Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 12.1.9Report Generated On : Thu, 26 Mar 2026 17:11:43 GMTDependencies Scanned : 99 (58 unique)Vulnerable Dependencies : 3 Vulnerabilities Found : 3Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2026-03-26T15:28:51ZNVD API Last Modified : 2026-03-26T15:27:42ZSummary Summary of Vulnerable Dependencies (click to show all)
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-api/target/ffl-core-api-3.1.0.jarMD5: d266a3e4955e531ae170a05758f1bcf2SHA1: 53368bde01eb44563c9adc41ca23b0a77104edfdSHA256: e4b62cded71de39b1c1150a5aeb60b46a4a23858493414ea13609597f88619ee
Evidence Type Source Name Value Confidence Vendor file name ffl-core-api High Vendor jar package name api Highest Vendor jar package name core Highest Vendor jar package name ffl Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 21 Low Vendor pom artifactid ffl-core-api Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-api-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-api High Product jar package name api Highest Product jar package name core Highest Product jar package name ffl Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title ffl-core-api High Product pom artifactid ffl-core-api Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-api-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom version 3.1.0 Highest
pkg:maven/com.sintia.ffl.core/ffl-core-api@3.1.0 (Confidence :High) Description:
Module contenant le core du back-office File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jarMD5: 91bfa294e0684813e9f4515fe3ed8b76SHA1: 7fe06ed0699d58f0ec85b0f8549fc2fe6681291aSHA256: 93dc4389b8b052efee3de858ac001c688810e5061d0d3f462146e8c612a3e21a
Evidence Type Source Name Value Confidence Vendor file name ffl-core-commons High Vendor jar package name com Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest spring-boot-classes BOOT-INF/classes/ Low Vendor Manifest spring-boot-classpath-index BOOT-INF/classpath.idx Low Vendor Manifest spring-boot-layers-index BOOT-INF/layers.idx Low Vendor Manifest spring-boot-lib BOOT-INF/lib/ Low Vendor pom artifactid ffl-core-commons Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-commons High Product jar package name boot Highest Product jar package name boot-inf Highest Product jar package name classes Highest Product jar package name com Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title ffl-core-commons High Product Manifest spring-boot-classes BOOT-INF/classes/ Low Product Manifest spring-boot-classpath-index BOOT-INF/classpath.idx Low Product Manifest spring-boot-layers-index BOOT-INF/layers.idx Low Product Manifest spring-boot-lib BOOT-INF/lib/ Low Product pom artifactid ffl-core-commons Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom version 3.1.0 Highest
pkg:maven/com.sintia.ffl.core/ffl-core-commons@3.1.0 (Confidence :High) Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
The code is tested using the latest revision of the JDK for supported
LTS releases: 8, 11, 17, 21 and 25 currently.
See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
Please ensure your build environment is up-to-date and kindly report any build issues.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/commons-lang3-3.20.0.jar
MD5: 4b29562ded527aa074e1d44f8646dac5
SHA1: 65897b3e5731220962e659e001904af3c3cbeba9
SHA256: 69e5c9fa35da7a51a5fd2099dfe56a2d8d32cf233e2f6d770e796146440263f4
Evidence Type Source Name Value Confidence Vendor file name commons-lang3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest build-jdk-spec 25 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang3 Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email lguibert@apache.org Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id lguibert Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Loic Guibert Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Product file name commons-lang3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang3 Highest Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest build-jdk-spec 25 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Lang Medium Product pom artifactid commons-lang3 Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email lguibert@apache.org Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id lguibert Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Benedikt Ritter Low Product pom developer name Daniel Rall Low Product pom developer name Duncan Jones Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Loic Guibert Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org SITA ATS Ltd Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.20.0 High Version Manifest Bundle-Version 3.20.0 High Version Manifest Implementation-Version 3.20.0 High Version pom parent-version 3.20.0 Low Version pom version 3.20.0 Highest
Description:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/jackson-annotations-2.17.2.jar
MD5: e68e7e593ae47e106421688707683297
SHA1: 147b7b9412ffff24339f8aba080b292448e08698
SHA256: 873a606e23507969f9bbbea939d5e19274a88775ea5a169ba7e2d795aa5156e1
Evidence Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-annotations High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest Implementation-Title Jackson-annotations High Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.17.2 High Version Manifest Bundle-Version 2.17.2 High Version Manifest Implementation-Version 2.17.2 High Version pom parent-version 2.17.2 Low Version pom version 2.17.2 Highest
Description:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256: 5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Evidence Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor jar package name jakarta Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Dmitry Kornilov Medium Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product jar package name jakarta Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product pom artifactid jakarta.annotation-api Highest Product pom developer name Dmitry Kornilov Low Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 2.1.1 High Version Manifest Bundle-Version 2.1.1 High Version Manifest Implementation-Version 2.1.1 High Version pom parent-version 2.1.1 Low Version pom version 2.1.1 Highest
Related Dependencies ffl-core-database-3.1.0.jar: jakarta.annotation-api-2.1.1.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jakarta.annotation-api-2.1.1.jar MD5: 5dac2f68e8288d0add4dc92cb161711d SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3 SHA256: 5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 (Confidence :High) cpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
JUL to SLF4J bridge License:
https://opensource.org/license/mit File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/jul-to-slf4j-2.0.17.jar
MD5: a42936c56611e4794c42908fb3d3a647
SHA1: 524cb6ccc2b68a57604750e1ab8b13b5a786a6aa
SHA256: a7afcd23b9cfd1475e55c94f943b808c5922035e7e2c2a5c65a487a4106bc538
Evidence Type Source Name Value Confidence Vendor file name jul-to-slf4j High Vendor jar package name bridge Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor Manifest multi-release true Low Vendor pom artifactid jul-to-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JUL to SLF4J bridge High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jul-to-slf4j High Product jar package name bridge Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name JUL to SLF4J bridge Medium Product Manifest bundle-symbolicname jul.to.slf4j Medium Product Manifest Implementation-Title jul-to-slf4j High Product Manifest multi-release true Low Product pom artifactid jul-to-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JUL to SLF4J bridge High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.17 High Version Manifest Bundle-Version 2.0.17 High Version Manifest Implementation-Version 2.0.17 High Version pom version 2.0.17 Highest
Related Dependencies ffl-core-database-3.1.0.jar: jul-to-slf4j-2.0.17.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jul-to-slf4j-2.0.17.jar MD5: a42936c56611e4794c42908fb3d3a647 SHA1: 524cb6ccc2b68a57604750e1ab8b13b5a786a6aa SHA256: a7afcd23b9cfd1475e55c94f943b808c5922035e7e2c2a5c65a487a4106bc538 pkg:maven/org.slf4j/jul-to-slf4j@2.0.17 pkg:maven/org.slf4j/jul-to-slf4j@2.0.17 (Confidence :High) Description:
The logging API of the Log4j project.
Library and application code can log through this API.
It contains a simple built-in implementation (`SimpleLogger`) for trivial use cases.
Production applications are recommended to use Log4j API in combination with a fully-fledged implementation, such as Log4j Core. License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/log4j-api-2.24.3.jar
MD5: d89516699543c5c21be87ee1760695f3
SHA1: b02c125db8b6d295adf72ae6e71af5d83bce2370
SHA256: 5b4a0a0cd0e751ded431c162442bdbdd53328d1f8bb2bae5fc1bbeee0f66d80f
Evidence Type Source Name Value Confidence Vendor file name log4j-api High Vendor jar package name apache Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor jar package name simple Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-api Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j API High Vendor pom parent-artifactid log4j Low Product file name log4j-api High Product jar package name apache Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product jar package name simple Highest Product jar package name util Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product Manifest Implementation-Title Apache Log4j API High Product Manifest multi-release true Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Product Manifest specification-title Apache Log4j API Medium Product pom artifactid log4j-api Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j API High Product pom parent-artifactid log4j Medium Version file version 2.24.3 High Version Manifest Bundle-Version 2.24.3 High Version Manifest Implementation-Version 2.24.3 High Version pom version 2.24.3 Highest
Related Dependencies ffl-core-database-3.1.0.jar: log4j-api-2.24.3.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/log4j-api-2.24.3.jar MD5: d89516699543c5c21be87ee1760695f3 SHA1: b02c125db8b6d295adf72ae6e71af5d83bce2370 SHA256: 5b4a0a0cd0e751ded431c162442bdbdd53328d1f8bb2bae5fc1bbeee0f66d80f pkg:maven/org.apache.logging.log4j/log4j-api@2.24.3 CVE-2025-68161 suppress
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true.
This issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:
* The attacker is able to intercept or redirect network traffic between the client and the log receiver.
* The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured).
Users are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.
As an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates. CWE-295 Improper Certificate Validation, CWE-297 Improper Validation of Certificate with Host Mismatch
CVSSv4:
Base Score: MEDIUM (6.3) Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X CVSSv3:
Base Score: MEDIUM (4.8) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
Forwards the Log4j API calls to SLF4J.
(Refer to the `log4j-slf4j[2]-impl` artifacts for forwarding SLF4J to the Log4j API.) License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/log4j-to-slf4j-2.24.3.jar
MD5: 1f4b63f9c41f2f5179aa10b35d76e805
SHA1: da1143e2a2531ee1c2d90baa98eb50a28a39d5a7
SHA256: c7f2b0c612a4eb05b1587d1c880eb4cf5f4f53850676a8ede8da2b8fabb4f73f
Evidence Type Source Name Value Confidence Vendor file name log4j-to-slf4j High Vendor jar package name apache Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release false Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-to-slf4j Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Log4j API to SLF4J Adapter High Vendor pom parent-artifactid log4j Low Product file name log4j-to-slf4j High Product jar package name apache Highest Product jar package name logging Highest Product jar package name slf4j Highest Product jar package name slf4jprovider Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Log4j API to SLF4J Adapter Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Product Manifest Implementation-Title Log4j API to SLF4J Adapter High Product Manifest multi-release false Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Product Manifest specification-title Log4j API to SLF4J Adapter Medium Product pom artifactid log4j-to-slf4j Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Log4j API to SLF4J Adapter High Product pom parent-artifactid log4j Medium Version file version 2.24.3 High Version Manifest Bundle-Version 2.24.3 High Version Manifest Implementation-Version 2.24.3 High Version pom version 2.24.3 Highest
Related Dependencies ffl-core-database-3.1.0.jar: log4j-to-slf4j-2.24.3.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/log4j-to-slf4j-2.24.3.jar MD5: 1f4b63f9c41f2f5179aa10b35d76e805 SHA1: da1143e2a2531ee1c2d90baa98eb50a28a39d5a7 SHA256: c7f2b0c612a4eb05b1587d1c880eb4cf5f4f53850676a8ede8da2b8fabb4f73f pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.24.3 pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.24.3 (Confidence :High) Description:
logback-core module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/logback-core-1.5.21.jar
MD5: 00c20552b89470eff9f01f21c77d44d7
SHA1: 970bf47cbc34d24e47f375b6b4e407d6d699474f
SHA256: 0825ac1fc5296369121e5423e397c52d125b0e3fae743cfc0d8e416159f14f44
Evidence Type Source Name Value Confidence Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest Implementation-Vendor QOS.ch High Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor Manifest specification-vendor QOS.ch Low Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Core Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-core High Product jar package name 21 Highest Product jar package name ch Highest Product jar package name core Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Core Module Medium Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest Implementation-Title Logback Core Module High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product Manifest specification-title Logback Core Module Medium Product pom artifactid logback-core Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Core Module High Product pom parent-artifactid logback-parent Medium Version file version 1.5.21 High Version Manifest Bundle-Version 1.5.21 High Version Manifest Implementation-Version 1.5.21 High Version pom version 1.5.21 Highest
Related Dependencies ffl-core-commons-3.1.0-repackaged.jar: logback-classic-1.5.21.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/logback-classic-1.5.21.jar MD5: e4aa08ccbae42f0a94ef6d706d0d5cf8 SHA1: 904915aa29a0bbff111ae90ed85541b2991a72fc SHA256: b2523f7b0dabf4386c81312f0371d267e3a9fbce409046f16b042bf68571ba4a pkg:maven/ch.qos.logback/logback-classic@1.5.21 ffl-core-database-3.1.0.jar: logback-core-1.5.21.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/logback-core-1.5.21.jar MD5: 00c20552b89470eff9f01f21c77d44d7 SHA1: 970bf47cbc34d24e47f375b6b4e407d6d699474f SHA256: 0825ac1fc5296369121e5423e397c52d125b0e3fae743cfc0d8e416159f14f44 pkg:maven/ch.qos.logback/logback-core@1.5.21 Description:
An annotation processor for generating type-safe bean mappers License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/mapstruct-1.5.5.Final.jar
MD5: 9f2f737ffa2496ca5c40dcc323068803
SHA1: 2ca3cbe39b6e9ea8d5ea521965a89bef2a1e8eeb
SHA256: 6391e07982855dd804d825b63a55ab9251003716547216e5f581123c841328d5
Evidence Type Source Name Value Confidence Vendor file name mapstruct High Vendor jar package name mapstruct Highest Vendor Manifest automatic-module-name org.mapstruct Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.mapstruct Medium Vendor pom artifactid mapstruct Low Vendor pom groupid org.mapstruct Highest Vendor pom name MapStruct Core High Vendor pom parent-artifactid mapstruct-parent Low Product file name mapstruct High Product jar package name mappers Highest Product jar package name mapstruct Highest Product Manifest automatic-module-name org.mapstruct Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name MapStruct Core Medium Product Manifest bundle-symbolicname org.mapstruct Medium Product pom artifactid mapstruct Highest Product pom groupid org.mapstruct Highest Product pom name MapStruct Core High Product pom parent-artifactid mapstruct-parent Medium Version Manifest Bundle-Version 1.5.5.Final High Version pom version 1.5.5.Final Highest
Related Dependencies ffl-core-database-3.1.0.jar: mapstruct-1.5.5.Final.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/mapstruct-1.5.5.Final.jar MD5: 9f2f737ffa2496ca5c40dcc323068803 SHA1: 2ca3cbe39b6e9ea8d5ea521965a89bef2a1e8eeb SHA256: 6391e07982855dd804d825b63a55ab9251003716547216e5f581123c841328d5 pkg:maven/org.mapstruct/mapstruct@1.5.5.Final pkg:maven/org.mapstruct/mapstruct@1.5.5.Final (Confidence :High) File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/micrometer-commons-1.15.6.jarMD5: 84ccf97bad78c44a246cfcde58d1df25SHA1: 22800853f712e761cec4b752e47011463dcde70aSHA256: 30ad985adb93e0bdafb02741c75d546c9dc45403e956e0f5ae865fac4280d18d
Evidence Type Source Name Value Confidence Vendor file name micrometer-commons High Vendor jar package name common Low Vendor jar package name io Low Vendor jar package name micrometer Highest Vendor jar package name micrometer Low Vendor Manifest automatic-module-name micrometer.commons Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2025-11-06_07:56:11 Low Vendor Manifest build-date-utc 2025-11-06T07:56:11.400879755Z Low Vendor Manifest build-host 013165f58248 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 58228 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/58228 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-commons Medium Vendor Manifest change 521f151 Low Vendor Manifest full-change 521f15109c1b6506c42df73a0e4a0d19c63a760a Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-commons Low Product file name micrometer-commons High Product jar package name common Low Product jar package name io Highest Product jar package name micrometer Highest Product jar package name micrometer Low Product Manifest automatic-module-name micrometer.commons Medium Product Manifest branch HEAD Low Product Manifest build-date 2025-11-06_07:56:11 Low Product Manifest build-date-utc 2025-11-06T07:56:11.400879755Z Low Product Manifest build-host 013165f58248 Low Product Manifest build-job deploy Low Product Manifest build-number 58228 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/58228 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-commons Medium Product Manifest bundle-symbolicname micrometer-commons Medium Product Manifest change 521f151 Low Product Manifest full-change 521f15109c1b6506c42df73a0e4a0d19c63a760a Low Product Manifest Implementation-Title io.micrometer#micrometer-commons;1.15.6 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-commons Low Version file version 1.15.6 High Version Manifest Implementation-Version 1.15.6 High
Related Dependencies ffl-core-database-3.1.0.jar: micrometer-commons-1.15.6.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/micrometer-commons-1.15.6.jar MD5: 84ccf97bad78c44a246cfcde58d1df25 SHA1: 22800853f712e761cec4b752e47011463dcde70a SHA256: 30ad985adb93e0bdafb02741c75d546c9dc45403e956e0f5ae865fac4280d18d File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/micrometer-observation-1.15.6.jarMD5: 320330ce904eddd9b62f7302b603f848SHA1: f7a8f15624bd90d6b45e04fab98c2fcddbde8e2eSHA256: 193454b2a7002a6148851a7970034f1ac8cec98f2186258a11671df84237bdcb
Evidence Type Source Name Value Confidence Vendor file name micrometer-observation High Vendor jar package name io Low Vendor jar package name micrometer Highest Vendor jar package name micrometer Low Vendor jar package name observation Highest Vendor jar package name observation Low Vendor Manifest automatic-module-name micrometer.observation Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2025-11-06_07:56:11 Low Vendor Manifest build-date-utc 2025-11-06T07:56:11.742965821Z Low Vendor Manifest build-host 013165f58248 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 58228 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/58228 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-observation Medium Vendor Manifest change 521f151 Low Vendor Manifest full-change 521f15109c1b6506c42df73a0e4a0d19c63a760a Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-observation Low Product file name micrometer-observation High Product jar package name io Highest Product jar package name micrometer Highest Product jar package name micrometer Low Product jar package name observation Highest Product jar package name observation Low Product Manifest automatic-module-name micrometer.observation Medium Product Manifest branch HEAD Low Product Manifest build-date 2025-11-06_07:56:11 Low Product Manifest build-date-utc 2025-11-06T07:56:11.742965821Z Low Product Manifest build-host 013165f58248 Low Product Manifest build-job deploy Low Product Manifest build-number 58228 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/58228 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-observation Medium Product Manifest bundle-symbolicname micrometer-observation Medium Product Manifest change 521f151 Low Product Manifest full-change 521f15109c1b6506c42df73a0e4a0d19c63a760a Low Product Manifest Implementation-Title io.micrometer#micrometer-observation;1.15.6 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-observation Low Version file version 1.15.6 High Version Manifest Implementation-Version 1.15.6 High
Related Dependencies ffl-core-database-3.1.0.jar: micrometer-observation-1.15.6.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/micrometer-observation-1.15.6.jar MD5: 320330ce904eddd9b62f7302b603f848 SHA1: f7a8f15624bd90d6b45e04fab98c2fcddbde8e2e SHA256: 193454b2a7002a6148851a7970034f1ac8cec98f2186258a11671df84237bdcb Description:
The slf4j API License:
https://opensource.org/license/mit File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256: 7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J API Module Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.17 High Version Manifest Bundle-Version 2.0.17 High Version Manifest Implementation-Version 2.0.17 High Version pom version 2.0.17 Highest
Related Dependencies ffl-core-database-3.1.0.jar: slf4j-api-2.0.17.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/slf4j-api-2.0.17.jar MD5: b6480d114a23683498ac3f746f959d2f SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f SHA256: 7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832 pkg:maven/org.slf4j/slf4j-api@2.0.17 pkg:maven/org.slf4j/slf4j-api@2.0.17 (Confidence :High) Description:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/snakeyaml-2.3.jar
MD5: 2a1c2ee8923dcd6bd6d025751af5df37
SHA1: 936b36210e27320f920536f695cf1af210c44586
SHA256: 63a76fe66b652360bd4c2c107e6f0258daa7d4bb492008ba8c26fcd230ff9146
Evidence Type Source Name Value Confidence Vendor file name snakeyaml High Vendor jar package name emitter Highest Vendor jar package name org Highest Vendor jar package name parser Highest Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor Manifest multi-release true Low Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email public.somov@gmail.com Low Vendor pom developer id asomov Medium Vendor pom developer id maslovalex Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url https://bitbucket.org/snakeyaml/snakeyaml Highest Product file name snakeyaml High Product jar package name emitter Highest Product jar package name org Highest Product jar package name parser Highest Product jar package name snakeyaml Highest Product jar package name yaml Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name SnakeYAML Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product Manifest multi-release true Low Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email public.somov@gmail.com Low Product pom developer id asomov Low Product pom developer id maslovalex Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url https://bitbucket.org/snakeyaml/snakeyaml Medium Version file version 2.3 High Version pom version 2.3 Highest
Related Dependencies ffl-core-database-3.1.0.jar: snakeyaml-2.3.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/snakeyaml-2.3.jar MD5: 2a1c2ee8923dcd6bd6d025751af5df37 SHA1: 936b36210e27320f920536f695cf1af210c44586 SHA256: 63a76fe66b652360bd4c2c107e6f0258daa7d4bb492008ba8c26fcd230ff9146 pkg:maven/org.yaml/snakeyaml@2.3 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-aop-6.2.14.jarMD5: 2b6adef82e05545c58496429d7b75655SHA1: 9928bf6218013fc04292bd2bb37a0099d7582e97SHA256: 8196d9765c73d1cc81d83d40937dbd78763ef0c3f71f0cdade252d0b9db99157
Evidence Type Source Name Value Confidence Vendor file name spring-aop High Vendor hint analyzer vendor pivotal software Highest Vendor jar package name aop Highest Vendor jar package name aop Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.aop Medium Product file name spring-aop High Product jar package name aop Highest Product jar package name aop Low Product Manifest automatic-module-name spring.aop Medium Product Manifest Implementation-Title spring-aop High Version file version 6.2.14 High Version Manifest Implementation-Version 6.2.14 High
Related Dependencies ffl-core-commons-3.1.0-repackaged.jar: spring-beans-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-beans-6.2.14.jar MD5: 7020c5f9527a65f3a36858e306005c90 SHA1: 7c3cc4477ba26f863848111a21e28886cadaccd9 SHA256: a1518e1d6dc56ff9c3b5151fc129739cb6ae57b34269997ae2c8c196c15a7569 ffl-core-commons-3.1.0-repackaged.jar: spring-context-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-context-6.2.14.jar MD5: 8cac17d38cd4ed84feb363b857868579 SHA1: 68022d7abfd427ff31e95cac9b7c1832e92f43d8 SHA256: 05679a271a011c13c5b2b50a5dc26a8face1424e9a6718ec7fbd5e29c9a550b3 ffl-core-commons-3.1.0-repackaged.jar: spring-expression-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-expression-6.2.14.jar MD5: 7928d662fcf287e3c33b46bbe1a66e1a SHA1: 4da9a87ad43d4e95a542b0ee3ed53308c535d7da SHA256: 49a709799f0c5ca912ee845058a2ff82c8d5faf2dd05cd46105cda4ef8e6a6d0 ffl-core-commons-3.1.0-repackaged.jar: spring-jcl-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-jcl-6.2.14.jar MD5: 79a8ff06f7db3d9f22f918d70a06df52 SHA1: 54e46d799759e21a4e32fdb5fe487c0330d4acb4 SHA256: 9b38c795847bdb1f1c714b3eb2052ac063448316ae8bca97148687c56f55fe8e ffl-core-database-3.1.0.jar: spring-aop-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-aop-6.2.14.jar MD5: 2b6adef82e05545c58496429d7b75655 SHA1: 9928bf6218013fc04292bd2bb37a0099d7582e97 SHA256: 8196d9765c73d1cc81d83d40937dbd78763ef0c3f71f0cdade252d0b9db99157 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-boot-3.5.8.jarMD5: 154ecc8a432935cc8f0b1b845d01ff9dSHA1: 449b94d19de085ffb767c7e4b6e888e754a059b5SHA256: d968c32be2f38778ca8e9959b09f1aea93f63e5ecc0373dbe40001040bb3dd63
Evidence Type Source Name Value Confidence Vendor file name spring-boot High Vendor jar package name boot Highest Vendor jar package name boot Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.boot Medium Vendor Manifest build-jdk-spec 17 Low Product file name spring-boot High Product jar package name boot Highest Product jar package name boot Low Product Manifest automatic-module-name spring.boot Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Spring Boot High Version file version 3.5.8 High Version Manifest Implementation-Version 3.5.8 High
Related Dependencies ffl-core-database-3.1.0.jar: spring-boot-3.5.8.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-boot-3.5.8.jar MD5: 154ecc8a432935cc8f0b1b845d01ff9d SHA1: 449b94d19de085ffb767c7e4b6e888e754a059b5 SHA256: d968c32be2f38778ca8e9959b09f1aea93f63e5ecc0373dbe40001040bb3dd63 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-boot-autoconfigure-3.5.8.jarMD5: 9536bb33103c3b7a7b5bee2687982277SHA1: 313f6befb3e1e87b06703c087b6589ce15fd9ef7SHA256: 2fb1592cb9c16835525e46304fd35879cbacc9808656a6ea9635aadbf30261c8
Evidence Type Source Name Value Confidence Vendor file name spring-boot-autoconfigure High Vendor jar package name autoconfigure Highest Vendor jar package name autoconfigure Low Vendor jar package name boot Highest Vendor jar package name boot Low Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.boot.autoconfigure Medium Vendor Manifest build-jdk-spec 17 Low Product file name spring-boot-autoconfigure High Product jar package name autoconfigure Highest Product jar package name autoconfigure Low Product jar package name boot Highest Product jar package name boot Low Product Manifest automatic-module-name spring.boot.autoconfigure Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Spring Boot AutoConfigure High Version file version 3.5.8 High Version Manifest Implementation-Version 3.5.8 High
Related Dependencies ffl-core-database-3.1.0.jar: spring-boot-autoconfigure-3.5.8.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-boot-autoconfigure-3.5.8.jar MD5: 9536bb33103c3b7a7b5bee2687982277 SHA1: 313f6befb3e1e87b06703c087b6589ce15fd9ef7 SHA256: 2fb1592cb9c16835525e46304fd35879cbacc9808656a6ea9635aadbf30261c8 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-boot-jarmode-tools-3.5.8.jarMD5: c9b30c8d7736ee60fff160fd382d0c6aSHA1: 5accac8c0fe2210c9ea0d842093e5cea6cd8e202SHA256: 295eaeaa2359c24af6ca5c34a125a2839b4ea33092236997593abdb56c0186cf
Evidence Type Source Name Value Confidence Vendor file name spring-boot-jarmode-tools High Vendor jar package name boot Highest Vendor jar package name boot Low Vendor jar package name jarmode Highest Vendor jar package name jarmode Low Vendor jar package name springframework Low Vendor jar package name tools Highest Vendor Manifest automatic-module-name spring.boot.jarmode.tools Medium Vendor Manifest build-jdk-spec 17 Low Product file name spring-boot-jarmode-tools High Product jar package name boot Highest Product jar package name boot Low Product jar package name jarmode Highest Product jar package name jarmode Low Product jar package name tools Highest Product jar package name tools Low Product Manifest automatic-module-name spring.boot.jarmode.tools Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Spring Boot Jarmode Tools High Version file version 3.5.8 High Version Manifest Implementation-Version 3.5.8 High
Related Dependencies ffl-core-database-3.1.0.jar: spring-boot-jarmode-tools-3.5.8.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-boot-jarmode-tools-3.5.8.jar MD5: c9b30c8d7736ee60fff160fd382d0c6a SHA1: 5accac8c0fe2210c9ea0d842093e5cea6cd8e202 SHA256: 295eaeaa2359c24af6ca5c34a125a2839b4ea33092236997593abdb56c0186cf File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-core-6.2.14.jarMD5: 4a08c863d7b81a15027de69402fc79d0SHA1: 0f8096a2102dbd9b2e864e19276d36d79efb7f0fSHA256: de0702e72397f1ebb7aa930a9f5ae72ab16c5c7ae40d7f7af65786aa5542f902
Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.core Medium Vendor Manifest multi-release true Low Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product Manifest multi-release true Low Version file version 6.2.14 High Version Manifest Implementation-Version 6.2.14 High
Related Dependencies ffl-core-database-3.1.0.jar: spring-core-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-core-6.2.14.jar MD5: 4a08c863d7b81a15027de69402fc79d0 SHA1: 0f8096a2102dbd9b2e864e19276d36d79efb7f0f SHA256: de0702e72397f1ebb7aa930a9f5ae72ab16c5c7ae40d7f7af65786aa5542f902 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-security-web-6.5.7.jarMD5: 825d3fb3d4ad1b0208f39c07e9a6edf9SHA1: c3c2f32069fae888d1e5281bd7e0e638f7f6dc26SHA256: 1384f07b150de7f5883e90838d256eb01eb54b23082896eccdfe5d02c51bbfdf
Evidence Type Source Name Value Confidence Vendor file name spring-security-web High Vendor hint analyzer vendor pivotal software Highest Vendor jar package name security Highest Vendor jar package name security Low Vendor jar package name springframework Low Vendor jar package name web Highest Vendor jar package name web Low Vendor Manifest automatic-module-name spring.security.web Medium Product file name spring-security-web High Product jar package name security Highest Product jar package name security Low Product jar package name web Highest Product jar package name web Low Product Manifest automatic-module-name spring.security.web Medium Product Manifest Implementation-Title spring-security-web High Version file version 6.5.7 High Version Manifest Implementation-Version 6.5.7 High
Related Dependencies ffl-core-commons-3.1.0-repackaged.jar: spring-security-config-6.5.7.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-security-config-6.5.7.jar MD5: b7660e8d30488729c1f41ef6993a3549 SHA1: 7244c8258b5104712cb0be3847ba3753ff80b66e SHA256: 6ef5e23054862e4c83f943d6c238bcbe606ea474662fa3afa9b9e3b28788200a ffl-core-commons-3.1.0-repackaged.jar: spring-security-core-6.5.7.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-security-core-6.5.7.jar MD5: fa3ae54aa9254786851e83afeb1ecfc6 SHA1: a0c9068ed82f0ddf21231cc7c7dd4bd6b2ef4029 SHA256: df44f29203d329f23ff166f203261ad82eada9ba2bce6a7b9a7bac125a424d0a ffl-core-commons-3.1.0-repackaged.jar: spring-security-crypto-6.5.7.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-security-crypto-6.5.7.jar MD5: bf371e0764b4192c8535f998066c55df SHA1: a8b424b612c8103e7c0a5576e2be30d1ac61f38a SHA256: ff397e817587bebf70fae924e38d4892f9db11c966f58ce533e2bb8fb7d519da ffl-core-database-3.1.0.jar: spring-security-web-6.5.7.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-security-web-6.5.7.jar MD5: 825d3fb3d4ad1b0208f39c07e9a6edf9 SHA1: c3c2f32069fae888d1e5281bd7e0e638f7f6dc26 SHA256: 1384f07b150de7f5883e90838d256eb01eb54b23082896eccdfe5d02c51bbfdf CVE-2018-1258 suppress
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. CWE-863 Incorrect Authorization
CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P References:
af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY,VDB_ENTRY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY,VDB_ENTRY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY,VDB_ENTRY af854a3a-2127-422b-91ae-364da2661108 - VENDOR_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-security-web-6.5.7.jar/org/springframework/security/spring-security-webauthn.jsMD5: d8d90d854a23d021c2e758b3eebce213SHA1: 7814ccd3adc2388f52b2658bf5fc30b457949ab6SHA256: 044a2b8d7e995bff815565678631a2d3a5cc0aa96ef8ac35cfacb579307f77a9
Evidence Type Source Name Value Confidence
Related Dependencies ffl-core-database-3.1.0.jar: spring-security-web-6.5.7.jar: spring-security-webauthn.jsFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-security-web-6.5.7.jar/org/springframework/security/spring-security-webauthn.js MD5: d8d90d854a23d021c2e758b3eebce213 SHA1: 7814ccd3adc2388f52b2658bf5fc30b457949ab6 SHA256: 044a2b8d7e995bff815565678631a2d3a5cc0aa96ef8ac35cfacb579307f77a9 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0-repackaged.jar/BOOT-INF/lib/spring-web-6.2.14.jarMD5: 7a7fceb6abeddd18a572e2b0cea7e6dbSHA1: e2d19ddcef801d93143b6337e62bfd53c1490fbfSHA256: 268d4b21c9b66c11f7266d6fb46883ada4f2018421b4d7bf86964998ca5e0c0e
Evidence Type Source Name Value Confidence Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor jar package name springframework Low Vendor jar package name web Highest Vendor jar package name web Low Vendor Manifest automatic-module-name spring.web Medium Product file name spring-web High Product jar package name web Highest Product jar package name web Low Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Version file version 6.2.14 High Version Manifest Implementation-Version 6.2.14 High
Related Dependencies ffl-core-database-3.1.0.jar: spring-web-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-web-6.2.14.jar MD5: 7a7fceb6abeddd18a572e2b0cea7e6db SHA1: e2d19ddcef801d93143b6337e62bfd53c1490fbf SHA256: 268d4b21c9b66c11f7266d6fb46883ada4f2018421b4d7bf86964998ca5e0c0e Description:
Module contenant le core du back-office File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/ffl-core-commons-3.1.0.jarMD5: c0893f8046e8e05ef403933a37fe149dSHA1: 8f89ea9703a05b3a440171d42a91a1a9036a75e8SHA256: 21b155e321d96bd447abee5936139c5f94e51d0ab4adcbee8b13b4327a792122
Evidence Type Source Name Value Confidence Vendor file name ffl-core-commons High Vendor jar package name commons Highest Vendor jar package name core Highest Vendor jar package name ffl Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 21 Low Vendor pom artifactid ffl-core-commons Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-commons High Product jar package name commons Highest Product jar package name core Highest Product jar package name ffl Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title ffl-core-commons High Product pom artifactid ffl-core-commons Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom version 3.1.0 Highest
Related Dependencies ffl-core-database-3.1.0.jar: ffl-core-commons-3.1.0.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/ffl-core-commons-3.1.0.jar MD5: c0893f8046e8e05ef403933a37fe149d SHA1: 8f89ea9703a05b3a440171d42a91a1a9036a75e8 SHA256: 21b155e321d96bd447abee5936139c5f94e51d0ab4adcbee8b13b4327a792122 pkg:maven/com.sintia.ffl.core/ffl-core-commons@3.1.0 pkg:maven/com.sintia.ffl.core/ffl-core-commons@3.1.0 (Confidence :High) File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-dal/target/ffl-core-dal-3.1.0.jarMD5: 689f9817bd7f42c70453770fc29cdf0fSHA1: f2c67a07cc2fcab0189bf4bcc386a9eab2c9b118SHA256: 5bb082e6663a1a57862e806f5cfefa1d47737895a6b37c9c637878f2ba98f735
Evidence Type Source Name Value Confidence Vendor file name ffl-core-dal High Vendor jar package name core Highest Vendor jar package name dal Highest Vendor jar package name ffl Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 21 Low Vendor pom artifactid ffl-core-dal Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-dal-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-dal High Product jar package name core Highest Product jar package name dal Highest Product jar package name ffl Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title ffl-core-dal High Product pom artifactid ffl-core-dal Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-dal-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom version 3.1.0 Highest
pkg:maven/com.sintia.ffl.core/ffl-core-dal@3.1.0 (Confidence :High) File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jarMD5: d2a7b0d1d16842f59a096ffa439cf957SHA1: 9132d8ba38101cdda3599e178ca48248356bebf3SHA256: 4064e01beec24c430095d5884c6c66479e04f26fd34ffcaa2eae894afea9c39a
Evidence Type Source Name Value Confidence Vendor file name ffl-core-database High Vendor jar package name com Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest spring-boot-classes BOOT-INF/classes/ Low Vendor Manifest spring-boot-classpath-index BOOT-INF/classpath.idx Low Vendor Manifest spring-boot-layers-index BOOT-INF/layers.idx Low Vendor Manifest spring-boot-lib BOOT-INF/lib/ Low Vendor pom artifactid ffl-core-database Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-database-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-database High Product jar package name boot Highest Product jar package name boot-inf Highest Product jar package name classes Highest Product jar package name com Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title ffl-core-database High Product Manifest spring-boot-classes BOOT-INF/classes/ Low Product Manifest spring-boot-classpath-index BOOT-INF/classpath.idx Low Product Manifest spring-boot-layers-index BOOT-INF/layers.idx Low Product Manifest spring-boot-lib BOOT-INF/lib/ Low Product pom artifactid ffl-core-database Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-database-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom version 3.1.0 Highest
pkg:maven/com.sintia.ffl.core/ffl-core-database@3.1.0 (Confidence :High) Description:
Ultimate JDBC Connection Pool License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/HikariCP-6.3.3.jar
MD5: a5c7bb14f24a598a87118c9f73641466
SHA1: 7c5aec1e47a97ff40977e0193018865304ea9585
SHA256: 709f378c05756280939ce50fc1b1f1a53bb8e1899dc1b249f21f12703640b48b
Evidence Type Source Name Value Confidence Vendor file name HikariCP High Vendor jar package name hikari Highest Vendor jar package name pool Highest Vendor jar package name zaxxer Highest Vendor Manifest automatic-module-name com.zaxxer.hikari Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://github.com/brettwooldridge Low Vendor Manifest bundle-symbolicname com.zaxxer.HikariCP Medium Vendor pom artifactid HikariCP Low Vendor pom developer email brett.wooldridge@gmail.com Low Vendor pom developer name Brett Wooldridge Medium Vendor pom groupid com.zaxxer Highest Vendor pom name HikariCP High Vendor pom organization name Zaxxer.com High Vendor pom organization url brettwooldridge Medium Vendor pom url brettwooldridge/HikariCP Highest Product file name HikariCP High Product jar package name hikari Highest Product jar package name pool Highest Product jar package name zaxxer Highest Product Manifest automatic-module-name com.zaxxer.hikari Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://github.com/brettwooldridge Low Product Manifest Bundle-Name HikariCP Medium Product Manifest bundle-symbolicname com.zaxxer.HikariCP Medium Product pom artifactid HikariCP Highest Product pom developer email brett.wooldridge@gmail.com Low Product pom developer name Brett Wooldridge Low Product pom groupid com.zaxxer Highest Product pom name HikariCP High Product pom organization name Zaxxer.com Low Product pom url brettwooldridge High Product pom url brettwooldridge/HikariCP High Version file version 6.3.3 High Version Manifest Bundle-Version 6.3.3 High Version pom version 6.3.3 Highest
pkg:maven/com.zaxxer/HikariCP@6.3.3 (Confidence :High) Description:
Implementation License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/angus-activation-2.0.3.jar
MD5: ad20392145690b36b4f950fe31a31a2a
SHA1: 7f80607ea5014fef0b1779e6c33d63a88a45a563
SHA256: a6bd35c538cf90fff941ad6258c40c08fca0b5c9c3f536c657114f27ce0527a7
Evidence Type Source Name Value Confidence Vendor file name angus-activation High Vendor jar package name activation Highest Vendor jar package name angus Highest Vendor jar package name eclipse Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname angus-activation Medium Vendor Manifest extension-name org.eclipse.angus Medium Vendor Manifest implementation-build-id 2.0.3-RELEASE-6eff4c5 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest provide-capability osgi.serviceloader;osgi.serviceloader="jakarta.activation.spi.MailcapRegistryProvider",osgi.serviceloader;osgi.serviceloader="jakarta.activation.spi.MimeTypeRegistryProvider" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid angus-activation Low Vendor pom groupid org.eclipse.angus Highest Vendor pom name Angus Activation Registries High Vendor pom parent-artifactid angus-activation-project Low Product file name angus-activation High Product jar package name activation Highest Product jar package name angus Highest Product jar package name eclipse Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Angus Activation Registries Medium Product Manifest bundle-symbolicname angus-activation Medium Product Manifest extension-name org.eclipse.angus Medium Product Manifest implementation-build-id 2.0.3-RELEASE-6eff4c5 Low Product Manifest Implementation-Title Angus Activation Registries High Product Manifest provide-capability osgi.serviceloader;osgi.serviceloader="jakarta.activation.spi.MailcapRegistryProvider",osgi.serviceloader;osgi.serviceloader="jakarta.activation.spi.MimeTypeRegistryProvider" Low Product Manifest specification-title Jakarta Activation Specification Medium Product pom artifactid angus-activation Highest Product pom groupid org.eclipse.angus Highest Product pom name Angus Activation Registries High Product pom parent-artifactid angus-activation-project Medium Version file version 2.0.3 High Version Manifest Bundle-Version 2.0.3 High Version pom version 2.0.3 Highest
pkg:maven/org.eclipse.angus/angus-activation@2.0.3 (Confidence :High) cpe:2.3:a:eclipse:jakarta_mail:2.0.3:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
The ANTLR 4 Runtime License:
https://www.antlr.org/license.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/antlr4-runtime-4.13.0.jar
MD5: bff95723c494b332b14575d713a65df4
SHA1: 5a02e48521624faaf5ff4d99afc88b01686af655
SHA256: bd7f7b5d07bc0b047f10915b32ca4bb1de9e57d8049098882e4453c88c076a5d
Evidence Type Source Name Value Confidence Vendor file name antlr4-runtime High Vendor jar package name antlr Highest Vendor jar package name runtime Highest Vendor Manifest automatic-module-name org.antlr.antlr4.runtime Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.antlr.org/ Low Vendor Manifest bundle-symbolicname org.antlr.antlr4-runtime Medium Vendor Manifest Implementation-Vendor ANTLR High Vendor pom artifactid antlr4-runtime Low Vendor pom groupid org.antlr Highest Vendor pom name ANTLR 4 Runtime High Vendor pom parent-artifactid antlr4-master Low Product file name antlr4-runtime High Product jar package name antlr Highest Product jar package name runtime Highest Product Manifest automatic-module-name org.antlr.antlr4.runtime Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.antlr.org/ Low Product Manifest Bundle-Name ANTLR 4 Runtime Medium Product Manifest bundle-symbolicname org.antlr.antlr4-runtime Medium Product Manifest Implementation-Title ANTLR 4 Runtime High Product pom artifactid antlr4-runtime Highest Product pom groupid org.antlr Highest Product pom name ANTLR 4 Runtime High Product pom parent-artifactid antlr4-master Medium Version file version 4.13.0 High Version Manifest Bundle-Version 4.13.0 High Version Manifest Implementation-Version 4.13.0 High Version pom version 4.13.0 Highest
pkg:maven/org.antlr/antlr4-runtime@4.13.0 (Confidence :High) Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/byte-buddy-1.17.8.jar
MD5: ac7292226046cb7206b349e21affecfe
SHA1: af5735f63d00ca47a9375fae5c7471a36331c6ed
SHA256: 2b5ddc8c1f4234bdb7cb45338a8e10a13e0e3ca473e91d5d821d681127ea8ba1
Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.17.8 High Version Manifest Bundle-Version 1.17.8 High Version pom version 1.17.8 Highest
pkg:maven/net.bytebuddy/byte-buddy@1.17.8 (Confidence :High) License:
MIT File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/checker-qual-3.49.5.jar
MD5: a6525c2747603fb3ec22d18c4adc7419
SHA1: f0d119b5a4adb4164e9d6fa9fd3ffa5d0e458963
SHA256: 508c83c62c344f6f7ee28f47b88a8797d6116d043bfd1ca0576c828dd1df2880
Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checker Low Vendor jar package name checkerframework Low Vendor jar package name qual Highest Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Product file name checker-qual High Product jar package name checker Highest Product jar package name checker Low Product jar package name checkerframework Highest Product jar package name qual Highest Product jar package name qual Low Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Version file version 3.49.5 High Version Manifest Implementation-Version 3.49.5 High
Description:
Library for introspecting types with full generic information
including resolving of field and method types.
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/classmate-1.7.1.jar
MD5: e64a0680ebc8facde9b4cc431cbc248c
SHA1: e803194e4362a2c0585087c5f315682897d12f00
SHA256: cc3299e5df4fc24180e69477c890d07d38db79dd2decc0ef20e74a986897c0a1
Evidence Type Source Name Value Confidence Vendor file name classmate High Vendor jar package name classmate Highest Vendor jar package name fasterxml Highest Vendor jar package name types Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Vendor Manifest bundle-symbolicname com.fasterxml.classmate Medium Vendor Manifest Implementation-Vendor fasterxml.com High Vendor Manifest Implementation-Vendor-Id com.fasterxml Medium Vendor Manifest specification-vendor fasterxml.com Low Vendor pom artifactid classmate Low Vendor pom developer email blangel@ocheyedan.net Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id blangel Medium Vendor pom developer id tatu Medium Vendor pom developer name Brian Langel Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid com.fasterxml Highest Vendor pom name ClassMate High Vendor pom organization name fasterxml.com High Vendor pom organization url https://fasterxml.com Medium Vendor pom parent-artifactid oss-parent Low Vendor pom url FasterXML/java-classmate Highest Product file name classmate High Product jar package name classmate Highest Product jar package name fasterxml Highest Product jar package name types Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Product Manifest Bundle-Name ClassMate Medium Product Manifest bundle-symbolicname com.fasterxml.classmate Medium Product Manifest Implementation-Title ClassMate High Product Manifest specification-title ClassMate Medium Product pom artifactid classmate Highest Product pom developer email blangel@ocheyedan.net Low Product pom developer email tatu@fasterxml.com Low Product pom developer id blangel Low Product pom developer id tatu Low Product pom developer name Brian Langel Low Product pom developer name Tatu Saloranta Low Product pom groupid com.fasterxml Highest Product pom name ClassMate High Product pom organization name fasterxml.com Low Product pom organization url https://fasterxml.com Low Product pom parent-artifactid oss-parent Medium Product pom url FasterXML/java-classmate High Version file version 1.7.1 High Version Manifest Bundle-Version 1.7.1 High Version Manifest Implementation-Version 1.7.1 High Version pom parent-version 1.7.1 Low Version pom version 1.7.1 Highest
pkg:maven/com.fasterxml/classmate@1.7.1 (Confidence :High) Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
The code is tested using the latest revision of the JDK for supported
LTS releases: 8, 11, 17 and 21 currently.
See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
Please ensure your build environment is up-to-date and kindly report any build issues.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/commons-lang3-3.17.0.jar
MD5: 7730df72b7fdff4a3a32d89a314f826a
SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
SHA256: 6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
Evidence Type Source Name Value Confidence Vendor file name commons-lang3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang3 Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email lguibert@apache.org Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id lguibert Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Loic Guibert Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Product file name commons-lang3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang3 Highest Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Lang Medium Product pom artifactid commons-lang3 Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email lguibert@apache.org Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id lguibert Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Benedikt Ritter Low Product pom developer name Daniel Rall Low Product pom developer name Duncan Jones Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Loic Guibert Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org SITA ATS Ltd Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.17.0 High Version Manifest Bundle-Version 3.17.0 High Version Manifest Implementation-Version 3.17.0 High Version pom parent-version 3.17.0 Low Version pom version 3.17.0 Highest
CVE-2025-48924 suppress
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue. CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/flyway-core-11.7.2.jarMD5: 4c980ae9d24be75b9522f8f4ed0b60bcSHA1: 2e40f0465ab29c807a38aae56b4e636451a9ff99SHA256: ff01fab3bcfd79e9345df191ecf82cbe1f9f65a757266158bd691564b1c1282c
Evidence Type Source Name Value Confidence Vendor file name flyway-core High Vendor jar package name core Highest Vendor jar package name flyway Highest Vendor jar package name flywaydb Highest Vendor Manifest build-jdk-spec 17 Low Vendor pom artifactid flyway-core Low Vendor pom groupid org.flywaydb Highest Vendor pom parent-artifactid flyway-parent Low Product file name flyway-core High Product jar package name core Highest Product jar package name flyway Highest Product jar package name flywaydb Highest Product Manifest build-jdk-spec 17 Low Product pom artifactid flyway-core Highest Product pom groupid org.flywaydb Highest Product pom parent-artifactid flyway-parent Medium Version file version 11.7.2 High Version pom version 11.7.2 Highest
pkg:maven/org.flywaydb/flyway-core@11.7.2 (Confidence :High) File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/flyway-database-postgresql-11.7.2.jarMD5: 7f4b3e8a8ef177fa1d9e6815cdddfbacSHA1: 6cca0e7f6fdded39ddc302c97d9e12ecc8c9b96aSHA256: 1d586e14ea772c75613df2c27ddc20f5c065e8a32283815338611af82e48f9a2
Evidence Type Source Name Value Confidence Vendor file name flyway-database-postgresql High Vendor jar package name database Highest Vendor jar package name flywaydb Highest Vendor jar package name postgresql Highest Vendor Manifest build-jdk-spec 17 Low Vendor pom artifactid flyway-database-postgresql Low Vendor pom groupid org.flywaydb Highest Vendor pom parent-artifactid flyway-parent Low Product file name flyway-database-postgresql High Product jar package name database Highest Product jar package name flywaydb Highest Product jar package name postgresql Highest Product Manifest build-jdk-spec 17 Low Product pom artifactid flyway-database-postgresql Highest Product pom groupid org.flywaydb Highest Product pom parent-artifactid flyway-parent Medium Version file version 11.7.2 High Version pom version 11.7.2 Highest
pkg:maven/org.flywaydb/flyway-database-postgresql@11.7.2 (Confidence :High) File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/hibernate-commons-annotations-7.0.3.Final.jarMD5: 6698f99235fe6d36c42caaf2e6b52797SHA1: e183c4be8bb41d12e9f19b374e00c34a0a85f439SHA256: 0db2fd57d5e43688ac6ed5cdf36deaf05d84340dcc24c2dd2a2114de38e5175d
Evidence Type Source Name Value Confidence Vendor file name hibernate-commons-annotations High Vendor jar package name annotations Low Vendor jar package name common Low Vendor jar package name hibernate Highest Vendor jar package name hibernate Low Vendor Manifest implementation-url http://hibernate.org Low Vendor Manifest Implementation-Vendor Hibernate.org High Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Product file name hibernate-commons-annotations High Product jar package name annotations Low Product jar package name common Low Product jar package name hibernate Highest Product jar package name reflection Low Product Manifest implementation-url http://hibernate.org Low Version file version 7.0.3 High Version Manifest Implementation-Version 7.0.3.Final High
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/hibernate-core-6.6.9.Final.jarMD5: 670b53c7af3752a2da8222bf10440121SHA1: ebc13d6e7e5d7cf756bd4e1bc0caddc178d10422SHA256: bfcd55203f0c8d2e42f58d8a21d1a94aeb592ccd05ea6f94f9b0feeb1b0d64ab
Evidence Type Source Name Value Confidence Vendor file name hibernate-core High Vendor jar package name hibernate Highest Vendor jar package name hibernate Low Vendor Manifest automatic-module-name org.hibernate.orm.core Medium Vendor Manifest bundle-docurl https://www.hibernate.org/orm/6.6 Low Vendor Manifest bundle-symbolicname org.hibernate.orm.core Medium Vendor Manifest implementation-url https://hibernate.org/orm Low Vendor Manifest Implementation-Vendor Hibernate.org High Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Vendor Manifest specification-vendor Hibernate.org Low Product file name hibernate-core High Product jar package name hibernate Highest Product Manifest automatic-module-name org.hibernate.orm.core Medium Product Manifest bundle-docurl https://www.hibernate.org/orm/6.6 Low Product Manifest Bundle-Name hibernate-core Medium Product Manifest bundle-symbolicname org.hibernate.orm.core Medium Product Manifest Implementation-Title hibernate-core High Product Manifest implementation-url https://hibernate.org/orm Low Product Manifest specification-title hibernate-core Medium Version file version 6.6.9 High Version Manifest Implementation-Version 6.6.9.Final High
Description:
istack common utility code License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/istack-commons-runtime-4.1.2.jar
MD5: 535154ef647af2a52478c4debec93659
SHA1: 18ec117c85f3ba0ac65409136afa8e42bc74e739
SHA256: 7fd6792361f4dd00f8c56af4a20cecc0066deea4a8f3dec38348af23fc2296ee
Evidence Type Source Name Value Confidence Vendor file name istack-commons-runtime High Vendor jar package name istack Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Vendor Manifest implementation-build-id 4.1.2 - 343a28e Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun.istack Medium Vendor pom artifactid istack-commons-runtime Low Vendor pom groupid com.sun.istack Highest Vendor pom name istack common utility code runtime High Vendor pom parent-artifactid istack-commons Low Product file name istack-commons-runtime High Product jar package name istack Highest Product jar package name sun Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name istack common utility code runtime Medium Product Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Product Manifest implementation-build-id 4.1.2 - 343a28e Low Product pom artifactid istack-commons-runtime Highest Product pom groupid com.sun.istack Highest Product pom name istack common utility code runtime High Product pom parent-artifactid istack-commons Medium Version file version 4.1.2 High Version Manifest Bundle-Version 4.1.2 High Version Manifest implementation-build-id 4.1.2 Low Version pom version 4.1.2 Highest
pkg:maven/com.sun.istack/istack-commons-runtime@4.1.2 (Confidence :High) Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jackson-core-2.19.4.jar
MD5: 6957ee67737918a9650f801f1a6d1fe1
SHA1: a720ca9b800742699e041c3890f3731fe516085e
SHA256: 466ae4dc4f7054f51525f4211df411d9a64d65cc169995d32bf49e20e6f586e5
Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name com Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name com Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.19.4 High Version Manifest Bundle-Version 2.19.4 High Version Manifest Implementation-Version 2.19.4 High Version pom version 2.19.4 Highest
Related Dependencies ffl-core-database-3.1.0.jar: jackson-annotations-2.19.4.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jackson-annotations-2.19.4.jar MD5: d676ca7a5c3f6d2d3f2c32c57cfd5a52 SHA1: bbb09b1e7f7f5108890270eb701cb3ddef991c05 SHA256: ab26383fa3c10c0df1ffd1bb035d81161c059b1af71927d73c24473c058baa16 pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.19.4 Description:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jackson-databind-2.19.4.jar
MD5: 11866a41e8db8fc1219fccb98c5ddd38
SHA1: 7a39bf9257b726b90b80f27fa3f5174bc75162a5
SHA256: b781c431be870deb0bf84421e99e774c256a701f4ba678df80248f55cd16ff74
Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.19.4 High Version Manifest Bundle-Version 2.19.4 High Version Manifest Implementation-Version 2.19.4 High Version pom version 2.19.4 Highest
Description:
Support for reading and writing TOML-encoded data via Jackson abstractions.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jackson-dataformat-toml-2.19.4.jar
MD5: e96665285fe22196edbaf71de2f76c41
SHA1: 3ae37bd14e77e15cc272dc5e3aa389563c937d21
SHA256: e6cbf9e55275ed5765b30bc06cf5b1f245047500060de361a01f60ca5a01ccfb
Evidence Type Source Name Value Confidence Vendor file name jackson-dataformat-toml High Vendor jar package name dataformat Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name toml Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformats-text Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-toml Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-dataformat-toml Low Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor pom name Jackson-dataformat-TOML High Vendor pom parent-artifactid jackson-dataformats-text Low Vendor pom url FasterXML/jackson-dataformats-text Highest Product file name jackson-dataformat-toml High Product jar package name dataformat Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name toml Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformats-text Low Product Manifest Bundle-Name Jackson-dataformat-TOML Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-toml Medium Product Manifest Implementation-Title Jackson-dataformat-TOML High Product Manifest multi-release true Low Product Manifest specification-title Jackson-dataformat-TOML Medium Product pom artifactid jackson-dataformat-toml Highest Product pom groupid com.fasterxml.jackson.dataformat Highest Product pom name Jackson-dataformat-TOML High Product pom parent-artifactid jackson-dataformats-text Medium Product pom url FasterXML/jackson-dataformats-text High Version file version 2.19.4 High Version Manifest Bundle-Version 2.19.4 High Version Manifest Implementation-Version 2.19.4 High Version pom version 2.19.4 Highest
Description:
Add-on module to support JSR-310 (Java 8 Date & Time API) data types. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jackson-datatype-jsr310-2.19.4.jar
MD5: b85dc514029abd7235fa0cdd7b2c919d
SHA1: 3cbcf2e636a6b062772299bf19a347536e58c4df
SHA256: 070af4d7c345cf975ff783138050678e6194e5bb88ab489385d0311a5fcb1585
Evidence Type Source Name Value Confidence Vendor file name jackson-datatype-jsr310 High Vendor jar package name datatype Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jsr310 Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.datatype Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-datatype-jsr310 Low Vendor pom developer email nicholas@nicholaswilliams.net Low Vendor pom developer id beamerblvd Medium Vendor pom developer name Nick Williams Medium Vendor pom groupid com.fasterxml.jackson.datatype Highest Vendor pom name Jackson datatype: JSR310 High Vendor pom parent-artifactid jackson-modules-java8 Low Vendor pom parent-groupid com.fasterxml.jackson.module Medium Product file name jackson-datatype-jsr310 High Product jar package name datatype Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jsr310 Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Product Manifest Bundle-Name Jackson datatype: JSR310 Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Product Manifest Implementation-Title Jackson datatype: JSR310 High Product Manifest multi-release true Low Product Manifest specification-title Jackson datatype: JSR310 Medium Product pom artifactid jackson-datatype-jsr310 Highest Product pom developer email nicholas@nicholaswilliams.net Low Product pom developer id beamerblvd Low Product pom developer name Nick Williams Low Product pom groupid com.fasterxml.jackson.datatype Highest Product pom name Jackson datatype: JSR310 High Product pom parent-artifactid jackson-modules-java8 Medium Product pom parent-groupid com.fasterxml.jackson.module Medium Version file version 2.19.4 High Version Manifest Bundle-Version 2.19.4 High Version Manifest Implementation-Version 2.19.4 High Version pom version 2.19.4 Highest
pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.19.4 (Confidence :High) cpe:2.3:a:fasterxml:jackson-modules-java8:2.19.4:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
Specification License:
EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jakarta.activation-api-2.1.4.jar
MD5: bc1602eee7bc61a0b86f14bbbb0cc794
SHA1: 9e5c2a0d75dde71a0bedc4dbdbe47b78a5dc50f8
SHA256: c9db52100ce6c8aac95cc39075f95720d2e561b11f8051b81c121ad4effd7004
Evidence Type Source Name Value Confidence Vendor file name jakarta.activation-api High Vendor jar package name activation Highest Vendor jar package name jakarta Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.activation-api Medium Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest implementation-build-id 3dad341 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.activation-api Low Vendor pom developer email bill.shannon@oracle.com Low Vendor pom developer id shannon Medium Vendor pom developer name Bill Shannon Medium Vendor pom developer org Oracle Medium Vendor pom groupid jakarta.activation Highest Vendor pom name Jakarta Activation API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url jakartaee/jaf-api Highest Vendor pom (hint) developer org sun Medium Product file name jakarta.activation-api High Product jar package name activation Highest Product jar package name jakarta Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Activation API Medium Product Manifest bundle-symbolicname jakarta.activation-api Medium Product Manifest extension-name jakarta.activation Medium Product Manifest implementation-build-id 3dad341 Low Product Manifest Implementation-Title Jakarta Activation API High Product Manifest specification-title Jakarta Activation Specification Medium Product pom artifactid jakarta.activation-api Highest Product pom developer email bill.shannon@oracle.com Low Product pom developer id shannon Low Product pom developer name Bill Shannon Low Product pom developer org Oracle Low Product pom groupid jakarta.activation Highest Product pom name Jakarta Activation API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url jakartaee/jaf-api High Version file version 2.1.4 High Version Manifest Bundle-Version 2.1.4 High Version pom parent-version 2.1.4 Low Version pom version 2.1.4 Highest
pkg:maven/jakarta.activation/jakarta.activation-api@2.1.4 (Confidence :High) Description:
Jakarta Dependency Injection License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jakarta.inject-api-2.0.1.jar
MD5: 72003bf6efcc8455d414bbd7da86c11c
SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
SHA256: f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c
Evidence Type Source Name Value Confidence Vendor file name jakarta.inject-api High Vendor jar package name inject Highest Vendor jar package name jakarta Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.inject.jakarta.inject-api Medium Vendor pom artifactid jakarta.inject-api Low Vendor pom developer email asd[at]redhat[dot]com Low Vendor pom developer email manovotn[at]redhat[dot]com Low Vendor pom developer email mkouba[at]redhat[dot]com Low Vendor pom developer email tremes[at]redhat[dot]com Low Vendor pom developer id asabotdu Medium Vendor pom developer id manovotn Medium Vendor pom developer id mkouba Medium Vendor pom developer id tremes Medium Vendor pom developer name Antoine Sabot-Durand Medium Vendor pom developer name Martin Kouba Medium Vendor pom developer name Matej Novotny Medium Vendor pom developer name Tomas Remes Medium Vendor pom developer org Red Hat Inc. Medium Vendor pom groupid jakarta.inject Highest Vendor pom name Jakarta Dependency Injection High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url eclipse-ee4j/injection-api Highest Product file name jakarta.inject-api High Product jar package name inject Highest Product jar package name jakarta Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Dependency Injection Medium Product Manifest bundle-symbolicname jakarta.inject.jakarta.inject-api Medium Product pom artifactid jakarta.inject-api Highest Product pom developer email asd[at]redhat[dot]com Low Product pom developer email manovotn[at]redhat[dot]com Low Product pom developer email mkouba[at]redhat[dot]com Low Product pom developer email tremes[at]redhat[dot]com Low Product pom developer id asabotdu Low Product pom developer id manovotn Low Product pom developer id mkouba Low Product pom developer id tremes Low Product pom developer name Antoine Sabot-Durand Low Product pom developer name Martin Kouba Low Product pom developer name Matej Novotny Low Product pom developer name Tomas Remes Low Product pom developer org Red Hat Inc. Low Product pom groupid jakarta.inject Highest Product pom name Jakarta Dependency Injection High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url eclipse-ee4j/injection-api High Version file version 2.0.1 High Version Manifest Bundle-Version 2.0.1 High Version pom parent-version 2.0.1 Low Version pom version 2.0.1 Highest
pkg:maven/jakarta.inject/jakarta.inject-api@2.0.1 (Confidence :High) Description:
Jakarta Persistence 3.1 API jar License:
Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jakarta.persistence-api-3.1.0.jar
MD5: 35a1b7dfb38cf44ff795be607b0e6b5b
SHA1: 66901fa1c373c6aff65c13791cc11da72060a8d6
SHA256: 475389446d35c6f46c565728b756dc508c284644ea2690644e0d8e7e339d42fd
Evidence Type Source Name Value Confidence Vendor file name jakarta.persistence-api High Vendor jar package name jakarta Highest Vendor jar package name persistence Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.persistence-api Medium Vendor Manifest extension-name jakarta.persistence Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.persistence-api Low Vendor pom developer id lukasj Medium Vendor pom developer name Lukas Jungmann Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid jakarta.persistence Highest Vendor pom name Jakarta Persistence API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url eclipse-ee4j/jpa-api Highest Product file name jakarta.persistence-api High Product jar package name jakarta Highest Product jar package name persistence Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Persistence API jar Medium Product Manifest bundle-symbolicname jakarta.persistence-api Medium Product Manifest extension-name jakarta.persistence Medium Product pom artifactid jakarta.persistence-api Highest Product pom developer id lukasj Low Product pom developer name Lukas Jungmann Low Product pom developer org Oracle, Inc. Low Product pom groupid jakarta.persistence Highest Product pom name Jakarta Persistence API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url eclipse-ee4j/jpa-api High Version file version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom parent-version 3.1.0 Low Version pom version 3.1.0 Highest
pkg:maven/jakarta.persistence/jakarta.persistence-api@3.1.0 (Confidence :High) Description:
Jakarta Transactions License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jakarta.transaction-api-2.0.1.jar
MD5: 5315974a3935e342b40849478e1c9966
SHA1: 51a520e3fae406abb84e2e1148e6746ce3f80a1a
SHA256: 50c0a7c760c13ae6c042acf182b28f0047413db95b4636fb8879bcffab5ba875
Evidence Type Source Name Value Confidence Vendor file name jakarta.transaction-api High Vendor jar package name jakarta Highest Vendor jar package name transaction Highest Vendor Manifest automatic-module-name jakarta.transaction Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://github.com/eclipse-ee4j Low Vendor Manifest bundle-symbolicname jakarta.transaction-api Medium Vendor Manifest extension-name jakarta.transaction Medium Vendor Manifest Implementation-Vendor EE4J Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jakarta.transaction-api Low Vendor pom developer id stephen_felts Medium Vendor pom developer name Stephen Felts Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid jakarta.transaction Highest Vendor pom name API High Vendor pom organization name EE4J Community High Vendor pom organization url eclipse-ee4j Medium Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.jta Highest Product file name jakarta.transaction-api High Product jar package name jakarta Highest Product jar package name transaction Highest Product Manifest automatic-module-name jakarta.transaction Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://github.com/eclipse-ee4j Low Product Manifest Bundle-Name jakarta.transaction API Medium Product Manifest bundle-symbolicname jakarta.transaction-api Medium Product Manifest extension-name jakarta.transaction Medium Product pom artifactid jakarta.transaction-api Highest Product pom developer id stephen_felts Low Product pom developer name Stephen Felts Low Product pom developer org Oracle, Inc. Low Product pom groupid jakarta.transaction Highest Product pom name API High Product pom organization name EE4J Community Low Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url eclipse-ee4j High Product pom url https://projects.eclipse.org/projects/ee4j.jta Medium Version file version 2.0.1 High Version Manifest Bundle-Version 2.0.1 High Version Manifest Implementation-Version 2.0.1 High Version pom parent-version 2.0.1 Low Version pom version 2.0.1 Highest
pkg:maven/jakarta.transaction/jakarta.transaction-api@2.0.1 (Confidence :High) cpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
Jakarta XML Binding API 4.0 Design Specification License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jakarta.xml.bind-api-4.0.4.jar
MD5: 6dd465a232e545193ab8ab77cc4fbdb9
SHA1: d6d2327f3817d9a33a3b6b8f2e15a96bc2e7afdc
SHA256: c507ca69a8c6dd11bf4afeec9e0d412c4fa3933fffb0a84680ea5727e8472124
Evidence Type Source Name Value Confidence Vendor file name jakarta.xml.bind-api High Vendor jar package name bind Highest Vendor jar package name jakarta Highest Vendor jar package name xml Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.xml.bind-api Medium Vendor Manifest extension-name jakarta.xml.bind Medium Vendor Manifest implementation-build-id 1df980a Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.xml.bind-api Low Vendor pom groupid jakarta.xml.bind Highest Vendor pom name Jakarta XML Binding API High Vendor pom parent-artifactid jakarta.xml.bind-api-parent Low Product file name jakarta.xml.bind-api High Product jar package name bind Highest Product jar package name jakarta Highest Product jar package name xml Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta XML Binding API Medium Product Manifest bundle-symbolicname jakarta.xml.bind-api Medium Product Manifest extension-name jakarta.xml.bind Medium Product Manifest implementation-build-id 1df980a Low Product pom artifactid jakarta.xml.bind-api Highest Product pom groupid jakarta.xml.bind Highest Product pom name Jakarta XML Binding API High Product pom parent-artifactid jakarta.xml.bind-api-parent Medium Version file version 4.0.4 High Version Manifest Bundle-Version 4.0.4 High Version Manifest Implementation-Version 4.0.4 High Version pom version 4.0.4 Highest
pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.4 (Confidence :High) Description:
SmallRye Build Parent POM License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jandex-3.2.0.jar
MD5: 703254a1bd4c37efeebdc0a283c65565
SHA1: f17ad860f62a08487b9edabde608f8ac55c62fa7
SHA256: 6da3e9ce8d0c0a433f3e7ce610a3c66accb00c71fee67aa0ff3e5a841395ac15
Evidence Type Source Name Value Confidence Vendor file name jandex High Vendor jar package name jandex Highest Vendor jar package name jboss Highest Vendor Manifest automatic-module-name org.jboss.jandex Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-symbolicname io.smallrye.jandex Medium Vendor Manifest multi-release true Low Vendor pom artifactid jandex Low Vendor pom groupid io.smallrye Highest Vendor pom name Jandex: Core High Vendor pom parent-artifactid jandex-parent Low Product file name jandex High Product jar package name jandex Highest Product jar package name jboss Highest Product Manifest automatic-module-name org.jboss.jandex Medium Product Manifest build-jdk-spec 17 Low Product Manifest Bundle-Name Jandex: Core Medium Product Manifest bundle-symbolicname io.smallrye.jandex Medium Product Manifest multi-release true Low Product pom artifactid jandex Highest Product pom groupid io.smallrye Highest Product pom name Jandex: Core High Product pom parent-artifactid jandex-parent Medium Version file version 3.2.0 High Version Manifest Bundle-Version 3.2.0 High Version pom version 3.2.0 Highest
pkg:maven/io.smallrye/jandex@3.2.0 (Confidence :High) Description:
JAXB Core module. Contains sources required by XJC, JXC and Runtime modules. License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jaxb-core-4.0.6.jar
MD5: e36c915cf47342b4fe31ffba3407b928
SHA1: 8e61282303777fc98a00cc3affd0560d68748a75
SHA256: ebbd274207b4860d0dc6e2d44d6dbdb5945cede01222d2e50661d45f5d46c0f7
Evidence Type Source Name Value Confidence Vendor file name jaxb-core High Vendor jar package name core Highest Vendor jar package name glassfish Highest Vendor jar package name jaxb Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname org.glassfish.jaxb.core Medium Vendor Manifest git-revision 0dcfdf5 Low Vendor Manifest implementation-build-id 4.0.6 - 0dcfdf5 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish.jaxb Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jaxb-core Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name JAXB Core High Vendor pom parent-artifactid jaxb-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor pom url https://eclipse-ee4j.github.io/jaxb-ri/ Highest Product file name jaxb-core High Product jar package name core Highest Product jar package name glassfish Highest Product jar package name jaxb Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name JAXB Core Medium Product Manifest bundle-symbolicname org.glassfish.jaxb.core Medium Product Manifest git-revision 0dcfdf5 Low Product Manifest implementation-build-id 4.0.6 - 0dcfdf5 Low Product Manifest Implementation-Title Eclipse Implementation of JAXB High Product Manifest specification-title Jakarta XML Binding Medium Product pom artifactid jaxb-core Highest Product pom groupid org.glassfish.jaxb Highest Product pom name JAXB Core High Product pom parent-artifactid jaxb-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Product pom url https://eclipse-ee4j.github.io/jaxb-ri/ Medium Version file version 4.0.6 High Version Manifest build-version 4.0.6 Medium Version Manifest Bundle-Version 4.0.6 High Version Manifest implementation-build-id 4.0.6 Low Version pom version 4.0.6 Highest
pkg:maven/org.glassfish.jaxb/jaxb-core@4.0.6 (Confidence :High) Description:
JAXB (JSR 222) Reference Implementation License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jaxb-runtime-4.0.6.jar
MD5: 0e600d639f3a09ddd6fa91623a12b634
SHA1: fb95ebb62564657b2fedfe165b859789ef3a8711
SHA256: 1c0d57f8c25f9605d5a2f7ad0a87581893776ac85b00b101b2651258edaa9118
Evidence Type Source Name Value Confidence Vendor file name jaxb-runtime High Vendor jar package name glassfish Highest Vendor jar package name jaxb Highest Vendor jar package name runtime Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname org.glassfish.jaxb.runtime Medium Vendor Manifest git-revision 0dcfdf5 Low Vendor Manifest implementation-build-id 4.0.6 - 0dcfdf5 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish.jaxb Medium Vendor Manifest provide-capability osgi.serviceloader;osgi.serviceloader="jakarta.xml.bind.JAXBContextFactory" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jaxb-runtime Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name JAXB Runtime High Vendor pom parent-artifactid jaxb-runtime-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor pom url https://eclipse-ee4j.github.io/jaxb-ri/ Highest Product file name jaxb-runtime High Product jar package name glassfish Highest Product jar package name jaxb Highest Product jar package name runtime Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name JAXB Runtime Medium Product Manifest bundle-symbolicname org.glassfish.jaxb.runtime Medium Product Manifest git-revision 0dcfdf5 Low Product Manifest implementation-build-id 4.0.6 - 0dcfdf5 Low Product Manifest Implementation-Title Eclipse Implementation of JAXB High Product Manifest provide-capability osgi.serviceloader;osgi.serviceloader="jakarta.xml.bind.JAXBContextFactory" Low Product Manifest specification-title Jakarta XML Binding Medium Product pom artifactid jaxb-runtime Highest Product pom groupid org.glassfish.jaxb Highest Product pom name JAXB Runtime High Product pom parent-artifactid jaxb-runtime-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Product pom url https://eclipse-ee4j.github.io/jaxb-ri/ Medium Version file version 4.0.6 High Version Manifest build-version 4.0.6 Medium Version Manifest Bundle-Version 4.0.6 High Version Manifest implementation-build-id 4.0.6 Low Version pom version 4.0.6 Highest
pkg:maven/org.glassfish.jaxb/jaxb-runtime@4.0.6 (Confidence :High) Description:
The JBoss Logging Framework License:
Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/jboss-logging-3.6.1.Final.jar
MD5: acab989faf62db02c092448e95614fab
SHA1: 886afbb445b4016a37c8960a7aef6ebd769ce7e5
SHA256: 5e08a4b092dc85b337f0910a740571d8720cfa565fabd880a8caf94a657ca416
Evidence Type Source Name Value Confidence Vendor file name jboss-logging High Vendor hint analyzer vendor redhat Highest Vendor jar package name jboss Highest Vendor jar package name logging Highest Vendor Manifest automatic-module-name org.jboss.logging Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jboss-logging Low Vendor pom groupid org.jboss.logging Highest Vendor pom name JBoss Logging 3 High Vendor pom parent-artifactid logging-parent Low Vendor pom url http://www.jboss.org Highest Product file name jboss-logging High Product jar package name jboss Highest Product jar package name logging Highest Product Manifest automatic-module-name org.jboss.logging Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest Implementation-Title JBoss Logging 3 High Product Manifest implementation-url http://www.jboss.org Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title JBoss Logging 3 Medium Product pom artifactid jboss-logging Highest Product pom groupid org.jboss.logging Highest Product pom name JBoss Logging 3 High Product pom parent-artifactid logging-parent Medium Product pom url http://www.jboss.org Medium Version Manifest Bundle-Version 3.6.1.Final High Version Manifest Implementation-Version 3.6.1.Final High Version pom parent-version 3.6.1.Final Low Version pom version 3.6.1.Final Highest
pkg:maven/org.jboss.logging/jboss-logging@3.6.1.Final (Confidence :High) Description:
Java JDBC driver for PostgreSQL database License:
BSD-2-Clause File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/postgresql-42.7.8.jar
MD5: d5626352279a40e69e863fcff564e2f1
SHA1: 81b840fbfe0a6c0b7aa14c6bd4856108d36ed780
SHA256: 2a32a9dcbc42d67a50ad3a0de5efd102c8d2be46720045f2cbd6689f160ab7c7
Evidence Type Source Name Value Confidence Vendor file name postgresql High Vendor jar package name jdbc Highest Vendor jar package name postgresql Highest Vendor jar package name postgresql Low Vendor Manifest automatic-module-name org.postgresql.jdbc Medium Vendor Manifest bundle-copyright Copyright (c) 2003-2024, PostgreSQL Global Development Group Low Vendor Manifest bundle-docurl https://jdbc.postgresql.org/ Low Vendor Manifest bundle-symbolicname org.postgresql.jdbc Medium Vendor Manifest Implementation-Vendor PostgreSQL Global Development Group High Vendor Manifest Implementation-Vendor-Id org.postgresql Medium Vendor Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Vendor Manifest specification-vendor Oracle Corporation Low Product file name postgresql High Product hint analyzer product pgjdbc Highest Product hint analyzer product postgresql_jdbc_driver Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name osgi Highest Product jar package name postgresql Highest Product Manifest automatic-module-name org.postgresql.jdbc Medium Product Manifest bundle-copyright Copyright (c) 2003-2024, PostgreSQL Global Development Group Low Product Manifest bundle-docurl https://jdbc.postgresql.org/ Low Product Manifest Bundle-Name PostgreSQL JDBC Driver Medium Product Manifest bundle-symbolicname org.postgresql.jdbc Medium Product Manifest Implementation-Title PostgreSQL JDBC Driver High Product Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Product Manifest specification-title JDBC Medium Version file version 42.7.8 High Version Manifest Implementation-Version 42.7.8 High
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-tx-6.2.14.jarMD5: 1e43ed3dc8ae9ed51eb350cb6dcebdc2SHA1: e3caac879827b6d3d1d594b101f5e26938b723eaSHA256: a6f754fba28d6210d5e32fc2d9ba73722bae64defa84eddc68da89bdcb021fb0
Evidence Type Source Name Value Confidence Vendor file name spring-tx High Vendor hint analyzer vendor pivotal software Highest Vendor jar package name springframework Low Vendor jar package name transaction Low Vendor Manifest automatic-module-name spring.tx Medium Product file name spring-tx High Product jar package name transaction Low Product Manifest automatic-module-name spring.tx Medium Product Manifest Implementation-Title spring-tx High Version file version 6.2.14 High Version Manifest Implementation-Version 6.2.14 High
Related Dependencies ffl-core-database-3.1.0.jar: spring-beans-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-beans-6.2.14.jar MD5: 7020c5f9527a65f3a36858e306005c90 SHA1: 7c3cc4477ba26f863848111a21e28886cadaccd9 SHA256: a1518e1d6dc56ff9c3b5151fc129739cb6ae57b34269997ae2c8c196c15a7569 ffl-core-database-3.1.0.jar: spring-context-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-context-6.2.14.jar MD5: 8cac17d38cd4ed84feb363b857868579 SHA1: 68022d7abfd427ff31e95cac9b7c1832e92f43d8 SHA256: 05679a271a011c13c5b2b50a5dc26a8face1424e9a6718ec7fbd5e29c9a550b3 ffl-core-database-3.1.0.jar: spring-expression-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-expression-6.2.14.jar MD5: 7928d662fcf287e3c33b46bbe1a66e1a SHA1: 4da9a87ad43d4e95a542b0ee3ed53308c535d7da SHA256: 49a709799f0c5ca912ee845058a2ff82c8d5faf2dd05cd46105cda4ef8e6a6d0 ffl-core-database-3.1.0.jar: spring-jcl-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-jcl-6.2.14.jar MD5: 79a8ff06f7db3d9f22f918d70a06df52 SHA1: 54e46d799759e21a4e32fdb5fe487c0330d4acb4 SHA256: 9b38c795847bdb1f1c714b3eb2052ac063448316ae8bca97148687c56f55fe8e ffl-core-database-3.1.0.jar: spring-jdbc-6.2.14.jarFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/spring-jdbc-6.2.14.jar MD5: d677489e62591f05957746c73770a2d9 SHA1: a092e8ba010f467ba09a6908fddc7e23afc504a0 SHA256: cb97d60427aeec486ee6465c98817a16de7634dfdee2497c9a0c2cba7f44100c Description:
TXW is a library that allows you to write XML documents.
File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-database/target/ffl-core-database-3.1.0.jar/BOOT-INF/lib/txw2-4.0.6.jarMD5: 0bf7070aee3bb53640d2ea6441e059fbSHA1: 4f4cd53b5ff9a2c5aa1211f15ed2569c57dfb044SHA256: fcc749785412ef3806fde1ce70f93ef5a0065dcc47fe449bc871db0795cb11af
Evidence Type Source Name Value Confidence Vendor file name txw2 High Vendor jar package name sun Highest Vendor jar package name txw Highest Vendor jar package name txw2 Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest git-revision 0dcfdf5 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.eclipse Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid txw2 Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name TXW2 Runtime High Vendor pom parent-artifactid jaxb-txw-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor pom url https://eclipse-ee4j.github.io/jaxb-ri/ Highest Product file name txw2 High Product jar package name sun Highest Product jar package name txw Highest Product jar package name txw2 Highest Product jar package name xml Highest Product Manifest git-revision 0dcfdf5 Low Product Manifest Implementation-Title Eclipse Implementation of JAXB High Product Manifest specification-title Jakarta XML Binding Medium Product pom artifactid txw2 Highest Product pom groupid org.glassfish.jaxb Highest Product pom name TXW2 Runtime High Product pom parent-artifactid jaxb-txw-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Product pom url https://eclipse-ee4j.github.io/jaxb-ri/ Medium Version file version 4.0.6 High Version Manifest build-version 4.0.6 Medium Version pom version 4.0.6 Highest
pkg:maven/org.glassfish.jaxb/txw2@4.0.6 (Confidence :High) File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-services/target/ffl-core-services-3.1.0.jarMD5: 9f2c28f8cca966acc9394fe3f9f321b8SHA1: c5ab37ee78e1927be1c0688a467beb61a5405c82SHA256: 01cadde1cf6746295370394cee876c42cbeb657e9c6e18c926b2dced3d9020dd
Evidence Type Source Name Value Confidence Vendor file name ffl-core-services High Vendor jar package name core Highest Vendor jar package name ffl Highest Vendor jar package name services Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 21 Low Vendor pom artifactid ffl-core-services Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-services-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-services High Product jar package name core Highest Product jar package name ffl Highest Product jar package name services Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title ffl-core-services High Product pom artifactid ffl-core-services Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-services-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom version 3.1.0 Highest
pkg:maven/com.sintia.ffl.core/ffl-core-services@3.1.0 (Confidence :High) File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-sia/target/ffl-core-sia-3.1.0.jarMD5: 086707dd04ed899f5f58adbcfc366f99SHA1: ca26b87ef89e1055d7098b3687e03a9fe6a3d3a4SHA256: b9fa2b350eb5fd4c727b0e77e45c14c432bddde106db977a9ced3c8753a8bf10
Evidence Type Source Name Value Confidence Vendor file name ffl-core-sia High Vendor jar package name core Highest Vendor jar package name ffl Highest Vendor jar package name sia Highest Vendor jar package name sintia Highest Vendor Manifest build-jdk-spec 21 Low Vendor pom artifactid ffl-core-sia Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-sia-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-core-sia High Product jar package name core Highest Product jar package name ffl Highest Product jar package name sia Highest Product jar package name sintia Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title ffl-core-sia High Product pom artifactid ffl-core-sia Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-sia-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom version 3.1.0 Highest
pkg:maven/com.sintia.ffl.core/ffl-core-sia@3.1.0 (Confidence :High) Description:
Module d'outillage de test File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-test/target/ffl-test-3.1.0.jarMD5: ba3f189e22ad7b520f59b8cb477d786dSHA1: b1c8621260f0122a53a235b6aa4c708b20d00854SHA256: 49312485c6c57a41cd42130f37166cf402e0c76afa187e185161f7d629a90a0a
Evidence Type Source Name Value Confidence Vendor file name ffl-test High Vendor jar package name ffl Highest Vendor jar package name sintia Highest Vendor jar package name test Highest Vendor Manifest build-jdk-spec 21 Low Vendor pom artifactid ffl-test Low Vendor pom groupid com.sintia.ffl.core Highest Vendor pom parent-artifactid ffl-parent Low Vendor pom parent-groupid com.sintia.ffl Medium Product file name ffl-test High Product jar package name ffl Highest Product jar package name sintia Highest Product jar package name test Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title ffl-test High Product pom artifactid ffl-test Highest Product pom groupid com.sintia.ffl.core Highest Product pom parent-artifactid ffl-parent Medium Product pom parent-groupid com.sintia.ffl Medium Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom version 3.1.0 Highest
pkg:maven/com.sintia.ffl.core/ffl-test@3.1.0 (Confidence :High) File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-api/target/site/jacoco/jacoco-resources/prettify.jsMD5: 4b337aaa3c606cfc1a6ff1986db2c8cbSHA1: 290093755739da933c180ae7e7ebf283724dad1dSHA256: 743c6c4cab9499cd0bfe18a5a62281eccce843f47ec75eedb32eeb29c755aa68
Evidence Type Source Name Value Confidence
Related Dependencies prettify.jsFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/site/jacoco/jacoco-resources/prettify.js MD5: 4b337aaa3c606cfc1a6ff1986db2c8cb SHA1: 290093755739da933c180ae7e7ebf283724dad1d SHA256: 743c6c4cab9499cd0bfe18a5a62281eccce843f47ec75eedb32eeb29c755aa68 prettify.jsFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-dal/target/site/jacoco/jacoco-resources/prettify.js MD5: 4b337aaa3c606cfc1a6ff1986db2c8cb SHA1: 290093755739da933c180ae7e7ebf283724dad1d SHA256: 743c6c4cab9499cd0bfe18a5a62281eccce843f47ec75eedb32eeb29c755aa68 prettify.jsFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-services/target/site/jacoco/jacoco-resources/prettify.js MD5: 4b337aaa3c606cfc1a6ff1986db2c8cb SHA1: 290093755739da933c180ae7e7ebf283724dad1d SHA256: 743c6c4cab9499cd0bfe18a5a62281eccce843f47ec75eedb32eeb29c755aa68 prettify.jsFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-sia/target/site/jacoco/jacoco-resources/prettify.js MD5: 4b337aaa3c606cfc1a6ff1986db2c8cb SHA1: 290093755739da933c180ae7e7ebf283724dad1d SHA256: 743c6c4cab9499cd0bfe18a5a62281eccce843f47ec75eedb32eeb29c755aa68 File Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-api/target/site/jacoco/jacoco-resources/sort.jsMD5: af6dc76a8d5e0653f66eb57f2757327dSHA1: 03380a84c61514f773a503de39d517e1bb2d72bbSHA256: 64407e72c5097000e41f9da4ac9a04131b8ec9479ca8987a5f5d5f2ad6383043
Evidence Type Source Name Value Confidence
Related Dependencies sort.jsFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-commons/target/site/jacoco/jacoco-resources/sort.js MD5: af6dc76a8d5e0653f66eb57f2757327d SHA1: 03380a84c61514f773a503de39d517e1bb2d72bb SHA256: 64407e72c5097000e41f9da4ac9a04131b8ec9479ca8987a5f5d5f2ad6383043 sort.jsFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-dal/target/site/jacoco/jacoco-resources/sort.js MD5: af6dc76a8d5e0653f66eb57f2757327d SHA1: 03380a84c61514f773a503de39d517e1bb2d72bb SHA256: 64407e72c5097000e41f9da4ac9a04131b8ec9479ca8987a5f5d5f2ad6383043 sort.jsFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-services/target/site/jacoco/jacoco-resources/sort.js MD5: af6dc76a8d5e0653f66eb57f2757327d SHA1: 03380a84c61514f773a503de39d517e1bb2d72bb SHA256: 64407e72c5097000e41f9da4ac9a04131b8ec9479ca8987a5f5d5f2ad6383043 sort.jsFile Path: /home/azureuser/dependency-check/projects/ffl-core/ffl-core/ffl-core-sia/target/site/jacoco/jacoco-resources/sort.js MD5: af6dc76a8d5e0653f66eb57f2757327d SHA1: 03380a84c61514f773a503de39d517e1bb2d72bb SHA256: 64407e72c5097000e41f9da4ac9a04131b8ec9479ca8987a5f5d5f2ad6383043