smart@2.4.11 (Confidence:High)
cpe:2.3:a:json-smart_project:json-smart:2.4.11:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:json-smart_project:json-smart-v2:2.4.11:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: jsonassert-1.5.1.jar

Description:

A library to develop RESTful but flexible APIs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jsonassert-1.5.1.jar
MD5: 60a7d3d352b233487d735f4b86802717
SHA1: 6d842d0faf4cf6725c509a5e5347d319ee0431c3
SHA256:1e9a7c443d0dd579906646d767f3701918a78cb88a93112f528305fc9095d261

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsonassert	High
Vendor	jar	package name	jsonassert	Highest
Vendor	jar	package name	jsonassert	Low
Vendor	jar	package name	skyscreamer	Highest
Vendor	jar	package name	skyscreamer	Low
Vendor	pom	artifactid	jsonassert	Low
Vendor	pom	developer email	carter@skyscreamer.org	Low
Vendor	pom	developer email	corby@skyscreamer.org	Low
Vendor	pom	developer email	solomon@skyscreamer.org	Low
Vendor	pom	developer id	carterpage	Medium
Vendor	pom	developer id	cepage	Medium
Vendor	pom	developer id	sduskis	Medium
Vendor	pom	developer name	Carter Page	Medium
Vendor	pom	developer name	Corby Page	Medium
Vendor	pom	developer name	Solomon Duskis	Medium
Vendor	pom	groupid	org.skyscreamer	Highest
Vendor	pom	name	JSONassert	High
Vendor	pom	url	skyscreamer/JSONassert	Highest
Product	file	name	jsonassert	High
Product	jar	package name	jsonassert	Highest
Product	jar	package name	jsonassert	Low
Product	jar	package name	skyscreamer	Highest
Product	pom	artifactid	jsonassert	Highest
Product	pom	developer email	carter@skyscreamer.org	Low
Product	pom	developer email	corby@skyscreamer.org	Low
Product	pom	developer email	solomon@skyscreamer.org	Low
Product	pom	developer id	carterpage	Low
Product	pom	developer id	cepage	Low
Product	pom	developer id	sduskis	Low
Product	pom	developer name	Carter Page	Low
Product	pom	developer name	Corby Page	Low
Product	pom	developer name	Solomon Duskis	Low
Product	pom	groupid	org.skyscreamer	Highest
Product	pom	name	JSONassert	High
Product	pom	url	skyscreamer/JSONassert	High
Version	file	version	1.5.1	High
Version	pom	version	1.5.1	Highest

Identifiers

pkg:maven/org.skyscreamer/jsonassert@1.5.1 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: jul-to-slf4j-1.7.36.jar

Description:

JUL to SLF4J bridge

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/jul-to-slf4j-1.7.36.jar
MD5: 2a3fe73e6cafe8f102facaf2dd65353f
SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca
SHA256:9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jul-to-slf4j	High
Vendor	jar	package name	bridge	Highest
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	jul.to.slf4j	Medium
Vendor	pom	artifactid	jul-to-slf4j	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	JUL to SLF4J bridge	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	jul-to-slf4j	High
Product	jar	package name	bridge	Highest
Product	jar	package name	slf4j	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	jul-to-slf4j	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	jul.to.slf4j	Medium
Product	pom	artifactid	jul-to-slf4j	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	JUL to SLF4J bridge	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	1.7.36	High
Version	Manifest	Bundle-Version	1.7.36	High
Version	Manifest	Implementation-Version	1.7.36	High
Version	pom	version	1.7.36	Highest

Identifiers

pkg:maven/org.slf4j/jul-to-slf4j@1.7.36 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: junit-4.13.2.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/junit-4.13.2.jar
MD5: d98a9a02a99a9acd22d7653cbcc1f31f
SHA1: 8ac9e16d933b6fb43bc7f576336b8f4d7eb5ba12
SHA256:8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	junit	Highest
Vendor	central	groupid	junit	Highest
Vendor	file	name	junit	High
Vendor	jar	package name	junit	Highest
Vendor	jar	package name	junit	Low
Vendor	Manifest	automatic-module-name	junit	Medium
Vendor	Manifest	implementation-url	http://junit.org	Low
Vendor	Manifest	Implementation-Vendor	JUnit	High
Vendor	Manifest	Implementation-Vendor-Id	junit	Medium
Vendor	pom	artifactid	junit	Low
Vendor	pom	developer email	david@saff.net	Low
Vendor	pom	developer email	kcooney@google.com	Low
Vendor	pom	developer email	mail@marcphilipp.de	Low
Vendor	pom	developer email	mail@stefan-birkner.de	Low
Vendor	pom	developer id	dsaff	Medium
Vendor	pom	developer id	kcooney	Medium
Vendor	pom	developer id	marcphilipp	Medium
Vendor	pom	developer id	stefanbirkner	Medium
Vendor	pom	developer name	David Saff	Medium
Vendor	pom	developer name	Kevin Cooney	Medium
Vendor	pom	developer name	Marc Philipp	Medium
Vendor	pom	developer name	Stefan Birkner	Medium
Vendor	pom	groupid	junit	Highest
Vendor	pom	name	JUnit	High
Vendor	pom	organization name	JUnit	High
Vendor	pom	organization url	http://www.junit.org	Medium
Vendor	pom	url	http://junit.org	Highest
Product	central	artifactid	junit	Highest
Product	file	name	junit	High
Product	jar	package name	junit	Highest
Product	Manifest	automatic-module-name	junit	Medium
Product	Manifest	Implementation-Title	JUnit	High
Product	Manifest	implementation-url	http://junit.org	Low
Product	pom	artifactid	junit	Highest
Product	pom	developer email	david@saff.net	Low
Product	pom	developer email	kcooney@google.com	Low
Product	pom	developer email	mail@marcphilipp.de	Low
Product	pom	developer email	mail@stefan-birkner.de	Low
Product	pom	developer id	dsaff	Low
Product	pom	developer id	kcooney	Low
Product	pom	developer id	marcphilipp	Low
Product	pom	developer id	stefanbirkner	Low
Product	pom	developer name	David Saff	Low
Product	pom	developer name	Kevin Cooney	Low
Product	pom	developer name	Marc Philipp	Low
Product	pom	developer name	Stefan Birkner	Low
Product	pom	groupid	junit	Highest
Product	pom	name	JUnit	High
Product	pom	organization name	JUnit	Low
Product	pom	organization url	http://www.junit.org	Low
Product	pom	url	http://junit.org	Medium
Version	central	version	4.13.2	Highest
Version	file	version	4.13.2	High
Version	Manifest	Implementation-Version	4.13.2	High
Version	pom	version	4.13.2	Highest

Identifiers

pkg:maven/junit/junit@4.13.2 (Confidence:High)
cpe:2.3:a:junit:junit4:4.13.2:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: junit-jupiter-5.11.0.jar

Description:

Module "junit-jupiter" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/junit-jupiter-5.11.0.jar
MD5: c1fb54dff8a4be3014bbdf7ba15d5d48
SHA1: 7ded0835a2522be8e559ac09baff3e9fb2607b27
SHA256:234fe3f9118628d6de625ecc3d69140515e786fdf3cef037fc6ec94823c23ab6

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	junit-jupiter	Highest
Vendor	central	groupid	org.junit.jupiter	Highest
Vendor	file	name	junit-jupiter	High
Vendor	jar	package name	module-info	Low
Vendor	Manifest	build-date	2024-08-14	Low
Vendor	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Vendor	Manifest	build-time	11:20:33.375+0200	Low
Vendor	Manifest	bundle-symbolicname	junit-jupiter	Medium
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	pom	artifactid	junit-jupiter	Low
Vendor	pom	developer email	business@johanneslink.net	Low
Vendor	pom	developer email	derancourt.juliette@gmail.com	Low
Vendor	pom	developer email	mail@marcphilipp.de	Low
Vendor	pom	developer email	matthias.merdes@heidelpay.com	Low
Vendor	pom	developer email	sam@sambrannen.com	Low
Vendor	pom	developer email	sormuras@gmail.com	Low
Vendor	pom	developer email	stefan.bechtold@me.com	Low
Vendor	pom	developer id	bechte	Medium
Vendor	pom	developer id	jlink	Medium
Vendor	pom	developer id	juliette-derancourt	Medium
Vendor	pom	developer id	marcphilipp	Medium
Vendor	pom	developer id	mmerdes	Medium
Vendor	pom	developer id	sbrannen	Medium
Vendor	pom	developer id	sormuras	Medium
Vendor	pom	developer name	Christian Stein	Medium
Vendor	pom	developer name	Johannes Link	Medium
Vendor	pom	developer name	Juliette de Rancourt	Medium
Vendor	pom	developer name	Marc Philipp	Medium
Vendor	pom	developer name	Matthias Merdes	Medium
Vendor	pom	developer name	Sam Brannen	Medium
Vendor	pom	developer name	Stefan Bechtold	Medium
Vendor	pom	groupid	org.junit.jupiter	Highest
Vendor	pom	name	JUnit Jupiter (Aggregator)	High
Vendor	pom	url	https://junit.org/junit5/	Highest
Product	central	artifactid	junit-jupiter	Highest
Product	file	name	junit-jupiter	High
Product	Manifest	build-date	2024-08-14	Low
Product	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Product	Manifest	build-time	11:20:33.375+0200	Low
Product	Manifest	Bundle-Name	JUnit Jupiter (Aggregator)	Medium
Product	Manifest	bundle-symbolicname	junit-jupiter	Medium
Product	Manifest	Implementation-Title	junit-jupiter	High
Product	Manifest	specification-title	junit-jupiter	Medium
Product	pom	artifactid	junit-jupiter	Highest
Product	pom	developer email	business@johanneslink.net	Low
Product	pom	developer email	derancourt.juliette@gmail.com	Low
Product	pom	developer email	mail@marcphilipp.de	Low
Product	pom	developer email	matthias.merdes@heidelpay.com	Low
Product	pom	developer email	sam@sambrannen.com	Low
Product	pom	developer email	sormuras@gmail.com	Low
Product	pom	developer email	stefan.bechtold@me.com	Low
Product	pom	developer id	bechte	Low
Product	pom	developer id	jlink	Low
Product	pom	developer id	juliette-derancourt	Low
Product	pom	developer id	marcphilipp	Low
Product	pom	developer id	mmerdes	Low
Product	pom	developer id	sbrannen	Low
Product	pom	developer id	sormuras	Low
Product	pom	developer name	Christian Stein	Low
Product	pom	developer name	Johannes Link	Low
Product	pom	developer name	Juliette de Rancourt	Low
Product	pom	developer name	Marc Philipp	Low
Product	pom	developer name	Matthias Merdes	Low
Product	pom	developer name	Sam Brannen	Low
Product	pom	developer name	Stefan Bechtold	Low
Product	pom	groupid	org.junit.jupiter	Highest
Product	pom	name	JUnit Jupiter (Aggregator)	High
Product	pom	url	https://junit.org/junit5/	Medium
Version	central	version	5.11.0	Highest
Version	file	version	5.11.0	High
Version	Manifest	Bundle-Version	5.11.0	High
Version	Manifest	Implementation-Version	5.11.0	High
Version	pom	version	5.11.0	Highest

Identifiers

pkg:maven/org.junit.jupiter/junit-jupiter@5.11.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: junit-jupiter-api-5.11.0.jar

Description:

Module "junit-jupiter-api" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/junit-jupiter-api-5.11.0.jar
MD5: fc81c1495c12380b4190f6b69d0be84a
SHA1: 02093fd814e940224cfa5a1882d87cc9d81e25c3
SHA256:42aa202fc862f76cc5af65b47b1c0b1961cdd79cd2216405a6dfa2bd20b20974

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	junit-jupiter-api	Highest
Vendor	central	groupid	org.junit.jupiter	Highest
Vendor	file	name	junit-jupiter-api	High
Vendor	jar	package name	api	Highest
Vendor	jar	package name	api	Low
Vendor	jar	package name	junit	Highest
Vendor	jar	package name	junit	Low
Vendor	jar	package name	jupiter	Highest
Vendor	jar	package name	jupiter	Low
Vendor	Manifest	build-date	2024-08-14	Low
Vendor	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Vendor	Manifest	build-time	11:20:33.375+0200	Low
Vendor	Manifest	bundle-symbolicname	junit-jupiter-api	Medium
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	require-capability	org.junit.platform.engine;filter:="(&(org.junit.platform.engine=junit-jupiter)(version>=5.11.0)(!(version>=6)))";effective:=active,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	pom	artifactid	junit-jupiter-api	Low
Vendor	pom	developer email	business@johanneslink.net	Low
Vendor	pom	developer email	derancourt.juliette@gmail.com	Low
Vendor	pom	developer email	mail@marcphilipp.de	Low
Vendor	pom	developer email	matthias.merdes@heidelpay.com	Low
Vendor	pom	developer email	sam@sambrannen.com	Low
Vendor	pom	developer email	sormuras@gmail.com	Low
Vendor	pom	developer email	stefan.bechtold@me.com	Low
Vendor	pom	developer id	bechte	Medium
Vendor	pom	developer id	jlink	Medium
Vendor	pom	developer id	juliette-derancourt	Medium
Vendor	pom	developer id	marcphilipp	Medium
Vendor	pom	developer id	mmerdes	Medium
Vendor	pom	developer id	sbrannen	Medium
Vendor	pom	developer id	sormuras	Medium
Vendor	pom	developer name	Christian Stein	Medium
Vendor	pom	developer name	Johannes Link	Medium
Vendor	pom	developer name	Juliette de Rancourt	Medium
Vendor	pom	developer name	Marc Philipp	Medium
Vendor	pom	developer name	Matthias Merdes	Medium
Vendor	pom	developer name	Sam Brannen	Medium
Vendor	pom	developer name	Stefan Bechtold	Medium
Vendor	pom	groupid	org.junit.jupiter	Highest
Vendor	pom	name	JUnit Jupiter API	High
Vendor	pom	url	https://junit.org/junit5/	Highest
Product	central	artifactid	junit-jupiter-api	Highest
Product	file	name	junit-jupiter-api	High
Product	jar	package name	api	Highest
Product	jar	package name	api	Low
Product	jar	package name	junit	Highest
Product	jar	package name	jupiter	Highest
Product	jar	package name	jupiter	Low
Product	Manifest	build-date	2024-08-14	Low
Product	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Product	Manifest	build-time	11:20:33.375+0200	Low
Product	Manifest	Bundle-Name	JUnit Jupiter API	Medium
Product	Manifest	bundle-symbolicname	junit-jupiter-api	Medium
Product	Manifest	Implementation-Title	junit-jupiter-api	High
Product	Manifest	require-capability	org.junit.platform.engine;filter:="(&(org.junit.platform.engine=junit-jupiter)(version>=5.11.0)(!(version>=6)))";effective:=active,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	junit-jupiter-api	Medium
Product	pom	artifactid	junit-jupiter-api	Highest
Product	pom	developer email	business@johanneslink.net	Low
Product	pom	developer email	derancourt.juliette@gmail.com	Low
Product	pom	developer email	mail@marcphilipp.de	Low
Product	pom	developer email	matthias.merdes@heidelpay.com	Low
Product	pom	developer email	sam@sambrannen.com	Low
Product	pom	developer email	sormuras@gmail.com	Low
Product	pom	developer email	stefan.bechtold@me.com	Low
Product	pom	developer id	bechte	Low
Product	pom	developer id	jlink	Low
Product	pom	developer id	juliette-derancourt	Low
Product	pom	developer id	marcphilipp	Low
Product	pom	developer id	mmerdes	Low
Product	pom	developer id	sbrannen	Low
Product	pom	developer id	sormuras	Low
Product	pom	developer name	Christian Stein	Low
Product	pom	developer name	Johannes Link	Low
Product	pom	developer name	Juliette de Rancourt	Low
Product	pom	developer name	Marc Philipp	Low
Product	pom	developer name	Matthias Merdes	Low
Product	pom	developer name	Sam Brannen	Low
Product	pom	developer name	Stefan Bechtold	Low
Product	pom	groupid	org.junit.jupiter	Highest
Product	pom	name	JUnit Jupiter API	High
Product	pom	url	https://junit.org/junit5/	Medium
Version	central	version	5.11.0	Highest
Version	file	version	5.11.0	High
Version	Manifest	Bundle-Version	5.11.0	High
Version	Manifest	Implementation-Version	5.11.0	High
Version	pom	version	5.11.0	Highest

Identifiers

pkg:maven/org.junit.jupiter/junit-jupiter-api@5.11.0 (Confidence:High)
cpe:2.3:a:fan_platform_project:fan_platform:5.11.0:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: junit-jupiter-engine-5.11.0.jar

Description:

Module "junit-jupiter-engine" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/junit-jupiter-engine-5.11.0.jar
MD5: add9626a4cad3ac2246ea6d88f39f719
SHA1: e0ef3a2222e000e0b5ab76fda0d38d011526f54c
SHA256:7012423383d0c79d0347c5cf2bd1996c30a12240fb729e0cdfa954852ec693cc

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	junit-jupiter-engine	Highest
Vendor	central	groupid	org.junit.jupiter	Highest
Vendor	file	name	junit-jupiter-engine	High
Vendor	jar	package name	engine	Highest
Vendor	jar	package name	engine	Low
Vendor	jar	package name	junit	Highest
Vendor	jar	package name	junit	Low
Vendor	jar	package name	jupiter	Highest
Vendor	jar	package name	jupiter	Low
Vendor	Manifest	build-date	2024-08-14	Low
Vendor	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Vendor	Manifest	build-time	11:20:33.375+0200	Low
Vendor	Manifest	bundle-symbolicname	junit-jupiter-engine	Medium
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	provide-capability	org.junit.platform.engine;org.junit.platform.engine=junit-jupiter;version:Version="5.11.0"	Low
Vendor	Manifest	require-capability	org.junit.platform.launcher;filter:="(&(org.junit.platform.launcher=junit-platform-launcher)(version>=1.11.0)(!(version>=2)))";effective:=active,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	pom	artifactid	junit-jupiter-engine	Low
Vendor	pom	developer email	business@johanneslink.net	Low
Vendor	pom	developer email	derancourt.juliette@gmail.com	Low
Vendor	pom	developer email	mail@marcphilipp.de	Low
Vendor	pom	developer email	matthias.merdes@heidelpay.com	Low
Vendor	pom	developer email	sam@sambrannen.com	Low
Vendor	pom	developer email	sormuras@gmail.com	Low
Vendor	pom	developer email	stefan.bechtold@me.com	Low
Vendor	pom	developer id	bechte	Medium
Vendor	pom	developer id	jlink	Medium
Vendor	pom	developer id	juliette-derancourt	Medium
Vendor	pom	developer id	marcphilipp	Medium
Vendor	pom	developer id	mmerdes	Medium
Vendor	pom	developer id	sbrannen	Medium
Vendor	pom	developer id	sormuras	Medium
Vendor	pom	developer name	Christian Stein	Medium
Vendor	pom	developer name	Johannes Link	Medium
Vendor	pom	developer name	Juliette de Rancourt	Medium
Vendor	pom	developer name	Marc Philipp	Medium
Vendor	pom	developer name	Matthias Merdes	Medium
Vendor	pom	developer name	Sam Brannen	Medium
Vendor	pom	developer name	Stefan Bechtold	Medium
Vendor	pom	groupid	org.junit.jupiter	Highest
Vendor	pom	name	JUnit Jupiter Engine	High
Vendor	pom	url	https://junit.org/junit5/	Highest
Product	central	artifactid	junit-jupiter-engine	Highest
Product	file	name	junit-jupiter-engine	High
Product	jar	package name	engine	Highest
Product	jar	package name	engine	Low
Product	jar	package name	junit	Highest
Product	jar	package name	jupiter	Highest
Product	jar	package name	jupiter	Low
Product	Manifest	build-date	2024-08-14	Low
Product	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Product	Manifest	build-time	11:20:33.375+0200	Low
Product	Manifest	Bundle-Name	JUnit Jupiter Engine	Medium
Product	Manifest	bundle-symbolicname	junit-jupiter-engine	Medium
Product	Manifest	Implementation-Title	junit-jupiter-engine	High
Product	Manifest	provide-capability	org.junit.platform.engine;org.junit.platform.engine=junit-jupiter;version:Version="5.11.0"	Low
Product	Manifest	require-capability	org.junit.platform.launcher;filter:="(&(org.junit.platform.launcher=junit-platform-launcher)(version>=1.11.0)(!(version>=2)))";effective:=active,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	junit-jupiter-engine	Medium
Product	pom	artifactid	junit-jupiter-engine	Highest
Product	pom	developer email	business@johanneslink.net	Low
Product	pom	developer email	derancourt.juliette@gmail.com	Low
Product	pom	developer email	mail@marcphilipp.de	Low
Product	pom	developer email	matthias.merdes@heidelpay.com	Low
Product	pom	developer email	sam@sambrannen.com	Low
Product	pom	developer email	sormuras@gmail.com	Low
Product	pom	developer email	stefan.bechtold@me.com	Low
Product	pom	developer id	bechte	Low
Product	pom	developer id	jlink	Low
Product	pom	developer id	juliette-derancourt	Low
Product	pom	developer id	marcphilipp	Low
Product	pom	developer id	mmerdes	Low
Product	pom	developer id	sbrannen	Low
Product	pom	developer id	sormuras	Low
Product	pom	developer name	Christian Stein	Low
Product	pom	developer name	Johannes Link	Low
Product	pom	developer name	Juliette de Rancourt	Low
Product	pom	developer name	Marc Philipp	Low
Product	pom	developer name	Matthias Merdes	Low
Product	pom	developer name	Sam Brannen	Low
Product	pom	developer name	Stefan Bechtold	Low
Product	pom	groupid	org.junit.jupiter	Highest
Product	pom	name	JUnit Jupiter Engine	High
Product	pom	url	https://junit.org/junit5/	Medium
Version	central	version	5.11.0	Highest
Version	file	version	5.11.0	High
Version	Manifest	Bundle-Version	5.11.0	High
Version	Manifest	Implementation-Version	5.11.0	High
Version	pom	version	5.11.0	Highest

Identifiers

pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.11.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: junit-jupiter-params-5.11.0.jar

Description:

Module "junit-jupiter-params" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/junit-jupiter-params-5.11.0.jar
MD5: 67d4c7e013c0a8d8c86818f468c548a2
SHA1: 97068da5f462c9a9212516ab58aee632a93c349f
SHA256:92ccae2d72e8cc7ac4d3a912fd1a8fecc5e3040a62ac6c667a07a6f55b8023eb

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	junit-jupiter-params	Highest
Vendor	central	groupid	org.junit.jupiter	Highest
Vendor	file	name	junit-jupiter-params	High
Vendor	jar	package name	junit	Highest
Vendor	jar	package name	junit	Low
Vendor	jar	package name	jupiter	Highest
Vendor	jar	package name	jupiter	Low
Vendor	jar	package name	params	Highest
Vendor	jar	package name	params	Low
Vendor	Manifest	build-date	2024-08-14	Low
Vendor	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Vendor	Manifest	build-time	11:20:33.375+0200	Low
Vendor	Manifest	bundle-symbolicname	junit-jupiter-params	Medium
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	pom	artifactid	junit-jupiter-params	Low
Vendor	pom	developer email	business@johanneslink.net	Low
Vendor	pom	developer email	derancourt.juliette@gmail.com	Low
Vendor	pom	developer email	mail@marcphilipp.de	Low
Vendor	pom	developer email	matthias.merdes@heidelpay.com	Low
Vendor	pom	developer email	sam@sambrannen.com	Low
Vendor	pom	developer email	sormuras@gmail.com	Low
Vendor	pom	developer email	stefan.bechtold@me.com	Low
Vendor	pom	developer id	bechte	Medium
Vendor	pom	developer id	jlink	Medium
Vendor	pom	developer id	juliette-derancourt	Medium
Vendor	pom	developer id	marcphilipp	Medium
Vendor	pom	developer id	mmerdes	Medium
Vendor	pom	developer id	sbrannen	Medium
Vendor	pom	developer id	sormuras	Medium
Vendor	pom	developer name	Christian Stein	Medium
Vendor	pom	developer name	Johannes Link	Medium
Vendor	pom	developer name	Juliette de Rancourt	Medium
Vendor	pom	developer name	Marc Philipp	Medium
Vendor	pom	developer name	Matthias Merdes	Medium
Vendor	pom	developer name	Sam Brannen	Medium
Vendor	pom	developer name	Stefan Bechtold	Medium
Vendor	pom	groupid	org.junit.jupiter	Highest
Vendor	pom	name	JUnit Jupiter Params	High
Vendor	pom	url	https://junit.org/junit5/	Highest
Product	central	artifactid	junit-jupiter-params	Highest
Product	file	name	junit-jupiter-params	High
Product	jar	package name	junit	Highest
Product	jar	package name	jupiter	Highest
Product	jar	package name	jupiter	Low
Product	jar	package name	params	Highest
Product	jar	package name	params	Low
Product	jar	package name	shadow	Low
Product	Manifest	build-date	2024-08-14	Low
Product	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Product	Manifest	build-time	11:20:33.375+0200	Low
Product	Manifest	Bundle-Name	JUnit Jupiter Params	Medium
Product	Manifest	bundle-symbolicname	junit-jupiter-params	Medium
Product	Manifest	Implementation-Title	junit-jupiter-params	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	junit-jupiter-params	Medium
Product	pom	artifactid	junit-jupiter-params	Highest
Product	pom	developer email	business@johanneslink.net	Low
Product	pom	developer email	derancourt.juliette@gmail.com	Low
Product	pom	developer email	mail@marcphilipp.de	Low
Product	pom	developer email	matthias.merdes@heidelpay.com	Low
Product	pom	developer email	sam@sambrannen.com	Low
Product	pom	developer email	sormuras@gmail.com	Low
Product	pom	developer email	stefan.bechtold@me.com	Low
Product	pom	developer id	bechte	Low
Product	pom	developer id	jlink	Low
Product	pom	developer id	juliette-derancourt	Low
Product	pom	developer id	marcphilipp	Low
Product	pom	developer id	mmerdes	Low
Product	pom	developer id	sbrannen	Low
Product	pom	developer id	sormuras	Low
Product	pom	developer name	Christian Stein	Low
Product	pom	developer name	Johannes Link	Low
Product	pom	developer name	Juliette de Rancourt	Low
Product	pom	developer name	Marc Philipp	Low
Product	pom	developer name	Matthias Merdes	Low
Product	pom	developer name	Sam Brannen	Low
Product	pom	developer name	Stefan Bechtold	Low
Product	pom	groupid	org.junit.jupiter	Highest
Product	pom	name	JUnit Jupiter Params	High
Product	pom	url	https://junit.org/junit5/	Medium
Version	central	version	5.11.0	Highest
Version	file	version	5.11.0	High
Version	Manifest	Bundle-Version	5.11.0	High
Version	Manifest	Implementation-Version	5.11.0	High
Version	pom	version	5.11.0	Highest

Identifiers

pkg:maven/org.junit.jupiter/junit-jupiter-params@5.11.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: junit-platform-engine-1.11.0.jar

Description:

Module "junit-platform-engine" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/junit-platform-engine-1.11.0.jar
MD5: 652737294f52a90d1b0048cd7b3ca081
SHA1: b981f322be92fe343d4a79f28208bb4475806019
SHA256:a7e67279c651c516949512b506916475a6d9e284cd4f4c30d029b4ad73a944d8

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	junit-platform-engine	Highest
Vendor	central	groupid	org.junit.platform	Highest
Vendor	file	name	junit-platform-engine	High
Vendor	jar	package name	engine	Highest
Vendor	jar	package name	engine	Low
Vendor	jar	package name	junit	Highest
Vendor	jar	package name	junit	Low
Vendor	jar	package name	platform	Highest
Vendor	jar	package name	platform	Low
Vendor	Manifest	build-date	2024-08-14	Low
Vendor	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Vendor	Manifest	build-time	11:20:33.375+0200	Low
Vendor	Manifest	bundle-symbolicname	junit-platform-engine	Medium
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	pom	artifactid	junit-platform-engine	Low
Vendor	pom	developer email	business@johanneslink.net	Low
Vendor	pom	developer email	derancourt.juliette@gmail.com	Low
Vendor	pom	developer email	mail@marcphilipp.de	Low
Vendor	pom	developer email	matthias.merdes@heidelpay.com	Low
Vendor	pom	developer email	sam@sambrannen.com	Low
Vendor	pom	developer email	sormuras@gmail.com	Low
Vendor	pom	developer email	stefan.bechtold@me.com	Low
Vendor	pom	developer id	bechte	Medium
Vendor	pom	developer id	jlink	Medium
Vendor	pom	developer id	juliette-derancourt	Medium
Vendor	pom	developer id	marcphilipp	Medium
Vendor	pom	developer id	mmerdes	Medium
Vendor	pom	developer id	sbrannen	Medium
Vendor	pom	developer id	sormuras	Medium
Vendor	pom	developer name	Christian Stein	Medium
Vendor	pom	developer name	Johannes Link	Medium
Vendor	pom	developer name	Juliette de Rancourt	Medium
Vendor	pom	developer name	Marc Philipp	Medium
Vendor	pom	developer name	Matthias Merdes	Medium
Vendor	pom	developer name	Sam Brannen	Medium
Vendor	pom	developer name	Stefan Bechtold	Medium
Vendor	pom	groupid	org.junit.platform	Highest
Vendor	pom	name	JUnit Platform Engine API	High
Vendor	pom	url	https://junit.org/junit5/	Highest
Product	central	artifactid	junit-platform-engine	Highest
Product	file	name	junit-platform-engine	High
Product	jar	package name	engine	Highest
Product	jar	package name	engine	Low
Product	jar	package name	filter	Highest
Product	jar	package name	junit	Highest
Product	jar	package name	platform	Highest
Product	jar	package name	platform	Low
Product	jar	package name	support	Low
Product	Manifest	build-date	2024-08-14	Low
Product	Manifest	build-revision	6b8e42b7a7d1606962341a61941c60b045646278	Low
Product	Manifest	build-time	11:20:33.375+0200	Low
Product	Manifest	Bundle-Name	JUnit Platform Engine API	Medium
Product	Manifest	bundle-symbolicname	junit-platform-engine	Medium
Product	Manifest	Implementation-Title	junit-platform-engine	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	junit-platform-engine	Medium
Product	pom	artifactid	junit-platform-engine	Highest
Product	pom	developer email	business@johanneslink.net	Low
Product	pom	developer email	derancourt.juliette@gmail.com	Low
Product	pom	developer email	mail@marcphilipp.de	Low
Product	pom	developer email	matthias.merdes@heidelpay.com	Low
Product	pom	developer email	sam@sambrannen.com	Low
Product	pom	developer email	sormuras@gmail.com	Low
Product	pom	developer email	stefan.bechtold@me.com	Low
Product	pom	developer id	bechte	Low
Product	pom	developer id	jlink	Low
Product	pom	developer id	juliette-derancourt	Low
Product	pom	developer id	marcphilipp	Low
Product	pom	developer id	mmerdes	Low
Product	pom	developer id	sbrannen	Low
Product	pom	developer id	sormuras	Low
Product	pom	developer name	Christian Stein	Low
Product	pom	developer name	Johannes Link	Low
Product	pom	developer name	Juliette de Rancourt	Low
Product	pom	developer name	Marc Philipp	Low
Product	pom	developer name	Matthias Merdes	Low
Product	pom	developer name	Sam Brannen	Low
Product	pom	developer name	Stefan Bechtold	Low
Product	pom	groupid	org.junit.platform	Highest
Product	pom	name	JUnit Platform Engine API	High
Product	pom	url	https://junit.org/junit5/	Medium
Version	central	version	1.11.0	Highest
Version	file	version	1.11.0	High
Version	Manifest	Bundle-Version	1.11.0	High
Version	Manifest	Implementation-Version	1.11.0	High
Version	pom	version	1.11.0	Highest

Related Dependencies

Identifiers

pkg:maven/org.junit.platform/junit-platform-engine@1.11.0 (Confidence:High)
cpe:2.3:a:fan_platform_project:fan_platform:1.11.0:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: log4j-api-2.17.2.jar

Description:

The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/log4j-api-2.17.2.jar
MD5: 0c39d90e7819c92c111e447bdf786a90
SHA1: f42d6afa111b4dec5d2aea0fe2197240749a4ea6
SHA256:09351b5a03828f369cdcff76f4ed39e6a6fc20f24f046935d0b28ef5152f8ce4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	log4j-api	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	log4j	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	org	Highest
Vendor	Manifest	bundle-docurl	https://www.apache.org/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.logging.log4j.api	Medium
Vendor	Manifest	implementation-url	https://logging.apache.org/log4j/2.x/log4j-api/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache.logging.log4j	Medium
Vendor	Manifest	log4jreleasekey	B3D8E1BA	Low
Vendor	Manifest	log4jreleasemanager	Ralph Goers	Low
Vendor	Manifest	log4jsigningusername	rgoers@apache.org	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	log4j-api	Low
Vendor	pom	groupid	org.apache.logging.log4j	Highest
Vendor	pom	name	Apache Log4j API	High
Vendor	pom	parent-artifactid	log4j	Low
Product	file	name	log4j-api	High
Product	jar	package name	apache	Highest
Product	jar	package name	log4j	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	org	Highest
Product	Manifest	bundle-docurl	https://www.apache.org/	Low
Product	Manifest	Bundle-Name	Apache Log4j API	Medium
Product	Manifest	bundle-symbolicname	org.apache.logging.log4j.api	Medium
Product	Manifest	Implementation-Title	Apache Log4j API	High
Product	Manifest	implementation-url	https://logging.apache.org/log4j/2.x/log4j-api/	Low
Product	Manifest	log4jreleasekey	B3D8E1BA	Low
Product	Manifest	log4jreleasemanager	Ralph Goers	Low
Product	Manifest	log4jsigningusername	rgoers@apache.org	Medium
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Log4j API	Medium
Product	pom	artifactid	log4j-api	Highest
Product	pom	groupid	org.apache.logging.log4j	Highest
Product	pom	name	Apache Log4j API	High
Product	pom	parent-artifactid	log4j	Medium
Version	file	version	2.17.2	High
Version	Manifest	Bundle-Version	2.17.2	High
Version	Manifest	Implementation-Version	2.17.2	High
Version	Manifest	log4jreleaseversion	2.17.2	Medium
Version	pom	version	2.17.2	Highest

Identifiers

pkg:maven/org.apache.logging.log4j/log4j-api@2.17.2 (Confidence:High)
cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: log4j-to-slf4j-2.17.2.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/log4j-to-slf4j-2.17.2.jar
MD5: 14b27a4266c6d71c949cb4591ee463cc
SHA1: 17dd0fae2747d9a28c67bc9534108823d2376b46
SHA256:9bcfa5273527b950d79739d11e8f8080cfc881908fa2a946b4e891c0293094de

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	log4j-to-slf4j	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	automatic-module-name	org.apache.logging.slf4j	Medium
Vendor	Manifest	bundle-docurl	https://www.apache.org/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.logging.log4j.to-slf4j	Medium
Vendor	Manifest	implementation-url	https://logging.apache.org/log4j/2.x/log4j-to-slf4j/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache.logging.log4j	Medium
Vendor	Manifest	log4jreleasekey	B3D8E1BA	Low
Vendor	Manifest	log4jreleasemanager	Ralph Goers	Low
Vendor	Manifest	log4jsigningusername	rgoers@apache.org	Medium
Vendor	Manifest	provide-capability	osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider"	Low
Vendor	Manifest	require-capability	osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	log4j-to-slf4j	Low
Vendor	pom	groupid	org.apache.logging.log4j	Highest
Vendor	pom	name	Apache Log4j to SLF4J Adapter	High
Vendor	pom	parent-artifactid	log4j	Low
Product	file	name	log4j-to-slf4j	High
Product	jar	package name	apache	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	slf4j	Highest
Product	Manifest	automatic-module-name	org.apache.logging.slf4j	Medium
Product	Manifest	bundle-docurl	https://www.apache.org/	Low
Product	Manifest	Bundle-Name	Apache Log4j to SLF4J Adapter	Medium
Product	Manifest	bundle-symbolicname	org.apache.logging.log4j.to-slf4j	Medium
Product	Manifest	Implementation-Title	Apache Log4j to SLF4J Adapter	High
Product	Manifest	implementation-url	https://logging.apache.org/log4j/2.x/log4j-to-slf4j/	Low
Product	Manifest	log4jreleasekey	B3D8E1BA	Low
Product	Manifest	log4jreleasemanager	Ralph Goers	Low
Product	Manifest	log4jsigningusername	rgoers@apache.org	Medium
Product	Manifest	provide-capability	osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider"	Low
Product	Manifest	require-capability	osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Log4j to SLF4J Adapter	Medium
Product	pom	artifactid	log4j-to-slf4j	Highest
Product	pom	groupid	org.apache.logging.log4j	Highest
Product	pom	name	Apache Log4j to SLF4J Adapter	High
Product	pom	parent-artifactid	log4j	Medium
Version	file	version	2.17.2	High
Version	Manifest	Bundle-Version	2.17.2	High
Version	Manifest	Implementation-Version	2.17.2	High
Version	Manifest	log4jreleaseversion	2.17.2	Medium
Version	pom	version	2.17.2	Highest

Identifiers

pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: logback-classic-1.2.12.jar

Description:

logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/logback-classic-1.2.12.jar
MD5: a7ebf115c247690da5e5e64849da6f5f
SHA1: d4dee19148dccb177a0736eb2027bd195341da78
SHA256:f65352bf627177e414c956a977a5851e7125e9f3a2e1a7847b2fa78182dc49fe

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	logback-classic	High
Vendor	jar	package name	ch	Highest
Vendor	jar	package name	classic	Highest
Vendor	jar	package name	logback	Highest
Vendor	jar	package name	qos	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	http://www.qos.ch	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Vendor	Manifest	bundle-symbolicname	ch.qos.logback.classic	Medium
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.4	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	artifactid	logback-classic	Low
Vendor	pom	groupid	ch.qos.logback	Highest
Vendor	pom	name	Logback Classic Module	High
Vendor	pom	parent-artifactid	logback-parent	Low
Product	file	name	logback-classic	High
Product	jar	package name	ch	Highest
Product	jar	package name	classic	Highest
Product	jar	package name	logback	Highest
Product	jar	package name	qos	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	http://www.qos.ch	Low
Product	Manifest	Bundle-Name	Logback Classic Module	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Product	Manifest	bundle-symbolicname	ch.qos.logback.classic	Medium
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.4	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	artifactid	logback-classic	Highest
Product	pom	groupid	ch.qos.logback	Highest
Product	pom	name	Logback Classic Module	High
Product	pom	parent-artifactid	logback-parent	Medium
Version	file	version	1.2.12	High
Version	Manifest	Bundle-Version	1.2.12	High
Version	pom	version	1.2.12	Highest

Identifiers

pkg:maven/ch.qos.logback/logback-classic@1.2.12 (Confidence:High)
cpe:2.3:a:qos:logback:1.2.12:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2023-6378

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.

CWE-502 Deserialization of Untrusted Data

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

- https://logback.qos.ch/news.html#1.3.12
- https://security.netapp.com/advisory/ntap-20241129-0012/
OSSINDEX - [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data
OSSINDEX - [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6378
OSSIndex - https://github.com/advisories/GHSA-vmq6-5m68-f53m
OSSIndex - https://logback.qos.ch/news.html#1.3.12

Vulnerable Software & Versions: (show all)

CVE-2023-6481

A serialization vulnerability in logback receiver component part of 
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.

NVD-CWE-noinfo

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

ffl-admindentaire-packaging-1.0.4.jar: logback-core-1.2.12.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/logback-core-1.2.12.jar
MD5: 879d60b3fa9c6617cee4e20f12f6a16e
SHA1: 1d8e51a698b138065d73baefb4f94531faa323cb
SHA256:0cba0755fbdc1793f60dc9d1ef22337737899f4f28b485c42bcadacb73664b34

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	logback-core	High
Vendor	jar	package name	ch	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	logback	Highest
Vendor	jar	package name	qos	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	http://www.qos.ch	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Vendor	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.4	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	artifactid	logback-core	Low
Vendor	pom	groupid	ch.qos.logback	Highest
Vendor	pom	name	Logback Core Module	High
Vendor	pom	parent-artifactid	logback-parent	Low
Product	file	name	logback-core	High
Product	jar	package name	ch	Highest
Product	jar	package name	core	Highest
Product	jar	package name	logback	Highest
Product	jar	package name	qos	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	http://www.qos.ch	Low
Product	Manifest	Bundle-Name	Logback Core Module	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Product	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.4	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	artifactid	logback-core	Highest
Product	pom	groupid	ch.qos.logback	Highest
Product	pom	name	Logback Core Module	High
Product	pom	parent-artifactid	logback-parent	Medium
Version	file	version	1.2.12	High
Version	Manifest	Bundle-Version	1.2.12	High
Version	pom	version	1.2.12	Highest

Identifiers

pkg:maven/ch.qos.logback/logback-core@1.2.12 (Confidence:High)
cpe:2.3:a:qos:logback:1.2.12:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2023-6378

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.

CWE-502 Deserialization of Untrusted Data

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

- https://logback.qos.ch/news.html#1.3.12
- https://security.netapp.com/advisory/ntap-20241129-0012/
OSSINDEX - [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data
OSSINDEX - [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6378
OSSIndex - https://github.com/advisories/GHSA-vmq6-5m68-f53m
OSSIndex - https://logback.qos.ch/news.html#1.3.12

Vulnerable Software & Versions: (show all)

CVE-2023-6481

A serialization vulnerability in logback receiver component part of 
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.

NVD-CWE-noinfo

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2024-12798 (OSSINDEX)

ACE vulnerability in JaninoEventEvaluator  by QOS.CH logback-core
      upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows
      attacker to execute arbitrary code by compromising an existing
      logback configuration file or by injecting an environment variable
      before program execution.





Malicious logback configuration files can allow the attacker to execute 
arbitrary code using the JaninoEventEvaluator extension.



A successful attack requires the user to have write access to a 
configuration file. Alternatively, the attacker could inject a malicious 
environment variable pointing to a malicious configuration file. In both 
cases, the attack requires existing privilege.

CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv2:

Base Score: MEDIUM (5.9)
Vector: /AV:L/AC:L/Au:/C:/I:/A:

References:

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:ch.qos.logback:logback-core:1.2.12:*:*:*:*:*:*:*

CVE-2024-12801 (OSSINDEX)

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to 
forge requests by compromising logback configuration files in XML.



The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-12801 for details

CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:

Base Score: LOW (2.4)
Vector: /AV:L/AC:L/Au:/C:/I:/A:

References:

OSSINDEX - [CVE-2024-12801] CWE-918: Server-Side Request Forgery (SSRF)
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-12801
OSSIndex - https://github.com/advisories/GHSA-6v67-2wr5-gvf4

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:ch.qos.logback:logback-core:1.2.12:*:*:*:*:*:*:*

ffl-admindentaire-packaging-1.0.4.jar: mapstruct-1.5.5.Final.jar

Description:

An annotation processor for generating type-safe bean mappers

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/mapstruct-1.5.5.Final.jar
MD5: 9f2f737ffa2496ca5c40dcc323068803
SHA1: 2ca3cbe39b6e9ea8d5ea521965a89bef2a1e8eeb
SHA256:6391e07982855dd804d825b63a55ab9251003716547216e5f581123c841328d5

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	mapstruct	High
Vendor	jar	package name	mapstruct	Highest
Vendor	Manifest	automatic-module-name	org.mapstruct	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-symbolicname	org.mapstruct	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	mapstruct	Low
Vendor	pom	groupid	org.mapstruct	Highest
Vendor	pom	name	MapStruct Core	High
Vendor	pom	parent-artifactid	mapstruct-parent	Low
Product	file	name	mapstruct	High
Product	jar	package name	mappers	Highest
Product	jar	package name	mapstruct	Highest
Product	Manifest	automatic-module-name	org.mapstruct	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Bundle-Name	MapStruct Core	Medium
Product	Manifest	bundle-symbolicname	org.mapstruct	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	mapstruct	Highest
Product	pom	groupid	org.mapstruct	Highest
Product	pom	name	MapStruct Core	High
Product	pom	parent-artifactid	mapstruct-parent	Medium
Version	Manifest	Bundle-Version	1.5.5.Final	High
Version	pom	version	1.5.5.Final	Highest

Identifiers

pkg:maven/org.mapstruct/mapstruct@1.5.5.Final (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: micrometer-core-1.9.17.jar

Description:

Core module of Micrometer containing instrumentation API and implementation

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/micrometer-core-1.9.17.jar
MD5: b5d781580eec5339429b401cf6fb1e38
SHA1: 48bf67c0c7028e5f3124d1f9a31bdcf345596e65
SHA256:c350cfdc76c08356f12a60e840f2dbeaeea7540712d58b54becd6c302a86147a

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	micrometer-core	Highest
Vendor	central	groupid	io.micrometer	Highest
Vendor	file	name	micrometer-core	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	core	Low
Vendor	jar	package name	io	Low
Vendor	jar	package name	micrometer	Highest
Vendor	jar	package name	micrometer	Low
Vendor	Manifest	automatic-module-name	micrometer.core	Medium
Vendor	Manifest	branch	HEAD	Low
Vendor	Manifest	build-date	2023-11-13_08:31:45	Low
Vendor	Manifest	build-date-utc	2023-11-13T08:31:45.802929131Z	Low
Vendor	Manifest	build-host	366693da2289	Low
Vendor	Manifest	build-job	deploy	Low
Vendor	Manifest	build-number	26626	Low
Vendor	Manifest	build-timezone	Etc/UTC	Low
Vendor	Manifest	build-url	https://circleci.com/gh/micrometer-metrics/micrometer/26626	Low
Vendor	Manifest	built-os	Linux	Low
Vendor	Manifest	built-status	release	Low
Vendor	Manifest	change	e487c85	Low
Vendor	Manifest	full-change	e487c85ac8079dffe0666381631a056ed734f3be	Low
Vendor	Manifest	module-email	tludwig@vmware.com	Low
Vendor	Manifest	module-origin	micrometer-metrics/micrometer.git	Low
Vendor	Manifest	module-owner	tludwig@vmware.com	Low
Vendor	Manifest	module-source	/micrometer-core	Low
Vendor	pom	artifactid	micrometer-core	Low
Vendor	pom	developer email	tludwig@vmware.com	Low
Vendor	pom	developer id	shakuzen	Medium
Vendor	pom	developer name	Tommy Ludwig	Medium
Vendor	pom	groupid	io.micrometer	Highest
Vendor	pom	name	micrometer-core	High
Vendor	pom	url	micrometer-metrics/micrometer	Highest
Product	central	artifactid	micrometer-core	Highest
Product	file	name	micrometer-core	High
Product	jar	package name	core	Highest
Product	jar	package name	core	Low
Product	jar	package name	instrument	Low
Product	jar	package name	io	Highest
Product	jar	package name	micrometer	Highest
Product	jar	package name	micrometer	Low
Product	Manifest	automatic-module-name	micrometer.core	Medium
Product	Manifest	branch	HEAD	Low
Product	Manifest	build-date	2023-11-13_08:31:45	Low
Product	Manifest	build-date-utc	2023-11-13T08:31:45.802929131Z	Low
Product	Manifest	build-host	366693da2289	Low
Product	Manifest	build-job	deploy	Low
Product	Manifest	build-number	26626	Low
Product	Manifest	build-timezone	Etc/UTC	Low
Product	Manifest	build-url	https://circleci.com/gh/micrometer-metrics/micrometer/26626	Low
Product	Manifest	built-os	Linux	Low
Product	Manifest	built-status	release	Low
Product	Manifest	change	e487c85	Low
Product	Manifest	full-change	e487c85ac8079dffe0666381631a056ed734f3be	Low
Product	Manifest	Implementation-Title	io.micrometer#micrometer-core;1.9.17	High
Product	Manifest	module-email	tludwig@vmware.com	Low
Product	Manifest	module-origin	micrometer-metrics/micrometer.git	Low
Product	Manifest	module-owner	tludwig@vmware.com	Low
Product	Manifest	module-source	/micrometer-core	Low
Product	pom	artifactid	micrometer-core	Highest
Product	pom	developer email	tludwig@vmware.com	Low
Product	pom	developer id	shakuzen	Low
Product	pom	developer name	Tommy Ludwig	Low
Product	pom	groupid	io.micrometer	Highest
Product	pom	name	micrometer-core	High
Product	pom	url	micrometer-metrics/micrometer	High
Version	central	version	1.9.17	Highest
Version	file	version	1.9.17	High
Version	Manifest	Implementation-Version	1.9.17	High
Version	pom	version	1.9.17	Highest

Identifiers

pkg:maven/io.micrometer/micrometer-core@1.9.17 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: mockito-core-5.2.0.jar

Description:

Mockito mock objects library core API and implementation

License:

The MIT License: https://github.com/mockito/mockito/blob/main/LICENSE

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/mockito-core-5.2.0.jar
MD5: 76fef5799c129e666e3eda4fffbc5726
SHA1: bc22d2ee9596a5fd2d9f9f7c49599f71aac5a88a
SHA256:46e3f8dacd8ec62c8aa6fb11f8867624fb44a03e97fdfc628609346d5dc7e159

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	mockito-core	Highest
Vendor	central	groupid	org.mockito	Highest
Vendor	file	name	mockito-core	High
Vendor	jar	package name	internal	Low
Vendor	jar	package name	mockito	Highest
Vendor	jar	package name	mockito	Low
Vendor	Manifest	automatic-module-name	org.mockito	Medium
Vendor	Manifest	bundle-symbolicname	org.mockito.mockito-core	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))"	Low
Vendor	pom	artifactid	mockito-core	Low
Vendor	pom	developer id	bric3	Medium
Vendor	pom	developer id	mockitoguy	Medium
Vendor	pom	developer id	raphw	Medium
Vendor	pom	developer id	TimvdLippe	Medium
Vendor	pom	developer name	Brice Dutheil	Medium
Vendor	pom	developer name	Rafael Winterhalter	Medium
Vendor	pom	developer name	Szczepan Faber	Medium
Vendor	pom	developer name	Tim van der Lippe	Medium
Vendor	pom	groupid	org.mockito	Highest
Vendor	pom	name	mockito-core	High
Vendor	pom	url	mockito/mockito	Highest
Product	central	artifactid	mockito-core	Highest
Product	file	name	mockito-core	High
Product	jar	package name	and	Highest
Product	jar	package name	internal	Low
Product	jar	package name	mockito	Highest
Product	Manifest	automatic-module-name	org.mockito	Medium
Product	Manifest	Bundle-Name	Mockito Mock Library for Java. Core bundle requires Byte Buddy and Objenesis.	Medium
Product	Manifest	bundle-symbolicname	org.mockito.mockito-core	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))"	Low
Product	pom	artifactid	mockito-core	Highest
Product	pom	developer id	bric3	Low
Product	pom	developer id	mockitoguy	Low
Product	pom	developer id	raphw	Low
Product	pom	developer id	TimvdLippe	Low
Product	pom	developer name	Brice Dutheil	Low
Product	pom	developer name	Rafael Winterhalter	Low
Product	pom	developer name	Szczepan Faber	Low
Product	pom	developer name	Tim van der Lippe	Low
Product	pom	groupid	org.mockito	Highest
Product	pom	name	mockito-core	High
Product	pom	url	mockito/mockito	High
Version	central	version	5.2.0	Highest
Version	file	version	5.2.0	High
Version	Manifest	Bundle-Version	5.2.0	High
Version	pom	version	5.2.0	Highest

Identifiers

pkg:maven/org.mockito/mockito-core@5.2.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: mockito-junit-jupiter-5.2.0.jar

Description:

Mockito JUnit 5 support

License:

The MIT License: https://github.com/mockito/mockito/blob/main/LICENSE

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/mockito-junit-jupiter-5.2.0.jar
MD5: 08d55de3a00728a5ce4e6936cc9c66be
SHA1: f2dfc695d0359565e56ee6f543a10a3dd269df2d
SHA256:c7dd82180320799c167d714499ac64fb5ad4ae8790e1d93da531c82236febe07

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	mockito-junit-jupiter	Highest
Vendor	central	groupid	org.mockito	Highest
Vendor	file	name	mockito-junit-jupiter	High
Vendor	jar	package name	junit	Highest
Vendor	jar	package name	junit	Low
Vendor	jar	package name	jupiter	Highest
Vendor	jar	package name	jupiter	Low
Vendor	jar	package name	mockito	Highest
Vendor	jar	package name	mockito	Low
Vendor	Manifest	automatic-module-name	org.mockito.junit.jupiter	Medium
Vendor	Manifest	bundle-symbolicname	org.mockito.junit-jupiter	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))"	Low
Vendor	pom	artifactid	mockito-junit-jupiter	Low
Vendor	pom	developer id	bric3	Medium
Vendor	pom	developer id	mockitoguy	Medium
Vendor	pom	developer id	raphw	Medium
Vendor	pom	developer id	TimvdLippe	Medium
Vendor	pom	developer name	Brice Dutheil	Medium
Vendor	pom	developer name	Rafael Winterhalter	Medium
Vendor	pom	developer name	Szczepan Faber	Medium
Vendor	pom	developer name	Tim van der Lippe	Medium
Vendor	pom	groupid	org.mockito	Highest
Vendor	pom	name	mockito-junit-jupiter	High
Vendor	pom	url	mockito/mockito	Highest
Product	central	artifactid	mockito-junit-jupiter	Highest
Product	file	name	mockito-junit-jupiter	High
Product	jar	package name	junit	Highest
Product	jar	package name	junit	Low
Product	jar	package name	jupiter	Highest
Product	jar	package name	jupiter	Low
Product	jar	package name	mockito	Highest
Product	Manifest	automatic-module-name	org.mockito.junit.jupiter	Medium
Product	Manifest	Bundle-Name	Mockito Extension Library for JUnit 5.	Medium
Product	Manifest	bundle-symbolicname	org.mockito.junit-jupiter	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))"	Low
Product	pom	artifactid	mockito-junit-jupiter	Highest
Product	pom	developer id	bric3	Low
Product	pom	developer id	mockitoguy	Low
Product	pom	developer id	raphw	Low
Product	pom	developer id	TimvdLippe	Low
Product	pom	developer name	Brice Dutheil	Low
Product	pom	developer name	Rafael Winterhalter	Low
Product	pom	developer name	Szczepan Faber	Low
Product	pom	developer name	Tim van der Lippe	Low
Product	pom	groupid	org.mockito	Highest
Product	pom	name	mockito-junit-jupiter	High
Product	pom	url	mockito/mockito	High
Version	central	version	5.2.0	Highest
Version	file	version	5.2.0	High
Version	Manifest	Bundle-Version	5.2.0	High
Version	pom	version	5.2.0	Highest

Identifiers

pkg:maven/org.mockito/mockito-junit-jupiter@5.2.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: objenesis-3.3.jar

Description:

A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/objenesis-3.3.jar
MD5: ab0e0b2ab81affdd7f38bcc60fd85571
SHA1: 1049c09f1de4331e8193e579448d0916d75b7631
SHA256:02dfd0b0439a5591e35b708ed2f5474eb0948f53abf74637e959b8e4ef69bfeb

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	objenesis	Highest
Vendor	central	groupid	org.objenesis	Highest
Vendor	file	name	objenesis	High
Vendor	jar	package name	instantiator	Low
Vendor	jar	package name	objenesis	Highest
Vendor	jar	package name	objenesis	Low
Vendor	Manifest	automatic-module-name	org.objenesis	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-symbolicname	org.objenesis	Medium
Vendor	Manifest	Implementation-Vendor	Joe Walnes, Henri Tremblay, Leonardo Mesquita	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Joe Walnes, Henri Tremblay, Leonardo Mesquita	Low
Vendor	pom	artifactid	objenesis	Low
Vendor	pom	groupid	org.objenesis	Highest
Vendor	pom	name	Objenesis	High
Vendor	pom	parent-artifactid	objenesis-parent	Low
Product	central	artifactid	objenesis	Highest
Product	file	name	objenesis	High
Product	jar	package name	instantiator	Low
Product	jar	package name	objenesis	Highest
Product	Manifest	automatic-module-name	org.objenesis	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	Objenesis	Medium
Product	Manifest	bundle-symbolicname	org.objenesis	Medium
Product	Manifest	Implementation-Title	Objenesis	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Objenesis	Medium
Product	pom	artifactid	objenesis	Highest
Product	pom	groupid	org.objenesis	Highest
Product	pom	name	Objenesis	High
Product	pom	parent-artifactid	objenesis-parent	Medium
Version	central	version	3.3	Highest
Version	file	version	3.3	High
Version	Manifest	Implementation-Version	3.3	High
Version	pom	version	3.3	Highest

Identifiers

pkg:maven/org.objenesis/objenesis@3.3 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: opentest4j-1.3.0.jar

Description:

Open Test Alliance for the JVM

License:

The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/opentest4j-1.3.0.jar
MD5: 03c404f727531f3fd3b4c73997899327
SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e
SHA256:48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	opentest4j	Highest
Vendor	central	groupid	org.opentest4j	Highest
Vendor	file	name	opentest4j	High
Vendor	jar	package name	opentest4j	Highest
Vendor	jar	package name	opentest4j	Low
Vendor	Manifest	build-date	2023-07-06	Low
Vendor	Manifest	build-revision	214973bfa4e7e9be7d04e623202cc4147c7036d2	Low
Vendor	Manifest	build-time	14:25:06.116+0200	Low
Vendor	Manifest	bundle-symbolicname	org.opentest4j	Medium
Vendor	Manifest	Implementation-Vendor	opentest4j.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	Manifest	specification-vendor	opentest4j.org	Low
Vendor	pom	artifactid	opentest4j	Low
Vendor	pom	developer email	business@johanneslink.net	Low
Vendor	pom	developer email	mail@marcphilipp.de	Low
Vendor	pom	developer email	matthias.merdes@heidelpay.com	Low
Vendor	pom	developer email	sam@sambrannen.com	Low
Vendor	pom	developer email	stefan.bechtold@me.com	Low
Vendor	pom	developer id	bechte	Medium
Vendor	pom	developer id	jlink	Medium
Vendor	pom	developer id	marcphilipp	Medium
Vendor	pom	developer id	mmerdes	Medium
Vendor	pom	developer id	sbrannen	Medium
Vendor	pom	developer name	Johannes Link	Medium
Vendor	pom	developer name	Marc Philipp	Medium
Vendor	pom	developer name	Matthias Merdes	Medium
Vendor	pom	developer name	Sam Brannen	Medium
Vendor	pom	developer name	Stefan Bechtold	Medium
Vendor	pom	groupid	org.opentest4j	Highest
Vendor	pom	name	org.opentest4j:opentest4j	High
Vendor	pom	url	ota4j-team/opentest4j	Highest
Product	central	artifactid	opentest4j	Highest
Product	file	name	opentest4j	High
Product	jar	package name	opentest4j	Highest
Product	Manifest	build-date	2023-07-06	Low
Product	Manifest	build-revision	214973bfa4e7e9be7d04e623202cc4147c7036d2	Low
Product	Manifest	build-time	14:25:06.116+0200	Low
Product	Manifest	Bundle-Name	opentest4j	Medium
Product	Manifest	bundle-symbolicname	org.opentest4j	Medium
Product	Manifest	Implementation-Title	opentest4j	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	specification-title	opentest4j	Medium
Product	pom	artifactid	opentest4j	Highest
Product	pom	developer email	business@johanneslink.net	Low
Product	pom	developer email	mail@marcphilipp.de	Low
Product	pom	developer email	matthias.merdes@heidelpay.com	Low
Product	pom	developer email	sam@sambrannen.com	Low
Product	pom	developer email	stefan.bechtold@me.com	Low
Product	pom	developer id	bechte	Low
Product	pom	developer id	jlink	Low
Product	pom	developer id	marcphilipp	Low
Product	pom	developer id	mmerdes	Low
Product	pom	developer id	sbrannen	Low
Product	pom	developer name	Johannes Link	Low
Product	pom	developer name	Marc Philipp	Low
Product	pom	developer name	Matthias Merdes	Low
Product	pom	developer name	Sam Brannen	Low
Product	pom	developer name	Stefan Bechtold	Low
Product	pom	groupid	org.opentest4j	Highest
Product	pom	name	org.opentest4j:opentest4j	High
Product	pom	url	ota4j-team/opentest4j	High
Version	central	version	1.3.0	Highest
Version	file	version	1.3.0	High
Version	Manifest	Bundle-Version	1.3.0	High
Version	Manifest	Implementation-Version	1.3.0	High
Version	pom	version	1.3.0	Highest

Identifiers

pkg:maven/org.opentest4j/opentest4j@1.3.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: postgresql-42.3.8.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/postgresql-42.3.8.jar
MD5: fff9ad5fd6ce48fb4a3fa8a13899077c
SHA1: d81533a6ff4376590f9ce7ba74b8f3723066f25c
SHA256:b0eb10c469bb409447914fa6ec4076212779c7a7e93844bf3136b8884e2b6989

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	postgresql	Highest
Vendor	central	groupid	org.postgresql	Highest
Vendor	file	name	postgresql	High
Vendor	jar	package name	jdbc	Highest
Vendor	jar	package name	postgresql	Highest
Vendor	jar	package name	postgresql	Low
Vendor	Manifest	automatic-module-name	org.postgresql.jdbc	Medium
Vendor	Manifest	bundle-copyright	Copyright (c) 2003-2020, PostgreSQL Global Development Group	Low
Vendor	Manifest	bundle-docurl	https://jdbc.postgresql.org/	Low
Vendor	Manifest	bundle-symbolicname	org.postgresql.jdbc	Medium
Vendor	Manifest	Implementation-Vendor	PostgreSQL Global Development Group	High
Vendor	Manifest	Implementation-Vendor-Id	org.postgresql	Medium
Vendor	Manifest	provide-capability	osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver"	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(\|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))"	Low
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	artifactid	postgresql	Low
Vendor	pom	developer id	bokken	Medium
Vendor	pom	developer id	davecramer	Medium
Vendor	pom	developer id	jurka	Medium
Vendor	pom	developer id	oliver	Medium
Vendor	pom	developer id	ringerc	Medium
Vendor	pom	developer id	vlsi	Medium
Vendor	pom	developer name	Brett Okken	Medium
Vendor	pom	developer name	Craig Ringer	Medium
Vendor	pom	developer name	Dave Cramer	Medium
Vendor	pom	developer name	Kris Jurka	Medium
Vendor	pom	developer name	Oliver Jowett	Medium
Vendor	pom	developer name	Vladimir Sitnikov	Medium
Vendor	pom	groupid	org.postgresql	Highest
Vendor	pom	name	PostgreSQL JDBC Driver	High
Vendor	pom	organization name	PostgreSQL Global Development Group	High
Vendor	pom	organization url	https://jdbc.postgresql.org/	Medium
Vendor	pom	url	https://jdbc.postgresql.org	Highest
Product	central	artifactid	postgresql	Highest
Product	file	name	postgresql	High
Product	hint analyzer	product	pgjdbc	Highest
Product	hint analyzer	product	postgresql_jdbc_driver	Highest
Product	jar	package name	driver	Highest
Product	jar	package name	jdbc	Highest
Product	jar	package name	osgi	Highest
Product	jar	package name	postgresql	Highest
Product	jar	package name	version	Highest
Product	Manifest	automatic-module-name	org.postgresql.jdbc	Medium
Product	Manifest	bundle-copyright	Copyright (c) 2003-2020, PostgreSQL Global Development Group	Low
Product	Manifest	bundle-docurl	https://jdbc.postgresql.org/	Low
Product	Manifest	Bundle-Name	PostgreSQL JDBC Driver	Medium
Product	Manifest	bundle-symbolicname	org.postgresql.jdbc	Medium
Product	Manifest	Implementation-Title	PostgreSQL JDBC Driver	High
Product	Manifest	provide-capability	osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver"	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(\|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))"	Low
Product	Manifest	specification-title	JDBC	Medium
Product	pom	artifactid	postgresql	Highest
Product	pom	developer id	bokken	Low
Product	pom	developer id	davecramer	Low
Product	pom	developer id	jurka	Low
Product	pom	developer id	oliver	Low
Product	pom	developer id	ringerc	Low
Product	pom	developer id	vlsi	Low
Product	pom	developer name	Brett Okken	Low
Product	pom	developer name	Craig Ringer	Low
Product	pom	developer name	Dave Cramer	Low
Product	pom	developer name	Kris Jurka	Low
Product	pom	developer name	Oliver Jowett	Low
Product	pom	developer name	Vladimir Sitnikov	Low
Product	pom	groupid	org.postgresql	Highest
Product	pom	name	PostgreSQL JDBC Driver	High
Product	pom	organization name	PostgreSQL Global Development Group	Low
Product	pom	organization url	https://jdbc.postgresql.org/	Low
Product	pom	url	https://jdbc.postgresql.org	Medium
Version	central	version	42.3.8	Highest
Version	file	version	42.3.8	High
Version	Manifest	Bundle-Version	42.3.8	High
Version	Manifest	Implementation-Version	42.3.8	High
Version	pom	version	42.3.8	Highest

Identifiers

pkg:maven/org.postgresql/postgresql@42.3.8 (Confidence:High)
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.3.8:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

ffl-admindentaire-packaging-1.0.4.jar: powermock-api-mockito2-2.0.9.jar

Description:

PowerMock API for Mockito 2.+..

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/powermock-api-mockito2-2.0.9.jar
MD5: 82b1083d26ee79dfabc2933f65a38457
SHA1: 7e16a11ab06b718121a7537476c55b3c9551ae03
SHA256:fe3b61dff44163724c6046605919a0ccb5f24bf0e14f2f3b8a44894ef04fbf2c

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	powermock-api-mockito2	Highest
Vendor	central	groupid	org.powermock	Highest
Vendor	file	name	powermock-api-mockito2	High
Vendor	jar	package name	api	Low
Vendor	jar	package name	mockito	Low
Vendor	jar	package name	powermock	Low
Vendor	pom	artifactid	powermock-api-mockito2	Low
Vendor	pom	developer email	arthur.zagretdinov at outlook.com	Low
Vendor	pom	developer email	jan.kronquist at jayway.com	Low
Vendor	pom	developer email	johan.haleby at jayway.com	Low
Vendor	pom	developer id	jakr	Medium
Vendor	pom	developer id	johanhaleby	Medium
Vendor	pom	developer id	thekingnothing	Medium
Vendor	pom	developer name	Arthur Zagretdinov	Medium
Vendor	pom	developer name	Jan Kronquist	Medium
Vendor	pom	developer name	Johan Haleby	Medium
Vendor	pom	groupid	org.powermock	Highest
Vendor	pom	name	PowerMock	High
Vendor	pom	url	http://www.powermock.org	Highest
Product	central	artifactid	powermock-api-mockito2	Highest
Product	file	name	powermock-api-mockito2	High
Product	jar	package name	api	Highest
Product	jar	package name	api	Low
Product	jar	package name	internal	Low
Product	jar	package name	mockito	Low
Product	jar	package name	powermock	Highest
Product	Manifest	Implementation-Title	powermock-api-mockito2	High
Product	pom	artifactid	powermock-api-mockito2	Highest
Product	pom	developer email	arthur.zagretdinov at outlook.com	Low
Product	pom	developer email	jan.kronquist at jayway.com	Low
Product	pom	developer email	johan.haleby at jayway.com	Low
Product	pom	developer id	jakr	Low
Product	pom	developer id	johanhaleby	Low
Product	pom	developer id	thekingnothing	Low
Product	pom	developer name	Arthur Zagretdinov	Low
Product	pom	developer name	Jan Kronquist	Low
Product	pom	developer name	Johan Haleby	Low
Product	pom	groupid	org.powermock	Highest
Product	pom	name	PowerMock	High
Product	pom	url	http://www.powermock.org	Medium
Version	central	version	2.0.9	Highest
Version	file	version	2.0.9	High
Version	Manifest	Implementation-Version	2.0.9	High
Version	pom	version	2.0.9	Highest

Identifiers

pkg:maven/org.powermock/powermock-api-mockito2@2.0.9 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: powermock-api-support-2.0.9.jar

Description:

PowerMock API Utility classes.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/powermock-api-support-2.0.9.jar
MD5: b41fb36d18e97cea765ca7d4bf4e1f23
SHA1: 65deba8a4207715b7d8fa6c1b8d8cac06e6ecb00
SHA256:49e4cb9045aabf9bb280fd21b134008006280fe394ef428e468e5de5a1eceee2

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	powermock-api-support	Highest
Vendor	central	groupid	org.powermock	Highest
Vendor	file	name	powermock-api-support	High
Vendor	jar	package name	api	Low
Vendor	jar	package name	powermock	Low
Vendor	jar	package name	support	Low
Vendor	pom	artifactid	powermock-api-support	Low
Vendor	pom	developer email	arthur.zagretdinov at outlook.com	Low
Vendor	pom	developer email	jan.kronquist at jayway.com	Low
Vendor	pom	developer email	johan.haleby at jayway.com	Low
Vendor	pom	developer id	jakr	Medium
Vendor	pom	developer id	johanhaleby	Medium
Vendor	pom	developer id	thekingnothing	Medium
Vendor	pom	developer name	Arthur Zagretdinov	Medium
Vendor	pom	developer name	Jan Kronquist	Medium
Vendor	pom	developer name	Johan Haleby	Medium
Vendor	pom	groupid	org.powermock	Highest
Vendor	pom	name	PowerMock	High
Vendor	pom	url	http://www.powermock.org	Highest
Product	central	artifactid	powermock-api-support	Highest
Product	file	name	powermock-api-support	High
Product	jar	package name	api	Highest
Product	jar	package name	api	Low
Product	jar	package name	membermodification	Low
Product	jar	package name	powermock	Highest
Product	jar	package name	support	Highest
Product	jar	package name	support	Low
Product	Manifest	Implementation-Title	powermock-api-support	High
Product	pom	artifactid	powermock-api-support	Highest
Product	pom	developer email	arthur.zagretdinov at outlook.com	Low
Product	pom	developer email	jan.kronquist at jayway.com	Low
Product	pom	developer email	johan.haleby at jayway.com	Low
Product	pom	developer id	jakr	Low
Product	pom	developer id	johanhaleby	Low
Product	pom	developer id	thekingnothing	Low
Product	pom	developer name	Arthur Zagretdinov	Low
Product	pom	developer name	Jan Kronquist	Low
Product	pom	developer name	Johan Haleby	Low
Product	pom	groupid	org.powermock	Highest
Product	pom	name	PowerMock	High
Product	pom	url	http://www.powermock.org	Medium
Version	central	version	2.0.9	Highest
Version	file	version	2.0.9	High
Version	Manifest	Implementation-Version	2.0.9	High
Version	pom	version	2.0.9	Highest

Identifiers

pkg:maven/org.powermock/powermock-api-support@2.0.9 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: powermock-core-2.0.9.jar

Description:

Various utilities for accessing internals of a class.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/powermock-core-2.0.9.jar
MD5: e3599c532ef3b70a3228197b43b2f8db
SHA1: 50e5d2652fd311ee9c33919dfadd44504a582210
SHA256:e5183d1e197bcd67e8f86eeb5acc4cc4b4a7aa993e9daa249f8d8d6973f06c49

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	powermock-core	Highest
Vendor	central	groupid	org.powermock	Highest
Vendor	file	name	powermock-core	High
Vendor	jar	package name	core	Low
Vendor	jar	package name	powermock	Low
Vendor	pom	artifactid	powermock-core	Low
Vendor	pom	developer email	arthur.zagretdinov at outlook.com	Low
Vendor	pom	developer email	jan.kronquist at jayway.com	Low
Vendor	pom	developer email	johan.haleby at jayway.com	Low
Vendor	pom	developer id	jakr	Medium
Vendor	pom	developer id	johanhaleby	Medium
Vendor	pom	developer id	thekingnothing	Medium
Vendor	pom	developer name	Arthur Zagretdinov	Medium
Vendor	pom	developer name	Jan Kronquist	Medium
Vendor	pom	developer name	Johan Haleby	Medium
Vendor	pom	groupid	org.powermock	Highest
Vendor	pom	name	PowerMock	High
Vendor	pom	url	http://www.powermock.org	Highest
Product	central	artifactid	powermock-core	Highest
Product	file	name	powermock-core	High
Product	jar	package name	core	Highest
Product	jar	package name	core	Low
Product	jar	package name	powermock	Highest
Product	Manifest	Implementation-Title	powermock-core	High
Product	pom	artifactid	powermock-core	Highest
Product	pom	developer email	arthur.zagretdinov at outlook.com	Low
Product	pom	developer email	jan.kronquist at jayway.com	Low
Product	pom	developer email	johan.haleby at jayway.com	Low
Product	pom	developer id	jakr	Low
Product	pom	developer id	johanhaleby	Low
Product	pom	developer id	thekingnothing	Low
Product	pom	developer name	Arthur Zagretdinov	Low
Product	pom	developer name	Jan Kronquist	Low
Product	pom	developer name	Johan Haleby	Low
Product	pom	groupid	org.powermock	Highest
Product	pom	name	PowerMock	High
Product	pom	url	http://www.powermock.org	Medium
Version	central	version	2.0.9	Highest
Version	file	version	2.0.9	High
Version	Manifest	Implementation-Version	2.0.9	High
Version	pom	version	2.0.9	Highest

Identifiers

pkg:maven/org.powermock/powermock-core@2.0.9 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: powermock-module-junit4-2.0.9.jar

Description:

PowerMock support module for JUnit 4.x.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/powermock-module-junit4-2.0.9.jar
MD5: 30c9ae211d0d03e092c005263ed4e0a4
SHA1: 09f13da80a3d75cc9579b55389e919f661ec42f0
SHA256:d0e8a83183a9a8a18ff83e1592a611fa206cab0838466ce367e3d0a851a274e2

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	powermock-module-junit4	Highest
Vendor	central	groupid	org.powermock	Highest
Vendor	file	name	powermock-module-junit4	High
Vendor	jar	package name	junit4	Low
Vendor	jar	package name	modules	Low
Vendor	jar	package name	powermock	Low
Vendor	pom	artifactid	powermock-module-junit4	Low
Vendor	pom	developer email	arthur.zagretdinov at outlook.com	Low
Vendor	pom	developer email	jan.kronquist at jayway.com	Low
Vendor	pom	developer email	johan.haleby at jayway.com	Low
Vendor	pom	developer id	jakr	Medium
Vendor	pom	developer id	johanhaleby	Medium
Vendor	pom	developer id	thekingnothing	Medium
Vendor	pom	developer name	Arthur Zagretdinov	Medium
Vendor	pom	developer name	Jan Kronquist	Medium
Vendor	pom	developer name	Johan Haleby	Medium
Vendor	pom	groupid	org.powermock	Highest
Vendor	pom	name	PowerMock	High
Vendor	pom	url	http://www.powermock.org	Highest
Product	central	artifactid	powermock-module-junit4	Highest
Product	file	name	powermock-module-junit4	High
Product	jar	package name	internal	Low
Product	jar	package name	junit4	Highest
Product	jar	package name	junit4	Low
Product	jar	package name	modules	Low
Product	jar	package name	powermock	Highest
Product	Manifest	Implementation-Title	powermock-module-junit4	High
Product	pom	artifactid	powermock-module-junit4	Highest
Product	pom	developer email	arthur.zagretdinov at outlook.com	Low
Product	pom	developer email	jan.kronquist at jayway.com	Low
Product	pom	developer email	johan.haleby at jayway.com	Low
Product	pom	developer id	jakr	Low
Product	pom	developer id	johanhaleby	Low
Product	pom	developer id	thekingnothing	Low
Product	pom	developer name	Arthur Zagretdinov	Low
Product	pom	developer name	Jan Kronquist	Low
Product	pom	developer name	Johan Haleby	Low
Product	pom	groupid	org.powermock	Highest
Product	pom	name	PowerMock	High
Product	pom	url	http://www.powermock.org	Medium
Version	central	version	2.0.9	Highest
Version	file	version	2.0.9	High
Version	Manifest	Implementation-Version	2.0.9	High
Version	pom	version	2.0.9	Highest

Related Dependencies

Identifiers

pkg:maven/org.powermock/powermock-module-junit4@2.0.9 (Confidence:High)
cpe:2.3:a:junit:junit4:2.0.9:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: powermock-reflect-2.0.9.jar

Description:

Various utilities for accessing internals of a class.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/powermock-reflect-2.0.9.jar
MD5: 36bfd3c5bb83f5b142f4c9a015e3322a
SHA1: 4bb9ed43e5221926fb86cae44b445de110a51d05
SHA256:a1374bd368b52b54b252d5281b9391363b58cb667a6375242fd6a3f482bc8c23

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	powermock-reflect	Highest
Vendor	central	groupid	org.powermock	Highest
Vendor	file	name	powermock-reflect	High
Vendor	jar	package name	internal	Low
Vendor	jar	package name	powermock	Low
Vendor	jar	package name	reflect	Low
Vendor	pom	artifactid	powermock-reflect	Low
Vendor	pom	developer email	arthur.zagretdinov at outlook.com	Low
Vendor	pom	developer email	jan.kronquist at jayway.com	Low
Vendor	pom	developer email	johan.haleby at jayway.com	Low
Vendor	pom	developer id	jakr	Medium
Vendor	pom	developer id	johanhaleby	Medium
Vendor	pom	developer id	thekingnothing	Medium
Vendor	pom	developer name	Arthur Zagretdinov	Medium
Vendor	pom	developer name	Jan Kronquist	Medium
Vendor	pom	developer name	Johan Haleby	Medium
Vendor	pom	groupid	org.powermock	Highest
Vendor	pom	name	PowerMock	High
Vendor	pom	url	http://www.powermock.org	Highest
Product	central	artifactid	powermock-reflect	Highest
Product	file	name	powermock-reflect	High
Product	jar	package name	internal	Low
Product	jar	package name	powermock	Highest
Product	jar	package name	reflect	Highest
Product	jar	package name	reflect	Low
Product	Manifest	Implementation-Title	powermock-reflect	High
Product	pom	artifactid	powermock-reflect	Highest
Product	pom	developer email	arthur.zagretdinov at outlook.com	Low
Product	pom	developer email	jan.kronquist at jayway.com	Low
Product	pom	developer email	johan.haleby at jayway.com	Low
Product	pom	developer id	jakr	Low
Product	pom	developer id	johanhaleby	Low
Product	pom	developer id	thekingnothing	Low
Product	pom	developer name	Arthur Zagretdinov	Low
Product	pom	developer name	Jan Kronquist	Low
Product	pom	developer name	Johan Haleby	Low
Product	pom	groupid	org.powermock	Highest
Product	pom	name	PowerMock	High
Product	pom	url	http://www.powermock.org	Medium
Version	central	version	2.0.9	Highest
Version	file	version	2.0.9	High
Version	Manifest	Implementation-Version	2.0.9	High
Version	pom	version	2.0.9	Highest

Identifiers

pkg:maven/org.powermock/powermock-reflect@2.0.9 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: reactive-streams-1.0.4.jar

Description:

A Protocol for Asynchronous Non-Blocking Data Sequence

License:

MIT-0: https://spdx.org/licenses/MIT-0.html

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/reactive-streams-1.0.4.jar
MD5: eda7978509c32d99166745cc144c99cd
SHA1: 3864a1320d97d7b045f729a326e1e077661f31b7
SHA256:f75ca597789b3dac58f61857b9ac2e1034a68fa672db35055a8fb4509e325f28

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	reactive-streams	Highest
Vendor	central	groupid	org.reactivestreams	Highest
Vendor	file	name	reactive-streams	High
Vendor	jar	package name	reactivestreams	Highest
Vendor	jar	package name	reactivestreams	Low
Vendor	Manifest	automatic-module-name	org.reactivestreams	Medium
Vendor	Manifest	bundle-docurl	http://reactive-streams.org	Low
Vendor	Manifest	bundle-symbolicname	reactive-streams	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	artifactid	reactive-streams	Low
Vendor	pom	developer id	reactive-streams-sig	Medium
Vendor	pom	developer name	Reactive Streams SIG	Medium
Vendor	pom	groupid	org.reactivestreams	Highest
Vendor	pom	name	reactive-streams	High
Vendor	pom	url	http://www.reactive-streams.org/	Highest
Product	central	artifactid	reactive-streams	Highest
Product	file	name	reactive-streams	High
Product	jar	package name	reactivestreams	Highest
Product	Manifest	automatic-module-name	org.reactivestreams	Medium
Product	Manifest	bundle-docurl	http://reactive-streams.org	Low
Product	Manifest	Bundle-Name	reactive-streams-jvm	Medium
Product	Manifest	bundle-symbolicname	reactive-streams	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	artifactid	reactive-streams	Highest
Product	pom	developer id	reactive-streams-sig	Low
Product	pom	developer name	Reactive Streams SIG	Low
Product	pom	groupid	org.reactivestreams	Highest
Product	pom	name	reactive-streams	High
Product	pom	url	http://www.reactive-streams.org/	Medium
Version	central	version	1.0.4	Highest
Version	file	version	1.0.4	High
Version	Manifest	Bundle-Version	1.0.4	High
Version	pom	version	1.0.4	Highest

Identifiers

pkg:maven/org.reactivestreams/reactive-streams@1.0.4 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: reactor-core-3.4.34.jar

Description:

Non-Blocking Reactive Foundation for the JVM

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/reactor-core-3.4.34.jar
MD5: 42fb3c486656c0cce0f76f45e18315ff
SHA1: acd10fd94f7a04b49253ef044f4fbf37a54aec40
SHA256:b324c0921f97bd73a9aebffbf59ac45eeb48d9eab9bce67c23ad0bc83b513d87

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	reactor-core	Highest
Vendor	central	groupid	io.projectreactor	Highest
Vendor	file	name	reactor-core	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	core	Low
Vendor	jar	package name	publisher	Low
Vendor	jar	package name	reactor	Highest
Vendor	jar	package name	reactor	Low
Vendor	Manifest	automatic-module-name	reactor.core	Medium
Vendor	Manifest	bundle-symbolicname	io.projectreactor.reactor-core	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	reactor-core	Low
Vendor	pom	developer email	odokuka@vmware.com	Low
Vendor	pom	developer email	sbasle@vmware.com	Low
Vendor	pom	developer id	odokuka	Medium
Vendor	pom	developer id	simonbasle	Medium
Vendor	pom	developer name	Oleh Dokuka	Medium
Vendor	pom	developer name	Simon Baslé	Medium
Vendor	pom	groupid	io.projectreactor	Highest
Vendor	pom	name	Non-Blocking Reactive Foundation for the JVM	High
Vendor	pom	organization name	reactor	High
Vendor	pom	organization url	reactor	Medium
Vendor	pom	url	reactor/reactor-core	Highest
Product	central	artifactid	reactor-core	Highest
Product	file	name	reactor-core	High
Product	jar	package name	core	Highest
Product	jar	package name	core	Low
Product	jar	package name	publisher	Low
Product	jar	package name	reactor	Highest
Product	Manifest	automatic-module-name	reactor.core	Medium
Product	Manifest	Bundle-Name	reactor-core	Medium
Product	Manifest	bundle-symbolicname	io.projectreactor.reactor-core	Medium
Product	Manifest	Implementation-Title	reactor-core	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	reactor-core	Highest
Product	pom	developer email	odokuka@vmware.com	Low
Product	pom	developer email	sbasle@vmware.com	Low
Product	pom	developer id	odokuka	Low
Product	pom	developer id	simonbasle	Low
Product	pom	developer name	Oleh Dokuka	Low
Product	pom	developer name	Simon Baslé	Low
Product	pom	groupid	io.projectreactor	Highest
Product	pom	name	Non-Blocking Reactive Foundation for the JVM	High
Product	pom	organization name	reactor	Low
Product	pom	url	reactor	High
Product	pom	url	reactor/reactor-core	High
Version	central	version	3.4.34	Highest
Version	file	version	3.4.34	High
Version	Manifest	Implementation-Version	3.4.34	High
Version	pom	version	3.4.34	Highest

Identifiers

pkg:maven/io.projectreactor/reactor-core@3.4.34 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: saaj-impl-1.5.3.jar

Description:

       Implementation of Jakarta SOAP with Attachments Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/saaj-impl-1.5.3.jar
MD5: 9c3bd20b7350f99f18f8c38fbed90199
SHA1: 1cd4aa51ea7a8987fe930083e3cd05e2ac72505b
SHA256:21d451aa7dbe1254388ecc4e5ea71aabbc519c7d7344c9d93e9f79954f38b32b

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	saaj-impl	High
Vendor	jar	package name	messaging	Highest
Vendor	jar	package name	saaj	Highest
Vendor	jar	package name	sun	Highest
Vendor	jar	package name	xml	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	bundle-docurl	http://www.oracle.com/	Low
Vendor	Manifest	bundle-symbolicname	com.sun.xml.messaging.saaj.impl	Medium
Vendor	Manifest	implementation-build-id	1.5.3 - 3f22ced	Low
Vendor	Manifest	Implementation-Vendor	Oracle Corporation	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	saaj-impl	Low
Vendor	pom	groupid	com.sun.xml.messaging.saaj	Highest
Vendor	pom	name	Jakarta SOAP Implementation	High
Vendor	pom	parent-artifactid	metro-saaj	Low
Product	file	name	saaj-impl	High
Product	jar	package name	messaging	Highest
Product	jar	package name	saaj	Highest
Product	jar	package name	sun	Highest
Product	jar	package name	xml	Highest
Product	Manifest	bundle-docurl	http://www.oracle.com/	Low
Product	Manifest	Bundle-Name	Jakarta SOAP Implementation	Medium
Product	Manifest	bundle-symbolicname	com.sun.xml.messaging.saaj.impl	Medium
Product	Manifest	implementation-build-id	1.5.3 - 3f22ced	Low
Product	Manifest	Implementation-Title	Jakarta SOAP Implementation	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	saaj-impl	Highest
Product	pom	groupid	com.sun.xml.messaging.saaj	Highest
Product	pom	name	Jakarta SOAP Implementation	High
Product	pom	parent-artifactid	metro-saaj	Medium
Version	file	version	1.5.3	High
Version	Manifest	Bundle-Version	1.5.3	High
Version	Manifest	implementation-build-id	1.5.3	Low
Version	Manifest	Implementation-Version	1.5.3	High
Version	pom	version	1.5.3	Highest

Identifiers

pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3 (Confidence:High)
cpe:2.3:a:oracle:java_se:1.5.3:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	automatic-module-name	org.slf4j	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Product	Manifest	automatic-module-name	org.slf4j	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	slf4j-api	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	1.7.36	High
Version	Manifest	Bundle-Version	1.7.36	High
Version	Manifest	Implementation-Version	1.7.36	High
Version	pom	version	1.7.36	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@1.7.36 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: snakeyaml-2.3.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/snakeyaml-2.3.jar
MD5: 2a1c2ee8923dcd6bd6d025751af5df37
SHA1: 936b36210e27320f920536f695cf1af210c44586
SHA256:63a76fe66b652360bd4c2c107e6f0258daa7d4bb492008ba8c26fcd230ff9146

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	snakeyaml	High
Vendor	jar	package name	emitter	Highest
Vendor	jar	package name	org	Highest
Vendor	jar	package name	parser	Highest
Vendor	jar	package name	snakeyaml	Highest
Vendor	jar	package name	yaml	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-symbolicname	org.yaml.snakeyaml	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	pom	artifactid	snakeyaml	Low
Vendor	pom	developer email	alexander.maslov@gmail.com	Low
Vendor	pom	developer email	public.somov@gmail.com	Low
Vendor	pom	developer id	asomov	Medium
Vendor	pom	developer id	maslovalex	Medium
Vendor	pom	developer name	Alexander Maslov	Medium
Vendor	pom	developer name	Andrey Somov	Medium
Vendor	pom	groupid	org.yaml	Highest
Vendor	pom	name	SnakeYAML	High
Vendor	pom	url	https://bitbucket.org/snakeyaml/snakeyaml	Highest
Product	file	name	snakeyaml	High
Product	jar	package name	emitter	Highest
Product	jar	package name	org	Highest
Product	jar	package name	parser	Highest
Product	jar	package name	snakeyaml	Highest
Product	jar	package name	yaml	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Bundle-Name	SnakeYAML	Medium
Product	Manifest	bundle-symbolicname	org.yaml.snakeyaml	Medium
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	pom	artifactid	snakeyaml	Highest
Product	pom	developer email	alexander.maslov@gmail.com	Low
Product	pom	developer email	public.somov@gmail.com	Low
Product	pom	developer id	asomov	Low
Product	pom	developer id	maslovalex	Low
Product	pom	developer name	Alexander Maslov	Low
Product	pom	developer name	Andrey Somov	Low
Product	pom	groupid	org.yaml	Highest
Product	pom	name	SnakeYAML	High
Product	pom	url	https://bitbucket.org/snakeyaml/snakeyaml	Medium
Version	file	version	2.3	High
Version	pom	version	2.3	Highest

Identifiers

pkg:maven/org.yaml/snakeyaml@2.3 (Confidence:High)
cpe:2.3:a:snakeyaml_project:snakeyaml:2.3:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: spring-batch-core-4.3.10.jar

Description:

Spring Batch Core

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-batch-core-4.3.10.jar
MD5: 44c4c9782bdc9dec98cd574851e9f533
SHA1: cfec1e210e83d19e41342a3fb8d5092fb06c1ff2
SHA256:865244a0131ac7d5963d77220061cc6b878ccc95737d07af782d630a16d115c7

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-batch-core	Highest
Vendor	central	groupid	org.springframework.batch	Highest
Vendor	file	name	spring-batch-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	batch	Low
Vendor	jar	package name	core	Low
Vendor	jar	package name	springframework	Low
Vendor	pom	artifactid	spring-batch-core	Low
Vendor	pom	developer email	bhale@vmware.com	Low
Vendor	pom	developer email	cschaefer@vmware.com	Low
Vendor	pom	developer email	dhgarrette@gmail.com	Low
Vendor	pom	developer email	dsyer@vmware.com	Low
Vendor	pom	developer email	mbenhassine@vmware.com	Low
Vendor	pom	developer email	mminella@vmware.com	Low
Vendor	pom	developer email	robokaso@gmail.com	Low
Vendor	pom	developer email	trisberg@vmware.com	Low
Vendor	pom	developer id	benas	Medium
Vendor	pom	developer id	chrisjs	Medium
Vendor	pom	developer id	dhgarrette	Medium
Vendor	pom	developer id	dsyer	Medium
Vendor	pom	developer id	lward	Medium
Vendor	pom	developer id	mminella	Medium
Vendor	pom	developer id	nebhale	Medium
Vendor	pom	developer id	robokaso	Medium
Vendor	pom	developer id	trisberg	Medium
Vendor	pom	developer name	Ben Hale	Medium
Vendor	pom	developer name	Chris Schaefer	Medium
Vendor	pom	developer name	Dan Garrette	Medium
Vendor	pom	developer name	Dave Syer	Medium
Vendor	pom	developer name	Lucas Ward	Medium
Vendor	pom	developer name	Mahmoud Ben Hassine	Medium
Vendor	pom	developer name	Michael Minella	Medium
Vendor	pom	developer name	Robert Kasanicky	Medium
Vendor	pom	developer name	Thomas Risberg	Medium
Vendor	pom	groupid	org.springframework.batch	Highest
Vendor	pom	name	Spring Batch Core	High
Vendor	pom	organization name	Spring	High
Vendor	pom	organization url	https://spring.io	Medium
Vendor	pom	url	https://projects.spring.io/spring-batch/	Highest
Product	central	artifactid	spring-batch-core	Highest
Product	file	name	spring-batch-core	High
Product	jar	package name	batch	Highest
Product	jar	package name	batch	Low
Product	jar	package name	core	Highest
Product	jar	package name	core	Low
Product	Manifest	Implementation-Title	spring-batch-core	High
Product	pom	artifactid	spring-batch-core	Highest
Product	pom	developer email	bhale@vmware.com	Low
Product	pom	developer email	cschaefer@vmware.com	Low
Product	pom	developer email	dhgarrette@gmail.com	Low
Product	pom	developer email	dsyer@vmware.com	Low
Product	pom	developer email	mbenhassine@vmware.com	Low
Product	pom	developer email	mminella@vmware.com	Low
Product	pom	developer email	robokaso@gmail.com	Low
Product	pom	developer email	trisberg@vmware.com	Low
Product	pom	developer id	benas	Low
Product	pom	developer id	chrisjs	Low
Product	pom	developer id	dhgarrette	Low
Product	pom	developer id	dsyer	Low
Product	pom	developer id	lward	Low
Product	pom	developer id	mminella	Low
Product	pom	developer id	nebhale	Low
Product	pom	developer id	robokaso	Low
Product	pom	developer id	trisberg	Low
Product	pom	developer name	Ben Hale	Low
Product	pom	developer name	Chris Schaefer	Low
Product	pom	developer name	Dan Garrette	Low
Product	pom	developer name	Dave Syer	Low
Product	pom	developer name	Lucas Ward	Low
Product	pom	developer name	Mahmoud Ben Hassine	Low
Product	pom	developer name	Michael Minella	Low
Product	pom	developer name	Robert Kasanicky	Low
Product	pom	developer name	Thomas Risberg	Low
Product	pom	groupid	org.springframework.batch	Highest
Product	pom	name	Spring Batch Core	High
Product	pom	organization name	Spring	Low
Product	pom	organization url	https://spring.io	Low
Product	pom	url	https://projects.spring.io/spring-batch/	Medium
Version	central	version	4.3.10	Highest
Version	file	version	4.3.10	High
Version	Manifest	Implementation-Version	4.3.10	High
Version	pom	version	4.3.10	Highest

Related Dependencies

Identifiers

pkg:maven/org.springframework.batch/spring-batch-core@4.3.10 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_batch:4.3.10:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: spring-boot-2.7.18.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-boot-2.7.18.jar
MD5: 0941c83c25204150f8bd73ae66c63fd1
SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0
SHA256:530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-boot	Highest
Vendor	central	groupid	org.springframework.boot	Highest
Vendor	file	name	spring-boot	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	boot	Highest
Vendor	jar	package name	boot	Low
Vendor	jar	package name	springframework	Low
Vendor	Manifest	automatic-module-name	spring.boot	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	spring-boot	Low
Vendor	pom	developer email	ask@spring.io	Low
Vendor	pom	developer name	Spring	Medium
Vendor	pom	developer org	VMware, Inc.	Medium
Vendor	pom	developer org URL	https://www.spring.io	Medium
Vendor	pom	groupid	org.springframework.boot	Highest
Vendor	pom	name	spring-boot	High
Vendor	pom	organization name	VMware, Inc.	High
Vendor	pom	organization url	https://spring.io	Medium
Vendor	pom	url	https://spring.io/projects/spring-boot	Highest
Product	central	artifactid	spring-boot	Highest
Product	file	name	spring-boot	High
Product	jar	package name	boot	Highest
Product	jar	package name	boot	Low
Product	Manifest	automatic-module-name	spring.boot	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Spring Boot	High
Product	pom	artifactid	spring-boot	Highest
Product	pom	developer email	ask@spring.io	Low
Product	pom	developer name	Spring	Low
Product	pom	developer org	VMware, Inc.	Low
Product	pom	developer org URL	https://www.spring.io	Low
Product	pom	groupid	org.springframework.boot	Highest
Product	pom	name	spring-boot	High
Product	pom	organization name	VMware, Inc.	Low
Product	pom	organization url	https://spring.io	Low
Product	pom	url	https://spring.io/projects/spring-boot	Medium
Version	central	version	2.7.18	Highest
Version	file	version	2.7.18	High
Version	Manifest	Implementation-Version	2.7.18	High
Version	pom	version	2.7.18	Highest

Related Dependencies

ffl-admindentaire-packaging-1.0.4.jar: spring-boot-actuator-2.7.18.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-boot-actuator-2.7.18.jar
- MD5: e5e94e4f5c7ac6f21bfad5b3986206ad
- SHA1: 669394598d18cf908ac5086a729ac331a321c38d
- SHA256: b9518b9d91f3ff915840d31ee83e4d4713c69221f748a961fa03df90393c1f28
- pkg:maven/org.springframework.boot/spring-boot-actuator@2.7.18
ffl-admindentaire-packaging-1.0.4.jar: spring-boot-actuator-autoconfigure-2.7.18.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-boot-actuator-autoconfigure-2.7.18.jar
- MD5: 6fc81fb4748ef8be7250ccaf494b2f70
- SHA1: 1102948e3d7d3d63f64ad8de9864429023f2fae0
- SHA256: dbf86740d1c5ab4554df9b18f22ae5be9a5b5712b86bf4ac4ece00e5b6a141ac
- pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.18
ffl-admindentaire-packaging-1.0.4.jar: spring-boot-autoconfigure-2.7.18.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-boot-autoconfigure-2.7.18.jar
- MD5: e127e4ed0469cc5442d3c8e5e42e7988
- SHA1: 9cf147c6ca274c75b32556acdcba5a1de081ebcd
- SHA256: 1c4e0aadcb662b6149b536a2cf288003ffefe81a6cc69846e9f14976529a1b08
- pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.18
ffl-admindentaire-packaging-1.0.4.jar: spring-boot-test-2.7.18.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-boot-test-2.7.18.jar
- MD5: e0d6a86b3fa1015f5a06c6cfbef2b007
- SHA1: 865a0347b856d8672a3e5893564d0f01b10e248d
- SHA256: 9804c3d7d9d8212c0cee80f1c7df50b5e63057c4433ec00bd87cc64cbfcaa4c8
- pkg:maven/org.springframework.boot/spring-boot-test@2.7.18
ffl-admindentaire-packaging-1.0.4.jar: spring-boot-test-autoconfigure-2.7.18.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-boot-test-autoconfigure-2.7.18.jar
- MD5: 076417eb7320a4746ec90b3fa5571874
- SHA1: 51814e4cdc5cc4408b1d1116ca620d6c0b5feb76
- SHA256: ac3e8f68fcce95fe8e7e92bb263fce0989a587fce734e94854f81d9f85ce8a2a
- pkg:maven/org.springframework.boot/spring-boot-test-autoconfigure@2.7.18

Identifiers

pkg:maven/org.springframework.boot/spring-boot@2.7.18 (Confidence:High)
cpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: spring-boot-jarmode-layertools-2.7.18.jar

Description:

Spring Boot Layers Tools

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-boot-jarmode-layertools-2.7.18.jar
MD5: f32346692e754a6948b7f88a2405c187
SHA1: a4dc17d77bb35753dd1d4d57846b0891aec1ae38
SHA256:defcbd4fb885b1fe9b1711462fc52721c02129fe55631c96d15e9363cf20707b

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-boot-jarmode-layertools	Highest
Vendor	central	groupid	org.springframework.boot	Highest
Vendor	file	name	spring-boot-jarmode-layertools	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	boot	Highest
Vendor	jar	package name	boot	Low
Vendor	jar	package name	jarmode	Highest
Vendor	jar	package name	jarmode	Low
Vendor	jar	package name	layertools	Highest
Vendor	jar	package name	springframework	Low
Vendor	Manifest	automatic-module-name	spring.boot.jarmode.layertools	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	spring-boot-jarmode-layertools	Low
Vendor	pom	developer email	ask@spring.io	Low
Vendor	pom	developer name	Spring	Medium
Vendor	pom	developer org	VMware, Inc.	Medium
Vendor	pom	developer org URL	https://www.spring.io	Medium
Vendor	pom	groupid	org.springframework.boot	Highest
Vendor	pom	name	spring-boot-jarmode-layertools	High
Vendor	pom	organization name	VMware, Inc.	High
Vendor	pom	organization url	https://spring.io	Medium
Vendor	pom	url	https://spring.io/projects/spring-boot	Highest
Product	central	artifactid	spring-boot-jarmode-layertools	Highest
Product	file	name	spring-boot-jarmode-layertools	High
Product	jar	package name	boot	Highest
Product	jar	package name	boot	Low
Product	jar	package name	jarmode	Highest
Product	jar	package name	jarmode	Low
Product	jar	package name	layertools	Highest
Product	jar	package name	layertools	Low
Product	Manifest	automatic-module-name	spring.boot.jarmode.layertools	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Spring Boot Layers Tools	High
Product	pom	artifactid	spring-boot-jarmode-layertools	Highest
Product	pom	developer email	ask@spring.io	Low
Product	pom	developer name	Spring	Low
Product	pom	developer org	VMware, Inc.	Low
Product	pom	developer org URL	https://www.spring.io	Low
Product	pom	groupid	org.springframework.boot	Highest
Product	pom	name	spring-boot-jarmode-layertools	High
Product	pom	organization name	VMware, Inc.	Low
Product	pom	organization url	https://spring.io	Low
Product	pom	url	https://spring.io/projects/spring-boot	Medium
Version	central	version	2.7.18	Highest
Version	file	version	2.7.18	High
Version	Manifest	Implementation-Version	2.7.18	High
Version	pom	version	2.7.18	Highest

Identifiers

pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.7.18 (Confidence:High)
cpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot_tools:2.7.18:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_tools:2.7.18:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: spring-core-5.3.31.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-core-5.3.31.jar
MD5: a9ef5a29eaa89fe909a0c4ed870d90a1
SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3
SHA256:7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-core	Highest
Vendor	central	groupid	org.springframework	Highest
Vendor	file	name	spring-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	core	Low
Vendor	jar	package name	springframework	Low
Vendor	Manifest	automatic-module-name	spring.core	Medium
Vendor	pom	artifactid	spring-core	Low
Vendor	pom	developer email	jhoeller@pivotal.io	Low
Vendor	pom	developer id	jhoeller	Medium
Vendor	pom	developer name	Juergen Hoeller	Medium
Vendor	pom	groupid	org.springframework	Highest
Vendor	pom	name	Spring Core	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	central	artifactid	spring-core	Highest
Product	file	name	spring-core	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	jar	package name	core	Highest
Product	jar	package name	core	Low
Product	Manifest	automatic-module-name	spring.core	Medium
Product	Manifest	Implementation-Title	spring-core	High
Product	pom	artifactid	spring-core	Highest
Product	pom	developer email	jhoeller@pivotal.io	Low
Product	pom	developer id	jhoeller	Low
Product	pom	developer name	Juergen Hoeller	Low
Product	pom	groupid	org.springframework	Highest
Product	pom	name	Spring Core	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	url	spring-projects/spring-framework	High
Version	central	version	5.3.31	Highest
Version	file	version	5.3.31	High
Version	Manifest	Implementation-Version	5.3.31	High
Version	pom	version	5.3.31	Highest

Related Dependencies

ffl-admindentaire-packaging-1.0.4.jar: spring-aop-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-aop-5.3.31.jar
- MD5: 48143a3242d23f66736e34cf1b5ad632
- SHA1: 3be929dbdb5f4516919ad09a3d3720d779bb65d9
- SHA256: 3f0c666f317abaa845fc3a24fba219b1f469716bf309cccd755eecb8fee20430
- pkg:maven/org.springframework/spring-aop@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-aspects-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-aspects-5.3.31.jar
- MD5: 3ca7eb547165c058023242fa87ae54a4
- SHA1: 9bd8e781e08e1b02a78e867913b96bccd2bc5798
- SHA256: c427cce1bcd660d63183db5e2d204dcf05b9f56508a388b4c722702ccbc29581
- pkg:maven/org.springframework/spring-aspects@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-beans-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-beans-5.3.31.jar
- MD5: b5fe5c018f96edf76b7e92b34668fa44
- SHA1: d27258849071b3b268ecc388eca35bbfcc586448
- SHA256: a8d6d99003d0a28049cba4273afbcfc64e1107ee3c33f67935853e9711544aa7
- pkg:maven/org.springframework/spring-beans@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-context-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-context-5.3.31.jar
- MD5: 6aa19e7e6a87b4ac8b649057315b1dd1
- SHA1: a2d6e76507f037ad835e8c2288dfedf28981999f
- SHA256: 38def055d1e22b5514b1cb19cef4474e5c1b0d2127c483e7d014bde87c4a4cf3
- pkg:maven/org.springframework/spring-context@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-jcl-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-jcl-5.3.31.jar
- MD5: 4d281617e07553792218e37c47b8bd8c
- SHA1: e7ab9ee590a195415dd6b898440d776b4c8db78c
- SHA256: eee0df6a25a9c56d228ea86272546aa5a0656caf2f14e7b375417b066abbc0db
- pkg:maven/org.springframework/spring-jcl@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-jdbc-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-jdbc-5.3.31.jar
- MD5: a2481383358181809fcc8384cd9ec657
- SHA1: 9124850a2e396a33e5dbd5d1e891e105dac48633
- SHA256: 3cc06d5a00adff04a289d93bd5c4b7a2937eebab567e88af6ac1f0aeb5ef032c
- pkg:maven/org.springframework/spring-jdbc@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-messaging-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-messaging-5.3.31.jar
- MD5: 101783903cac23f1e6fc155b22bc48df
- SHA1: db3be10eedde60c3f237a4bc625a0c2a98445352
- SHA256: be560cb5c2bc23b928407beec63498696218aa86abb20aa84fbc2aa4f3b67bdf
- pkg:maven/org.springframework/spring-messaging@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-orm-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-orm-5.3.31.jar
- MD5: de7c7b9c77585239ed427b82e57cbf99
- SHA1: cb9b7ac171e680e3eaa2fb69e90a8595f8aa201b
- SHA256: 9d1941fc657ea2e8d9b01bf7408d434757ebc86d45e23ea4ad538a72b0fcbd0d
- pkg:maven/org.springframework/spring-orm@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-oxm-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-oxm-5.3.31.jar
- MD5: af7d9d54c00377b5032412e5cceaa261
- SHA1: eec68c6788292f7fb46c02c8cd5aaf4fd241fc88
- SHA256: 3e144e5af76bccabc2ad2e82f59d932244cf370b8e83f2f6e5837371df4153c0
- pkg:maven/org.springframework/spring-oxm@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-test-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-test-5.3.31.jar
- MD5: f9bfa91aa8600c2018a14568091293e2
- SHA1: 950ff61934d9709ad22fbb176ebcf0e0b80bb5ce
- SHA256: dcd43510b9c66fd8a6f29d481cbe949d530d3b831b676a47328c7514b733ae83
- pkg:maven/org.springframework/spring-test@5.3.31
ffl-admindentaire-packaging-1.0.4.jar: spring-tx-5.3.31.jar
- File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-tx-5.3.31.jar
- MD5: 69f5a36a0e70489b2c0102862cdc13d9
- SHA1: 143e79385354fc7ffd9773a31ba989931ad9e920
- SHA256: 8e7835cf87a57ba93360d9badc45ae0a8bcbe0bc9e04a17433cbc8d00a9cf43c
- pkg:maven/org.springframework/spring-tx@5.3.31

Identifiers

pkg:maven/org.springframework/spring-core@5.3.31 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

NVD-CWE-noinfo

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

ffl-admindentaire-packaging-1.0.4.jar: spring-data-commons-2.7.18.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-data-commons-2.7.18.jar
MD5: 92abbc5fc0193ed932a1ab973a249c8a
SHA1: e7cc3f9746e9439f3e33355b4d4ef262e5b136d1
SHA256:896e203a870b77a5a58f6c642fb9ba1cac858e013637ce3f9bffa9420e1f7f56

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-data-commons	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	data	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.data.commons	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	spring-data-commons	Low
Vendor	pom	groupid	org.springframework.data	Highest
Vendor	pom	name	Spring Data Core	High
Vendor	pom	parent-artifactid	spring-data-parent	Low
Vendor	pom	parent-groupid	org.springframework.data.build	Medium
Product	file	name	spring-data-commons	High
Product	jar	package name	core	Highest
Product	jar	package name	data	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.data.commons	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Spring Data Core	High
Product	pom	artifactid	spring-data-commons	Highest
Product	pom	groupid	org.springframework.data	Highest
Product	pom	name	Spring Data Core	High
Product	pom	parent-artifactid	spring-data-parent	Medium
Product	pom	parent-groupid	org.springframework.data.build	Medium
Version	file	version	2.7.18	High
Version	Manifest	Implementation-Version	2.7.18	High
Version	pom	version	2.7.18	Highest

Identifiers

pkg:maven/org.springframework.data/spring-data-commons@2.7.18 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_data_commons:2.7.18:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: spring-data-jpa-2.7.18.jar

Description:

Spring Data module for JPA repositories.

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-data-jpa-2.7.18.jar
MD5: 60c555a859deadcc9383f2af49f9e289
SHA1: ad78adb26ea2e4f11589aa73c7b3eb473a16078c
SHA256:a16bbbf5721d9c35cbb21ef3f079ae2c28fd9cb8d9d6451cacc0fa917e44620d

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-data-jpa	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	data	Highest
Vendor	jar	package name	jpa	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.data.jpa	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	spring-data-jpa	Low
Vendor	pom	groupid	org.springframework.data	Highest
Vendor	pom	name	Spring Data JPA	High
Vendor	pom	parent-artifactid	spring-data-parent	Low
Vendor	pom	parent-groupid	org.springframework.data.build	Medium
Vendor	pom	url	https://spring.io/projects/spring-data-jpa	Highest
Product	file	name	spring-data-jpa	High
Product	jar	package name	data	Highest
Product	jar	package name	jpa	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.data.jpa	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Spring Data JPA	High
Product	pom	artifactid	spring-data-jpa	Highest
Product	pom	groupid	org.springframework.data	Highest
Product	pom	name	Spring Data JPA	High
Product	pom	parent-artifactid	spring-data-parent	Medium
Product	pom	parent-groupid	org.springframework.data.build	Medium
Product	pom	url	https://spring.io/projects/spring-data-jpa	Medium
Version	file	version	2.7.18	High
Version	Manifest	Implementation-Version	2.7.18	High
Version	pom	version	2.7.18	Highest

Identifiers

pkg:maven/org.springframework.data/spring-data-jpa@2.7.18 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_data_jpa:2.7.18:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: spring-expression-5.3.31.jar

Description:

Spring Expression Language (SpEL)

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-expression-5.3.31.jar
MD5: 9e309bb1a738acbd0ac9c9fc58931fd3
SHA1: 55637af1b186d1008890980c2876c5fc83599756
SHA256:e027f122b8a4e3030339068220bed02d1c9d397eb5897f1e33ba2f63b22591ac

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-expression	Highest
Vendor	central	groupid	org.springframework	Highest
Vendor	file	name	spring-expression	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	expression	Highest
Vendor	jar	package name	expression	Low
Vendor	jar	package name	spel	Low
Vendor	jar	package name	springframework	Low
Vendor	Manifest	automatic-module-name	spring.expression	Medium
Vendor	pom	artifactid	spring-expression	Low
Vendor	pom	developer email	jhoeller@pivotal.io	Low
Vendor	pom	developer id	jhoeller	Medium
Vendor	pom	developer name	Juergen Hoeller	Medium
Vendor	pom	groupid	org.springframework	Highest
Vendor	pom	name	Spring Expression Language (SpEL)	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	central	artifactid	spring-expression	Highest
Product	file	name	spring-expression	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	jar	package name	expression	Highest
Product	jar	package name	expression	Low
Product	jar	package name	spel	Low
Product	Manifest	automatic-module-name	spring.expression	Medium
Product	Manifest	Implementation-Title	spring-expression	High
Product	pom	artifactid	spring-expression	Highest
Product	pom	developer email	jhoeller@pivotal.io	Low
Product	pom	developer id	jhoeller	Low
Product	pom	developer name	Juergen Hoeller	Low
Product	pom	groupid	org.springframework	Highest
Product	pom	name	Spring Expression Language (SpEL)	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	url	spring-projects/spring-framework	High
Version	central	version	5.3.31	Highest
Version	file	version	5.3.31	High
Version	Manifest	Implementation-Version	5.3.31	High
Version	pom	version	5.3.31	Highest

Identifiers

pkg:maven/org.springframework/spring-expression@5.3.31 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-38808 (OSSINDEX)

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  *  The application evaluates user-supplied SpEL expressions.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (5.3)
Vector: /AV:N/AC:L/Au:/C:/I:/A:

References:

OSSINDEX - [CVE-2024-38808] CWE-770: Allocation of Resources Without Limits or Throttling
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-38808
OSSIndex - https://spring.io/security/cve-2024-38808

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework:spring-expression:5.3.31:*:*:*:*:*:*:*

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

NVD-CWE-noinfo

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

ffl-admindentaire-packaging-1.0.4.jar: spring-integration-core-5.5.20.jar

Description:

Spring Integration Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-integration-core-5.5.20.jar
MD5: 33afc783cbb7f079196dd945b8b06d7f
SHA1: b2ac6642810af89983c54d37ef1a5fe7d62f22f3
SHA256:a5056fbd7ee7087c0a772c0a616cfebb3591a0c7f6b1578454cfce9d27a417bf

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-integration-core	Highest
Vendor	central	groupid	org.springframework.integration	Highest
Vendor	file	name	spring-integration-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	integration	Highest
Vendor	jar	package name	integration	Low
Vendor	jar	package name	springframework	Highest
Vendor	jar	package name	springframework	Low
Vendor	Manifest	automatic-module-name	spring.integration.core	Medium
Vendor	Manifest	implementation-url	https://projects.spring.io/spring-integration	Low
Vendor	Manifest	Implementation-Vendor	Pivotal Software, Inc.	High
Vendor	Manifest	Implementation-Vendor-Id	org.springframework.integration	Medium
Vendor	pom	artifactid	spring-integration-core	Low
Vendor	pom	developer email	abilan@vmware.com	Low
Vendor	pom	developer email	grussell@vmware.com	Low
Vendor	pom	developer email	markfisher@vmware.com	Low
Vendor	pom	developer id	artembilan	Medium
Vendor	pom	developer id	garyrussell	Medium
Vendor	pom	developer id	markfisher	Medium
Vendor	pom	developer name	Artem Bilan	Medium
Vendor	pom	developer name	Gary Russell	Medium
Vendor	pom	developer name	Mark Fisher	Medium
Vendor	pom	groupid	org.springframework.integration	Highest
Vendor	pom	name	Spring Integration Core	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-integration	Medium
Vendor	pom	url	spring-projects/spring-integration	Highest
Product	central	artifactid	spring-integration-core	Highest
Product	file	name	spring-integration-core	High
Product	jar	package name	core	Highest
Product	jar	package name	integration	Highest
Product	jar	package name	integration	Low
Product	Manifest	automatic-module-name	spring.integration.core	Medium
Product	Manifest	Implementation-Title	spring-integration-core	High
Product	Manifest	implementation-url	https://projects.spring.io/spring-integration	Low
Product	pom	artifactid	spring-integration-core	Highest
Product	pom	developer email	abilan@vmware.com	Low
Product	pom	developer email	grussell@vmware.com	Low
Product	pom	developer email	markfisher@vmware.com	Low
Product	pom	developer id	artembilan	Low
Product	pom	developer id	garyrussell	Low
Product	pom	developer id	markfisher	Low
Product	pom	developer name	Artem Bilan	Low
Product	pom	developer name	Gary Russell	Low
Product	pom	developer name	Mark Fisher	Low
Product	pom	groupid	org.springframework.integration	Highest
Product	pom	name	Spring Integration Core	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-integration	Low
Product	pom	url	spring-projects/spring-integration	High
Version	central	version	5.5.20	Highest
Version	file	version	5.5.20	High
Version	Manifest	Implementation-Version	5.5.20	High
Version	pom	version	5.5.20	Highest

Identifiers

pkg:maven/org.springframework.integration/spring-integration-core@5.5.20 (Confidence:High)
cpe:2.3:a:vmware:spring_integration:5.5.20:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: spring-retry-1.3.4.jar

Description:

		Spring Retry provides an abstraction around retrying failed operations, with an
		emphasis on declarative control of the process and policy-based behaviour that is
		easy to extend and customize. For instance, you can configure a plain POJO
		operation to retry if it fails, based on the type of exception, and with a fixed
		or exponential backoff.

License:

Apache 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-retry-1.3.4.jar
MD5: ee899fe67cd32ff5f89182e4b34c8afc
SHA1: 4262d75536b193ea70bd3e854155462623d180a5
SHA256:c4f21dcf8a01af59179f8c20b1196858e92ddc31e9ee346c6021216bd455a90f

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-retry	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	backoff	Highest
Vendor	jar	package name	policy	Highest
Vendor	jar	package name	retry	Highest
Vendor	jar	package name	retry	Low
Vendor	jar	package name	springframework	Highest
Vendor	jar	package name	springframework	Low
Vendor	pom	artifactid	spring-retry	Low
Vendor	pom	developer email	dsyer@gopivotal.com	Low
Vendor	pom	developer id	dsyer	Medium
Vendor	pom	developer name	Dave Syer	Medium
Vendor	pom	groupid	org.springframework.retry	Highest
Vendor	pom	name	Spring Retry	High
Vendor	pom	organization name	SpringSource	High
Vendor	pom	organization url	https://www.springsource.com	Medium
Vendor	pom	url	https://www.springsource.org	Highest
Product	file	name	spring-retry	High
Product	jar	package name	backoff	Highest
Product	jar	package name	policy	Highest
Product	jar	package name	retry	Highest
Product	jar	package name	retry	Low
Product	jar	package name	springframework	Highest
Product	pom	artifactid	spring-retry	Highest
Product	pom	developer email	dsyer@gopivotal.com	Low
Product	pom	developer id	dsyer	Low
Product	pom	developer name	Dave Syer	Low
Product	pom	groupid	org.springframework.retry	Highest
Product	pom	name	Spring Retry	High
Product	pom	organization name	SpringSource	Low
Product	pom	organization url	https://www.springsource.com	Low
Product	pom	url	https://www.springsource.org	Medium
Version	pom	version	${revision}	Highest

Identifiers

pkg:maven/org.springframework.retry/spring-retry@%24%7Brevision%7D (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: spring-security-core-5.7.11.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-security-core-5.7.11.jar
MD5: 11e82e2698da00fe8c6de5ebe625b3f0
SHA1: 6c79c2f22d238f89abe3e75af80dc442c4087c62
SHA256:6dc827f4065a74d8d86b976c2d6c284c42ecc5a88d34850b506beb58e7f8346b

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-security-core	Highest
Vendor	central	groupid	org.springframework.security	Highest
Vendor	file	name	spring-security-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	security	Highest
Vendor	jar	package name	security	Low
Vendor	jar	package name	springframework	Low
Vendor	Manifest	automatic-module-name	spring.security.core	Medium
Vendor	pom	artifactid	spring-security-core	Low
Vendor	pom	developer email	info@pivotal.io	Low
Vendor	pom	developer name	Pivotal	Medium
Vendor	pom	developer org	Pivotal Software, Inc.	Medium
Vendor	pom	developer org URL	https://www.spring.io	Medium
Vendor	pom	groupid	org.springframework.security	Highest
Vendor	pom	name	spring-security-core	High
Vendor	pom	organization name	Pivotal Software, Inc.	High
Vendor	pom	organization url	https://spring.io	Medium
Vendor	pom	url	https://spring.io/projects/spring-security	Highest
Product	central	artifactid	spring-security-core	Highest
Product	file	name	spring-security-core	High
Product	jar	package name	core	Highest
Product	jar	package name	security	Highest
Product	jar	package name	security	Low
Product	Manifest	automatic-module-name	spring.security.core	Medium
Product	Manifest	Implementation-Title	spring-security-core	High
Product	pom	artifactid	spring-security-core	Highest
Product	pom	developer email	info@pivotal.io	Low
Product	pom	developer name	Pivotal	Low
Product	pom	developer org	Pivotal Software, Inc.	Low
Product	pom	developer org URL	https://www.spring.io	Low
Product	pom	groupid	org.springframework.security	Highest
Product	pom	name	spring-security-core	High
Product	pom	organization name	Pivotal Software, Inc.	Low
Product	pom	organization url	https://spring.io	Low
Product	pom	url	https://spring.io/projects/spring-security	Medium
Version	central	version	5.7.11	Highest
Version	file	version	5.7.11	High
Version	Manifest	Implementation-Version	5.7.11	High
Version	pom	version	5.7.11	Highest

Identifiers

pkg:maven/org.springframework.security/spring-security-core@5.7.11 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_security:5.7.11:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_security:5.7.11:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-22257 (OSSINDEX)

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, 
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to 
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

CWE-862 Missing Authorization

CVSSv2:

Base Score: HIGH (8.2)
Vector: /AV:N/AC:L/Au:/C:H/I:L/A:N

References:

OSSINDEX - [CVE-2024-22257] CWE-862: Missing Authorization
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22257
OSSIndex - https://github.com/advisories/GHSA-f3jh-qvm4-mg39
OSSIndex - https://spring.io/security/cve-2024-22257

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework.security:spring-security-core:5.7.11:*:*:*:*:*:*:*

ffl-admindentaire-packaging-1.0.4.jar: spring-security-crypto-5.7.11.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-security-crypto-5.7.11.jar
MD5: 29553faabff72c4261058e8ebf9e5210
SHA1: 3abf76cedbba13496108c89159451a65dfd544b5
SHA256:916b099504044134fa2d24bc61531819e3d720d17bfea2762c0defc1f7846d9b

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-security-crypto	Highest
Vendor	central	groupid	org.springframework.security	Highest
Vendor	file	name	spring-security-crypto	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	crypto	Highest
Vendor	jar	package name	crypto	Low
Vendor	jar	package name	security	Highest
Vendor	jar	package name	security	Low
Vendor	jar	package name	springframework	Low
Vendor	Manifest	automatic-module-name	spring.security.crypto	Medium
Vendor	pom	artifactid	spring-security-crypto	Low
Vendor	pom	developer email	info@pivotal.io	Low
Vendor	pom	developer name	Pivotal	Medium
Vendor	pom	developer org	Pivotal Software, Inc.	Medium
Vendor	pom	developer org URL	https://www.spring.io	Medium
Vendor	pom	groupid	org.springframework.security	Highest
Vendor	pom	name	spring-security-crypto	High
Vendor	pom	organization name	Pivotal Software, Inc.	High
Vendor	pom	organization url	https://spring.io	Medium
Vendor	pom	url	https://spring.io/projects/spring-security	Highest
Product	central	artifactid	spring-security-crypto	Highest
Product	file	name	spring-security-crypto	High
Product	jar	package name	crypto	Highest
Product	jar	package name	crypto	Low
Product	jar	package name	security	Highest
Product	jar	package name	security	Low
Product	Manifest	automatic-module-name	spring.security.crypto	Medium
Product	Manifest	Implementation-Title	spring-security-crypto	High
Product	pom	artifactid	spring-security-crypto	Highest
Product	pom	developer email	info@pivotal.io	Low
Product	pom	developer name	Pivotal	Low
Product	pom	developer org	Pivotal Software, Inc.	Low
Product	pom	developer org URL	https://www.spring.io	Low
Product	pom	groupid	org.springframework.security	Highest
Product	pom	name	spring-security-crypto	High
Product	pom	organization name	Pivotal Software, Inc.	Low
Product	pom	organization url	https://spring.io	Low
Product	pom	url	https://spring.io/projects/spring-security	Medium
Version	central	version	5.7.11	Highest
Version	file	version	5.7.11	High
Version	Manifest	Implementation-Version	5.7.11	High
Version	pom	version	5.7.11	Highest

Identifiers

pkg:maven/org.springframework.security/spring-security-crypto@5.7.11 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_security:5.7.11:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_security:5.7.11:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2020-5408 (OSSINDEX)

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details

CWE-329 Not Using a Random IV with CBC Mode

CVSSv2:

Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:/C:H/I:N/A:N

References:

OSSINDEX - [CVE-2020-5408] CWE-329: Not Using a Random IV with CBC Mode
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5408
OSSIndex - https://github.com/spring-projects/spring-security/issues/8480
OSSIndex - https://spring.io/blog/2020/05/13/cve-reports-published-for-spring-security
OSSIndex - https://tanzu.vmware.com/security/cve-2020-5408

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework.security:spring-security-crypto:5.7.11:*:*:*:*:*:*:*

ffl-admindentaire-packaging-1.0.4.jar: spring-security-test-5.7.11.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-security-test-5.7.11.jar
MD5: 62b681769815a6068554f6014c5e381e
SHA1: 8bb67fadcd9f2d2270296f53a1aa8df3946e1b0b
SHA256:f307b766607a2a64a16c363f1a0e8e2c177114bfed2d8d8c70c28e253baab38e

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-security-test	Highest
Vendor	central	groupid	org.springframework.security	Highest
Vendor	file	name	spring-security-test	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	security	Highest
Vendor	jar	package name	security	Low
Vendor	jar	package name	springframework	Low
Vendor	jar	package name	test	Highest
Vendor	jar	package name	test	Low
Vendor	Manifest	automatic-module-name	spring.security.test	Medium
Vendor	pom	artifactid	spring-security-test	Low
Vendor	pom	developer email	info@pivotal.io	Low
Vendor	pom	developer name	Pivotal	Medium
Vendor	pom	developer org	Pivotal Software, Inc.	Medium
Vendor	pom	developer org URL	https://www.spring.io	Medium
Vendor	pom	groupid	org.springframework.security	Highest
Vendor	pom	name	spring-security-test	High
Vendor	pom	organization name	Pivotal Software, Inc.	High
Vendor	pom	organization url	https://spring.io	Medium
Vendor	pom	url	https://spring.io/projects/spring-security	Highest
Product	central	artifactid	spring-security-test	Highest
Product	file	name	spring-security-test	High
Product	jar	package name	security	Highest
Product	jar	package name	security	Low
Product	jar	package name	test	Highest
Product	jar	package name	test	Low
Product	jar	package name	web	Low
Product	Manifest	automatic-module-name	spring.security.test	Medium
Product	Manifest	Implementation-Title	spring-security-test	High
Product	pom	artifactid	spring-security-test	Highest
Product	pom	developer email	info@pivotal.io	Low
Product	pom	developer name	Pivotal	Low
Product	pom	developer org	Pivotal Software, Inc.	Low
Product	pom	developer org URL	https://www.spring.io	Low
Product	pom	groupid	org.springframework.security	Highest
Product	pom	name	spring-security-test	High
Product	pom	organization name	Pivotal Software, Inc.	Low
Product	pom	organization url	https://spring.io	Low
Product	pom	url	https://spring.io/projects/spring-security	Medium
Version	central	version	5.7.11	Highest
Version	file	version	5.7.11	High
Version	Manifest	Implementation-Version	5.7.11	High
Version	pom	version	5.7.11	Highest

Related Dependencies

Identifiers

pkg:maven/org.springframework.security/spring-security-test@5.7.11 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_security:5.7.11:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_security:5.7.11:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: spring-security-web-5.7.11.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-security-web-5.7.11.jar
MD5: c016961949f4773424dd9ec51d08f3f2
SHA1: c4b8f50451e7f3848656d4e843f97170dcacbe13
SHA256:690781626bad26ed4416da7dbd43e6c656376b2c086f629b41a07926042ef20a

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-security-web	Highest
Vendor	central	groupid	org.springframework.security	Highest
Vendor	file	name	spring-security-web	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	security	Highest
Vendor	jar	package name	security	Low
Vendor	jar	package name	springframework	Low
Vendor	jar	package name	web	Highest
Vendor	jar	package name	web	Low
Vendor	Manifest	automatic-module-name	spring.security.web	Medium
Vendor	pom	artifactid	spring-security-web	Low
Vendor	pom	developer email	info@pivotal.io	Low
Vendor	pom	developer name	Pivotal	Medium
Vendor	pom	developer org	Pivotal Software, Inc.	Medium
Vendor	pom	developer org URL	https://www.spring.io	Medium
Vendor	pom	groupid	org.springframework.security	Highest
Vendor	pom	name	spring-security-web	High
Vendor	pom	organization name	Pivotal Software, Inc.	High
Vendor	pom	organization url	https://spring.io	Medium
Vendor	pom	url	https://spring.io/projects/spring-security	Highest
Product	central	artifactid	spring-security-web	Highest
Product	file	name	spring-security-web	High
Product	jar	package name	security	Highest
Product	jar	package name	security	Low
Product	jar	package name	web	Highest
Product	jar	package name	web	Low
Product	Manifest	automatic-module-name	spring.security.web	Medium
Product	Manifest	Implementation-Title	spring-security-web	High
Product	pom	artifactid	spring-security-web	Highest
Product	pom	developer email	info@pivotal.io	Low
Product	pom	developer name	Pivotal	Low
Product	pom	developer org	Pivotal Software, Inc.	Low
Product	pom	developer org URL	https://www.spring.io	Low
Product	pom	groupid	org.springframework.security	Highest
Product	pom	name	spring-security-web	High
Product	pom	organization name	Pivotal Software, Inc.	Low
Product	pom	organization url	https://spring.io	Low
Product	pom	url	https://spring.io/projects/spring-security	Medium
Version	central	version	5.7.11	Highest
Version	file	version	5.7.11	High
Version	Manifest	Implementation-Version	5.7.11	High
Version	pom	version	5.7.11	Highest

Identifiers

pkg:maven/org.springframework.security/spring-security-web@5.7.11 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_security:5.7.11:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_security:5.7.11:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:web_project:web:5.7.11:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-38821 (OSSINDEX)

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.

For this to impact an application, all of the following must be true:

  *  It must be a WebFlux application
  *  It must be using Spring's static resources support
  *  It must have a non-permitAll authorization rule applied to the static resources support

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: HIGH (8.2)
Vector: /AV:N/AC:L/Au:/C:/I:/A:

References:

OSSINDEX - [CVE-2024-38821] CWE-770: Allocation of Resources Without Limits or Throttling
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-38821
OSSIndex - https://spring.io/security/cve-2024-38821

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework.security:spring-security-web:5.7.11:*:*:*:*:*:*:*

ffl-admindentaire-packaging-1.0.4.jar: spring-web-5.3.31.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-web-5.3.31.jar
MD5: 4bef28044f222933ea2e45818c7f96a1
SHA1: 3bf73c385a1f2f4a0d482149d6a205e854cec497
SHA256:7b7b4db19acc8c0cdb0dea93a3aa4b1b706db4bcc7b77f677a0c56e86d379ac7

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-web	Highest
Vendor	central	groupid	org.springframework	Highest
Vendor	file	name	spring-web	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	springframework	Low
Vendor	jar	package name	web	Highest
Vendor	jar	package name	web	Low
Vendor	Manifest	automatic-module-name	spring.web	Medium
Vendor	pom	artifactid	spring-web	Low
Vendor	pom	developer email	jhoeller@pivotal.io	Low
Vendor	pom	developer id	jhoeller	Medium
Vendor	pom	developer name	Juergen Hoeller	Medium
Vendor	pom	groupid	org.springframework	Highest
Vendor	pom	name	Spring Web	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	central	artifactid	spring-web	Highest
Product	file	name	spring-web	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	jar	package name	web	Highest
Product	jar	package name	web	Low
Product	Manifest	automatic-module-name	spring.web	Medium
Product	Manifest	Implementation-Title	spring-web	High
Product	pom	artifactid	spring-web	Highest
Product	pom	developer email	jhoeller@pivotal.io	Low
Product	pom	developer id	jhoeller	Low
Product	pom	developer name	Juergen Hoeller	Low
Product	pom	groupid	org.springframework	Highest
Product	pom	name	Spring Web	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	url	spring-projects/spring-framework	High
Version	central	version	5.3.31	Highest
Version	file	version	5.3.31	High
Version	Manifest	Implementation-Version	5.3.31	High
Version	pom	version	5.3.31	Highest

Identifiers

pkg:maven/org.springframework/spring-web@5.3.31 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0

CVE-2024-38809 (OSSINDEX)

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.

Users of affected versions should upgrade to the corresponding fixed version.

Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.

CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:

Base Score: HIGH (8.7)
Vector: /AV:N/AC:L/Au:/C:/I:/A:

References:

OSSINDEX - [CVE-2024-38809] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-38809
OSSIndex - https://spring.io/security/cve-2024-38809

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:*

CVE-2024-22243 (OSSINDEX)

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-22243 for details

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv2:

Base Score: HIGH (8.1)
Vector: /AV:N/AC:L/Au:/C:H/I:H/A:N

References:

OSSINDEX - [CVE-2024-22243] CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22243
OSSIndex - https://github.com/spring-projects/spring-framework/issues/32211
OSSIndex - https://spring.io/security/cve-2024-22243

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:*

CVE-2024-22262 (OSSINDEX)

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22259 https://spring.io/security/cve-2024-22259  and  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv2:

Base Score: HIGH (8.1)
Vector: /AV:N/AC:L/Au:/C:H/I:H/A:N

References:

OSSINDEX - [CVE-2024-22262] CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22262
OSSIndex - https://github.com/spring-projects/spring-framework/issues/32616
OSSIndex - https://spring.io/security/cve-2024-22262

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:*

CVE-2024-38828 (OSSINDEX)

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:

Base Score: MEDIUM (6.9)
Vector: /AV:N/AC:L/Au:/C:/I:/A:

References:

OSSINDEX - [CVE-2024-38828] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-38828
OSSIndex - https://spring.io/blog/2024/11/15/spring-framework-cve-2024-38828-published
OSSIndex - https://spring.io/security/cve-2024-38828

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:*

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

NVD-CWE-noinfo

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

ffl-admindentaire-packaging-1.0.4.jar: spring-webmvc-5.3.31.jar

Description:

Spring Web MVC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-webmvc-5.3.31.jar
MD5: 7401b647e906d3853ad02b62496cfadf
SHA1: 45754d056effe8257a012f6b98ed5454cf1e8960
SHA256:29c1b96c424dcb637fec2d1e6493b088d977e748a56da7f34e6a7c3c39d18c74

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	spring-webmvc	Highest
Vendor	central	groupid	org.springframework	Highest
Vendor	file	name	spring-webmvc	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	servlet	Low
Vendor	jar	package name	springframework	Low
Vendor	jar	package name	web	Low
Vendor	Manifest	automatic-module-name	spring.webmvc	Medium
Vendor	pom	artifactid	spring-webmvc	Low
Vendor	pom	developer email	jhoeller@pivotal.io	Low
Vendor	pom	developer id	jhoeller	Medium
Vendor	pom	developer name	Juergen Hoeller	Medium
Vendor	pom	groupid	org.springframework	Highest
Vendor	pom	name	Spring Web MVC	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	central	artifactid	spring-webmvc	Highest
Product	file	name	spring-webmvc	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	jar	package name	servlet	Low
Product	jar	package name	web	Low
Product	Manifest	automatic-module-name	spring.webmvc	Medium
Product	Manifest	Implementation-Title	spring-webmvc	High
Product	pom	artifactid	spring-webmvc	Highest
Product	pom	developer email	jhoeller@pivotal.io	Low
Product	pom	developer id	jhoeller	Low
Product	pom	developer name	Juergen Hoeller	Low
Product	pom	groupid	org.springframework	Highest
Product	pom	name	Spring Web MVC	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	url	spring-projects/spring-framework	High
Version	central	version	5.3.31	Highest
Version	file	version	5.3.31	High
Version	Manifest	Implementation-Version	5.3.31	High
Version	pom	version	5.3.31	Highest

Identifiers

pkg:maven/org.springframework/spring-webmvc@5.3.31 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-38816 (OSSINDEX)

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Specifically, an application is vulnerable when both of the following are true:

  *  the web application uses RouterFunctions to serve static resources
  *  resource handling is explicitly configured with a FileSystemResource location


However, malicious requests are blocked and rejected when any of the following is true:

  *  the  Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html  is in use
  *  the application runs on Tomcat or Jetty

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:

Base Score: HIGH (8.2)
Vector: /AV:N/AC:L/Au:/C:/I:/A:

References:

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework:spring-webmvc:5.3.31:*:*:*:*:*:*:*

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

NVD-CWE-noinfo

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

ffl-admindentaire-packaging-1.0.4.jar: spring-ws-core-3.1.8.jar

Description:

Spring WS Core

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/spring-ws-core-3.1.8.jar
MD5: 1ad21166a5b8eda9ddf602ddb16358ba
SHA1: ac1341c82f2a92c5eb0bf4296216ecc5672da1d3
SHA256:90481a2ddaa88ff0be049cadfa8b09fc303a7a848a0fb11a16a01e26a2ad0ce4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-ws-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	hint analyzer	vendor	web services	Medium
Vendor	jar	package name	core	Highest
Vendor	jar	package name	springframework	Highest
Vendor	jar	package name	ws	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	spring-ws-core	Low
Vendor	pom	groupid	org.springframework.ws	Highest
Vendor	pom	parent-artifactid	spring-ws	Low
Product	file	name	spring-ws-core	High
Product	hint analyzer	product	web services	Medium
Product	jar	package name	core	Highest
Product	jar	package name	springframework	Highest
Product	jar	package name	ws	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	artifactid	spring-ws-core	Highest
Product	pom	groupid	org.springframework.ws	Highest
Product	pom	parent-artifactid	spring-ws	Medium
Version	file	version	3.1.8	High
Version	pom	version	3.1.8	Highest

Related Dependencies

Identifiers

pkg:maven/org.springframework.ws/spring-ws-core@3.1.8 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_web_services:3.1.8:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: springdoc-openapi-common-1.8.0.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/springdoc-openapi-common-1.8.0.jar
MD5: 4280af3588bbd4e593baf0f4dd2af88d
SHA1: 0ed1c0720e3c9be6552dac3a7956de47abb59d65
SHA256:eafff7ea0b8ed61b533660ac26d596af7c2e4dc9da12a04736c10b24bc48db01

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	springdoc-openapi-common	High
Vendor	jar	package name	springdoc	Highest
Vendor	Manifest	automatic-module-name	org.springdoc.openapi.common	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	springdoc-openapi-common	Low
Vendor	pom	groupid	org.springdoc	Highest
Vendor	pom	parent-artifactid	springdoc-openapi	Low
Product	file	name	springdoc-openapi-common	High
Product	jar	package name	springdoc	Highest
Product	Manifest	automatic-module-name	org.springdoc.openapi.common	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	springdoc-openapi-common	High
Product	pom	artifactid	springdoc-openapi-common	Highest
Product	pom	groupid	org.springdoc	Highest
Product	pom	parent-artifactid	springdoc-openapi	Medium
Version	file	version	1.8.0	High
Version	Manifest	Implementation-Version	1.8.0	High
Version	pom	version	1.8.0	Highest

Identifiers

pkg:maven/org.springdoc/springdoc-openapi-common@1.8.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: springdoc-openapi-ui-1.8.0.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/springdoc-openapi-ui-1.8.0.jar
MD5: 4f80de43ab403189b8bd273883be85d0
SHA1: fb183439aca2891a839f377a92aebf91cc086392
SHA256:9ba50ff314153f38015479df82a2658f2d01e5500a3c9f466f5b99d709fb1620

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	springdoc-openapi-ui	High
Vendor	jar	package name	springdoc	Highest
Vendor	jar	package name	ui	Highest
Vendor	Manifest	automatic-module-name	org.springdoc.openapi.ui	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	springdoc-openapi-ui	Low
Vendor	pom	groupid	org.springdoc	Highest
Vendor	pom	parent-artifactid	springdoc-openapi	Low
Product	file	name	springdoc-openapi-ui	High
Product	jar	package name	springdoc	Highest
Product	jar	package name	ui	Highest
Product	Manifest	automatic-module-name	org.springdoc.openapi.ui	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	springdoc-openapi-ui	High
Product	pom	artifactid	springdoc-openapi-ui	Highest
Product	pom	groupid	org.springdoc	Highest
Product	pom	parent-artifactid	springdoc-openapi	Medium
Version	file	version	1.8.0	High
Version	Manifest	Implementation-Version	1.8.0	High
Version	pom	version	1.8.0	Highest

Identifiers

pkg:maven/org.springdoc/springdoc-openapi-ui@1.8.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: springdoc-openapi-webmvc-core-1.8.0.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/springdoc-openapi-webmvc-core-1.8.0.jar
MD5: f47a31db94011c98703ab0dbe0547acf
SHA1: 0abb494291f1d260f464b935a8edd052712a7e47
SHA256:f16f92660f22b7fec5058c2c9fe6726477c332ea9547bfb63028b686367f9b82

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	springdoc-openapi-webmvc-core	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	springdoc	Highest
Vendor	jar	package name	webmvc	Highest
Vendor	Manifest	automatic-module-name	org.springdoc.openapi.webmvc.core	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	springdoc-openapi-webmvc-core	Low
Vendor	pom	groupid	org.springdoc	Highest
Vendor	pom	parent-artifactid	springdoc-openapi	Low
Product	file	name	springdoc-openapi-webmvc-core	High
Product	jar	package name	core	Highest
Product	jar	package name	springdoc	Highest
Product	jar	package name	webmvc	Highest
Product	Manifest	automatic-module-name	org.springdoc.openapi.webmvc.core	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	springdoc-openapi-webmvc-core	High
Product	pom	artifactid	springdoc-openapi-webmvc-core	Highest
Product	pom	groupid	org.springdoc	Highest
Product	pom	parent-artifactid	springdoc-openapi	Medium
Version	file	version	1.8.0	High
Version	Manifest	Implementation-Version	1.8.0	High
Version	pom	version	1.8.0	Highest

Identifiers

pkg:maven/org.springdoc/springdoc-openapi-webmvc-core@1.8.0 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: stax-ex-1.8.3.jar

Description:

Extensions to JSR-173 StAX API.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/stax-ex-1.8.3.jar
MD5: f6d943e74064cc1e7986236699d6cd04
SHA1: 4d69b68ee007aa15238cd4477392068b32747df3
SHA256:bee08da10bbc481418a1af70b9e9a80321b745bfb4dbdebbe98c1aa17c45caf8

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	stax-ex	High
Vendor	jar	package name	jvnet	Highest
Vendor	jar	package name	staxex	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	org.jvnet.staxex.stax-ex	Medium
Vendor	Manifest	implementation-build-id	1.8.3 - 1.8.3-RELEASE-eb4e2c1	Low
Vendor	Manifest	implementation-url	https://projects.eclipse.org/projects/ee4j/stax-ex	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.jvnet.staxex	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	stax-ex	Low
Vendor	pom	developer email	Roman.Grigoriadi@oracle.com	Low
Vendor	pom	developer email	Zheng.Jun.Li@oracle.com	Low
Vendor	pom	developer id	bravehorsie	Medium
Vendor	pom	developer id	zhengjl	Medium
Vendor	pom	developer name	Roman Grigoriadi	Medium
Vendor	pom	developer name	Zheng Jun Li	Medium
Vendor	pom	groupid	org.jvnet.staxex	Highest
Vendor	pom	name	Extended StAX API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	file	name	stax-ex	High
Product	jar	package name	jvnet	Highest
Product	jar	package name	staxex	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Extended StAX API	Medium
Product	Manifest	bundle-symbolicname	org.jvnet.staxex.stax-ex	Medium
Product	Manifest	implementation-build-id	1.8.3 - 1.8.3-RELEASE-eb4e2c1	Low
Product	Manifest	Implementation-Title	Extended StAX API	High
Product	Manifest	implementation-url	https://projects.eclipse.org/projects/ee4j/stax-ex	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	stax-ex	Highest
Product	pom	developer email	Roman.Grigoriadi@oracle.com	Low
Product	pom	developer email	Zheng.Jun.Li@oracle.com	Low
Product	pom	developer id	bravehorsie	Low
Product	pom	developer id	zhengjl	Low
Product	pom	developer name	Roman Grigoriadi	Low
Product	pom	developer name	Zheng Jun Li	Low
Product	pom	groupid	org.jvnet.staxex	Highest
Product	pom	name	Extended StAX API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Version	file	version	1.8.3	High
Version	Manifest	Bundle-Version	1.8.3	High
Version	Manifest	implementation-build-id	1.8.3	Low
Version	Manifest	Implementation-Version	1.8.3	High
Version	pom	parent-version	1.8.3	Low
Version	pom	version	1.8.3	Highest

Identifiers

pkg:maven/org.jvnet.staxex/stax-ex@1.8.3 (Confidence:High)
cpe:2.3:a:oracle:java_se:1.8.3:*:*:*:*:*:*:* (Confidence:Low)
cpe:2.3:a:oracle:projects:1.8.3:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: swagger-core-2.2.20.jar

Description:

swagger-core

License:

"Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html"

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/swagger-core-2.2.20.jar
MD5: 38acfca6d6b6c8ef238678148aed8bea
SHA1: c99f2b9bd88bb259fccf5e61b2d2896404eb1f22
SHA256:583fe180565c050f6d83e6b6ef6193d5949228c8717943442bae3f78232ccee1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	swagger-core	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	io	Highest
Vendor	jar	package name	swagger	Highest
Vendor	jar	package name	v3	Highest
Vendor	Manifest	automatic-module-name	io.swagger.v3.core	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-developers	frantuma;email="frantuma@yahoo.com";name="Francesco Tumanischvili",fehguy;email="fehguy@gmail.com";name="Tony Tam",webron;email="webron@gmail.com";name="Ron Ratovsky"	Low
Vendor	Manifest	bundle-docurl	https://github.com/swagger-api/swagger-core/modules/swagger-core	Low
Vendor	Manifest	bundle-symbolicname	io.swagger.core.v3.swagger-core	Medium
Vendor	Manifest	mode	development	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	url	https://github.com/swagger-api/swagger-core/modules/swagger-core	Low
Vendor	pom	artifactid	swagger-core	Low
Vendor	pom	groupid	io.swagger.core.v3	Highest
Vendor	pom	name	swagger-core	High
Vendor	pom	parent-artifactid	swagger-project	Low
Product	file	name	swagger-core	High
Product	jar	package name	core	Highest
Product	jar	package name	io	Highest
Product	jar	package name	swagger	Highest
Product	jar	package name	v3	Highest
Product	Manifest	automatic-module-name	io.swagger.v3.core	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-developers	frantuma;email="frantuma@yahoo.com";name="Francesco Tumanischvili",fehguy;email="fehguy@gmail.com";name="Tony Tam",webron;email="webron@gmail.com";name="Ron Ratovsky"	Low
Product	Manifest	bundle-docurl	https://github.com/swagger-api/swagger-core/modules/swagger-core	Low
Product	Manifest	Bundle-Name	swagger-core	Medium
Product	Manifest	bundle-symbolicname	io.swagger.core.v3.swagger-core	Medium
Product	Manifest	mode	development	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	url	https://github.com/swagger-api/swagger-core/modules/swagger-core	Low
Product	pom	artifactid	swagger-core	Highest
Product	pom	groupid	io.swagger.core.v3	Highest
Product	pom	name	swagger-core	High
Product	pom	parent-artifactid	swagger-project	Medium
Version	file	version	2.2.20	High
Version	Manifest	Bundle-Version	2.2.20	High
Version	Manifest	implementation-version	2.2.20	High
Version	pom	version	2.2.20	Highest

Related Dependencies

Identifiers

pkg:maven/io.swagger.core.v3/swagger-core@2.2.20 (Confidence:High)
cpe:2.3:a:http-swagger_project:http-swagger:2.2.20:*:*:*:*:*:*:* (Confidence:Low)

ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar

Description:

WebJar for Swagger UI

License:

Apache 2.0: https://github.com/swagger-api/swagger-ui

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/swagger-ui-5.11.8.jar
MD5: b4251b4dc62e9a461f1024ba13880e9d
SHA1: b1ec77da6f3dee23ce31835224af43cff8015b2f
SHA256:624ee6b6275c681ce0071a69f43e0ccb467cd7117a018197cb0457fc2287420e

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	swagger-ui	High
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-symbolicname	org.webjars.swagger-ui	Medium
Vendor	pom	artifactid	swagger-ui	Low
Vendor	pom	developer email	james@jamesward.com	Low
Vendor	pom	developer id	jamesward	Medium
Vendor	pom	developer name	James Ward	Medium
Vendor	pom	groupid	org.webjars	Highest
Vendor	pom	name	Swagger UI	High
Vendor	pom	url	http://webjars.org	Highest
Product	file	name	swagger-ui	High
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	Swagger UI	Medium
Product	Manifest	bundle-symbolicname	org.webjars.swagger-ui	Medium
Product	pom	artifactid	swagger-ui	Highest
Product	pom	developer email	james@jamesward.com	Low
Product	pom	developer id	jamesward	Low
Product	pom	developer name	James Ward	Low
Product	pom	groupid	org.webjars	Highest
Product	pom	name	Swagger UI	High
Product	pom	url	http://webjars.org	Medium
Version	file	version	5.11.8	High
Version	Manifest	Bundle-Version	5.11.8	High
Version	pom	version	5.11.8	Highest

Identifiers

pkg:maven/org.webjars/swagger-ui@5.11.8 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-initializer.js

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/swagger-ui-5.11.8.jar/META-INF/resources/webjars/swagger-ui/5.11.8/swagger-initializer.js
MD5: ff995915f51c051c59fed883f5d7be28
SHA1: c434dd8fbfa625a10351681d3037ee79d5682207
SHA256:a895034f24f12d7cd81ec47c98da4f15721d9d9a8d2405f22f21704821f81d02

Evidence

Related Dependencies

Identifiers

None

ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui-bundle.js

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/swagger-ui-5.11.8.jar/META-INF/resources/webjars/swagger-ui/5.11.8/swagger-ui-bundle.js
MD5: 0cf188bd983c9efb29e1e33089d99898
SHA1: cf70bc82ef69e5dc180f1adb0bb4d5f69f448edd
SHA256:7c50ba87decbcce3440ba64f50212a4840737e01ac27f6523f78277b1531cbfd

Evidence

Related Dependencies

Identifiers

pkg:javascript/DOMPurify@3.0.9 (Confidence:Highest)

Published Vulnerabilities

CVE-2024-45801 (RETIREJS)

Unscored:

Severity: high

References:

CVE-2024-47875 (RETIREJS)

Unscored:

Severity: high

References:

ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui-es-bundle-core.js

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/swagger-ui-5.11.8.jar/META-INF/resources/webjars/swagger-ui/5.11.8/swagger-ui-es-bundle-core.js
MD5: 000d4263e0d2c8810ee54b3e66393863
SHA1: edbef84e2d38d82c03829f391f1af114a4df0acb
SHA256:af40efa6099dc4fb17e96265f803ee3f5ea4dc9b0d827e05d9d9bb9de1fa2710

Evidence

Related Dependencies

Identifiers

None

ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui-es-bundle.js

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/swagger-ui-5.11.8.jar/META-INF/resources/webjars/swagger-ui/5.11.8/swagger-ui-es-bundle.js
MD5: 5c21a5a04beee8aa773c6c9ed796fcfa
SHA1: c522926c94beea5e567eb52618cd366c1a0b3921
SHA256:d28b4d39908a8f0c0e6e4b5c6f59f00f1ea1a47b19a4455594f213fd90e289ce

Evidence

Related Dependencies

Identifiers

pkg:javascript/DOMPurify@3.0.9 (Confidence:Highest)

Published Vulnerabilities

CVE-2024-45801 (RETIREJS)

Unscored:

Severity: high

References:

CVE-2024-47875 (RETIREJS)

Unscored:

Severity: high

References:

ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui-standalone-preset.js

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/swagger-ui-5.11.8.jar/META-INF/resources/webjars/swagger-ui/5.11.8/swagger-ui-standalone-preset.js
MD5: 789de7a58ec7baabacf5b2f9b17843b3
SHA1: b4947f8f2ee850325eb7c2ed52d474ef2631338d
SHA256:2f63f1a71ce7a6c7bd7b93000090138c11f6a95448adb0dd966f57e2dd5f0655

Evidence

Related Dependencies

Identifiers

None

ffl-admindentaire-packaging-1.0.4.jar: swagger-ui-5.11.8.jar: swagger-ui.js

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/swagger-ui-5.11.8.jar/META-INF/resources/webjars/swagger-ui/5.11.8/swagger-ui.js
MD5: bb75c7dae8aa7a5e6cd1ca34df849c21
SHA1: a5f9dda76fd2634de05400f0fb11550fced1fa3f
SHA256:4a451e0b87cfb5f22c28d5ddc2b77c2db7914ce026f8394242edea3e4c08cc3a

Evidence

Related Dependencies

Identifiers

None

ffl-admindentaire-packaging-1.0.4.jar: tika-core-2.9.2.jar

Description:

This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It
    also
    includes the core facades for the Tika API.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/tika-core-2.9.2.jar
MD5: 186f9dd1e15cb4fedf9ac65d5e44e8ac
SHA1: 796a21391780339e3d4862626339b49df170024e
SHA256:8c43f48ab8a784f2cda8a386d5f425060d57e3232dc6b49f9915029ac1f0b783

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	tika-core	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	tika	Highest
Vendor	Manifest	automatic-module-name	org.apache.tika.core	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	Manifest	bundle-docurl	https://tika.apache.org/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.tika.core	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	tika-core	Low
Vendor	pom	groupid	org.apache.tika	Highest
Vendor	pom	name	Apache Tika core	High
Vendor	pom	organization name	The Apache Software Foundation	High
Vendor	pom	organization url	http://www.apache.org	Medium
Vendor	pom	parent-artifactid	tika-parent	Low
Vendor	pom	url	https://tika.apache.org/	Highest
Product	file	name	tika-core	High
Product	jar	package name	apache	Highest
Product	jar	package name	filter	Highest
Product	jar	package name	tika	Highest
Product	Manifest	automatic-module-name	org.apache.tika.core	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	Manifest	bundle-docurl	https://tika.apache.org/	Low
Product	Manifest	Bundle-Name	Apache Tika core	Medium
Product	Manifest	bundle-symbolicname	org.apache.tika.core	Medium
Product	Manifest	Implementation-Title	Apache Tika core	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Tika core	Medium
Product	pom	artifactid	tika-core	Highest
Product	pom	groupid	org.apache.tika	Highest
Product	pom	name	Apache Tika core	High
Product	pom	organization name	The Apache Software Foundation	Low
Product	pom	organization url	http://www.apache.org	Low
Product	pom	parent-artifactid	tika-parent	Medium
Product	pom	url	https://tika.apache.org/	Medium
Version	file	version	2.9.2	High
Version	Manifest	Bundle-Version	2.9.2	High
Version	Manifest	Implementation-Version	2.9.2	High
Version	pom	version	2.9.2	Highest

Identifiers

pkg:maven/org.apache.tika/tika-core@2.9.2 (Confidence:High)
cpe:2.3:a:apache:tika:2.9.2:*:*:*:*:*:*:* (Confidence:Highest)

ffl-admindentaire-packaging-1.0.4.jar: tomcat-embed-core-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/tomcat-embed-core-9.0.83.jar
MD5: d4e2068023fe800fd22a9fe2529c290b
SHA1: d771e4343b0515c67dab2a09fe02f5d47550153f
SHA256:4ed404d5dea8652846f3c52c094764c2ec018f28a3561f1d27df700f7aa5b376

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	tomcat-embed-core	Highest
Vendor	central	groupid	org.apache.tomcat.embed	Highest
Vendor	file	name	tomcat-embed-core	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	apache	Low
Vendor	jar	package name	core	Highest
Vendor	jar	package name	tomcat	Highest
Vendor	Manifest	bundle-symbolicname	org.apache.tomcat-embed-core	Medium
Vendor	Manifest	Implementation-Vendor	Apache Software Foundation	High
Vendor	Manifest	provide-capability	osgi.contract;osgi.contract=JavaJASPIC;version:List="1.1,1";uses:="javax.security.auth.message,javax.security.auth.message.callback,javax.security.auth.message.config,javax.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources"	Low
Vendor	Manifest	require-capability	osgi.extender;filter:="(&(osgi.extender=osgi.serviceloader.processor)(version>=1.0.0)(!(version>=2.0.0)))",osgi.serviceloader;filter:="(osgi.serviceloader=org.apache.juli.logging.Log)";osgi.serviceloader="org.apache.juli.logging.Log",osgi.contract;osgi.contract=JavaAnnotation;filter:="(&(osgi.contract=JavaAnnotation)(version=1.3.0))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Apache Software Foundation	Low
Vendor	manifest: javax/security/auth/message/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	manifest: javax/security/auth/message/callback/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	manifest: javax/security/auth/message/config/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	manifest: javax/security/auth/message/module/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	manifest: javax/servlet/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	manifest: javax/servlet/annotation/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	manifest: javax/servlet/descriptor/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	manifest: javax/servlet/http/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	manifest: javax/servlet/resources/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	pom	artifactid	tomcat-embed-core	Low
Vendor	pom	groupid	org.apache.tomcat.embed	Highest
Vendor	pom	url	https://tomcat.apache.org/	Highest
Product	central	artifactid	tomcat-embed-core	Highest
Product	file	name	tomcat-embed-core	High
Product	jar	package name	annotation	Highest
Product	jar	package name	apache	Highest
Product	jar	package name	auth	Highest
Product	jar	package name	core	Highest
Product	jar	package name	descriptor	Highest
Product	jar	package name	filter	Highest
Product	jar	package name	http	Highest
Product	jar	package name	java	Highest
Product	jar	package name	javax	Highest
Product	jar	package name	juli	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	message	Highest
Product	jar	package name	processor	Highest
Product	jar	package name	security	Highest
Product	jar	package name	servlet	Highest
Product	jar	package name	servlets	Highest
Product	jar	package name	tomcat	Highest
Product	Manifest	Bundle-Name	tomcat-embed-core	Medium
Product	Manifest	bundle-symbolicname	org.apache.tomcat-embed-core	Medium
Product	Manifest	Implementation-Title	Apache Tomcat	High
Product	Manifest	provide-capability	osgi.contract;osgi.contract=JavaJASPIC;version:List="1.1,1";uses:="javax.security.auth.message,javax.security.auth.message.callback,javax.security.auth.message.config,javax.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources"	Low
Product	Manifest	require-capability	osgi.extender;filter:="(&(osgi.extender=osgi.serviceloader.processor)(version>=1.0.0)(!(version>=2.0.0)))",osgi.serviceloader;filter:="(osgi.serviceloader=org.apache.juli.logging.Log)";osgi.serviceloader="org.apache.juli.logging.Log",osgi.contract;osgi.contract=JavaAnnotation;filter:="(&(osgi.contract=JavaAnnotation)(version=1.3.0))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Tomcat	Medium
Product	manifest: javax/security/auth/message/	Implementation-Title	javax.security.auth.message	Medium
Product	manifest: javax/security/auth/message/	Specification-Title	Java Authentication SPI for Containers	Medium
Product	manifest: javax/security/auth/message/callback/	Implementation-Title	javax.security.auth.message	Medium
Product	manifest: javax/security/auth/message/callback/	Specification-Title	Java Authentication SPI for Containers	Medium
Product	manifest: javax/security/auth/message/config/	Implementation-Title	javax.security.auth.message	Medium
Product	manifest: javax/security/auth/message/config/	Specification-Title	Java Authentication SPI for Containers	Medium
Product	manifest: javax/security/auth/message/module/	Implementation-Title	javax.security.auth.message	Medium
Product	manifest: javax/security/auth/message/module/	Specification-Title	Java Authentication SPI for Containers	Medium
Product	manifest: javax/servlet/	Implementation-Title	javax.servlet	Medium
Product	manifest: javax/servlet/	Specification-Title	Java API for Servlets	Medium
Product	manifest: javax/servlet/annotation/	Implementation-Title	javax.servlet	Medium
Product	manifest: javax/servlet/annotation/	Specification-Title	Java API for Servlets	Medium
Product	manifest: javax/servlet/descriptor/	Implementation-Title	javax.servlet	Medium
Product	manifest: javax/servlet/descriptor/	Specification-Title	Java API for Servlets	Medium
Product	manifest: javax/servlet/http/	Implementation-Title	javax.servlet	Medium
Product	manifest: javax/servlet/http/	Specification-Title	Java API for Servlets	Medium
Product	manifest: javax/servlet/resources/	Implementation-Title	javax.servlet	Medium
Product	manifest: javax/servlet/resources/	Specification-Title	Java API for Servlets	Medium
Product	pom	artifactid	tomcat-embed-core	Highest
Product	pom	groupid	org.apache.tomcat.embed	Highest
Product	pom	url	https://tomcat.apache.org/	Medium
Version	central	version	9.0.83	Highest
Version	file	version	9.0.83	High
Version	Manifest	Bundle-Version	9.0.83	High
Version	Manifest	Implementation-Version	9.0.83	High
Version	pom	version	9.0.83	Highest

Related Dependencies

Identifiers

pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83 (Confidence:High)
cpe:2.3:a:apache:tomcat:9.0.83:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.83:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-38286

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.



Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

ffl-admindentaire-packaging-1.0.4.jar: tomcat-embed-el-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/tomcat-embed-el-9.0.83.jar
MD5: eabd7f3ade6cb0cf36f7b238897b8f1d
SHA1: b0cdada70099c25f45fceb48e1ebce60d138a5ce
SHA256:a82c4cf8cf9e88d6891cbb4cbcb9f85f788e147c464cbeba15a2c83276f3344c

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	tomcat-embed-el	Highest
Vendor	central	groupid	org.apache.tomcat.embed	Highest
Vendor	file	name	tomcat-embed-el	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	apache	Low
Vendor	jar	package name	el	Highest
Vendor	jar	package name	el	Low
Vendor	Manifest	bundle-symbolicname	org.apache.tomcat-embed-jasper-el	Medium
Vendor	Manifest	Implementation-Vendor	Apache Software Foundation	High
Vendor	Manifest	provide-capability	osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el",osgi.service;objectClass:List="javax.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl"	Low
Vendor	Manifest	require-capability	osgi.extender;filter:="(&(osgi.extender=osgi.serviceloader.processor)(version>=1.0.0)(!(version>=2.0.0)))",osgi.serviceloader;filter:="(osgi.serviceloader=javax.el.ExpressionFactory)";osgi.serviceloader="javax.el.ExpressionFactory",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))",osgi.extender;filter:="(&(osgi.extender=osgi.serviceloader.registrar)(version>=1.0.0)(!(version>=2.0.0)))"	Low
Vendor	Manifest	specification-vendor	Apache Software Foundation	Low
Vendor	manifest: javax/el/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	pom	artifactid	tomcat-embed-el	Low
Vendor	pom	groupid	org.apache.tomcat.embed	Highest
Vendor	pom	url	https://tomcat.apache.org/	Highest
Product	central	artifactid	tomcat-embed-el	Highest
Product	file	name	tomcat-embed-el	High
Product	jar	package name	apache	Highest
Product	jar	package name	el	Highest
Product	jar	package name	el	Low
Product	jar	package name	expression	Highest
Product	jar	package name	expressionfactory	Highest
Product	jar	package name	expressionfactoryimpl	Highest
Product	jar	package name	javax	Highest
Product	Manifest	Bundle-Name	tomcat-embed-jasper-el	Medium
Product	Manifest	bundle-symbolicname	org.apache.tomcat-embed-jasper-el	Medium
Product	Manifest	Implementation-Title	Apache Tomcat	High
Product	Manifest	provide-capability	osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el",osgi.service;objectClass:List="javax.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl"	Low
Product	Manifest	require-capability	osgi.extender;filter:="(&(osgi.extender=osgi.serviceloader.processor)(version>=1.0.0)(!(version>=2.0.0)))",osgi.serviceloader;filter:="(osgi.serviceloader=javax.el.ExpressionFactory)";osgi.serviceloader="javax.el.ExpressionFactory",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))",osgi.extender;filter:="(&(osgi.extender=osgi.serviceloader.registrar)(version>=1.0.0)(!(version>=2.0.0)))"	Low
Product	Manifest	specification-title	Apache Tomcat	Medium
Product	manifest: javax/el/	Implementation-Title	javax.el	Medium
Product	manifest: javax/el/	Specification-Title	Expression Language	Medium
Product	pom	artifactid	tomcat-embed-el	Highest
Product	pom	groupid	org.apache.tomcat.embed	Highest
Product	pom	url	https://tomcat.apache.org/	Medium
Version	central	version	9.0.83	Highest
Version	file	version	9.0.83	High
Version	Manifest	Bundle-Version	9.0.83	High
Version	Manifest	Implementation-Version	9.0.83	High
Version	pom	version	9.0.83	Highest

Identifiers

pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.83 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: txw2-2.3.9.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/txw2-2.3.9.jar
MD5: 5db04c7917b3c0a07862a7e63bfc1581
SHA1: 13a78453a89bf7d268382a520cba4d5435c5adfc
SHA256:973018b87af911ecf6e6d861dd0d6a477e4d8ae6a883ec5d073d3df1330b87f0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	txw2	High
Vendor	jar	package name	sun	Highest
Vendor	jar	package name	txw	Highest
Vendor	jar	package name	txw2	Highest
Vendor	jar	package name	xml	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	git-revision	143ffd0	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	pom	artifactid	txw2	Low
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	pom	name	TXW2 Runtime	High
Vendor	pom	parent-artifactid	jaxb-txw-parent	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	pom	url	https://eclipse-ee4j.github.io/jaxb-ri/	Highest
Product	file	name	txw2	High
Product	jar	package name	sun	Highest
Product	jar	package name	txw	Highest
Product	jar	package name	txw2	Highest
Product	jar	package name	xml	Highest
Product	Manifest	git-revision	143ffd0	Low
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	pom	artifactid	txw2	Highest
Product	pom	groupid	org.glassfish.jaxb	Highest
Product	pom	name	TXW2 Runtime	High
Product	pom	parent-artifactid	jaxb-txw-parent	Medium
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	pom	url	https://eclipse-ee4j.github.io/jaxb-ri/	Medium
Version	file	version	2.3.9	High
Version	Manifest	build-id	2.3.9	Medium
Version	Manifest	Implementation-Version	2.3.9	High
Version	Manifest	major-version	2.3.9	Medium
Version	pom	version	2.3.9	Highest

Identifiers

pkg:maven/org.glassfish.jaxb/txw2@2.3.9 (Confidence:High)
cpe:2.3:a:eclipse:glassfish:2.3.9:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-9329

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.17

ffl-admindentaire-packaging-1.0.4.jar: validation-api-2.0.1.Final.jar

Description:

        Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
SHA256:9873b46df1833c9ee8f5bc1ff6853375115dadd8897bcb5a0dffb5848835ee6c

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	validation-api	High
Vendor	jar	package name	javax	Highest
Vendor	jar	package name	validation	Highest
Vendor	Manifest	automatic-module-name	java.validation	Medium
Vendor	Manifest	bundle-symbolicname	javax.validation.api	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	validation-api	Low
Vendor	pom	developer email	emmanuel@hibernate.org	Low
Vendor	pom	developer email	guillaume.smet@hibernate.org	Low
Vendor	pom	developer email	gunnar@hibernate.org	Low
Vendor	pom	developer email	hferents@redhat.com	Low
Vendor	pom	developer id	emmanuelbernard	Medium
Vendor	pom	developer id	epbernard	Medium
Vendor	pom	developer id	guillaume.smet	Medium
Vendor	pom	developer id	gunnar.morling	Medium
Vendor	pom	developer id	hardy.ferentschik	Medium
Vendor	pom	developer name	Emmanuel Bernard	Medium
Vendor	pom	developer name	Guillaume Smet	Medium
Vendor	pom	developer name	Gunnar Morling	Medium
Vendor	pom	developer name	Hardy Ferentschik	Medium
Vendor	pom	developer org	Red Hat, Inc.	Medium
Vendor	pom	groupid	javax.validation	Highest
Vendor	pom	name	Bean Validation API	High
Vendor	pom	url	http://beanvalidation.org	Highest
Product	file	name	validation-api	High
Product	jar	package name	javax	Highest
Product	jar	package name	validation	Highest
Product	Manifest	automatic-module-name	java.validation	Medium
Product	Manifest	Bundle-Name	Bean Validation API	Medium
Product	Manifest	bundle-symbolicname	javax.validation.api	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	validation-api	Highest
Product	pom	developer email	emmanuel@hibernate.org	Low
Product	pom	developer email	guillaume.smet@hibernate.org	Low
Product	pom	developer email	gunnar@hibernate.org	Low
Product	pom	developer email	hferents@redhat.com	Low
Product	pom	developer id	emmanuelbernard	Low
Product	pom	developer id	epbernard	Low
Product	pom	developer id	guillaume.smet	Low
Product	pom	developer id	gunnar.morling	Low
Product	pom	developer id	hardy.ferentschik	Low
Product	pom	developer name	Emmanuel Bernard	Low
Product	pom	developer name	Guillaume Smet	Low
Product	pom	developer name	Gunnar Morling	Low
Product	pom	developer name	Hardy Ferentschik	Low
Product	pom	developer org	Red Hat, Inc.	Low
Product	pom	groupid	javax.validation	Highest
Product	pom	name	Bean Validation API	High
Product	pom	url	http://beanvalidation.org	Medium
Version	Manifest	Bundle-Version	2.0.1.Final	High
Version	pom	version	2.0.1.Final	Highest

Identifiers

pkg:maven/javax.validation/validation-api@2.0.1.Final (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: wsdl4j-1.6.3.jar

Description:

Java stub generator for WSDL

License:

CPL: http://www.opensource.org/licenses/cpl1.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/wsdl4j-1.6.3.jar
MD5: cfc28d89625c5e88589aec7a9aee0208
SHA1: 6d106a6845a3d3477a1560008479312888e94f2f
SHA256:740f448e6b3bc110e02f4a1e56fb57672e732d2ecaf29ae15835051ae8af4725

Evidence

Type	Source	Name	Value	Confidence
Vendor	central	artifactid	wsdl4j	Highest
Vendor	central	groupid	wsdl4j	Highest
Vendor	file	name	wsdl4j	High
Vendor	jar	package name	extensions	Low
Vendor	jar	package name	ibm	Highest
Vendor	jar	package name	ibm	Low
Vendor	jar	package name	wsdl	Low
Vendor	Manifest	Implementation-Vendor	IBM	High
Vendor	Manifest	specification-vendor	IBM (Java Community Process)	Low
Vendor	pom	artifactid	wsdl4j	Low
Vendor	pom	developer email	wsdl4j-discuss@sourceforge.net	Low
Vendor	pom	developer id	wsdl4j	Medium
Vendor	pom	developer name	WSDL4J	Medium
Vendor	pom	groupid	wsdl4j	Highest
Vendor	pom	name	WSDL4J	High
Vendor	pom	url	http://sf.net/projects/wsdl4j	Highest
Product	central	artifactid	wsdl4j	Highest
Product	file	name	wsdl4j	High
Product	jar	package name	extensions	Low
Product	jar	package name	wsdl	Low
Product	Manifest	Implementation-Title	WSDL4J	High
Product	Manifest	specification-title	JWSDL	Medium
Product	pom	artifactid	wsdl4j	Highest
Product	pom	developer email	wsdl4j-discuss@sourceforge.net	Low
Product	pom	developer id	wsdl4j	Low
Product	pom	developer name	WSDL4J	Low
Product	pom	groupid	wsdl4j	Highest
Product	pom	name	WSDL4J	High
Product	pom	url	http://sf.net/projects/wsdl4j	Medium
Version	central	version	1.6.3	Highest
Version	file	version	1.6.3	High
Version	Manifest	Implementation-Version	1.6.3	High
Version	pom	version	1.6.3	Highest

Identifiers

pkg:maven/wsdl4j/wsdl4j@1.6.3 (Confidence:High)

ffl-admindentaire-packaging-1.0.4.jar: xmlunit-core-2.9.1.jar

Description:

XMLUnit for Java

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-packaging/target/ffl-admindentaire-packaging-1.0.4.jar/BOOT-INF/lib/xmlunit-core-2.9.1.jar
MD5: 011288450a3905a7d97e3957b69e713e
SHA1: e5833662d9a1279a37da3ef6f62a1da29fcd68c4
SHA256:7e70f23d4f75e05f0ee79f0f6b9e13b6cf51d34f36c5fc3a6b839429dde1efef

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	xmlunit-core	High
Vendor	jar	package name	xmlunit	Highest
Vendor	Manifest	automatic-module-name	org.xmlunit	Medium
Vendor	Manifest	build-time	2023-01-10T15:19:21Z	Low
Vendor	Manifest	bundle-docurl	https://www.xmlunit.org/	Low
Vendor	Manifest	bundle-symbolicname	org.xmlunit.xmlunit-core	Medium
Vendor	Manifest	implementation-url	https://www.xmlunit.org/	Low
Vendor	Manifest	Implementation-Vendor	XMLUnit	High
Vendor	Manifest	Implementation-Vendor-Id	org.xmlunit	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	Manifest	specification-vendor	XMLUnit	Low
Vendor	Manifest	x-git-hash	9118af20aeaa6b8665be9c13fc84c1fd25b51acd (Branch main)	Low
Vendor	pom	artifactid	xmlunit-core	Low
Vendor	pom	groupid	org.xmlunit	Highest
Vendor	pom	name	org.xmlunit:xmlunit-core	High
Vendor	pom	parent-artifactid	xmlunit-parent	Low
Vendor	pom	url	https://www.xmlunit.org/	Highest
Product	file	name	xmlunit-core	High
Product	jar	package name	xmlunit	Highest
Product	Manifest	automatic-module-name	org.xmlunit	Medium
Product	Manifest	build-time	2023-01-10T15:19:21Z	Low
Product	Manifest	bundle-docurl	https://www.xmlunit.org/	Low
Product	Manifest	Bundle-Name	org.xmlunit:xmlunit-core	Medium
Product	Manifest	bundle-symbolicname	org.xmlunit.xmlunit-core	Medium
Product	Manifest	Implementation-Title	org.xmlunit:xmlunit-core	High
Product	Manifest	implementation-url	https://www.xmlunit.org/	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	Manifest	specification-title	org.xmlunit:xmlunit-core	Medium
Product	Manifest	x-git-hash	9118af20aeaa6b8665be9c13fc84c1fd25b51acd (Branch main)	Low
Product	pom	artifactid	xmlunit-core	Highest
Product	pom	groupid	org.xmlunit	Highest
Product	pom	name	org.xmlunit:xmlunit-core	High
Product	pom	parent-artifactid	xmlunit-parent	Medium
Product	pom	url	https://www.xmlunit.org/	Medium
Version	file	version	2.9.1	High
Version	Manifest	Bundle-Version	2.9.1	High
Version	Manifest	Implementation-Version	2.9.1	High
Version	pom	version	2.9.1	Highest

Identifiers

pkg:maven/org.xmlunit/xmlunit-core@2.9.1 (Confidence:High)

Published Vulnerabilities

CVE-2024-31573 (OSSINDEX)

xmlunit-core - XSLT Injection

CWE-1188

CVSSv2:

Base Score: HIGH (9.2)
Vector: /AV:N/AC:L/Au:/C:/I:/A:

References:

OSSINDEX - [CVE-2024-31573] CWE-1188
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31573
OSSIndex - https://github.com/advisories/GHSA-chfm-68vv-pvw5
OSSIndex - https://github.com/xmlunit/xmlunit/issues/264

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.xmlunit:xmlunit-core:2.9.1:*:*:*:*:*:*:*

ffl-admindentaire-services-1.0.4.jar

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-services/target/ffl-admindentaire-services-1.0.4.jar
MD5: b085c21e12704ec2f645c85ee4c740ad
SHA1: 21588ae432694a66c42c7ad9192a9d63b8a086a6
SHA256:ce9ebd3377ad8da5e514929a9c8120b97047e6d789f8870a691a09f7b2797b53

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ffl-admindentaire-services	High
Vendor	jar	package name	ffl	Highest
Vendor	jar	package name	sintia	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	ffl-admindentaire-services	Low
Vendor	pom	groupid	com.sintia.ffl.admindentaire	Highest
Vendor	pom	parent-artifactid	ffl-services-parent	Low
Vendor	pom	parent-groupid	com.sintia.ffl	Medium
Product	file	name	ffl-admindentaire-services	High
Product	jar	package name	ffl	Highest
Product	jar	package name	sintia	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	ffl-admindentaire-services	High
Product	pom	artifactid	ffl-admindentaire-services	Highest
Product	pom	groupid	com.sintia.ffl.admindentaire	Highest
Product	pom	parent-artifactid	ffl-services-parent	Medium
Product	pom	parent-groupid	com.sintia.ffl	Medium
Version	file	version	1.0.4	High
Version	Manifest	Implementation-Version	1.0.4	High
Version	pom	parent-version	1.0.4	Low
Version	pom	version	1.0.4	Highest

Related Dependencies

Identifiers

pkg:maven/com.sintia.ffl.admindentaire/ffl-admindentaire-services@1.0.4 (Confidence:High)

prettify.js

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-api/target/site/jacoco/jacoco-resources/prettify.js
MD5: 4b337aaa3c606cfc1a6ff1986db2c8cb
SHA1: 290093755739da933c180ae7e7ebf283724dad1d
SHA256:743c6c4cab9499cd0bfe18a5a62281eccce843f47ec75eedb32eeb29c755aa68

Evidence

Related Dependencies

Identifiers

None

sort.js

File Path: /home/azureuser/dependency-check/projects/ffl-admin-dentaire/ffl-admin-dentaire/ffl-admin-dentaire-api/target/site/jacoco/jacoco-resources/sort.js
MD5: 727f663502fd1d85787ea703506b651e
SHA1: cca2b01454d6bc3cd5083552e138e991b8fe8e35
SHA256:3fd8dc27e9e0714d2dca4e1a16d775fefee2677962d968f36e05fc74b83a95cd

Evidence

Related Dependencies

Identifiers

None

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: ffl-admin-dentaire

Summary

Dependencies

ffl-admindentaire-api-1.0.4.jar

Evidence

Related Dependencies

Identifiers

ffl-admindentaire-dal-1.0.4.jar

Evidence

Related Dependencies

Identifiers

ffl-admindentaire-packaging-1.0.4.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: HdrHistogram-2.1.12.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: HikariCP-4.0.3.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: LatencyUtils-2.0.3.jar

Evidence

Identifiers

Published Vulnerabilities

ffl-admindentaire-packaging-1.0.4.jar: accessors-smart-2.4.11.jar

Evidence

Identifiers

Published Vulnerabilities

ffl-admindentaire-packaging-1.0.4.jar: android-json-0.0.20131108.vaadin1.jar

Evidence

Identifiers

Published Vulnerabilities

ffl-admindentaire-packaging-1.0.4.jar: antlr-2.7.7.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: apiguardian-api-1.1.2.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: asm-9.3.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: aspectjweaver-1.9.7.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: assertj-core-3.22.0.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-1.12.23.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-agent-1.12.23.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-agent-1.12.23.jar: attach_hotspot_windows.dll

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: byte-buddy-agent-1.12.23.jar: attach_hotspot_windows.dll

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: cache-api-1.1.1.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: checker-qual-3.5.0.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: classmate-1.5.1.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: commons-collections4-4.4.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: commons-io-2.15.1.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: commons-lang3-3.12.0.jar

Evidence

Identifiers

ffl-admindentaire-packaging-1.0.4.jar: ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-107:3.10.8)

Evidence

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor