Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 7.4.4Report Generated On : Wed, 12 Mar 2025 09:09:17 GMTDependencies Scanned : 86 (57 unique)Vulnerable Dependencies : 12 Vulnerabilities Found : 22Vulnerabilities Suppressed : 0... CurrentEngineRelease : 12.1.0NVD CVE Checked : 2025-03-12T09:07:45NVD CVE Modified : 2025-03-12T05:00:02VersionCheckOn : 2025-03-08T09:09:46Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-api/target/ffl-core-api-1.0.22.jarMD5: 12494088f609bed187f6d7087b856d9aSHA1: 9e829c03aec1723c047e3742ab8ac98a40c5e8aaSHA256: 24625e1270852e1425d35a45137c8e06377c8b32b99c7a468e2bc05f9ad7c10e
Evidence Type Source Name Value Confidence Vendor file name ffl-core-api High Vendor jar package name api Highest Vendor jar package name core Highest Vendor jar package name ffl Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid ffl-core-api Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-api-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-api High Product jar package name api Highest Product jar package name core Highest Product jar package name ffl Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title ffl-core-api High Product pom artifactid ffl-core-api Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-api-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 1.0.22 High Version Manifest Implementation-Version 1.0.22 High Version pom parent-version 1.0.22 Low Version pom version 1.0.22 Highest
Description:
Module contenant le core du back-office File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jarMD5: 47154209d74ef809c123f69a05e29d3eSHA1: 7705e95a8f1490068261c1832b152ab4f8de4ea0SHA256: f54df52a245cf812e0a2ccaecac1dca863b6055050e512b61ee9ffc934076f01
Evidence Type Source Name Value Confidence Vendor file name ffl-core-commons High Vendor jar package name com Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest spring-boot-classes BOOT-INF/classes/ Low Vendor Manifest spring-boot-classpath-index BOOT-INF/classpath.idx Low Vendor Manifest spring-boot-layers-index BOOT-INF/layers.idx Low Vendor Manifest spring-boot-lib BOOT-INF/lib/ Low Vendor pom artifactid ffl-core-commons Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-commons High Product jar package name boot Highest Product jar package name boot-inf Highest Product jar package name classes Highest Product jar package name com Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title ffl-core-commons High Product Manifest spring-boot-classes BOOT-INF/classes/ Low Product Manifest spring-boot-classpath-index BOOT-INF/classpath.idx Low Product Manifest spring-boot-layers-index BOOT-INF/layers.idx Low Product Manifest spring-boot-lib BOOT-INF/lib/ Low Product pom artifactid ffl-core-commons Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 1.0.22 High Version Manifest Implementation-Version 1.0.22 High Version pom parent-version 1.0.22 Low Version pom version 1.0.22 Highest
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
The code is tested using the latest revision of the JDK for supported
LTS releases: 8, 11, 17 and 21 currently.
See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
Please ensure your build environment is up-to-date and kindly report any build issues.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/commons-lang3-3.17.0.jar
MD5: 7730df72b7fdff4a3a32d89a314f826a
SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
SHA256: 6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
Evidence Type Source Name Value Confidence Vendor file name commons-lang3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang3 Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email lguibert@apache.org Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id lguibert Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Loic Guibert Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Product file name commons-lang3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang3 Highest Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Lang Medium Product pom artifactid commons-lang3 Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email lguibert@apache.org Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id lguibert Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Benedikt Ritter Low Product pom developer name Daniel Rall Low Product pom developer name Duncan Jones Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Loic Guibert Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org SITA ATS Ltd Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.17.0 High Version Manifest Bundle-Version 3.17.0 High Version Manifest Implementation-Version 3.17.0 High Version pom parent-version 3.17.0 Low Version pom version 3.17.0 Highest
Description:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/jackson-annotations-2.17.2.jar
MD5: e68e7e593ae47e106421688707683297
SHA1: 147b7b9412ffff24339f8aba080b292448e08698
SHA256: 873a606e23507969f9bbbea939d5e19274a88775ea5a169ba7e2d795aa5156e1
Evidence Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-annotations High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest Implementation-Title Jackson-annotations High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.17.2 High Version Manifest Bundle-Version 2.17.2 High Version Manifest Implementation-Version 2.17.2 High Version pom parent-version 2.17.2 Low Version pom version 2.17.2 Highest
Description:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256: 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Evidence Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid ca-parent Low Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product Manifest automatic-module-name java.annotation Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.annotation-api Highest Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid ca-parent Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 1.3.5 High Version Manifest Bundle-Version 1.3.5 High Version Manifest Implementation-Version 1.3.5 High Version pom version 1.3.5 Highest
Related Dependencies ffl-core-database-1.0.22.jar: jakarta.annotation-api-1.3.5.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jakarta.annotation-api-1.3.5.jar MD5: 8b165cf58df5f8c2a222f637c0a07c97 SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d SHA256: 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 Description:
JUL to SLF4J bridge File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/jul-to-slf4j-1.7.36.jarMD5: 2a3fe73e6cafe8f102facaf2dd65353fSHA1: ed46d81cef9c412a88caef405b58f93a678ff2caSHA256: 9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de
Evidence Type Source Name Value Confidence Vendor file name jul-to-slf4j High Vendor jar package name bridge Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor pom artifactid jul-to-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JUL to SLF4J bridge High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jul-to-slf4j High Product jar package name bridge Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name jul-to-slf4j Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname jul.to.slf4j Medium Product pom artifactid jul-to-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JUL to SLF4J bridge High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.36 High Version Manifest Bundle-Version 1.7.36 High Version Manifest Implementation-Version 1.7.36 High Version pom version 1.7.36 Highest
Related Dependencies ffl-core-database-1.0.22.jar: jul-to-slf4j-1.7.36.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jul-to-slf4j-1.7.36.jar MD5: 2a3fe73e6cafe8f102facaf2dd65353f SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca SHA256: 9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de pkg:maven/org.slf4j/jul-to-slf4j@1.7.36 Description:
The Apache Log4j API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/log4j-api-2.17.2.jar
MD5: 0c39d90e7819c92c111e447bdf786a90
SHA1: f42d6afa111b4dec5d2aea0fe2197240749a4ea6
SHA256: 09351b5a03828f369cdcff76f4ed39e6a6fc20f24f046935d0b28ef5152f8ce4
Evidence Type Source Name Value Confidence Vendor file name log4j-api High Vendor jar package name apache Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor Manifest log4jsigningusername rgoers@apache.org Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-api Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j API High Vendor pom parent-artifactid log4j Low Product file name log4j-api High Product jar package name apache Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product Manifest Implementation-Title Apache Log4j API High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest log4jreleasemanager Ralph Goers Low Product Manifest log4jsigningusername rgoers@apache.org Medium Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Log4j API Medium Product pom artifactid log4j-api Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j API High Product pom parent-artifactid log4j Medium Version file version 2.17.2 High Version Manifest Bundle-Version 2.17.2 High Version Manifest Implementation-Version 2.17.2 High Version Manifest log4jreleaseversion 2.17.2 Medium Version pom version 2.17.2 Highest
Related Dependencies ffl-core-database-1.0.22.jar: log4j-api-2.17.2.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/log4j-api-2.17.2.jar MD5: 0c39d90e7819c92c111e447bdf786a90 SHA1: f42d6afa111b4dec5d2aea0fe2197240749a4ea6 SHA256: 09351b5a03828f369cdcff76f4ed39e6a6fc20f24f046935d0b28ef5152f8ce4 pkg:maven/org.apache.logging.log4j/log4j-api@2.17.2 Description:
The Apache Log4j binding between Log4j 2 API and SLF4J. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/log4j-to-slf4j-2.17.2.jar
MD5: 14b27a4266c6d71c949cb4591ee463cc
SHA1: 17dd0fae2747d9a28c67bc9534108823d2376b46
SHA256: 9bcfa5273527b950d79739d11e8f8080cfc881908fa2a946b4e891c0293094de
Evidence Type Source Name Value Confidence Vendor file name log4j-to-slf4j High Vendor jar package name apache Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.apache.logging.slf4j Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.to-slf4j Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-to-slf4j/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor Manifest log4jsigningusername rgoers@apache.org Medium Vendor Manifest provide-capability osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider" Low Vendor Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-to-slf4j Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j to SLF4J Adapter High Vendor pom parent-artifactid log4j Low Product file name log4j-to-slf4j High Product jar package name apache Highest Product jar package name logging Highest Product jar package name slf4j Highest Product Manifest automatic-module-name org.apache.logging.slf4j Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j to SLF4J Adapter Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.to-slf4j Medium Product Manifest Implementation-Title Apache Log4j to SLF4J Adapter High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-to-slf4j/ Low Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest log4jreleasemanager Ralph Goers Low Product Manifest log4jsigningusername rgoers@apache.org Medium Product Manifest provide-capability osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider" Low Product Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Log4j to SLF4J Adapter Medium Product pom artifactid log4j-to-slf4j Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j to SLF4J Adapter High Product pom parent-artifactid log4j Medium Version file version 2.17.2 High Version Manifest Bundle-Version 2.17.2 High Version Manifest Implementation-Version 2.17.2 High Version Manifest log4jreleaseversion 2.17.2 Medium Version pom version 2.17.2 Highest
Related Dependencies ffl-core-database-1.0.22.jar: log4j-to-slf4j-2.17.2.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/log4j-to-slf4j-2.17.2.jar MD5: 14b27a4266c6d71c949cb4591ee463cc SHA1: 17dd0fae2747d9a28c67bc9534108823d2376b46 SHA256: 9bcfa5273527b950d79739d11e8f8080cfc881908fa2a946b4e891c0293094de pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2 Description:
logback-classic module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/logback-classic-1.2.12.jar
MD5: a7ebf115c247690da5e5e64849da6f5f
SHA1: d4dee19148dccb177a0736eb2027bd195341da78
SHA256: f65352bf627177e414c956a977a5851e7125e9f3a2e1a7847b2fa78182dc49fe
Evidence Type Source Name Value Confidence Vendor file name logback-classic High Vendor jar package name ch Highest Vendor jar package name classic Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname ch.qos.logback.classic Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.4 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid logback-classic Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Classic Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-classic High Product jar package name ch Highest Product jar package name classic Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Classic Module Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname ch.qos.logback.classic Medium Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.4 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid logback-classic Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Classic Module High Product pom parent-artifactid logback-parent Medium Version file version 1.2.12 High Version Manifest Bundle-Version 1.2.12 High Version pom version 1.2.12 Highest
Related Dependencies ffl-core-database-1.0.22.jar: logback-classic-1.2.12.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/logback-classic-1.2.12.jar MD5: a7ebf115c247690da5e5e64849da6f5f SHA1: d4dee19148dccb177a0736eb2027bd195341da78 SHA256: f65352bf627177e414c956a977a5851e7125e9f3a2e1a7847b2fa78182dc49fe pkg:maven/ch.qos.logback/logback-classic@1.2.12 CVE-2023-6378 suppress
A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2023-6481 suppress
A serialization vulnerability in logback receiver component part of
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
Description:
logback-core module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/logback-core-1.2.12.jar
MD5: 879d60b3fa9c6617cee4e20f12f6a16e
SHA1: 1d8e51a698b138065d73baefb4f94531faa323cb
SHA256: 0cba0755fbdc1793f60dc9d1ef22337737899f4f28b485c42bcadacb73664b34
Evidence Type Source Name Value Confidence Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.4 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Core Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-core High Product jar package name ch Highest Product jar package name core Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Core Module Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.4 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid logback-core Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Core Module High Product pom parent-artifactid logback-parent Medium Version file version 1.2.12 High Version Manifest Bundle-Version 1.2.12 High Version pom version 1.2.12 Highest
Related Dependencies ffl-core-database-1.0.22.jar: logback-core-1.2.12.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/logback-core-1.2.12.jar MD5: 879d60b3fa9c6617cee4e20f12f6a16e SHA1: 1d8e51a698b138065d73baefb4f94531faa323cb SHA256: 0cba0755fbdc1793f60dc9d1ef22337737899f4f28b485c42bcadacb73664b34 pkg:maven/ch.qos.logback/logback-core@1.2.12 CVE-2023-6378 suppress
A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2023-6481 suppress
A serialization vulnerability in logback receiver component part of
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2024-12798 (OSSINDEX)suppress
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core
upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows
attacker to execute arbitrary code by compromising an existing
logback configuration file or by injecting an environment variable
before program execution.
Malicious logback configuration files can allow the attacker to execute
arbitrary code using the JaninoEventEvaluator extension.
A successful attack requires the user to have write access to a
configuration file. Alternatively, the attacker could inject a malicious
environment variable pointing to a malicious configuration file. In both
cases, the attack requires existing privilege. CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVSSv2:
Base Score: MEDIUM (5.9) Vector: /AV:L/AC:L/Au:/C:/I:/A: References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:ch.qos.logback:logback-core:1.2.12:*:*:*:*:*:*:* CVE-2024-12801 (OSSINDEX)suppress
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to
forge requests by compromising logback configuration files in XML.
The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-12801 for details CWE-918 Server-Side Request Forgery (SSRF)
CVSSv2:
Base Score: LOW (2.4) Vector: /AV:L/AC:L/Au:/C:/I:/A: References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:ch.qos.logback:logback-core:1.2.12:*:*:*:*:*:*:* Description:
An annotation processor for generating type-safe bean mappers License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/mapstruct-1.5.5.Final.jar
MD5: 9f2f737ffa2496ca5c40dcc323068803
SHA1: 2ca3cbe39b6e9ea8d5ea521965a89bef2a1e8eeb
SHA256: 6391e07982855dd804d825b63a55ab9251003716547216e5f581123c841328d5
Evidence Type Source Name Value Confidence Vendor file name mapstruct High Vendor jar package name mapstruct Highest Vendor Manifest automatic-module-name org.mapstruct Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.mapstruct Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid mapstruct Low Vendor pom groupid org.mapstruct Highest Vendor pom name MapStruct Core High Vendor pom parent-artifactid mapstruct-parent Low Product file name mapstruct High Product jar package name mappers Highest Product jar package name mapstruct Highest Product Manifest automatic-module-name org.mapstruct Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name MapStruct Core Medium Product Manifest bundle-symbolicname org.mapstruct Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid mapstruct Highest Product pom groupid org.mapstruct Highest Product pom name MapStruct Core High Product pom parent-artifactid mapstruct-parent Medium Version Manifest Bundle-Version 1.5.5.Final High Version pom version 1.5.5.Final Highest
Related Dependencies ffl-core-database-1.0.22.jar: mapstruct-1.5.5.Final.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/mapstruct-1.5.5.Final.jar MD5: 9f2f737ffa2496ca5c40dcc323068803 SHA1: 2ca3cbe39b6e9ea8d5ea521965a89bef2a1e8eeb SHA256: 6391e07982855dd804d825b63a55ab9251003716547216e5f581123c841328d5 pkg:maven/org.mapstruct/mapstruct@1.5.5.Final Description:
The slf4j API File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/slf4j-api-1.7.36.jarMD5: 872da51f5de7f3923da4de871d57fd85SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14SHA256: d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.slf4j Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest automatic-module-name org.slf4j Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.36 High Version Manifest Bundle-Version 1.7.36 High Version Manifest Implementation-Version 1.7.36 High Version pom version 1.7.36 Highest
Related Dependencies ffl-core-database-1.0.22.jar: slf4j-api-1.7.36.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/slf4j-api-1.7.36.jar MD5: 872da51f5de7f3923da4de871d57fd85 SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14 SHA256: d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0 pkg:maven/org.slf4j/slf4j-api@1.7.36 Description:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/snakeyaml-2.3.jar
MD5: 2a1c2ee8923dcd6bd6d025751af5df37
SHA1: 936b36210e27320f920536f695cf1af210c44586
SHA256: 63a76fe66b652360bd4c2c107e6f0258daa7d4bb492008ba8c26fcd230ff9146
Evidence Type Source Name Value Confidence Vendor file name snakeyaml High Vendor jar package name emitter Highest Vendor jar package name org Highest Vendor jar package name parser Highest Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email public.somov@gmail.com Low Vendor pom developer id asomov Medium Vendor pom developer id maslovalex Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url https://bitbucket.org/snakeyaml/snakeyaml Highest Product file name snakeyaml High Product jar package name emitter Highest Product jar package name org Highest Product jar package name parser Highest Product jar package name snakeyaml Highest Product jar package name yaml Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name SnakeYAML Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email public.somov@gmail.com Low Product pom developer id asomov Low Product pom developer id maslovalex Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url https://bitbucket.org/snakeyaml/snakeyaml Medium Version file version 2.3 High Version pom version 2.3 Highest
Related Dependencies ffl-core-database-1.0.22.jar: snakeyaml-2.3.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/snakeyaml-2.3.jar MD5: 2a1c2ee8923dcd6bd6d025751af5df37 SHA1: 936b36210e27320f920536f695cf1af210c44586 SHA256: 63a76fe66b652360bd4c2c107e6f0258daa7d4bb492008ba8c26fcd230ff9146 pkg:maven/org.yaml/snakeyaml@2.3 Description:
Spring AOP License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-aop-5.3.31.jar
MD5: 48143a3242d23f66736e34cf1b5ad632
SHA1: 3be929dbdb5f4516919ad09a3d3720d779bb65d9
SHA256: 3f0c666f317abaa845fc3a24fba219b1f469716bf309cccd755eecb8fee20430
Evidence Type Source Name Value Confidence Vendor central artifactid spring-aop Highest Vendor central groupid org.springframework Highest Vendor file name spring-aop High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name aop Highest Vendor jar package name aop Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.aop Medium Vendor pom artifactid spring-aop Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring AOP High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product central artifactid spring-aop Highest Product file name spring-aop High Product hint analyzer product springsource_spring_framework Highest Product jar package name aop Highest Product jar package name aop Low Product Manifest automatic-module-name spring.aop Medium Product Manifest Implementation-Title spring-aop High Product pom artifactid spring-aop Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring AOP High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version central version 5.3.31 Highest Version file version 5.3.31 High Version Manifest Implementation-Version 5.3.31 High Version pom version 5.3.31 Highest
Related Dependencies ffl-core-commons-1.0.22-repackaged.jar: spring-beans-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-beans-5.3.31.jar MD5: b5fe5c018f96edf76b7e92b34668fa44 SHA1: d27258849071b3b268ecc388eca35bbfcc586448 SHA256: a8d6d99003d0a28049cba4273afbcfc64e1107ee3c33f67935853e9711544aa7 pkg:maven/org.springframework/spring-beans@5.3.31 ffl-core-commons-1.0.22-repackaged.jar: spring-context-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-context-5.3.31.jar MD5: 6aa19e7e6a87b4ac8b649057315b1dd1 SHA1: a2d6e76507f037ad835e8c2288dfedf28981999f SHA256: 38def055d1e22b5514b1cb19cef4474e5c1b0d2127c483e7d014bde87c4a4cf3 pkg:maven/org.springframework/spring-context@5.3.31 ffl-core-commons-1.0.22-repackaged.jar: spring-core-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-core-5.3.31.jar MD5: a9ef5a29eaa89fe909a0c4ed870d90a1 SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3 SHA256: 7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9 pkg:maven/org.springframework/spring-core@5.3.31 ffl-core-commons-1.0.22-repackaged.jar: spring-jcl-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-jcl-5.3.31.jar MD5: 4d281617e07553792218e37c47b8bd8c SHA1: e7ab9ee590a195415dd6b898440d776b4c8db78c SHA256: eee0df6a25a9c56d228ea86272546aa5a0656caf2f14e7b375417b066abbc0db pkg:maven/org.springframework/spring-jcl@5.3.31 ffl-core-database-1.0.22.jar: spring-aop-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-aop-5.3.31.jar MD5: 48143a3242d23f66736e34cf1b5ad632 SHA1: 3be929dbdb5f4516919ad09a3d3720d779bb65d9 SHA256: 3f0c666f317abaa845fc3a24fba219b1f469716bf309cccd755eecb8fee20430 pkg:maven/org.springframework/spring-aop@5.3.31 CVE-2024-38820 suppress
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Spring Boot License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-boot-2.7.18.jar
MD5: 0941c83c25204150f8bd73ae66c63fd1
SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0
SHA256: 530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950
Evidence Type Source Name Value Confidence Vendor central artifactid spring-boot Highest Vendor central groupid org.springframework.boot Highest Vendor file name spring-boot High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name boot Highest Vendor jar package name boot Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.boot Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid spring-boot Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product central artifactid spring-boot Highest Product file name spring-boot High Product jar package name boot Highest Product jar package name boot Low Product Manifest automatic-module-name spring.boot Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Spring Boot High Product pom artifactid spring-boot Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version central version 2.7.18 Highest Version file version 2.7.18 High Version Manifest Implementation-Version 2.7.18 High Version pom version 2.7.18 Highest
Related Dependencies ffl-core-commons-1.0.22-repackaged.jar: spring-boot-autoconfigure-2.7.18.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-boot-autoconfigure-2.7.18.jar MD5: e127e4ed0469cc5442d3c8e5e42e7988 SHA1: 9cf147c6ca274c75b32556acdcba5a1de081ebcd SHA256: 1c4e0aadcb662b6149b536a2cf288003ffefe81a6cc69846e9f14976529a1b08 pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.18 ffl-core-database-1.0.22.jar: spring-boot-2.7.18.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-boot-2.7.18.jar MD5: 0941c83c25204150f8bd73ae66c63fd1 SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0 SHA256: 530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950 pkg:maven/org.springframework.boot/spring-boot@2.7.18 Description:
Spring Boot Layers Tools License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-boot-jarmode-layertools-2.7.18.jar
MD5: f32346692e754a6948b7f88a2405c187
SHA1: a4dc17d77bb35753dd1d4d57846b0891aec1ae38
SHA256: defcbd4fb885b1fe9b1711462fc52721c02129fe55631c96d15e9363cf20707b
Evidence Type Source Name Value Confidence Vendor central artifactid spring-boot-jarmode-layertools Highest Vendor central groupid org.springframework.boot Highest Vendor file name spring-boot-jarmode-layertools High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name boot Highest Vendor jar package name boot Low Vendor jar package name jarmode Highest Vendor jar package name jarmode Low Vendor jar package name layertools Highest Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.boot.jarmode.layertools Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid spring-boot-jarmode-layertools Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot-jarmode-layertools High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product central artifactid spring-boot-jarmode-layertools Highest Product file name spring-boot-jarmode-layertools High Product jar package name boot Highest Product jar package name boot Low Product jar package name jarmode Highest Product jar package name jarmode Low Product jar package name layertools Highest Product jar package name layertools Low Product Manifest automatic-module-name spring.boot.jarmode.layertools Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Spring Boot Layers Tools High Product pom artifactid spring-boot-jarmode-layertools Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot-jarmode-layertools High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version central version 2.7.18 Highest Version file version 2.7.18 High Version Manifest Implementation-Version 2.7.18 High Version pom version 2.7.18 Highest
Related Dependencies ffl-core-database-1.0.22.jar: spring-boot-jarmode-layertools-2.7.18.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-boot-jarmode-layertools-2.7.18.jar MD5: f32346692e754a6948b7f88a2405c187 SHA1: a4dc17d77bb35753dd1d4d57846b0891aec1ae38 SHA256: defcbd4fb885b1fe9b1711462fc52721c02129fe55631c96d15e9363cf20707b pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.7.18 Description:
Spring Expression Language (SpEL) License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-expression-5.3.31.jar
MD5: 9e309bb1a738acbd0ac9c9fc58931fd3
SHA1: 55637af1b186d1008890980c2876c5fc83599756
SHA256: e027f122b8a4e3030339068220bed02d1c9d397eb5897f1e33ba2f63b22591ac
Evidence Type Source Name Value Confidence Vendor central artifactid spring-expression Highest Vendor central groupid org.springframework Highest Vendor file name spring-expression High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name expression Highest Vendor jar package name expression Low Vendor jar package name spel Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.expression Medium Vendor pom artifactid spring-expression Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Expression Language (SpEL) High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product central artifactid spring-expression Highest Product file name spring-expression High Product hint analyzer product springsource_spring_framework Highest Product jar package name expression Highest Product jar package name expression Low Product jar package name spel Low Product Manifest automatic-module-name spring.expression Medium Product Manifest Implementation-Title spring-expression High Product pom artifactid spring-expression Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Expression Language (SpEL) High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version central version 5.3.31 Highest Version file version 5.3.31 High Version Manifest Implementation-Version 5.3.31 High Version pom version 5.3.31 Highest
Related Dependencies ffl-core-database-1.0.22.jar: spring-expression-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-expression-5.3.31.jar MD5: 9e309bb1a738acbd0ac9c9fc58931fd3 SHA1: 55637af1b186d1008890980c2876c5fc83599756 SHA256: e027f122b8a4e3030339068220bed02d1c9d397eb5897f1e33ba2f63b22591ac pkg:maven/org.springframework/spring-expression@5.3.31 CVE-2024-38808 (OSSINDEX)suppress
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.
Specifically, an application is vulnerable when the following is true:
* The application evaluates user-supplied SpEL expressions.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/Au:/C:/I:/A: References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-expression:5.3.31:*:*:*:*:*:*:* CVE-2024-38820 suppress
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-security-config-5.7.11.jar
MD5: 4c6371a40f7810e374d7c3c24d8c2494
SHA1: f145824f159befc8067a9d509a1fbb6746ebf50b
SHA256: b22e2e2c137231b4c0f7f8503c704c285e7bb5a2360dd380530baa2f9fb4e724
Evidence Type Source Name Value Confidence Vendor central artifactid spring-security-config Highest Vendor central groupid org.springframework.security Highest Vendor file name spring-security-config High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name config Highest Vendor jar package name config Low Vendor jar package name security Highest Vendor jar package name security Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.security.config Medium Vendor pom artifactid spring-security-config Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-config High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product central artifactid spring-security-config Highest Product file name spring-security-config High Product jar package name config Highest Product jar package name config Low Product jar package name security Highest Product jar package name security Low Product Manifest automatic-module-name spring.security.config Medium Product Manifest Implementation-Title spring-security-config High Product pom artifactid spring-security-config Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-config High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version central version 5.7.11 Highest Version file version 5.7.11 High Version Manifest Implementation-Version 5.7.11 High Version pom version 5.7.11 Highest
Related Dependencies ffl-core-database-1.0.22.jar: spring-security-config-5.7.11.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-security-config-5.7.11.jar MD5: 4c6371a40f7810e374d7c3c24d8c2494 SHA1: f145824f159befc8067a9d509a1fbb6746ebf50b SHA256: b22e2e2c137231b4c0f7f8503c704c285e7bb5a2360dd380530baa2f9fb4e724 pkg:maven/org.springframework.security/spring-security-config@5.7.11 Description:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-security-core-5.7.11.jar
MD5: 11e82e2698da00fe8c6de5ebe625b3f0
SHA1: 6c79c2f22d238f89abe3e75af80dc442c4087c62
SHA256: 6dc827f4065a74d8d86b976c2d6c284c42ecc5a88d34850b506beb58e7f8346b
Evidence Type Source Name Value Confidence Vendor central artifactid spring-security-core Highest Vendor central groupid org.springframework.security Highest Vendor file name spring-security-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name security Highest Vendor jar package name security Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.security.core Medium Vendor pom artifactid spring-security-core Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-core High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product central artifactid spring-security-core Highest Product file name spring-security-core High Product jar package name core Highest Product jar package name security Highest Product jar package name security Low Product Manifest automatic-module-name spring.security.core Medium Product Manifest Implementation-Title spring-security-core High Product pom artifactid spring-security-core Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-core High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version central version 5.7.11 Highest Version file version 5.7.11 High Version Manifest Implementation-Version 5.7.11 High Version pom version 5.7.11 Highest
Related Dependencies ffl-core-database-1.0.22.jar: spring-security-core-5.7.11.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-security-core-5.7.11.jar MD5: 11e82e2698da00fe8c6de5ebe625b3f0 SHA1: 6c79c2f22d238f89abe3e75af80dc442c4087c62 SHA256: 6dc827f4065a74d8d86b976c2d6c284c42ecc5a88d34850b506beb58e7f8346b pkg:maven/org.springframework.security/spring-security-core@5.7.11 CVE-2024-22257 (OSSINDEX)suppress
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. CWE-862 Missing Authorization
CVSSv2:
Base Score: HIGH (8.2) Vector: /AV:N/AC:L/Au:/C:H/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-core:5.7.11:*:*:*:*:*:*:* Description:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-security-crypto-5.7.11.jar
MD5: 29553faabff72c4261058e8ebf9e5210
SHA1: 3abf76cedbba13496108c89159451a65dfd544b5
SHA256: 916b099504044134fa2d24bc61531819e3d720d17bfea2762c0defc1f7846d9b
Evidence Type Source Name Value Confidence Vendor central artifactid spring-security-crypto Highest Vendor central groupid org.springframework.security Highest Vendor file name spring-security-crypto High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name crypto Highest Vendor jar package name crypto Low Vendor jar package name security Highest Vendor jar package name security Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.security.crypto Medium Vendor pom artifactid spring-security-crypto Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-crypto High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product central artifactid spring-security-crypto Highest Product file name spring-security-crypto High Product jar package name crypto Highest Product jar package name crypto Low Product jar package name security Highest Product jar package name security Low Product Manifest automatic-module-name spring.security.crypto Medium Product Manifest Implementation-Title spring-security-crypto High Product pom artifactid spring-security-crypto Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-crypto High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version central version 5.7.11 Highest Version file version 5.7.11 High Version Manifest Implementation-Version 5.7.11 High Version pom version 5.7.11 Highest
Related Dependencies ffl-core-database-1.0.22.jar: spring-security-crypto-5.7.11.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-security-crypto-5.7.11.jar MD5: 29553faabff72c4261058e8ebf9e5210 SHA1: 3abf76cedbba13496108c89159451a65dfd544b5 SHA256: 916b099504044134fa2d24bc61531819e3d720d17bfea2762c0defc1f7846d9b pkg:maven/org.springframework.security/spring-security-crypto@5.7.11 CVE-2020-5408 (OSSINDEX)suppress
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details CWE-329 Not Using a Random IV with CBC Mode
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-crypto:5.7.11:*:*:*:*:*:*:* Description:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-security-web-5.7.11.jar
MD5: c016961949f4773424dd9ec51d08f3f2
SHA1: c4b8f50451e7f3848656d4e843f97170dcacbe13
SHA256: 690781626bad26ed4416da7dbd43e6c656376b2c086f629b41a07926042ef20a
Evidence Type Source Name Value Confidence Vendor central artifactid spring-security-web Highest Vendor central groupid org.springframework.security Highest Vendor file name spring-security-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name security Highest Vendor jar package name security Low Vendor jar package name springframework Low Vendor jar package name web Highest Vendor jar package name web Low Vendor Manifest automatic-module-name spring.security.web Medium Vendor pom artifactid spring-security-web Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-web High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product central artifactid spring-security-web Highest Product file name spring-security-web High Product jar package name security Highest Product jar package name security Low Product jar package name web Highest Product jar package name web Low Product Manifest automatic-module-name spring.security.web Medium Product Manifest Implementation-Title spring-security-web High Product pom artifactid spring-security-web Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-web High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version central version 5.7.11 Highest Version file version 5.7.11 High Version Manifest Implementation-Version 5.7.11 High Version pom version 5.7.11 Highest
Related Dependencies ffl-core-database-1.0.22.jar: spring-security-web-5.7.11.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-security-web-5.7.11.jar MD5: c016961949f4773424dd9ec51d08f3f2 SHA1: c4b8f50451e7f3848656d4e843f97170dcacbe13 SHA256: 690781626bad26ed4416da7dbd43e6c656376b2c086f629b41a07926042ef20a pkg:maven/org.springframework.security/spring-security-web@5.7.11 CVE-2024-38821 (OSSINDEX)suppress
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.
For this to impact an application, all of the following must be true:
* It must be a WebFlux application
* It must be using Spring's static resources support
* It must have a non-permitAll authorization rule applied to the static resources support CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: HIGH (8.2) Vector: /AV:N/AC:L/Au:/C:/I:/A: References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-web:5.7.11:*:*:*:*:*:*:* Description:
Spring Web License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22-repackaged.jar/BOOT-INF/lib/spring-web-5.3.31.jar
MD5: 4bef28044f222933ea2e45818c7f96a1
SHA1: 3bf73c385a1f2f4a0d482149d6a205e854cec497
SHA256: 7b7b4db19acc8c0cdb0dea93a3aa4b1b706db4bcc7b77f677a0c56e86d379ac7
Evidence Type Source Name Value Confidence Vendor central artifactid spring-web Highest Vendor central groupid org.springframework Highest Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Low Vendor jar package name web Highest Vendor jar package name web Low Vendor Manifest automatic-module-name spring.web Medium Vendor pom artifactid spring-web Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product central artifactid spring-web Highest Product file name spring-web High Product hint analyzer product springsource_spring_framework Highest Product jar package name web Highest Product jar package name web Low Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Product pom artifactid spring-web Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version central version 5.3.31 Highest Version file version 5.3.31 High Version Manifest Implementation-Version 5.3.31 High Version pom version 5.3.31 Highest
Related Dependencies ffl-core-database-1.0.22.jar: spring-web-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-web-5.3.31.jar MD5: 4bef28044f222933ea2e45818c7f96a1 SHA1: 3bf73c385a1f2f4a0d482149d6a205e854cec497 SHA256: 7b7b4db19acc8c0cdb0dea93a3aa4b1b706db4bcc7b77f677a0c56e86d379ac7 pkg:maven/org.springframework/spring-web@5.3.31 CVE-2016-1000027 suppress
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
CVE-2024-38809 (OSSINDEX)suppress
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.
Users of affected versions should upgrade to the corresponding fixed version.
Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv2:
Base Score: HIGH (8.7) Vector: /AV:N/AC:L/Au:/C:/I:/A: References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:* CVE-2024-22243 (OSSINDEX)suppress
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-22243 for details CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVSSv2:
Base Score: HIGH (8.1) Vector: /AV:N/AC:L/Au:/C:H/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:* CVE-2024-22262 (OSSINDEX)suppress
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVSSv2:
Base Score: HIGH (8.1) Vector: /AV:N/AC:L/Au:/C:H/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:* CVE-2024-38828 (OSSINDEX)suppress
Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv2:
Base Score: MEDIUM (6.9) Vector: /AV:N/AC:L/Au:/C:/I:/A: References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:* CVE-2024-38820 suppress
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Module contenant le core du back-office File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-1.0.22.jarMD5: c184d3e3879213d36075d26f5af915cfSHA1: 5fbe58f05aeec7fd6ced0a3fa91f4e43d09abe11SHA256: 354e9816ac9cd988caa8cd94700744d136153821c5ea463958bbafce8db08dca
Evidence Type Source Name Value Confidence Vendor file name ffl-core-commons High Vendor jar package name commons Highest Vendor jar package name core Highest Vendor jar package name ffl Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid ffl-core-commons Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-commons High Product jar package name commons Highest Product jar package name core Highest Product jar package name ffl Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title ffl-core-commons High Product pom artifactid ffl-core-commons Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 1.0.22 High Version Manifest Implementation-Version 1.0.22 High Version pom parent-version 1.0.22 Low Version pom version 1.0.22 Highest
Related Dependencies ffl-core-database-1.0.22.jar: ffl-core-commons-1.0.22.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/ffl-core-commons-1.0.22.jar MD5: c184d3e3879213d36075d26f5af915cf SHA1: 5fbe58f05aeec7fd6ced0a3fa91f4e43d09abe11 SHA256: 354e9816ac9cd988caa8cd94700744d136153821c5ea463958bbafce8db08dca pkg:maven/com.sintia.ffl.core/ffl-core-commons@1.0.22 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-dal/target/ffl-core-dal-1.0.22.jarMD5: ee7b8a93f4d31f9534ca84bca6f9a88fSHA1: 10a2b6809e9af8f165b357182c3ba7752fe385faSHA256: 54f590e1e490183a19e86222a87add7abfb8d079ad45b16b3e7d265c67c32150
Evidence Type Source Name Value Confidence Vendor file name ffl-core-dal High Vendor jar package name core Highest Vendor jar package name dal Highest Vendor jar package name ffl Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid ffl-core-dal Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-dal-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-dal High Product jar package name core Highest Product jar package name dal Highest Product jar package name ffl Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title ffl-core-dal High Product pom artifactid ffl-core-dal Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-dal-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 1.0.22 High Version Manifest Implementation-Version 1.0.22 High Version pom parent-version 1.0.22 Low Version pom version 1.0.22 Highest
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jarMD5: c17400e596495387017488535ba57f91SHA1: 19cb4afb4ff00e08efabeea1546df3190491c9fbSHA256: 1906c430d08bc006d2d9ef6ff09b9ad55c41a138aecdfded4667c0f045f42c5a
Evidence Type Source Name Value Confidence Vendor file name ffl-core-database High Vendor jar package name com Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest spring-boot-classes BOOT-INF/classes/ Low Vendor Manifest spring-boot-classpath-index BOOT-INF/classpath.idx Low Vendor Manifest spring-boot-layers-index BOOT-INF/layers.idx Low Vendor Manifest spring-boot-lib BOOT-INF/lib/ Low Vendor pom artifactid ffl-core-database Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-database-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-database High Product jar package name boot Highest Product jar package name boot-inf Highest Product jar package name classes Highest Product jar package name com Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title ffl-core-database High Product Manifest spring-boot-classes BOOT-INF/classes/ Low Product Manifest spring-boot-classpath-index BOOT-INF/classpath.idx Low Product Manifest spring-boot-layers-index BOOT-INF/layers.idx Low Product Manifest spring-boot-lib BOOT-INF/lib/ Low Product pom artifactid ffl-core-database Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-database-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 1.0.22 High Version Manifest Implementation-Version 1.0.22 High Version pom parent-version 1.0.22 Low Version pom version 1.0.22 Highest
Description:
Ultimate JDBC Connection Pool License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/HikariCP-4.0.3.jar
MD5: e725642926105cd1bbf4ad7fdff5d5a9
SHA1: 107cbdf0db6780a065f895ae9d8fbf3bb0e1c21f
SHA256: 7c024aeff1c1063576d74453513f9de6447d8e624d17f8e27f30a2e97688c6c9
Evidence Type Source Name Value Confidence Vendor file name HikariCP High Vendor jar package name pool Highest Vendor jar package name zaxxer Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://github.com/brettwooldridge Low Vendor Manifest bundle-symbolicname com.zaxxer.HikariCP Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid HikariCP Low Vendor pom developer email brett.wooldridge@gmail.com Low Vendor pom developer name Brett Wooldridge Medium Vendor pom groupid com.zaxxer Highest Vendor pom name HikariCP High Vendor pom organization name Zaxxer.com High Vendor pom organization url brettwooldridge Medium Vendor pom url brettwooldridge/HikariCP Highest Product file name HikariCP High Product jar package name 11 Highest Product jar package name pool Highest Product jar package name zaxxer Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://github.com/brettwooldridge Low Product Manifest Bundle-Name HikariCP Medium Product Manifest bundle-symbolicname com.zaxxer.HikariCP Medium Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid HikariCP Highest Product pom developer email brett.wooldridge@gmail.com Low Product pom developer name Brett Wooldridge Low Product pom groupid com.zaxxer Highest Product pom name HikariCP High Product pom organization name Zaxxer.com Low Product pom url brettwooldridge High Product pom url brettwooldridge/HikariCP High Version file version 4.0.3 High Version Manifest Bundle-Version 4.0.3 High Version pom version 4.0.3 Highest
Description:
The ANTLR 4 Runtime License:
https://www.antlr.org/license.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/antlr4-runtime-4.13.0.jar
MD5: bff95723c494b332b14575d713a65df4
SHA1: 5a02e48521624faaf5ff4d99afc88b01686af655
SHA256: bd7f7b5d07bc0b047f10915b32ca4bb1de9e57d8049098882e4453c88c076a5d
Evidence Type Source Name Value Confidence Vendor file name antlr4-runtime High Vendor jar package name antlr Highest Vendor jar package name runtime Highest Vendor Manifest automatic-module-name org.antlr.antlr4.runtime Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.antlr.org/ Low Vendor Manifest bundle-symbolicname org.antlr.antlr4-runtime Medium Vendor Manifest Implementation-Vendor ANTLR High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid antlr4-runtime Low Vendor pom groupid org.antlr Highest Vendor pom name ANTLR 4 Runtime High Vendor pom parent-artifactid antlr4-master Low Product file name antlr4-runtime High Product jar package name antlr Highest Product jar package name runtime Highest Product Manifest automatic-module-name org.antlr.antlr4.runtime Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.antlr.org/ Low Product Manifest Bundle-Name ANTLR 4 Runtime Medium Product Manifest bundle-symbolicname org.antlr.antlr4-runtime Medium Product Manifest Implementation-Title ANTLR 4 Runtime High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid antlr4-runtime Highest Product pom groupid org.antlr Highest Product pom name ANTLR 4 Runtime High Product pom parent-artifactid antlr4-master Medium Version file version 4.13.0 High Version Manifest Bundle-Version 4.13.0 High Version Manifest Implementation-Version 4.13.0 High Version pom version 4.13.0 Highest
Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/byte-buddy-1.12.23.jar
MD5: bdf44dc7543f6bf2728b6e7d32e3bf8c
SHA1: d470526e8c4566c04e9ae5d3ccb62d1a7aa58986
SHA256: 0433a8e4efcc5e137ceb6e7e1d83c2f1f95057c13b66fb92a901f883cb4df4b4
Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.12.23 High Version Manifest Bundle-Version 1.12.23 High Version pom version 1.12.23 Highest
Description:
Checker Qual is the set of annotations (qualifiers) and supporting classes
used by the Checker Framework to type check Java source code.
Please
see artifact:
org.checkerframework:checker
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/checker-qual-3.5.0.jar
MD5: 4464def1ed5c10f248ebfe1bccbedf1a
SHA1: 2f50520c8abea66fbd8d26e481d3aef5c673b510
SHA256: 729990b3f18a95606fc2573836b6958bcdb44cb52bfbd1b7aa9c339cff35a5a4
Evidence Type Source Name Value Confidence Vendor central artifactid checker-qual Highest Vendor central groupid org.checkerframework Highest Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checker Low Vendor jar package name checkerframework Highest Vendor jar package name checkerframework Low Vendor jar package name qual Highest Vendor Manifest automatic-module-name org.checkerframework.checker.qual Medium Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer email wdietl@uwaterloo.ca Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer id wmdietl Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer name Werner M. Dietl Medium Vendor pom developer org University of Washington Medium Vendor pom developer org University of Waterloo Medium Vendor pom developer org URL http://uwaterloo.ca/ Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom developer org URL https://www.cs.washington.edu/research/plse/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org Highest Product central artifactid checker-qual Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checker Low Product jar package name checkerframework Highest Product jar package name qual Highest Product jar package name qual Low Product Manifest automatic-module-name org.checkerframework.checker.qual Medium Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer email wdietl@uwaterloo.ca Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer id wmdietl Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer name Werner M. Dietl Low Product pom developer org University of Washington Low Product pom developer org University of Waterloo Low Product pom developer org URL http://uwaterloo.ca/ Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom developer org URL https://www.cs.washington.edu/research/plse/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org Medium Version central version 3.5.0 Highest Version file version 3.5.0 High Version Manifest Bundle-Version 3.5.0 High Version Manifest Implementation-Version 3.5.0 High Version pom version 3.5.0 Highest
Description:
Library for introspecting types with full generic information
including resolving of field and method types.
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256: aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Evidence Type Source Name Value Confidence Vendor file name classmate High Vendor jar package name classmate Highest Vendor jar package name fasterxml Highest Vendor jar package name types Highest Vendor Manifest automatic-module-name com.fasterxml.classmate Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Vendor Manifest bundle-symbolicname com.fasterxml.classmate Medium Vendor Manifest implementation-build-date 2019-10-19 22:46:35+0000 Low Vendor Manifest Implementation-Vendor fasterxml.com High Vendor Manifest Implementation-Vendor-Id com.fasterxml Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor fasterxml.com Low Vendor pom artifactid classmate Low Vendor pom developer email blangel@ocheyedan.net Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id blangel Medium Vendor pom developer id tatu Medium Vendor pom developer name Brian Langel Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid com.fasterxml Highest Vendor pom name ClassMate High Vendor pom organization name fasterxml.com High Vendor pom organization url https://fasterxml.com Medium Vendor pom parent-artifactid oss-parent Low Vendor pom url FasterXML/java-classmate Highest Product file name classmate High Product jar package name classmate Highest Product jar package name fasterxml Highest Product jar package name filter Highest Product jar package name types Highest Product Manifest automatic-module-name com.fasterxml.classmate Medium Product Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Product Manifest Bundle-Name ClassMate Medium Product Manifest bundle-symbolicname com.fasterxml.classmate Medium Product Manifest implementation-build-date 2019-10-19 22:46:35+0000 Low Product Manifest Implementation-Title ClassMate High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title ClassMate Medium Product pom artifactid classmate Highest Product pom developer email blangel@ocheyedan.net Low Product pom developer email tatu@fasterxml.com Low Product pom developer id blangel Low Product pom developer id tatu Low Product pom developer name Brian Langel Low Product pom developer name Tatu Saloranta Low Product pom groupid com.fasterxml Highest Product pom name ClassMate High Product pom organization name fasterxml.com Low Product pom organization url https://fasterxml.com Low Product pom parent-artifactid oss-parent Medium Product pom url FasterXML/java-classmate High Version file version 1.5.1 High Version Manifest Bundle-Version 1.5.1 High Version Manifest Implementation-Version 1.5.1 High Version pom parent-version 1.5.1 Low Version pom version 1.5.1 Highest
Description:
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256: 1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Evidence Type Source Name Value Confidence Vendor file name commons-collections4 High Vendor jar package name apache Highest Vendor jar package name collections4 Highest Vendor jar package name commons Highest Vendor Manifest automatic-module-name org.apache.commons.collections4 Medium Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-collections4 Medium Vendor Manifest implementation-url https://commons.apache.org/proper/commons-collections/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-collections4 Low Vendor pom developer id adriannistor Medium Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id chtompki Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dlaha Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id luc Medium Vendor pom developer id matth Medium Vendor pom developer id mbenson Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer id tn Medium Vendor pom developer name Adrian Nistor Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dipanjan Laha Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Luc Maisonobe Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-collections/ Highest Product file name commons-collections4 High Product jar package name apache Highest Product jar package name collections4 Highest Product jar package name commons Highest Product Manifest automatic-module-name org.apache.commons.collections4 Medium Product Manifest bundle-docurl https://commons.apache.org/proper/commons-collections/ Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.commons-collections4 Medium Product Manifest Implementation-Title Apache Commons Collections High Product Manifest implementation-url https://commons.apache.org/proper/commons-collections/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections4 Highest Product pom developer id adriannistor Low Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id chtompki Low Product pom developer id craigmcc Low Product pom developer id dlaha Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id luc Low Product pom developer id matth Low Product pom developer id mbenson Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer id tn Low Product pom developer name Adrian Nistor Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Dipanjan Laha Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Luc Maisonobe Low Product pom developer name Matt Benson Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom developer name Thomas Neidhart Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-collections/ Medium Version file version 4.4 High Version Manifest Implementation-Version 4.4 High Version pom parent-version 4.4 Low Version pom version 4.4 Highest
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/commons-io-2.16.1.jar
MD5: ed8191a5a217940140001b0acfed18d9
SHA1: 377d592e740dc77124e0901291dbfaa6810a200e
SHA256: f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f
Evidence Type Source Name Value Confidence Vendor file name commons-io High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name file Highest Vendor jar package name io Highest Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-io Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-io Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jeremias@apache.org Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email krosenvold@apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email matth@apache.org Low Vendor pom developer email nicolaken@apache.org Low Vendor pom developer email roxspring@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dion Medium Vendor pom developer id ggregory Medium Vendor pom developer id jeremias Medium Vendor pom developer id jochen Medium Vendor pom developer id jukka Medium Vendor pom developer id krosenvold Medium Vendor pom developer id martinc Medium Vendor pom developer id matth Medium Vendor pom developer id niallp Medium Vendor pom developer id nicolaken Medium Vendor pom developer id roxspring Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jeremias Maerki Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name Jukka Zitting Medium Vendor pom developer name Kristian Rosenvold Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nicola Ken Barozzi Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-io Highest Vendor pom name Apache Commons IO High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-io/ Highest Product file name commons-io High Product jar package name apache Highest Product jar package name commons Highest Product jar package name file Highest Product jar package name io Highest Product Manifest automatic-module-name org.apache.commons.io Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest bundle-symbolicname org.apache.commons.commons-io Medium Product Manifest Implementation-Title Apache Commons IO High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons IO Medium Product pom artifactid commons-io Highest Product pom developer email bayard@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email jeremias@apache.org Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email krosenvold@apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email matth@apache.org Low Product pom developer email nicolaken@apache.org Low Product pom developer email roxspring@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer id bayard Low Product pom developer id dion Low Product pom developer id ggregory Low Product pom developer id jeremias Low Product pom developer id jochen Low Product pom developer id jukka Low Product pom developer id krosenvold Low Product pom developer id martinc Low Product pom developer id matth Low Product pom developer id niallp Low Product pom developer id nicolaken Low Product pom developer id roxspring Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jeremias Maerki Low Product pom developer name Jochen Wiedmann Low Product pom developer name Jukka Zitting Low Product pom developer name Kristian Rosenvold Low Product pom developer name Martin Cooper Low Product pom developer name Matthew Hawthorne Low Product pom developer name Niall Pemberton Low Product pom developer name Nicola Ken Barozzi Low Product pom developer name Rob Oxspring Low Product pom developer name Scott Sanders Low Product pom developer name Stephen Colebourne Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-io Highest Product pom name Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-io/ Medium Version file version 2.16.1 High Version Manifest Bundle-Version 2.16.1 High Version Manifest Implementation-Version 2.16.1 High Version pom parent-version 2.16.1 Low Version pom version 2.16.1 Highest
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/commons-lang3-3.12.0.jar
MD5: 19fe50567358922bdad277959ea69545
SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
SHA256: d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e
Evidence Type Source Name Value Confidence Vendor file name commons-lang3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang3 Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email lguibert@apache.org Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id lguibert Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Loic Guibert Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Product file name commons-lang3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang3 Highest Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Lang Medium Product pom artifactid commons-lang3 Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email lguibert@apache.org Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id lguibert Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Benedikt Ritter Low Product pom developer name Daniel Rall Low Product pom developer name Duncan Jones Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary D. Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Loic Guibert Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org SITA ATS Ltd Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.12.0 High Version Manifest Bundle-Version 3.12.0 High Version Manifest Implementation-Version 3.12.0 High Version pom parent-version 3.12.0 Low Version pom version 3.12.0 Highest
Description:
Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
and manipulating text that should be of use in a Java environment.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/commons-text-1.12.0.jar
MD5: 544add6fbc8d4b100b07c3692d08099e
SHA1: 66aa90dc099701c4d3b14bd256c328f592ccf0d6
SHA256: de023257ff166044a56bd1aa9124e843cd05dac5806cc705a9311f3556d5a15f
Evidence Type Source Name Value Confidence Vendor file name commons-text High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name text Highest Vendor Manifest automatic-module-name org.apache.commons.text Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Vendor Manifest bundle-symbolicname org.apache.commons.text Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-text Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email kinow@apache.org Low Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id ggregory Medium Vendor pom developer id kinow Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Bruno P. Kinoshita Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Text High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-text Highest Product file name commons-text High Product jar package name apache Highest Product jar package name commons Highest Product jar package name text Highest Product Manifest automatic-module-name org.apache.commons.text Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Product Manifest Bundle-Name Apache Commons Text Medium Product Manifest bundle-symbolicname org.apache.commons.text Medium Product Manifest Implementation-Title Apache Commons Text High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Text Medium Product pom artifactid commons-text Highest Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email kinow@apache.org Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id ggregory Low Product pom developer id kinow Low Product pom developer name Benedikt Ritter Low Product pom developer name Bruno P. Kinoshita Low Product pom developer name Duncan Jones Low Product pom developer name Gary Gregory Low Product pom developer name Rob Tompkins Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Text High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-text Medium Version file version 1.12.0 High Version Manifest Bundle-Version 1.12.0 High Version Manifest Implementation-Version 1.12.0 High Version pom parent-version 1.12.0 Low Version pom version 1.12.0 Highest
Description:
Common reflection code used in support of annotation processing License:
Apache License Version 2.0: https://opensource.org/licenses/Apache-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/hibernate-commons-annotations-7.0.1.Final.jar
MD5: 825afccbb1ecd84884649ca422c0d57b
SHA1: c21c8b84ab6c56b181014df3df2ed1467a7a7e88
SHA256: 0a690967ef2ef3e2bcec3c7871869ff64d1269904d58d22d7aaf46e3e5bb0483
Evidence Type Source Name Value Confidence Vendor central artifactid hibernate-commons-annotations Highest Vendor central groupid org.hibernate.common Highest Vendor file name hibernate-commons-annotations High Vendor hint analyzer vendor redhat Highest Vendor jar package name annotations Low Vendor jar package name common Low Vendor jar package name hibernate Highest Vendor jar package name hibernate Low Vendor Manifest implementation-url http://hibernate.org Low Vendor Manifest Implementation-Vendor Hibernate.org High Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Vendor pom artifactid hibernate-commons-annotations Low Vendor pom developer id hibernate-team Medium Vendor pom developer name The Hibernate Development Team Medium Vendor pom developer org Hibernate.org Medium Vendor pom developer org URL http://hibernate.org Medium Vendor pom groupid org.hibernate.common Highest Vendor pom name Hibernate Commons Annotations High Vendor pom organization name Hibernate.org High Vendor pom organization url http://hibernate.org Medium Vendor pom url http://hibernate.org Highest Product central artifactid hibernate-commons-annotations Highest Product file name hibernate-commons-annotations High Product jar package name annotations Low Product jar package name common Low Product jar package name hibernate Highest Product jar package name reflection Low Product Manifest implementation-url http://hibernate.org Low Product pom artifactid hibernate-commons-annotations Highest Product pom developer id hibernate-team Low Product pom developer name The Hibernate Development Team Low Product pom developer org Hibernate.org Low Product pom developer org URL http://hibernate.org Low Product pom groupid org.hibernate.common Highest Product pom name Hibernate Commons Annotations High Product pom organization name Hibernate.org Low Product pom organization url http://hibernate.org Low Product pom url http://hibernate.org Medium Version central version 7.0.1.Final Highest Version Manifest Implementation-Version 7.0.1.Final High Version pom version 7.0.1.Final Highest
Description:
Hibernate's core ORM functionality License:
GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/hibernate-core-6.6.0.Final.jar
MD5: b8c1f21f08b4aed738f02af7322f879b
SHA1: f7f410bfcc65c1d2644c978df35f871160db3214
SHA256: b410b6d0a7ce05f2d5315fd93732d3c6d2c3f016faf01ae6ea3e5a8160ddeb5d
Evidence Type Source Name Value Confidence Vendor central artifactid hibernate-core Highest Vendor central groupid org.hibernate.orm Highest Vendor file name hibernate-core High Vendor hint analyzer vendor redhat Highest Vendor jar package name hibernate Highest Vendor jar package name hibernate Low Vendor Manifest automatic-module-name org.hibernate.orm.core Medium Vendor Manifest bundle-docurl https://www.hibernate.org/orm/6.6 Low Vendor Manifest bundle-symbolicname org.hibernate.orm.core Medium Vendor Manifest implementation-url https://hibernate.org/orm Low Vendor Manifest Implementation-Vendor Hibernate.org High Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))" Low Vendor Manifest specification-vendor Hibernate.org Low Vendor pom artifactid hibernate-core Low Vendor pom developer id hibernate-team Medium Vendor pom developer name The Hibernate Development Team Medium Vendor pom developer org Hibernate.org Medium Vendor pom developer org URL https://hibernate.org Medium Vendor pom groupid org.hibernate.orm Highest Vendor pom name Hibernate ORM - hibernate-core High Vendor pom organization name Hibernate.org High Vendor pom organization url https://hibernate.org Medium Vendor pom url https://hibernate.org/orm Highest Product central artifactid hibernate-core Highest Product file name hibernate-core High Product jar package name filter Highest Product jar package name hibernate Highest Product jar package name version Highest Product Manifest automatic-module-name org.hibernate.orm.core Medium Product Manifest bundle-docurl https://www.hibernate.org/orm/6.6 Low Product Manifest Bundle-Name hibernate-core Medium Product Manifest bundle-symbolicname org.hibernate.orm.core Medium Product Manifest Implementation-Title hibernate-core High Product Manifest implementation-url https://hibernate.org/orm Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))" Low Product Manifest specification-title hibernate-core Medium Product pom artifactid hibernate-core Highest Product pom developer id hibernate-team Low Product pom developer name The Hibernate Development Team Low Product pom developer org Hibernate.org Low Product pom developer org URL https://hibernate.org Low Product pom groupid org.hibernate.orm Highest Product pom name Hibernate ORM - hibernate-core High Product pom organization name Hibernate.org Low Product pom organization url https://hibernate.org Low Product pom url https://hibernate.org/orm Medium Version central version 6.6.0.Final Highest Version Manifest Bundle-Version 6.6.0.Final High Version Manifest Implementation-Version 6.6.0.Final High Version pom version 6.6.0.Final Highest
Description:
istack common utility code License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/istack-commons-runtime-3.0.12.jar
MD5: 1952bd76321f8580cfaa57e332a68287
SHA1: cbbe1a62b0cc6c85972e99d52aaee350153dc530
SHA256: 27d85fc134c9271d5c79d3300fc4669668f017e72409727c428f54f2417f04cd
Evidence Type Source Name Value Confidence Vendor file name istack-commons-runtime High Vendor jar package name com Highest Vendor jar package name istack Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Vendor Manifest implementation-build-id 3.0.12 - 7ed1368 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun.istack Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid istack-commons-runtime Low Vendor pom groupid com.sun.istack Highest Vendor pom name istack common utility code runtime High Vendor pom parent-artifactid istack-commons Low Product file name istack-commons-runtime High Product jar package name com Highest Product jar package name istack Highest Product jar package name sun Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name istack common utility code runtime Medium Product Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Product Manifest implementation-build-id 3.0.12 - 7ed1368 Low Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid istack-commons-runtime Highest Product pom groupid com.sun.istack Highest Product pom name istack common utility code runtime High Product pom parent-artifactid istack-commons Medium Version file version 3.0.12 High Version Manifest Bundle-Version 3.0.12 High Version Manifest implementation-build-id 3.0.12 Low Version pom version 3.0.12 Highest
Description:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jackson-annotations-2.13.5.jar
MD5: 0b1245f3245cbfa53e61d9d366006041
SHA1: 136f77ab424f302c9e27230b4482e8000e142edf
SHA256: 80aea8ed7232db5040ced4b3f982f29da95bb3d802343dbf6fd82ccd98c21c4f
Evidence Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest implementation-build-date 2023-01-23 00:03:36+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://github.com/FasterXML/jackson Highest Product file name jackson-annotations High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest implementation-build-date 2023-01-23 00:03:36+0000 Low Product Manifest Implementation-Title Jackson-annotations High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://github.com/FasterXML/jackson Medium Version file version 2.13.5 High Version Manifest Bundle-Version 2.13.5 High Version Manifest Implementation-Version 2.13.5 High Version pom parent-version 2.13.5 Low Version pom version 2.13.5 Highest
Description:
Jakarta Activation License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jakarta.activation-1.2.2.jar
MD5: 0b8bee3bf29b9a015f8b992035581a7c
SHA1: 74548703f9851017ce2f556066659438019e7eb5
SHA256: 02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a
Evidence Type Source Name Value Confidence Vendor file name jakarta.activation High Vendor jar package name activation Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname com.sun.activation.jakarta.activation Medium Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.activation Low Vendor pom groupid com.sun.activation Highest Vendor pom name Jakarta Activation High Vendor pom parent-artifactid all Low Product file name jakarta.activation High Product jar package name activation Highest Product jar package name javax Highest Product jar package name sun Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Activation Medium Product Manifest bundle-symbolicname com.sun.activation.jakarta.activation Medium Product Manifest extension-name jakarta.activation Medium Product Manifest Implementation-Title javax.activation High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Product Manifest specification-title Jakarta Activation Specification Medium Product pom artifactid jakarta.activation Highest Product pom groupid com.sun.activation Highest Product pom name Jakarta Activation High Product pom parent-artifactid all Medium Version file version 1.2.2 High Version Manifest Bundle-Version 1.2.2 High Version Manifest Implementation-Version 1.2.2 High Version pom version 1.2.2 Highest
Description:
Jakarta Activation API jar License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jakarta.activation-api-1.2.2.jar
MD5: 1cbb480310fa1987f9db7a3ed7118af7
SHA1: 99f53adba383cb1bf7c3862844488574b559621f
SHA256: a187a939103aef5849a7af84bd7e27be2d120c410af291437375ffe061f4f09d
Evidence Type Source Name Value Confidence Vendor file name jakarta.activation-api High Vendor jar package name activation Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.activation-api Medium Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.activation-api Low Vendor pom groupid jakarta.activation Highest Vendor pom name Jakarta Activation API jar High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.activation Medium Product file name jakarta.activation-api High Product jar package name activation Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Activation API jar Medium Product Manifest bundle-symbolicname jakarta.activation-api Medium Product Manifest extension-name jakarta.activation Medium Product Manifest Implementation-Title jakarta.activation.jakarta.activation-api High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Product Manifest specification-title jakarta.activation.jakarta.activation-api Medium Product pom artifactid jakarta.activation-api Highest Product pom groupid jakarta.activation Highest Product pom name Jakarta Activation API jar High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.activation Medium Version file version 1.2.2 High Version Manifest Bundle-Version 1.2.2 High Version Manifest Implementation-Version 1.2.2 High Version pom version 1.2.2 Highest
Description:
Jakarta Dependency Injection License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jakarta.inject-api-2.0.1.jar
MD5: 72003bf6efcc8455d414bbd7da86c11c
SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
SHA256: f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c
Evidence Type Source Name Value Confidence Vendor file name jakarta.inject-api High Vendor jar package name inject Highest Vendor jar package name jakarta Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.inject.jakarta.inject-api Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jakarta.inject-api Low Vendor pom developer email asd[at]redhat[dot]com Low Vendor pom developer email manovotn[at]redhat[dot]com Low Vendor pom developer email mkouba[at]redhat[dot]com Low Vendor pom developer email tremes[at]redhat[dot]com Low Vendor pom developer id asabotdu Medium Vendor pom developer id manovotn Medium Vendor pom developer id mkouba Medium Vendor pom developer id tremes Medium Vendor pom developer name Antoine Sabot-Durand Medium Vendor pom developer name Martin Kouba Medium Vendor pom developer name Matej Novotny Medium Vendor pom developer name Tomas Remes Medium Vendor pom developer org Red Hat Inc. Medium Vendor pom groupid jakarta.inject Highest Vendor pom name Jakarta Dependency Injection High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url eclipse-ee4j/injection-api Highest Product file name jakarta.inject-api High Product jar package name inject Highest Product jar package name jakarta Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Dependency Injection Medium Product Manifest bundle-symbolicname jakarta.inject.jakarta.inject-api Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.inject-api Highest Product pom developer email asd[at]redhat[dot]com Low Product pom developer email manovotn[at]redhat[dot]com Low Product pom developer email mkouba[at]redhat[dot]com Low Product pom developer email tremes[at]redhat[dot]com Low Product pom developer id asabotdu Low Product pom developer id manovotn Low Product pom developer id mkouba Low Product pom developer id tremes Low Product pom developer name Antoine Sabot-Durand Low Product pom developer name Martin Kouba Low Product pom developer name Matej Novotny Low Product pom developer name Tomas Remes Low Product pom developer org Red Hat Inc. Low Product pom groupid jakarta.inject Highest Product pom name Jakarta Dependency Injection High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url eclipse-ee4j/injection-api High Version file version 2.0.1 High Version Manifest Bundle-Version 2.0.1 High Version pom parent-version 2.0.1 Low Version pom version 2.0.1 Highest
Description:
Jakarta Persistence 2.2 API jar License:
Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jakarta.persistence-api-2.2.3.jar
MD5: e0a655f398f8e68e0afebb0f71fba4e5
SHA1: 8f6ea5daedc614f07a3654a455660145286f024e
SHA256: 0c2d73ab36ad24eeed6e0bea928e9d0ef771de8df689e23b7754d366dda27c53
Evidence Type Source Name Value Confidence Vendor file name jakarta.persistence-api High Vendor jar package name persistence Highest Vendor Manifest automatic-module-name java.persistence Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.persistence-api Medium Vendor Manifest extension-name jakarta.persistence Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.persistence-api Low Vendor pom developer id lukasj Medium Vendor pom developer name Lukas Jungmann Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid jakarta.persistence Highest Vendor pom name Jakarta Persistence API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url eclipse-ee4j/jpa-api Highest Product file name jakarta.persistence-api High Product jar package name persistence Highest Product Manifest automatic-module-name java.persistence Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Persistence API jar Medium Product Manifest bundle-symbolicname jakarta.persistence-api Medium Product Manifest extension-name jakarta.persistence Medium Product pom artifactid jakarta.persistence-api Highest Product pom developer id lukasj Low Product pom developer name Lukas Jungmann Low Product pom developer org Oracle, Inc. Low Product pom groupid jakarta.persistence Highest Product pom name Jakarta Persistence API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url eclipse-ee4j/jpa-api High Version file version 2.2.3 High Version Manifest Bundle-Version 2.2.3 High Version Manifest Implementation-Version 2.2.3 High Version pom parent-version 2.2.3 Low Version pom version 2.2.3 Highest
Description:
Jakarta Transactions License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jakarta.transaction-api-1.3.3.jar
MD5: cc45726045cc9a0728f803f9db4c90c4
SHA1: c4179d48720a1e87202115fbed6089bdc4195405
SHA256: 0b02a194dd04ee2e192dc9da9579e10955dd6e8ac707adfc91d92f119b0e67ab
Evidence Type Source Name Value Confidence Vendor file name jakarta.transaction-api High Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest automatic-module-name java.transaction Medium Vendor Manifest bundle-docurl https://github.com/eclipse-ee4j Low Vendor Manifest bundle-symbolicname jakarta.transaction-api Medium Vendor Manifest extension-name javax.transaction Medium Vendor Manifest Implementation-Vendor EE4J Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jakarta.transaction-api Low Vendor pom developer id stephen_felts Medium Vendor pom developer name Stephen Felts Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid jakarta.transaction Highest Vendor pom name ${extension.name} API High Vendor pom organization name EE4J Community High Vendor pom organization url eclipse-ee4j Medium Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.jta Highest Product file name jakarta.transaction-api High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest automatic-module-name java.transaction Medium Product Manifest bundle-docurl https://github.com/eclipse-ee4j Low Product Manifest Bundle-Name javax.transaction API Medium Product Manifest bundle-symbolicname jakarta.transaction-api Medium Product Manifest extension-name javax.transaction Medium Product pom artifactid jakarta.transaction-api Highest Product pom developer id stephen_felts Low Product pom developer name Stephen Felts Low Product pom developer org Oracle, Inc. Low Product pom groupid jakarta.transaction Highest Product pom name ${extension.name} API High Product pom organization name EE4J Community Low Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url eclipse-ee4j High Product pom url https://projects.eclipse.org/projects/ee4j.jta Medium Version file version 1.3.3 High Version Manifest Bundle-Version 1.3.3 High Version Manifest Implementation-Version 1.3.3 High Version pom parent-version 1.3.3 Low Version pom version 1.3.3 Highest
Description:
Jakarta XML Binding API 2.3 Design Specification License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jakarta.xml.bind-api-2.3.3.jar
MD5: 61286918ca0192e9f87d1358aef718dd
SHA1: 48e3b9cfc10752fba3521d6511f4165bea951801
SHA256: c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5
Evidence Type Source Name Value Confidence Vendor file name jakarta.xml.bind-api High Vendor jar package name bind Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.xml.bind-api Medium Vendor Manifest extension-name jakarta.xml.bind Medium Vendor Manifest implementation-build-id 2.3.3-RELEASE-fd06b2b Low Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.xml.bind-api Low Vendor pom groupid jakarta.xml.bind Highest Vendor pom name Jakarta XML Binding API High Vendor pom parent-artifactid jakarta.xml.bind-api-parent Low Product file name jakarta.xml.bind-api High Product jar package name bind Highest Product jar package name xml Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta XML Binding API Medium Product Manifest bundle-symbolicname jakarta.xml.bind-api Medium Product Manifest extension-name jakarta.xml.bind Medium Product Manifest implementation-build-id 2.3.3-RELEASE-fd06b2b Low Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.xml.bind-api Highest Product pom groupid jakarta.xml.bind Highest Product pom name Jakarta XML Binding API High Product pom parent-artifactid jakarta.xml.bind-api-parent Medium Version file version 2.3.3 High Version Manifest Bundle-Version 2.3.3 High Version Manifest Implementation-Version 2.3.3 High Version pom version 2.3.3 Highest
Description:
SmallRye Build Parent POM License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jandex-3.2.0.jar
MD5: 703254a1bd4c37efeebdc0a283c65565
SHA1: f17ad860f62a08487b9edabde608f8ac55c62fa7
SHA256: 6da3e9ce8d0c0a433f3e7ce610a3c66accb00c71fee67aa0ff3e5a841395ac15
Evidence Type Source Name Value Confidence Vendor file name jandex High Vendor jar package name jandex Highest Vendor jar package name jboss Highest Vendor Manifest automatic-module-name org.jboss.jandex Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-symbolicname io.smallrye.jandex Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jandex Low Vendor pom groupid io.smallrye Highest Vendor pom name Jandex: Core High Vendor pom parent-artifactid jandex-parent Low Product file name jandex High Product jar package name jandex Highest Product jar package name jboss Highest Product Manifest automatic-module-name org.jboss.jandex Medium Product Manifest build-jdk-spec 17 Low Product Manifest Bundle-Name Jandex: Core Medium Product Manifest bundle-symbolicname io.smallrye.jandex Medium Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jandex Highest Product pom groupid io.smallrye Highest Product pom name Jandex: Core High Product pom parent-artifactid jandex-parent Medium Version file version 3.2.0 High Version Manifest Bundle-Version 3.2.0 High Version pom version 3.2.0 Highest
Description:
JAXB (JSR 222) API License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256: 88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Evidence Type Source Name Value Confidence Vendor file name jaxb-api High Vendor jar package name bind Highest Vendor jar package name javax Highest Vendor jar package name jaxb Highest Vendor jar package name xml Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname jaxb-api Medium Vendor Manifest extension-name javax.xml.bind Medium Vendor Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jaxb-api Low Vendor pom groupid javax.xml.bind Highest Vendor pom parent-artifactid jaxb-api-parent Low Product file name jaxb-api High Product jar package name bind Highest Product jar package name javax Highest Product jar package name jaxb Highest Product jar package name xml Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jaxb-api Medium Product Manifest bundle-symbolicname jaxb-api Medium Product Manifest extension-name javax.xml.bind Medium Product Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))" Low Product Manifest specification-title jaxb-api Medium Product pom artifactid jaxb-api Highest Product pom groupid javax.xml.bind Highest Product pom parent-artifactid jaxb-api-parent Medium Version file version 2.3.1 High Version Manifest Bundle-Version 2.3.1 High Version pom version 2.3.1 Highest
Description:
JAXB (JSR 222) Reference Implementation License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jaxb-runtime-2.3.9.jar
MD5: 9383286160dde0e1a0fec25aee8a44ef
SHA1: 9d42b4f19df7e20b625b2044a7de81d95f6dff29
SHA256: ba88e5bde7c0d878c3e1f2ec2fcabaf51d201eaf93b3bb9cfecfc1f11b2304d4
Evidence Type Source Name Value Confidence Vendor file name jaxb-runtime High Vendor jar package name bind Highest Vendor jar package name com Highest Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname org.glassfish.jaxb.runtime Medium Vendor Manifest git-revision 143ffd0 Low Vendor Manifest implementation-build-id 2.3.9 - 143ffd0 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish.jaxb Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jaxb-runtime Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name JAXB Runtime High Vendor pom parent-artifactid jaxb-runtime-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor pom url https://eclipse-ee4j.github.io/jaxb-ri/ Highest Product file name jaxb-runtime High Product jar package name 9 Highest Product jar package name bind Highest Product jar package name com Highest Product jar package name sun Highest Product jar package name xml Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name JAXB Runtime Medium Product Manifest bundle-symbolicname org.glassfish.jaxb.runtime Medium Product Manifest git-revision 143ffd0 Low Product Manifest implementation-build-id 2.3.9 - 143ffd0 Low Product Manifest Implementation-Title Jakarta XML Binding Implementation High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jakarta XML Binding Medium Product pom artifactid jaxb-runtime Highest Product pom groupid org.glassfish.jaxb Highest Product pom name JAXB Runtime High Product pom parent-artifactid jaxb-runtime-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Product pom url https://eclipse-ee4j.github.io/jaxb-ri/ Medium Version file version 2.3.9 High Version Manifest build-id 2.3.9 Medium Version Manifest Bundle-Version 2.3.9 High Version Manifest implementation-build-id 2.3.9 Low Version Manifest Implementation-Version 2.3.9 High Version Manifest major-version 2.3.9 Medium Version pom version 2.3.9 Highest
CVE-2024-9329 suppress
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
Description:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/jboss-logging-3.4.3.Final.jar
MD5: b298d4b79e591843c1eb1458ea79f070
SHA1: c4bd7e12a745c0e7f6cf98c45cdcdf482fd827ea
SHA256: 0b324cca4d550060e51e70cc0045a6cce62f264278ec1f5082aafeb670fcac49
Evidence Type Source Name Value Confidence Vendor file name jboss-logging High Vendor hint analyzer vendor redhat Highest Vendor jar package name jboss Highest Vendor jar package name logging Highest Vendor Manifest automatic-module-name org.jboss.logging Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jboss-logging Low Vendor pom groupid org.jboss.logging Highest Vendor pom name JBoss Logging 3 High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Vendor pom url http://www.jboss.org Highest Product file name jboss-logging High Product jar package name jboss Highest Product jar package name logging Highest Product Manifest automatic-module-name org.jboss.logging Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest Implementation-Title JBoss Logging 3 High Product Manifest implementation-url http://www.jboss.org Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title JBoss Logging 3 Medium Product pom artifactid jboss-logging Highest Product pom groupid org.jboss.logging Highest Product pom name JBoss Logging 3 High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Product pom url http://www.jboss.org Medium Version Manifest Bundle-Version 3.4.3.Final High Version Manifest Implementation-Version 3.4.3.Final High Version pom parent-version 3.4.3.Final Low Version pom version 3.4.3.Final Highest
Description:
Liquibase is a tool for managing and executing database changes. License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/liquibase-core-4.29.2.jar
MD5: 82d2385a0349310b2c6c994b6d5add13
SHA1: bc4d7a9247ee41a1a467aae2fbe69094e354cac5
SHA256: e69b5ec55891bef987f2e3f83d199a210f3ef2a7fcd6f6c255a2327693739d40
Evidence Type Source Name Value Confidence Vendor file name liquibase-core High Vendor jar package name core Highest Vendor jar package name database Highest Vendor jar package name liquibase Highest Vendor Manifest automatic-module-name liquibase.core Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest build-number 3683 Low Vendor Manifest build-time 2024-08-29 16:45+0000 Low Vendor Manifest bundle-docurl http://www.liquibase.org Low Vendor Manifest bundle-symbolicname org.liquibase.core Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor Manifest provide-capability osgi.serviceloader;osgi.serviceloader="liquibase.serializer.ChangeLogSerializer",osgi.serviceloader;osgi.serviceloader="liquibase.parser.NamespaceDetails",osgi.serviceloader;osgi.serviceloader="liquibase.database.Database",osgi.serviceloader;osgi.serviceloader="liquibase.change.Change",osgi.serviceloader;osgi.serviceloader="liquibase.database.DatabaseConnection",osgi.serviceloader;osgi.serviceloader="liquibase.precondition.Precondition",osgi.serviceloader;osgi.serviceloader="liquibase.serializer.SnapshotSerializer",osgi.serviceloader;osgi.serviceloader="liquibase.configuration.AutoloadedConfigurations",osgi.serviceloader;osgi.serviceloader="liquibase.diff.DiffGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.lockservice.LockService",osgi.serviceloader;osgi.serviceloader="liquibase.changelog.ChangeLogHistoryService",osgi.serviceloader;osgi.serviceloader="liquibase.datatype.LiquibaseDataType",osgi.serviceloader;osgi.serviceloader="liquibase.configuration.ConfigurationValueProvider",osgi.serviceloader;osgi.serviceloader="liquibase.logging.LogService",osgi.serviceloader;osgi.serviceloader="liquibase.snapshot.SnapshotGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.parser.ChangeLogParser",osgi.serviceloader;osgi.serviceloader="liquibase.servicelocator.ServiceLocator",osgi.serviceloader;osgi.serviceloader="liquibase.diff.compare.DatabaseObjectComparator",osgi.serviceloader;osgi.serviceloader="liquibase.command.LiquibaseCommand",osgi.serviceloader;osgi.serviceloader="liquibase.license.LicenseService",osgi.serviceloader;osgi.serviceloader="liquibase.diff.output.changelog.ChangeGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.executor.Executor",osgi.serviceloader;osgi.serviceloader="liquibase.structure.DatabaseObject",osgi.serviceloader;osgi.serviceloader="liquibase.parser.SnapshotParser",osgi.serviceloader;osgi.serviceloader="liquibase.hub.HubService",osgi.serviceloader;osgi.serviceloader="liquibase.command.CommandStep",osgi.serviceloader;osgi.serviceloader="liquibase.sqlgenerator.SqlGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.logging.mdc.MdcManager",osgi.serviceloader;osgi.serviceloader="liquibase.logging.mdc.CustomMdcObject",osgi.serviceloader;osgi.serviceloader="liquibase.resource.PathHandler",osgi.serviceloader;osgi.serviceloader="liquibase.report.ShowSummaryGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.parser.LiquibaseSqlParser",osgi.serviceloader;osgi.serviceloader="liquibase.changeset.ChangeSetService",osgi.serviceloader;osgi.serviceloader="liquibase.changelog.visitor.ValidatingVisitorGenerator" Low Vendor Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.extender;filter:="(osgi.extender=osgi.serviceloader.processor)",osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.serializer.ChangeLogSerializer)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.parser.NamespaceDetails)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.database.Database)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.change.Change)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.database.DatabaseConnection)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.precondition.Precondition)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.serializer.SnapshotSerializer)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.configuration.AutoloadedConfigurations)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.diff.DiffGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.lockservice.LockService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.changelog.ChangeLogHistoryService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.datatype.LiquibaseDataType)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.configuration.ConfigurationValueProvider)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.logging.LogService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.snapshot.SnapshotGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.parser.ChangeLogParser)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.servicelocator.ServiceLocator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.diff.compare.DatabaseObjectComparator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.command.LiquibaseCommand)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.license.LicenseService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.diff.output.changelog.ChangeGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.executor.Executor)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.structure.DatabaseObject)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.parser.SnapshotParser)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.hub.HubService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.command.CommandStep)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.sqlgenerator.SqlGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.logging.mdc.MdcManager)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.logging.mdc.CustomMdcObject)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.resource.PathHandler)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.report.ShowSummaryGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.parser.LiquibaseSqlParser)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.changeset.ChangeSetService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.changelog.visitor.ValidatingVisitorGenerator)";cardinality:=multiple,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid liquibase-core Low Vendor pom developer email nathan.voxland@liquibase.org Low Vendor pom developer id nvoxland Medium Vendor pom developer name Nathan Voxland Medium Vendor pom groupid org.liquibase Highest Vendor pom name Liquibase High Vendor pom url http://www.liquibase.com Highest Product file name liquibase-core High Product jar package name autoloadedconfigurations Highest Product jar package name changeloghistoryservice Highest Product jar package name changelogparser Highest Product jar package name changelogserializer Highest Product jar package name changeset Highest Product jar package name changesetservice Highest Product jar package name command Highest Product jar package name commandstep Highest Product jar package name compare Highest Product jar package name configuration Highest Product jar package name configurationvalueprovider Highest Product jar package name core Highest Product jar package name custommdcobject Highest Product jar package name database Highest Product jar package name databaseconnection Highest Product jar package name databaseobjectcomparator Highest Product jar package name datatype Highest Product jar package name diff Highest Product jar package name diffgenerator Highest Product jar package name executor Highest Product jar package name filter Highest Product jar package name license Highest Product jar package name licenseservice Highest Product jar package name liquibase Highest Product jar package name liquibasecommand Highest Product jar package name liquibasedatatype Highest Product jar package name liquibasesqlparser Highest Product jar package name lockservice Highest Product jar package name logging Highest Product jar package name logservice Highest Product jar package name mdc Highest Product jar package name mdcmanager Highest Product jar package name namespacedetails Highest Product jar package name osgi Highest Product jar package name output Highest Product jar package name parser Highest Product jar package name pathhandler Highest Product jar package name plugin Highest Product jar package name precondition Highest Product jar package name report Highest Product jar package name resource Highest Product jar package name serializer Highest Product jar package name servicelocator Highest Product jar package name showsummarygenerator Highest Product jar package name snapshotgenerator Highest Product jar package name snapshotparser Highest Product jar package name snapshotserializer Highest Product jar package name sqlgenerator Highest Product jar package name structure Highest Product jar package name validatingvisitorgenerator Highest Product jar package name visitor Highest Product Manifest automatic-module-name liquibase.core Medium Product Manifest build-jdk-spec 17 Low Product Manifest build-number 3683 Low Product Manifest build-time 2024-08-29 16:45+0000 Low Product Manifest bundle-docurl http://www.liquibase.org Low Product Manifest Bundle-Name liquibase-core Medium Product Manifest bundle-symbolicname org.liquibase.core Medium Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product Manifest provide-capability osgi.serviceloader;osgi.serviceloader="liquibase.serializer.ChangeLogSerializer",osgi.serviceloader;osgi.serviceloader="liquibase.parser.NamespaceDetails",osgi.serviceloader;osgi.serviceloader="liquibase.database.Database",osgi.serviceloader;osgi.serviceloader="liquibase.change.Change",osgi.serviceloader;osgi.serviceloader="liquibase.database.DatabaseConnection",osgi.serviceloader;osgi.serviceloader="liquibase.precondition.Precondition",osgi.serviceloader;osgi.serviceloader="liquibase.serializer.SnapshotSerializer",osgi.serviceloader;osgi.serviceloader="liquibase.configuration.AutoloadedConfigurations",osgi.serviceloader;osgi.serviceloader="liquibase.diff.DiffGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.lockservice.LockService",osgi.serviceloader;osgi.serviceloader="liquibase.changelog.ChangeLogHistoryService",osgi.serviceloader;osgi.serviceloader="liquibase.datatype.LiquibaseDataType",osgi.serviceloader;osgi.serviceloader="liquibase.configuration.ConfigurationValueProvider",osgi.serviceloader;osgi.serviceloader="liquibase.logging.LogService",osgi.serviceloader;osgi.serviceloader="liquibase.snapshot.SnapshotGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.parser.ChangeLogParser",osgi.serviceloader;osgi.serviceloader="liquibase.servicelocator.ServiceLocator",osgi.serviceloader;osgi.serviceloader="liquibase.diff.compare.DatabaseObjectComparator",osgi.serviceloader;osgi.serviceloader="liquibase.command.LiquibaseCommand",osgi.serviceloader;osgi.serviceloader="liquibase.license.LicenseService",osgi.serviceloader;osgi.serviceloader="liquibase.diff.output.changelog.ChangeGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.executor.Executor",osgi.serviceloader;osgi.serviceloader="liquibase.structure.DatabaseObject",osgi.serviceloader;osgi.serviceloader="liquibase.parser.SnapshotParser",osgi.serviceloader;osgi.serviceloader="liquibase.hub.HubService",osgi.serviceloader;osgi.serviceloader="liquibase.command.CommandStep",osgi.serviceloader;osgi.serviceloader="liquibase.sqlgenerator.SqlGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.logging.mdc.MdcManager",osgi.serviceloader;osgi.serviceloader="liquibase.logging.mdc.CustomMdcObject",osgi.serviceloader;osgi.serviceloader="liquibase.resource.PathHandler",osgi.serviceloader;osgi.serviceloader="liquibase.report.ShowSummaryGenerator",osgi.serviceloader;osgi.serviceloader="liquibase.parser.LiquibaseSqlParser",osgi.serviceloader;osgi.serviceloader="liquibase.changeset.ChangeSetService",osgi.serviceloader;osgi.serviceloader="liquibase.changelog.visitor.ValidatingVisitorGenerator" Low Product Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.extender;filter:="(osgi.extender=osgi.serviceloader.processor)",osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.serializer.ChangeLogSerializer)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.parser.NamespaceDetails)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.database.Database)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.change.Change)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.database.DatabaseConnection)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.precondition.Precondition)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.serializer.SnapshotSerializer)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.configuration.AutoloadedConfigurations)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.diff.DiffGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.lockservice.LockService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.changelog.ChangeLogHistoryService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.datatype.LiquibaseDataType)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.configuration.ConfigurationValueProvider)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.logging.LogService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.snapshot.SnapshotGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.parser.ChangeLogParser)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.servicelocator.ServiceLocator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.diff.compare.DatabaseObjectComparator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.command.LiquibaseCommand)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.license.LicenseService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.diff.output.changelog.ChangeGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.executor.Executor)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.structure.DatabaseObject)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.parser.SnapshotParser)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.hub.HubService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.command.CommandStep)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.sqlgenerator.SqlGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.logging.mdc.MdcManager)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.logging.mdc.CustomMdcObject)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.resource.PathHandler)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.report.ShowSummaryGenerator)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.parser.LiquibaseSqlParser)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.changeset.ChangeSetService)";cardinality:=multiple,osgi.serviceloader;filter:="(osgi.serviceloader=liquibase.changelog.visitor.ValidatingVisitorGenerator)";cardinality:=multiple,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid liquibase-core Highest Product pom developer email nathan.voxland@liquibase.org Low Product pom developer id nvoxland Low Product pom developer name Nathan Voxland Low Product pom groupid org.liquibase Highest Product pom name Liquibase High Product pom url http://www.liquibase.com Medium Version file version 4.29.2 High Version Manifest Bundle-Version 4.29.2 High Version Manifest liquibase-version 4.29.2 Medium Version pom version 4.29.2 Highest
Description:
A simple library for reading and writing CSV in Java License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/opencsv-5.9.jar
MD5: 8cee3b4e9ebeba7bd2834831a969d97c
SHA1: 284ea0b60a24b71a530100783185e7d547ab5339
SHA256: 2023969b86ce968ad8ae549648ac587d141c19ae684a9a5c67c9105f37ab0d1c
Evidence Type Source Name Value Confidence Vendor file name opencsv High Vendor jar package name opencsv Highest Vendor Manifest automatic-module-name com.opencsv Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname com.opencsv Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid opencsv Low Vendor pom developer email arjones@t-online.de Low Vendor pom developer email sconway@users.sourceforge.net Low Vendor pom developer id aruckerjones Medium Vendor pom developer id scott_conway Medium Vendor pom developer name Andrew Rucker Jones Medium Vendor pom developer name Scott Conway Medium Vendor pom groupid com.opencsv Highest Vendor pom name opencsv High Vendor pom url http://opencsv.sf.net Highest Product file name opencsv High Product jar package name opencsv Highest Product Manifest automatic-module-name com.opencsv Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name opencsv Medium Product Manifest bundle-symbolicname com.opencsv Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid opencsv Highest Product pom developer email arjones@t-online.de Low Product pom developer email sconway@users.sourceforge.net Low Product pom developer id aruckerjones Low Product pom developer id scott_conway Low Product pom developer name Andrew Rucker Jones Low Product pom developer name Scott Conway Low Product pom groupid com.opencsv Highest Product pom name opencsv High Product pom url http://opencsv.sf.net Medium Version file version 5.9 High Version pom version 5.9 Highest
Description:
PostgreSQL JDBC Driver Postgresql License:
BSD-2-Clause: https://jdbc.postgresql.org/about/license.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/postgresql-42.3.8.jar
MD5: fff9ad5fd6ce48fb4a3fa8a13899077c
SHA1: d81533a6ff4376590f9ce7ba74b8f3723066f25c
SHA256: b0eb10c469bb409447914fa6ec4076212779c7a7e93844bf3136b8884e2b6989
Evidence Type Source Name Value Confidence Vendor central artifactid postgresql Highest Vendor central groupid org.postgresql Highest Vendor file name postgresql High Vendor jar package name jdbc Highest Vendor jar package name postgresql Highest Vendor jar package name postgresql Low Vendor Manifest automatic-module-name org.postgresql.jdbc Medium Vendor Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Vendor Manifest bundle-docurl https://jdbc.postgresql.org/ Low Vendor Manifest bundle-symbolicname org.postgresql.jdbc Medium Vendor Manifest Implementation-Vendor PostgreSQL Global Development Group High Vendor Manifest Implementation-Vendor-Id org.postgresql Medium Vendor Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Vendor Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid postgresql Low Vendor pom developer id bokken Medium Vendor pom developer id davecramer Medium Vendor pom developer id jurka Medium Vendor pom developer id oliver Medium Vendor pom developer id ringerc Medium Vendor pom developer id vlsi Medium Vendor pom developer name Brett Okken Medium Vendor pom developer name Craig Ringer Medium Vendor pom developer name Dave Cramer Medium Vendor pom developer name Kris Jurka Medium Vendor pom developer name Oliver Jowett Medium Vendor pom developer name Vladimir Sitnikov Medium Vendor pom groupid org.postgresql Highest Vendor pom name PostgreSQL JDBC Driver High Vendor pom organization name PostgreSQL Global Development Group High Vendor pom organization url https://jdbc.postgresql.org/ Medium Vendor pom url https://jdbc.postgresql.org Highest Product central artifactid postgresql Highest Product file name postgresql High Product hint analyzer product pgjdbc Highest Product hint analyzer product postgresql_jdbc_driver Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name osgi Highest Product jar package name postgresql Highest Product jar package name version Highest Product Manifest automatic-module-name org.postgresql.jdbc Medium Product Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Product Manifest bundle-docurl https://jdbc.postgresql.org/ Low Product Manifest Bundle-Name PostgreSQL JDBC Driver Medium Product Manifest bundle-symbolicname org.postgresql.jdbc Medium Product Manifest Implementation-Title PostgreSQL JDBC Driver High Product Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Product Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Product Manifest specification-title JDBC Medium Product pom artifactid postgresql Highest Product pom developer id bokken Low Product pom developer id davecramer Low Product pom developer id jurka Low Product pom developer id oliver Low Product pom developer id ringerc Low Product pom developer id vlsi Low Product pom developer name Brett Okken Low Product pom developer name Craig Ringer Low Product pom developer name Dave Cramer Low Product pom developer name Kris Jurka Low Product pom developer name Oliver Jowett Low Product pom developer name Vladimir Sitnikov Low Product pom groupid org.postgresql Highest Product pom name PostgreSQL JDBC Driver High Product pom organization name PostgreSQL Global Development Group Low Product pom organization url https://jdbc.postgresql.org/ Low Product pom url https://jdbc.postgresql.org Medium Version central version 42.3.8 Highest Version file version 42.3.8 High Version Manifest Bundle-Version 42.3.8 High Version Manifest Implementation-Version 42.3.8 High Version pom version 42.3.8 Highest
CVE-2024-1597 suppress
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
Description:
Spring Boot AutoConfigure License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-boot-autoconfigure-2.7.18.jar
MD5: e127e4ed0469cc5442d3c8e5e42e7988
SHA1: 9cf147c6ca274c75b32556acdcba5a1de081ebcd
SHA256: 1c4e0aadcb662b6149b536a2cf288003ffefe81a6cc69846e9f14976529a1b08
Evidence Type Source Name Value Confidence Vendor central artifactid spring-boot-autoconfigure Highest Vendor central groupid org.springframework.boot Highest Vendor file name spring-boot-autoconfigure High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name autoconfigure Highest Vendor jar package name autoconfigure Low Vendor jar package name boot Highest Vendor jar package name boot Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.boot.autoconfigure Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid spring-boot-autoconfigure Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot-autoconfigure High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product central artifactid spring-boot-autoconfigure Highest Product file name spring-boot-autoconfigure High Product jar package name autoconfigure Highest Product jar package name autoconfigure Low Product jar package name boot Highest Product jar package name boot Low Product Manifest automatic-module-name spring.boot.autoconfigure Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Spring Boot AutoConfigure High Product pom artifactid spring-boot-autoconfigure Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot-autoconfigure High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version central version 2.7.18 Highest Version file version 2.7.18 High Version Manifest Implementation-Version 2.7.18 High Version pom version 2.7.18 Highest
Description:
Spring Transaction License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-tx-5.3.31.jar
MD5: 69f5a36a0e70489b2c0102862cdc13d9
SHA1: 143e79385354fc7ffd9773a31ba989931ad9e920
SHA256: 8e7835cf87a57ba93360d9badc45ae0a8bcbe0bc9e04a17433cbc8d00a9cf43c
Evidence Type Source Name Value Confidence Vendor central artifactid spring-tx Highest Vendor central groupid org.springframework Highest Vendor file name spring-tx High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Low Vendor jar package name transaction Low Vendor Manifest automatic-module-name spring.tx Medium Vendor pom artifactid spring-tx Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Transaction High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product central artifactid spring-tx Highest Product file name spring-tx High Product hint analyzer product springsource_spring_framework Highest Product jar package name transaction Low Product Manifest automatic-module-name spring.tx Medium Product Manifest Implementation-Title spring-tx High Product pom artifactid spring-tx Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Transaction High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version central version 5.3.31 Highest Version file version 5.3.31 High Version Manifest Implementation-Version 5.3.31 High Version pom version 5.3.31 Highest
Related Dependencies ffl-core-database-1.0.22.jar: spring-beans-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-beans-5.3.31.jar MD5: b5fe5c018f96edf76b7e92b34668fa44 SHA1: d27258849071b3b268ecc388eca35bbfcc586448 SHA256: a8d6d99003d0a28049cba4273afbcfc64e1107ee3c33f67935853e9711544aa7 pkg:maven/org.springframework/spring-beans@5.3.31 ffl-core-database-1.0.22.jar: spring-context-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-context-5.3.31.jar MD5: 6aa19e7e6a87b4ac8b649057315b1dd1 SHA1: a2d6e76507f037ad835e8c2288dfedf28981999f SHA256: 38def055d1e22b5514b1cb19cef4474e5c1b0d2127c483e7d014bde87c4a4cf3 pkg:maven/org.springframework/spring-context@5.3.31 ffl-core-database-1.0.22.jar: spring-core-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-core-5.3.31.jar MD5: a9ef5a29eaa89fe909a0c4ed870d90a1 SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3 SHA256: 7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9 pkg:maven/org.springframework/spring-core@5.3.31 ffl-core-database-1.0.22.jar: spring-jcl-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-jcl-5.3.31.jar MD5: 4d281617e07553792218e37c47b8bd8c SHA1: e7ab9ee590a195415dd6b898440d776b4c8db78c SHA256: eee0df6a25a9c56d228ea86272546aa5a0656caf2f14e7b375417b066abbc0db pkg:maven/org.springframework/spring-jcl@5.3.31 ffl-core-database-1.0.22.jar: spring-jdbc-5.3.31.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/spring-jdbc-5.3.31.jar MD5: a2481383358181809fcc8384cd9ec657 SHA1: 9124850a2e396a33e5dbd5d1e891e105dac48633 SHA256: 3cc06d5a00adff04a289d93bd5c4b7a2937eebab567e88af6ac1f0aeb5ef032c pkg:maven/org.springframework/spring-jdbc@5.3.31 CVE-2024-38820 suppress
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
Description:
TXW is a library that allows you to write XML documents.
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-1.0.22.jar/BOOT-INF/lib/txw2-2.3.9.jarMD5: 5db04c7917b3c0a07862a7e63bfc1581SHA1: 13a78453a89bf7d268382a520cba4d5435c5adfcSHA256: 973018b87af911ecf6e6d861dd0d6a477e4d8ae6a883ec5d073d3df1330b87f0
Evidence Type Source Name Value Confidence Vendor file name txw2 High Vendor jar package name sun Highest Vendor jar package name txw Highest Vendor jar package name txw2 Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest git-revision 143ffd0 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.eclipse Medium Vendor pom artifactid txw2 Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name TXW2 Runtime High Vendor pom parent-artifactid jaxb-txw-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor pom url https://eclipse-ee4j.github.io/jaxb-ri/ Highest Product file name txw2 High Product jar package name sun Highest Product jar package name txw Highest Product jar package name txw2 Highest Product jar package name xml Highest Product Manifest git-revision 143ffd0 Low Product Manifest Implementation-Title Jakarta XML Binding Implementation High Product Manifest specification-title Jakarta XML Binding Medium Product pom artifactid txw2 Highest Product pom groupid org.glassfish.jaxb Highest Product pom name TXW2 Runtime High Product pom parent-artifactid jaxb-txw-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Product pom url https://eclipse-ee4j.github.io/jaxb-ri/ Medium Version file version 2.3.9 High Version Manifest build-id 2.3.9 Medium Version Manifest Implementation-Version 2.3.9 High Version Manifest major-version 2.3.9 Medium Version pom version 2.3.9 Highest
CVE-2024-9329 suppress
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-services/target/ffl-core-services-1.0.22.jarMD5: 32cfb9170f1fb9e8415942ca48dbb457SHA1: d6bca7af38e7220bfa2a268d01a08c9df5336172SHA256: 1dc5d660658bcf43f88988332918137578057613f54b23ac3f898e73e734cbe7
Evidence Type Source Name Value Confidence Vendor file name ffl-core-services High Vendor jar package name core Highest Vendor jar package name ffl Highest Vendor jar package name services Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid ffl-core-services Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-services-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-services High Product jar package name core Highest Product jar package name ffl Highest Product jar package name services Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title ffl-core-services High Product pom artifactid ffl-core-services Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-services-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 1.0.22 High Version Manifest Implementation-Version 1.0.22 High Version pom parent-version 1.0.22 Low Version pom version 1.0.22 Highest
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-sia/target/ffl-core-sia-1.0.22.jarMD5: 5e8ecf08ddea1893ed8cb3f6dfdcfad7SHA1: c297598ba49d880faea0048b275a0af92cfab1a6SHA256: b15f8c6f30e1f8910d11314c2966d89b218f48c1d9f770c768a0820bed656a91
Evidence Type Source Name Value Confidence Vendor file name ffl-core-sia High Vendor jar package name core Highest Vendor jar package name ffl Highest Vendor jar package name sia Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid ffl-core-sia Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-sia-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-sia High Product jar package name core Highest Product jar package name ffl Highest Product jar package name sia Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title ffl-core-sia High Product pom artifactid ffl-core-sia Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-sia-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 1.0.22 High Version Manifest Implementation-Version 1.0.22 High Version pom parent-version 1.0.22 Low Version pom version 1.0.22 Highest
Description:
Module d'outillage de test File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-test/target/ffl-test-1.0.22.jarMD5: 6336a0b99e3deb39a4eb8edca771686dSHA1: faf988a2e7c167421f02e31df7e74c34292ba3c1SHA256: a6f120fd2afffb3d9c418801bd1a48e9367fd2a49393f1eee8528b542607d494
Evidence Type Source Name Value Confidence Vendor file name ffl-test High Vendor jar package name ffl Highest Vendor jar package name sintia Highest Vendor jar package name test Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid ffl-test Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-test High Product jar package name ffl Highest Product jar package name sintia Highest Product jar package name test Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title ffl-test High Product pom artifactid ffl-test Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 1.0.22 High Version Manifest Implementation-Version 1.0.22 High Version pom parent-version 1.0.22 Low Version pom version 1.0.22 Highest