Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 6.1.6Report Generated On : Wed, 9 Jun 2021 16:03:40 -0700Dependencies Scanned : 162 (154 unique)Vulnerable Dependencies : 12 Vulnerabilities Found : 56Vulnerabilities Suppressed : 0... NVD CVE Checked : 2021-06-09T12:40:34NVD CVE Modified : 2021-06-09T11:00:01VersionCheckOn : 2021-06-09T12:40:34Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies animal-sniffer-annotations-1.14.jarFile Path: /root/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.14/animal-sniffer-annotations-1.14.jarMD5: 9d42e46845c874f1710a9f6a741f6c14SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5SHA256: 2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid animal-sniffer-annotations Low Vendor jar package name codehaus Highest Vendor jar package name mojo Low Vendor pom parent-groupid org.codehaus.mojo Medium Vendor file name animal-sniffer-annotations High Vendor pom name Animal Sniffer Annotations High Vendor jar package name animal_sniffer Low Vendor jar package name mojo Highest Vendor pom parent-artifactid animal-sniffer-parent Low Vendor jar package name codehaus Low Vendor pom groupid org.codehaus.mojo Highest Vendor pom groupid codehaus.mojo Highest Product pom artifactid animal-sniffer-annotations Highest Product pom parent-artifactid animal-sniffer-parent Medium Product jar package name codehaus Highest Product jar package name mojo Highest Product jar package name mojo Low Product jar package name ignorejrerequirement Low Product pom parent-groupid org.codehaus.mojo Medium Product file name animal-sniffer-annotations High Product pom name Animal Sniffer Annotations High Product jar package name animal_sniffer Low Product pom groupid codehaus.mojo Highest Version file version 1.14 High Version pom version 1.14 Highest
aopalliance-repackaged-2.4.0-b34.jarDescription:
Dependency Injection Kernel License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.4.0-b34/aopalliance-repackaged-2.4.0-b34.jar
MD5: 57983543b3574e117d6f03ceff5f238c
SHA1: 3d5e856dbc91a3a2b0bcb3a3424f8b62421ae4cf
SHA256: 5d3cb0cece722c7ba8ab987b931053cdbcb0cb12ad5c8c8a7691eb6f7e60a64b
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name aopalliance-repackaged High Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Vendor jar package name aopalliance Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom artifactid aopalliance-repackaged Low Vendor pom name aopalliance version ${aopalliance.version} repackaged as a module High Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom groupid glassfish.hk2.external Highest Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor pom parent-artifactid external Low Product file name aopalliance-repackaged High Product Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Product pom parent-artifactid external Medium Product jar package name aopalliance Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name aopalliance version 1.0 repackaged as a module Medium Product pom name aopalliance version ${aopalliance.version} repackaged as a module High Product pom artifactid aopalliance-repackaged Highest Product pom groupid glassfish.hk2.external Highest Product pom parent-groupid org.glassfish.hk2 Medium Version pom version 2.4.0-b34 Highest
bluesky-1.0.10.jarFile Path: /root/.m2/repository/org/primefaces/themes/bluesky/1.0.10/bluesky-1.0.10.jarMD5: eb5d8614955e174053e73de15d9a1baeSHA1: ff53db9a87d1b3611b830b48fca1d4e3fbf791abSHA256: 91eb23b541da6b635e891ba743521587ea73925b43a9abb432ef99bb6cb4d5a9Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.primefaces.themes Medium Vendor pom name PrimeFaces Bluesky Theme High Vendor pom groupid primefaces.themes Highest Vendor pom parent-artifactid themes-project Low Vendor file name bluesky High Vendor pom artifactid bluesky Low Vendor pom groupid org.primefaces.themes Highest Product pom parent-groupid org.primefaces.themes Medium Product pom artifactid bluesky Highest Product pom parent-artifactid themes-project Medium Product pom name PrimeFaces Bluesky Theme High Product pom groupid primefaces.themes Highest Product file name bluesky High Version pom version 1.0.10 Highest Version file version 1.0.10 High
common.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/common.jsMD5: 5580ab664925436cc5735c9989b1a40aSHA1: 596078b11c577e6adb988893293edb1ea7b373ecSHA256: e20e55b0812f1bcc973ed945049711cac2976b22fd4c095fb58d63f78f4fc3ebReferenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
commons-codec-1.9.jarDescription:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/commons-codec/commons-codec/1.9/commons-codec-1.9.jar
MD5: 75615356605c8128013da9e3ac62a249
SHA1: 9ce04e34240f674bc72680f8b843b1457383161a
SHA256: ad19d2601c3abf0b946b5c3a4113e226a8c1e3305e395b90013b78dd94a723ce
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Vendor Manifest implementation-build tags/1.9-RC1@r1552874; 2013-12-20 22:56:50-0500 Low Vendor pom parent-artifactid commons-parent Low Vendor jar package name encoder Highest Vendor jar package name codec Highest Vendor pom name Apache Commons Codec High Vendor pom groupid commons-codec Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium Vendor pom artifactid commons-codec Low Vendor file name commons-codec High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor jar package name commons Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.commons Medium Product Manifest specification-title Apache Commons Codec Medium Product pom parent-artifactid commons-parent Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest implementation-build tags/1.9-RC1@r1552874; 2013-12-20 22:56:50-0500 Low Product pom url http://commons.apache.org/proper/commons-codec/ Medium Product jar package name encoder Highest Product jar package name codec Highest Product pom artifactid commons-codec Highest Product pom name Apache Commons Codec High Product Manifest Implementation-Title Apache Commons Codec High Product pom groupid commons-codec Highest Product jar package name apache Highest Product Manifest bundle-symbolicname org.apache.commons.codec Medium Product file name commons-codec High Product jar package name commons Highest Product pom parent-groupid org.apache.commons Medium Version file version 1.9 High Version pom version 1.9 Highest Version pom parent-version 1.9 Low Version Manifest Implementation-Version 1.9 High
commons-lang3-3.3.2.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
SHA256: 6b81d10754dadf184d386011486e6509c2cc0c3d33565ced4fb4402b9413d47d
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.commons Highest Vendor pom parent-artifactid commons-parent Low Vendor pom groupid apache.commons Highest Vendor pom name Apache Commons Lang High Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor file name commons-lang3 High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor jar package name lang3 Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor jar package name commons Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-build tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200 Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom artifactid commons-lang3 Low Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product pom parent-artifactid commons-parent Medium Product Manifest Implementation-Title Apache Commons Lang High Product pom groupid apache.commons Highest Product pom name Apache Commons Lang High Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product file name commons-lang3 High Product jar package name apache Highest Product jar package name lang3 Highest Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest specification-title Apache Commons Lang Medium Product pom artifactid commons-lang3 Highest Product jar package name commons Highest Product Manifest implementation-build tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200 Low Product pom parent-groupid org.apache.commons Medium Version pom parent-version 3.3.2 Low Version pom version 3.3.2 Highest Version Manifest Bundle-Version 3.3.2 High Version Manifest Implementation-Version 3.3.2 High Version file version 3.3.2 High
commons-math3-3.4.1.jarDescription:
The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/apache/commons/commons-math3/3.4.1/commons-math3-3.4.1.jar
MD5: 14a218d0ee57907dd2c7ef944b6c0afd
SHA1: 3ac44a8664228384bc68437264cf7c4cf112f579
SHA256: d1075b14a71087038b0bfd198f0f7dd8e49b5b3529d8e2eba99e7d9eb8565e4b
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.commons Highest Vendor pom parent-artifactid commons-parent Low Vendor pom name Apache Commons Math High Vendor jar package name math3 Highest Vendor pom groupid apache.commons Highest Vendor pom artifactid commons-math3 Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-math/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor pom url http://commons.apache.org/proper/commons-math/ Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor jar package name commons Highest Vendor Manifest implementation-build ef6e0f882819e7c5230aece1610297e67775cca2; 2015-01-08 18:19:01+0100 Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.commons Medium Vendor file name commons-math3 High Vendor Manifest bundle-symbolicname org.apache.commons.math3 Medium Product pom parent-artifactid commons-parent Medium Product pom artifactid commons-math3 Highest Product pom name Apache Commons Math High Product jar package name math3 Highest Product pom groupid apache.commons Highest Product pom url http://commons.apache.org/proper/commons-math/ Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-math/ Low Product jar package name apache Highest Product Manifest Bundle-Name Apache Commons Math Medium Product Manifest specification-title Apache Commons Math Medium Product jar package name commons Highest Product Manifest implementation-build ef6e0f882819e7c5230aece1610297e67775cca2; 2015-01-08 18:19:01+0100 Low Product Manifest Implementation-Title Apache Commons Math High Product pom parent-groupid org.apache.commons Medium Product file name commons-math3 High Product Manifest bundle-symbolicname org.apache.commons.math3 Medium Version Manifest Implementation-Version 3.4.1 High Version Manifest Bundle-Version 3.4.1 High Version file version 3.4.1 High Version pom version 3.4.1 Highest Version pom parent-version 3.4.1 Low
concurrent-trees-2.4.0.jarDescription:
Concurrent Radix Trees and Concurrent Suffix Trees for Java. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/googlecode/concurrent-trees/concurrent-trees/2.4.0/concurrent-trees-2.4.0.jar
MD5: 19ce4b51b0fda34eb8eec583dad142ca
SHA1: 2e505b78f9216abebbbdf1c3254bf9f4c565ae43
SHA256: d8dd983b207e86f580ba2105747cb271f8b90f24b89c7447493d9125a472dc5d
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid googlecode.concurrent-trees Highest Vendor file name concurrent-trees High Vendor pom groupid com.googlecode.concurrent-trees Highest Vendor jar package name googlecode Low Vendor jar package name concurrenttrees Low Vendor jar package name radix Highest Vendor pom artifactid concurrent-trees Low Vendor jar package name radix Low Vendor pom url http://code.google.com/p/concurrent-trees/ Highest Vendor pom name Concurrent-Trees High Vendor jar package name suffix Highest Vendor jar package name googlecode Highest Product pom artifactid concurrent-trees Highest Product pom groupid googlecode.concurrent-trees Highest Product jar package name radix Low Product pom name Concurrent-Trees High Product file name concurrent-trees High Product pom url http://code.google.com/p/concurrent-trees/ Medium Product jar package name suffix Highest Product jar package name concurrenttrees Low Product jar package name googlecode Highest Product jar package name radix Highest Version file version 2.4.0 High Version pom version 2.4.0 Highest
dagre-d3.min.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/dagre-d3.min.jsMD5: 74a58f5d4e64bf05bc912ad569a72006SHA1: d062f5970bcea6631093aa1f71ad79a4d98936b1SHA256: a18c7ef7b67c2ca3115398c4cbb1891307a089f8f0fef5b96abb7bda49c7fa9aReferenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
dom4j-1.6.1.jarDescription:
dom4j: the flexible XML framework for Java File Path: /root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jarMD5: 4d8f51d3fe3900efc6e395be48030d6dSHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94SHA256: 593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor MetaStuff Ltd. High Vendor pom organization url http://sourceforge.net/projects/dom4j Medium Vendor pom groupid dom4j Highest Vendor Manifest extension-name dom4j Medium Vendor file name dom4j High Vendor pom artifactid dom4j Low Vendor Manifest specification-vendor MetaStuff Ltd. Low Vendor pom url http://dom4j.org Highest Vendor pom organization name MetaStuff Ltd. High Vendor pom name dom4j High Vendor jar package name dom4j Highest Product pom groupid dom4j Highest Product Manifest extension-name dom4j Medium Product file name dom4j High Product pom name dom4j High Product pom artifactid dom4j Highest Product pom organization name MetaStuff Ltd. Low Product jar package name dom4j Highest Product Manifest specification-title dom4j : XML framework for Java Medium Product pom organization url http://sourceforge.net/projects/dom4j Low Product pom url http://dom4j.org Medium Product Manifest Implementation-Title org.dom4j High Version file version 1.6.1 High Version Manifest Implementation-Version 1.6.1 High Version pom version 1.6.1 Highest
enrichment.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/enrichment.jsMD5: 3503c43603043655484d686c4cc40e5aSHA1: 37cfd052341bfbee7c1f5a7731f6e9604a10ae6aSHA256: 56ef5930f53ef64f3f87408aec6ccbdddcbf67951641d2aed90452570211f6c6Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
error_prone_annotations-2.0.18.jarFile Path: /root/.m2/repository/com/google/errorprone/error_prone_annotations/2.0.18/error_prone_annotations-2.0.18.jarMD5: 98051758c08c9b7111b3268655069432SHA1: 5f65affce1684999e2f4024983835efc3504012eSHA256: cb4cfad870bf563a07199f3ebea5763f0dec440fcda0b318640b1feaa788656bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name google Highest Vendor jar package name errorprone Highest Vendor pom parent-artifactid error_prone_parent Low Vendor pom groupid com.google.errorprone Highest Vendor jar package name google Low Vendor pom artifactid error_prone_annotations Low Vendor jar package name errorprone Low Vendor pom parent-groupid com.google.errorprone Medium Vendor jar package name annotations Highest Vendor pom groupid google.errorprone Highest Vendor file name error_prone_annotations High Vendor pom name error-prone annotations High Vendor jar package name annotations Low Product jar package name google Highest Product jar package name errorprone Highest Product pom parent-artifactid error_prone_parent Medium Product jar package name errorprone Low Product pom parent-groupid com.google.errorprone Medium Product jar package name annotations Highest Product pom groupid google.errorprone Highest Product file name error_prone_annotations High Product pom artifactid error_prone_annotations Highest Product pom name error-prone annotations High Product jar package name annotations Low Version file version 2.0.18 High Version pom version 2.0.18 Highest
genes.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/genes.jsMD5: f1fd12c00a68a69bfe052a6aa5e2495cSHA1: d402ec5253e116b854c4f3ccc50bb6594609a15dSHA256: 2b5aa409522b4263e3e2648147703557d1181732876af73976785de738ebea79Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
gograph.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/gograph.jsMD5: 9fba9676fb15e4061a5a40588598db31SHA1: 04610a3f51c35911910cf809fdb4590428e0783dSHA256: 564578287ac1698d4d22ce2948de4c9585739d328bf855c17d3b378a5ac33093Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
gson-2.2.4.jarDescription:
Google Gson library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/code/gson/gson/2.2.4/gson-2.2.4.jar
MD5: 2f54fc24807a4cad7297012dd8cebf3d
SHA1: a60a5e993c98c864010053cb901b7eab25306568
SHA256: c0328cd07ca9e363a5acd00c1cf4afe8cf554bd6d373834981ba05cebec687fb
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom name Gson High Vendor jar package name google Highest Vendor pom artifactid gson Low Vendor jar package name gson Highest Vendor pom organization name Google, Inc. High Vendor file name gson High Vendor pom organization url http://www.google.com Medium Vendor pom url http://code.google.com/p/google-gson/ Highest Vendor pom groupid com.google.code.gson Highest Vendor pom groupid google.code.gson Highest Vendor Manifest bundle-symbolicname com.google.gson Medium Vendor Manifest bundle-contactaddress http://code.google.com/p/google-gson/ Low Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom name Gson High Product jar package name google Highest Product pom url http://code.google.com/p/google-gson/ Medium Product Manifest Bundle-Name Gson Medium Product jar package name gson Highest Product file name gson High Product pom organization name Google, Inc. Low Product pom groupid google.code.gson Highest Product pom organization url http://www.google.com Low Product pom artifactid gson Highest Product Manifest bundle-symbolicname com.google.gson Medium Product Manifest bundle-contactaddress http://code.google.com/p/google-gson/ Low Version file version 2.2.4 High Version pom version 2.2.4 Highest Version Manifest Bundle-Version 2.2.4 High
guava-23.0.jarDescription:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/guava/guava/23.0/guava-23.0.jar
MD5: 7d7838b57e04ae0164714c56ac9e20d9
SHA1: c947004bb13d18182be60077ade044099e4f26f1
SHA256: 7baa80df284117e5b945b19b98d367a85ea7b7801bd358ff657946c3bd1b6596
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name guava High Vendor pom parent-artifactid guava-parent Low Vendor pom groupid com.google.guava Highest Vendor jar package name google Highest Vendor pom groupid google.guava Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid guava Low Vendor pom name Guava: Google Core Libraries for Java High Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Product file name guava High Product jar package name google Highest Product pom groupid google.guava Highest Product pom parent-artifactid guava-parent Medium Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom artifactid guava Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom name Guava: Google Core Libraries for Java High Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Product Manifest bundle-docurl https://github.com/google/guava/ Low Version file version 23.0 High Version pom version 23.0 Highest
Published Vulnerabilities CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion MISC - https://www.oracle.com/security-alerts/cpujan2021.html MISC - https://www.oracle.com/security-alerts/cpujul2020.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities MLIST - [samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes MLIST - [storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] Deserialization of Untrusted Data REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
hk2-api-2.4.0-b34.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/hk2-api/2.4.0-b34/hk2-api-2.4.0-b34.jar
MD5: 2972849752ed511bd069812ba2b29d2d
SHA1: 1017432e219dbd1d4a1121b2d7e87c5b2f0bcfb9
SHA256: 6eb071aaea327015ac3da18d5066c364c1a39978f4b6f94644158675ca5b9ced
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.glassfish.hk2 Highest Vendor pom parent-artifactid hk2-parent Low Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor file name hk2-api High Vendor jar package name api Highest Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor pom name HK2 API module High Vendor pom artifactid hk2-api Low Vendor pom groupid glassfish.hk2 Highest Vendor Manifest bundle-symbolicname org.glassfish.hk2.api Medium Product Manifest bundle-docurl http://www.oracle.com Low Product pom parent-artifactid hk2-parent Medium Product file name hk2-api High Product jar package name api Highest Product Manifest Bundle-Name HK2 API module Medium Product pom artifactid hk2-api Highest Product pom parent-groupid org.glassfish.hk2 Medium Product jar package name glassfish Highest Product jar package name hk2 Highest Product pom name HK2 API module High Product pom groupid glassfish.hk2 Highest Product Manifest bundle-symbolicname org.glassfish.hk2.api Medium Version pom version 2.4.0-b34 Highest
hk2-locator-2.4.0-b34.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/hk2-locator/2.4.0-b34/hk2-locator-2.4.0-b34.jar
MD5: 09eda1a8dd33d465ec7bac9536f3eaf7
SHA1: 1451fc3e5b7f00d7a5ca0feaff2c1bf68be5ac91
SHA256: ea47ebf7ed56ef751055710cfad36840bcc36383cf387c4a963b41447c066f8f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name hk2-locator High Vendor pom groupid org.glassfish.hk2 Highest Vendor pom parent-artifactid hk2-parent Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom groupid glassfish.hk2 Highest Vendor pom name ServiceLocator Default Implementation High Vendor pom artifactid hk2-locator Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name hk2-locator High Product Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product pom parent-artifactid hk2-parent Medium Product pom artifactid hk2-locator Highest Product Manifest Bundle-Name ServiceLocator Default Implementation Medium Product pom groupid glassfish.hk2 Highest Product pom name ServiceLocator Default Implementation High Product pom parent-groupid org.glassfish.hk2 Medium Version pom version 2.4.0-b34 Highest
hk2-utils-2.4.0-b34.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
MD5: f0c9e9df24ad2c2feb1f950b82146245
SHA1: aacce18411fffef9621d8fc91464ca0477119c38
SHA256: 70211b1f918819bf6afbf69d3d19d4ae6e2a75d6e26f6c39ba9f20eb8e5612d7
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.glassfish.hk2 Highest Vendor pom parent-artifactid hk2-parent Low Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom name HK2 Implementation Utilities High Vendor Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor pom artifactid hk2-utils Low Vendor jar package name glassfish Highest Vendor Manifest originally-created-by Apache Maven Low Vendor jar package name hk2 Highest Vendor pom groupid glassfish.hk2 Highest Vendor Manifest service foo Low Vendor file name hk2-utils High Vendor jar package name utilities Highest Product pom artifactid hk2-utils Highest Product Manifest Bundle-Name HK2 Implementation Utilities Medium Product Manifest bundle-docurl http://www.oracle.com Low Product pom parent-artifactid hk2-parent Medium Product pom name HK2 Implementation Utilities High Product Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Product pom parent-groupid org.glassfish.hk2 Medium Product jar package name glassfish Highest Product Manifest originally-created-by Apache Maven Low Product jar package name hk2 Highest Product pom groupid glassfish.hk2 Highest Product Manifest service foo Low Product file name hk2-utils High Product jar package name utilities Highest Version pom version 2.4.0-b34 Highest
hk2-utils-2.4.0-b34.jar (shaded: org.jvnet:tiger-types:1.4)File Path: /root/.m2/repository/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar/META-INF/maven/org.jvnet/tiger-types/pom.xmlMD5: 51329dba505e7cc4a9bc2719cf195be0SHA1: 5855a7ee03b816073c2b448bce93319bd71f7029SHA256: 58794aca99cadb3aab687b56fd6d84871956590323dd0ea5d611db759e78c6b9Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name Type arithmetic library for Java5 High Vendor pom parent-artifactid jvnet-parent Low Vendor pom artifactid tiger-types Low Vendor pom groupid jvnet Highest Vendor pom parent-groupid net.java Medium Product pom artifactid tiger-types Highest Product pom name Type arithmetic library for Java5 High Product pom parent-artifactid jvnet-parent Medium Product pom groupid jvnet Highest Product pom parent-groupid net.java Medium Version pom version 1.4 Highest Version pom parent-version 1.4 Low
itextpdf-5.5.6.jarDescription:
iText, a free Java-PDF library License:
GNU Affero General Public License v3: http://www.fsf.org/licensing/licenses/agpl-3.0.html File Path: /root/.m2/repository/com/itextpdf/itextpdf/5.5.6/itextpdf-5.5.6.jar
MD5: ce105599cd1ae696a04d14dd8f9de5a7
SHA1: 19448fdba5df68602aed364b86fd14d89c07a66e
SHA256: f15196c3c6b6c2db33425b6b3c7fd1aa8dd92d3862cb411b005a4b65e4677fde
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name itextpdf High Vendor Manifest implementation-build ${buildNumber} Low Vendor Manifest bundle-symbolicname com.itextpdf Medium Vendor pom parent-groupid com.itextpdf Medium Vendor pom artifactid itextpdf Low Vendor jar package name pdf Highest Vendor pom groupid itextpdf Highest Vendor pom name iText, a Free Java-PDF library High Vendor pom groupid com.itextpdf Highest Vendor jar package name itextpdf Highest Vendor Manifest Implementation-Vendor-Id com.itextpdf Medium Vendor pom parent-artifactid itext-parent Low Vendor pom url http://itextpdf.com Highest Product pom artifactid itextpdf Highest Product pom parent-artifactid itext-parent Medium Product file name itextpdf High Product Manifest Implementation-Title iText, a Free Java-PDF library High Product Manifest implementation-build ${buildNumber} Low Product Manifest bundle-symbolicname com.itextpdf Medium Product Manifest Bundle-Name iText, a Free Java-PDF library Medium Product pom parent-groupid com.itextpdf Medium Product jar package name pdf Highest Product pom groupid itextpdf Highest Product pom name iText, a Free Java-PDF library High Product jar package name itextpdf Highest Product pom url http://itextpdf.com Medium Version file version 5.5.6 High Version pom parent-version 5.5.6 Low Version Manifest Implementation-Version 5.5.6 High Version pom version 5.5.6 Highest Version Manifest Bundle-Version 5.5.6 High
Published Vulnerabilities CVE-2017-9096 suppress
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
j2objc-annotations-1.1.jarDescription:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
SHA256: 2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name j2objc-annotations High Vendor jar package name google Highest Vendor jar package name j2objc Highest Vendor pom groupid com.google.j2objc Highest Vendor pom groupid google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor jar package name google Low Vendor jar package name j2objc Low Vendor pom artifactid j2objc-annotations Low Vendor pom url google/j2objc/ Highest Vendor jar package name annotations Highest Vendor jar package name annotations Low Product file name j2objc-annotations High Product pom name J2ObjC Annotations High Product jar package name google Highest Product jar package name j2objc Highest Product pom url google/j2objc/ High Product jar package name j2objc Low Product jar package name annotations Highest Product pom artifactid j2objc-annotations Highest Product pom groupid google.j2objc Highest Product jar package name annotations Low Version file version 1.1 High Version pom version 1.1 Highest
jackson-core-2.5.4.jarDescription:
Core Jackson abstractions, basic JSON streaming API implementation
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.5.4/jackson-core-2.5.4.jar
MD5: 7a3aa950d37e75199d30426a467ddf83
SHA1: 0a57a2df1a23ca1ee32f129173ba7f5feaa9ac24
SHA256: 6ac2781bfe152f3e03e1f45ffb06b6bf03821d806eaa2e290747da35611e3b98
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor pom name Jackson-core High Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom parent-artifactid jackson-parent Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor jar package name json Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor pom artifactid jackson-core Low Vendor jar package name jackson Highest Vendor Manifest implementation-build-date 2015-06-09 18:27:20-0700 Low Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor FasterXML High Vendor jar package name core Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor pom url FasterXML/jackson Highest Vendor file name jackson-core High Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest specification-title Jackson-core Medium Product pom name Jackson-core High Product hint analyzer product modules Highest Product pom parent-groupid com.fasterxml.jackson Medium Product pom parent-artifactid jackson-parent Medium Product hint analyzer product java8 Highest Product pom url FasterXML/jackson High Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product jar package name json Highest Product Manifest Implementation-Title Jackson-core High Product jar package name jackson Highest Product Manifest implementation-build-date 2015-06-09 18:27:20-0700 Low Product pom artifactid jackson-core Highest Product jar package name version Highest Product jar package name core Highest Product Manifest Bundle-Name Jackson-core Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid fasterxml.jackson.core Highest Product jar package name fasterxml Highest Product file name jackson-core High Version file version 2.5.4 High Version pom version 2.5.4 Highest Version Manifest Implementation-Version 2.5.4 High Version pom parent-version 2.5.4 Low Version Manifest Bundle-Version 2.5.4 High
Related Dependencies jackson-annotations-2.5.4.jarFile Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.5.4/jackson-annotations-2.5.4.jar MD5: 4baa03b04938a4df8f68f2b795e05a06 SHA1: 7a93b60f5d2d43024f34e15893552ee6defdb971 SHA256: c72cbde953a68e8a8a6e9c538a8d1de83c98b9ea575d2b9a2b7d60639c212628 pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.5.4 Published Vulnerabilities CVE-2018-1000873 suppress
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
jackson-databind-2.5.4.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.5.4/jackson-databind-2.5.4.jar
MD5: a6c0a282905c8f5c4a80a36c75526485
SHA1: 5dfa42af84584b4a862ea488da84bbbebbb06c35
SHA256: 338b9aa87b8b17d33026defdbd8d9c1ec498bf355e8b949381f303ea23c261ac
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom parent-artifactid jackson-parent Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor pom artifactid jackson-databind Low Vendor Manifest implementation-build-date 2015-06-09 18:43:01-0700 Low Vendor pom name jackson-databind High Vendor jar package name jackson Highest Vendor jar package name databind Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor FasterXML High Vendor pom url http://github.com/FasterXML/jackson Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Product file name jackson-databind High Product Manifest Implementation-Title jackson-databind High Product hint analyzer product modules Highest Product pom parent-groupid com.fasterxml.jackson Medium Product pom parent-artifactid jackson-parent Medium Product pom url http://github.com/FasterXML/jackson Medium Product pom artifactid jackson-databind Highest Product hint analyzer product java8 Highest Product Manifest implementation-build-date 2015-06-09 18:43:01-0700 Low Product Manifest specification-title jackson-databind Medium Product pom name jackson-databind High Product jar package name jackson Highest Product jar package name databind Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Bundle-Name jackson-databind Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid fasterxml.jackson.core Highest Product jar package name fasterxml Highest Version file version 2.5.4 High Version pom version 2.5.4 Highest Version Manifest Implementation-Version 2.5.4 High Version pom parent-version 2.5.4 Low Version Manifest Bundle-Version 2.5.4 High
Published Vulnerabilities CVE-2017-15095 (OSSINDEX) suppress
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2017-17485 (OSSINDEX) suppress
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2017-7525 (OSSINDEX) suppress
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2018-1000873 suppress
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-11307 (OSSINDEX) suppress
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2018-14718 (OSSINDEX) suppress
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2018-5968 (OSSINDEX) suppress
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2018-7489 suppress
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete Blacklist
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-14540 (OSSINDEX) suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2019-14893 (OSSINDEX) suppress
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2019-16335 (OSSINDEX) suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2019-16942 (OSSINDEX) suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2019-16943 (OSSINDEX) suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2019-17267 (OSSINDEX) suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2019-17531 (OSSINDEX) suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2019-20330 (OSSINDEX) suppress
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* CVE-2020-35490 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-35491 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (OSSINDEX) suppress
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv3:
Base Score: MEDIUM (5.4) Vector: CVSS:/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:* jackson-jaxrs-base-2.5.4.jarDescription:
Pile of code that is shared by all Jackson-based JAX-RS
providers.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.5.4/jackson-jaxrs-base-2.5.4.jar
MD5: dbd31df138ce1d8a266e0c9ce594e270
SHA1: 8af261181ae4fb16ccce5e116fa25bc3143785b8
SHA256: 7f635fb13230210e3af5db6b0108c3bcd903404714c383a640aaa2d19af15b3f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://wiki.fasterxml.com/JacksonHome/jackson-jaxrs-base Low Vendor file name jackson-jaxrs-base High Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Vendor pom parent-artifactid jackson-jaxrs-providers Low Vendor jar package name jackson Highest Vendor jar package name base Highest Vendor pom parent-groupid com.fasterxml.jackson.jaxrs Medium Vendor pom name Jackson-JAXRS-base High Vendor Manifest implementation-build-date 2015-06-09 22:22:50-0700 Low Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor FasterXML High Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor pom artifactid jackson-jaxrs-base Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name fasterxml Highest Vendor jar package name jaxrs Highest Vendor pom groupid fasterxml.jackson.jaxrs Highest Product Manifest Implementation-Title Jackson-JAXRS-base High Product Manifest bundle-docurl http://wiki.fasterxml.com/JacksonHome/jackson-jaxrs-base Low Product file name jackson-jaxrs-base High Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Product pom parent-artifactid jackson-jaxrs-providers Medium Product Manifest specification-title Jackson-JAXRS-base Medium Product jar package name jackson Highest Product jar package name base Highest Product Manifest Bundle-Name Jackson-JAXRS-base Medium Product pom parent-groupid com.fasterxml.jackson.jaxrs Medium Product pom name Jackson-JAXRS-base High Product Manifest implementation-build-date 2015-06-09 22:22:50-0700 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name fasterxml Highest Product pom artifactid jackson-jaxrs-base Highest Product jar package name jaxrs Highest Product pom groupid fasterxml.jackson.jaxrs Highest Version file version 2.5.4 High Version pom version 2.5.4 Highest Version Manifest Implementation-Version 2.5.4 High Version Manifest Bundle-Version 2.5.4 High
jackson-jaxrs-json-provider-2.5.4.jarDescription:
Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.5.4/jackson-jaxrs-json-provider-2.5.4.jar
MD5: c41c05af8a1e131429f70e5faa4e5cbf
SHA1: 1c32a260754c3b13adcea6cc92259a78137751b6
SHA256: 7517191a5a9af8ede688367964584b411c145b568d869376e4bbeda2eba1f31b
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name jackson-jaxrs-json-provider High Vendor Manifest bundle-docurl http://wiki.fasterxml.com/JacksonHome/jackson-jaxrs-json-provider Low Vendor pom artifactid jackson-jaxrs-json-provider Low Vendor jar package name json Highest Vendor pom parent-artifactid jackson-jaxrs-providers Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Vendor pom name Jackson-JAXRS-JSON High Vendor jar package name jackson Highest Vendor pom parent-groupid com.fasterxml.jackson.jaxrs Medium Vendor Manifest implementation-build-date 2015-06-09 22:22:50-0700 Low Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor FasterXML High Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name fasterxml Highest Vendor jar package name jaxrs Highest Vendor pom groupid fasterxml.jackson.jaxrs Highest Product file name jackson-jaxrs-json-provider High Product Manifest bundle-docurl http://wiki.fasterxml.com/JacksonHome/jackson-jaxrs-json-provider Low Product Manifest Implementation-Title Jackson-JAXRS-JSON High Product jar package name json Highest Product pom parent-artifactid jackson-jaxrs-providers Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Product Manifest specification-title Jackson-JAXRS-JSON Medium Product pom name Jackson-JAXRS-JSON High Product jar package name jackson Highest Product pom parent-groupid com.fasterxml.jackson.jaxrs Medium Product Manifest implementation-build-date 2015-06-09 22:22:50-0700 Low Product pom artifactid jackson-jaxrs-json-provider Highest Product Manifest Bundle-Name Jackson-JAXRS-JSON Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name fasterxml Highest Product jar package name jaxrs Highest Product pom groupid fasterxml.jackson.jaxrs Highest Version file version 2.5.4 High Version pom version 2.5.4 Highest Version Manifest Implementation-Version 2.5.4 High Version Manifest Bundle-Version 2.5.4 High
jackson-module-jaxb-annotations-2.5.4.jarDescription:
Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring data binding.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.5.4/jackson-module-jaxb-annotations-2.5.4.jar
MD5: 0a3d56856384aa9a3c57fddcd4e17513
SHA1: 52c516db26a89b726a1351f7f24347c640204343
SHA256: 069b97144bd8424c2c035bd15ce2e35beb85489e6f0604b5776f79cfd448057d
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom parent-artifactid jackson-parent Low Vendor jar package name jaxb Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.module Medium Vendor Manifest bundle-docurl http://wiki.fasterxml.com/JacksonJAXBAnnotations Low Vendor pom groupid com.fasterxml.jackson.module Highest Vendor pom artifactid jackson-module-jaxb-annotations Low Vendor jar package name module Highest Vendor jar package name jackson Highest Vendor Manifest implementation-build-date 2015-06-09 22:10:46-0700 Low Vendor pom name Jackson-module-JAXB-annotations High Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name fasterxml Highest Vendor pom groupid fasterxml.jackson.module Highest Vendor pom url http://wiki.fasterxml.com/JacksonJAXBAnnotations Highest Vendor file name jackson-module-jaxb-annotations High Vendor Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom parent-artifactid jackson-parent Medium Product pom artifactid jackson-module-jaxb-annotations Highest Product jar package name jaxb Highest Product Manifest bundle-docurl http://wiki.fasterxml.com/JacksonJAXBAnnotations Low Product Manifest specification-title Jackson-module-JAXB-annotations Medium Product jar package name module Highest Product jar package name jackson Highest Product Manifest implementation-build-date 2015-06-09 22:10:46-0700 Low Product pom name Jackson-module-JAXB-annotations High Product Manifest Bundle-Name Jackson-module-JAXB-annotations Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom url http://wiki.fasterxml.com/JacksonJAXBAnnotations Medium Product jar package name fasterxml Highest Product Manifest Implementation-Title Jackson-module-JAXB-annotations High Product pom groupid fasterxml.jackson.module Highest Product file name jackson-module-jaxb-annotations High Product Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Version file version 2.5.4 High Version pom version 2.5.4 Highest Version Manifest Implementation-Version 2.5.4 High Version pom parent-version 2.5.4 Low Version Manifest Bundle-Version 2.5.4 High
javassist-3.18.1-GA.jarDescription:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /root/.m2/repository/org/javassist/javassist/3.18.1-GA/javassist-3.18.1-GA.jar
MD5: 5bb83868c87334320562af7eded65cc2
SHA1: d9a09f7732226af26bf99f19e2cffe0ae219db5b
SHA256: 3fb71231afd098bb0f93f5eb97aa8291c8d0556379125e596f92ec8f944c6162
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom url http://www.javassist.org/ Highest Vendor jar package name javassist Highest Vendor pom groupid javassist Highest Vendor Manifest bundle-symbolicname javassist Medium Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor jar package name bytecode Highest Vendor file name javassist High Vendor pom artifactid javassist Low Vendor pom groupid org.javassist Highest Vendor pom name Javassist High Product Manifest Bundle-Name Javassist Medium Product jar package name javassist Highest Product pom groupid javassist Highest Product jar package name bytecode Highest Product Manifest bundle-symbolicname javassist Medium Product Manifest specification-title Javassist Medium Product file name javassist High Product pom url http://www.javassist.org/ Medium Product pom name Javassist High Product pom artifactid javassist Highest Version pom version 3.18.1-GA Highest
javax.annotation-api-1.2.jarDescription:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256: 5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name annotation Highest Vendor pom organization url https://glassfish.java.net Medium Vendor pom artifactid javax.annotation-api Low Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom groupid javax.annotation Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor pom name ${extension.name} API High Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor pom organization name GlassFish Community High Vendor file name javax.annotation-api High Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest extension-name javax.annotation Medium Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom parent-groupid net.java Medium Product pom organization name GlassFish Community Low Product jar package name annotation Highest Product pom organization url https://glassfish.java.net Low Product pom groupid javax.annotation Highest Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Product pom artifactid javax.annotation-api Highest Product Manifest Bundle-Name javax.annotation API Medium Product jar package name javax Highest Product Manifest bundle-docurl https://glassfish.java.net Low Product pom name ${extension.name} API High Product Manifest bundle-symbolicname javax.annotation-api Medium Product file name javax.annotation-api High Product Manifest extension-name javax.annotation Medium Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Version pom version 1.2 Highest Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version file version 1.2 High Version pom parent-version 1.2 Low
javax.faces-2.3.3.jarDescription:
This is the master POM file for Oracle's Implementation of the JSF 2.3 Specification.
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) plus GPL
: http://glassfish.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar
MD5: 963f70ee469f8034d3010cf3f6123cfc
SHA1: 3a95587c0c94f9d6d3a971ee6d2f3608e737f8de
SHA256: 02cb44439458455e7f3f86d1f2c755c51a9859c9e3d9048de50411cefa1fe06e
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name javax.faces High Vendor Manifest docname Mojarra Implementation Javadoc Medium Vendor jar package name faces Highest Vendor Manifest Implementation-Vendor Oracle America, Inc. High Vendor pom groupid glassfish Highest Vendor pom groupid org.glassfish Highest Vendor pom name
Oracle's implementation of the JSF 2.3 specification.
High Vendor jar (hint) package name oracle Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid javax.faces Low Vendor pom organization name Oracle America, Inc High Vendor pom organization url http://www.oracle.com/ Medium Vendor pom url http://jsf.java.net/ Highest Vendor jar package name javax Highest Vendor Manifest extension-name javax.faces Medium Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor jar package name sun Highest Vendor Manifest bundle-symbolicname org.glassfish.javax.faces Medium Vendor Manifest originally-created-by 1.5.0_19-137 (Apple Inc.) Low Product file name javax.faces High Product Manifest specification-title JavaServer Faces Medium Product pom organization url http://www.oracle.com/ Low Product Manifest docname Mojarra Implementation Javadoc Medium Product pom url http://jsf.java.net/ Medium Product jar package name faces Highest Product pom groupid glassfish Highest Product pom name
Oracle's implementation of the JSF 2.3 specification.
High Product pom artifactid javax.faces Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name javax Highest Product Manifest extension-name javax.faces Medium Product Manifest Bundle-Name Mojarra JSF Implementation 2.3.3 (20171008-2230) 673408fa9199477d87f44521ff873d709128c88b Medium Product pom organization name Oracle America, Inc Low Product Manifest Implementation-Title Mojarra High Product Manifest bundle-symbolicname org.glassfish.javax.faces Medium Product Manifest originally-created-by 1.5.0_19-137 (Apple Inc.) Low Version pom version 2.3.3 Highest Version file version 2.3.3 High Version Manifest Bundle-Version 2.3.3 High Version Manifest Implementation-Version 2.3.3 High
javax.faces-2.3.3.jar: jsf-uncompressed.jsFile Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar/META-INF/resources/javax.faces/jsf-uncompressed.jsMD5: 071fa1c95f9cac7f876e4293854babb1SHA1: d85a0182b1957e7e6d461825ddab759bda1d57c2SHA256: 607f41972bc4c4d161a7e583e68305043b4e2862fce77304b2e8c966e5a6c60fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
javax.faces-2.3.3.jar: jsf.jsFile Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar/META-INF/resources/javax.faces/jsf.jsMD5: 33458a9fe6cce1f8b4dac96058a8ad22SHA1: 380521f722b47f7d7c1a44f410e35428f4b3d61cSHA256: 336652121c49ce830d0d8e998442c5f77ce3f3456143a8666eb5f634cf30eea4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
javax.inject-2.4.0-b34.jarDescription:
Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/external/javax.inject/2.4.0-b34/javax.inject-2.4.0-b34.jar
MD5: 0299609004955f54207ab8562273b5af
SHA1: a6a3d4935af7b03e44126b5aac2c2a0ce98fe6e9
SHA256: fdbf80a01b854045bd4004b7c6b1fdc2da81db475bfbd08ed574eeffcf9a7b1a
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name javax Highest Vendor file name javax.inject High Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom name javax.inject:${javax-inject.version} as OSGi bundle High Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Vendor pom artifactid javax.inject Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor jar package name inject Highest Vendor pom groupid glassfish.hk2.external Highest Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor pom parent-artifactid external Low Product jar package name javax Highest Product file name javax.inject High Product pom parent-artifactid external Medium Product Manifest bundle-docurl http://www.oracle.com Low Product pom name javax.inject:${javax-inject.version} as OSGi bundle High Product Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Product pom artifactid javax.inject Highest Product Manifest Bundle-Name javax.inject:1 as OSGi bundle Medium Product jar package name inject Highest Product pom groupid glassfish.hk2.external Highest Product pom parent-groupid org.glassfish.hk2 Medium Version pom version 2.4.0-b34 Highest
javax.json-1.1.jarDescription:
Default provider for JSR 374:Java API for Processing JSON License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /root/.m2/repository/org/glassfish/javax.json/1.1/javax.json-1.1.jar
MD5: 318c3ce1746e2106d826301c6074a547
SHA1: 6f8ce9246049c7af84926758aeea7bc24f5dd160
SHA256: 4b1f21bc50b728aaae5f44ff550383182b58b67647362959e31004e4522ee24f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid javax.json Low Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom groupid glassfish Highest Vendor pom groupid org.glassfish Highest Vendor pom parent-groupid org.glassfish Medium Vendor jar package name api Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name json Highest Vendor Manifest extension-name javax.json Medium Vendor file name javax.json High Vendor Manifest bundle-symbolicname org.glassfish.javax.json Medium Vendor jar package name glassfish Highest Vendor pom parent-artifactid json Low Vendor jar package name javax Highest Vendor pom name JSR 374 (JSON Processing) Default Provider High Vendor pom url https://javaee.github.io/jsonp Highest Product Manifest bundle-docurl http://www.oracle.com Low Product pom groupid glassfish Highest Product pom parent-groupid org.glassfish Medium Product jar package name api Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name json Highest Product Manifest extension-name javax.json Medium Product file name javax.json High Product Manifest bundle-symbolicname org.glassfish.javax.json Medium Product jar package name glassfish Highest Product jar package name javax Highest Product pom artifactid javax.json Highest Product pom parent-artifactid json Medium Product pom name JSR 374 (JSON Processing) Default Provider High Product Manifest Bundle-Name JSR 374 (JSON Processing) Default Provider Medium Product pom url https://javaee.github.io/jsonp Medium Version Manifest Implementation-Version 1.1 High Version Manifest Bundle-Version 1.1 High Version file version 1.1 High Version pom version 1.1 Highest
javax.servlet-api-3.1.0.jarDescription:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: gotrack:provided
Evidence Type Source Name Value Confidence Vendor pom groupid javax.servlet Highest Vendor jar package name servlet Highest Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom url http://servlet-spec.java.net Highest Vendor pom name Java Servlet API High Vendor file name javax.servlet-api High Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor pom artifactid javax.servlet-api Low Vendor jar package name javax Highest Vendor pom organization name GlassFish Community High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest extension-name javax.servlet Medium Vendor pom parent-groupid net.java Medium Vendor pom organization url https://glassfish.dev.java.net Medium Product jar package name servlet Highest Product pom groupid javax.servlet Highest Product pom organization name GlassFish Community Low Product pom artifactid javax.servlet-api Highest Product Manifest bundle-symbolicname javax.servlet-api Medium Product Manifest Bundle-Name Java Servlet API Medium Product pom name Java Servlet API High Product file name javax.servlet-api High Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product pom url http://servlet-spec.java.net Medium Product jar package name javax Highest Product pom organization url https://glassfish.dev.java.net Low Product pom parent-artifactid jvnet-parent Medium Product Manifest extension-name javax.servlet Medium Product pom parent-groupid net.java Medium Version pom parent-version 3.1.0 Low Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom version 3.1.0 Highest Version Manifest Bundle-Version 3.1.0 High
javax.transaction-api-1.2.jarDescription:
Project GlassFish Java Transaction API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/javax/transaction/javax.transaction-api/1.2/javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e
SHA256: 9528449583c34d9d63aa1d8d15069790f925ae1f27b33784773b8099eff4c9ff
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid javax.transaction Highest Vendor file name javax.transaction-api High Vendor pom organization url https://glassfish.java.net Medium Vendor jar package name transaction Highest Vendor Manifest bundle-symbolicname javax.transaction-api Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest extension-name javax.transaction Medium Vendor jar package name javax Highest Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor pom artifactid javax.transaction-api Low Vendor pom name ${extension.name} API High Vendor pom organization name GlassFish Community High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom url http://jta-spec.java.net Highest Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom parent-groupid net.java Medium Product pom organization name GlassFish Community Low Product pom groupid javax.transaction Highest Product file name javax.transaction-api High Product pom artifactid javax.transaction-api Highest Product jar package name transaction Highest Product Manifest bundle-symbolicname javax.transaction-api Medium Product pom organization url https://glassfish.java.net Low Product Manifest extension-name javax.transaction Medium Product jar package name javax Highest Product Manifest bundle-docurl https://glassfish.java.net Low Product Manifest Bundle-Name javax.transaction API Medium Product pom name ${extension.name} API High Product pom url http://jta-spec.java.net Medium Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Version pom version 1.2 Highest Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version file version 1.2 High Version pom parent-version 1.2 Low
javax.ws.rs-api-2.0.1.jarDescription:
Java API for RESTful Web Services (JAX-RS) License:
CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256: 38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name ws Highest Vendor pom artifactid javax.ws.rs-api Low Vendor file name javax.ws.rs-api High Vendor pom url http://jax-rs-spec.java.net Highest Vendor jar package name rs Highest Vendor pom organization name Oracle Corporation High Vendor pom organization url http://www.oracle.com/ Medium Vendor jar package name javax Highest Vendor Manifest bundle-symbolicname javax.ws.rs-api Medium Vendor Manifest extension-name javax.ws.rs Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor hint analyzer vendor web services Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom name javax.ws.rs-api High Vendor pom parent-artifactid jvnet-parent Low Vendor pom groupid javax.ws.rs Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor pom parent-groupid net.java Medium Product jar package name ws Highest Product pom organization url http://www.oracle.com/ Low Product file name javax.ws.rs-api High Product Manifest Bundle-Name javax.ws.rs-api Medium Product hint analyzer product web services Medium Product jar package name rs Highest Product pom organization name Oracle Corporation Low Product pom artifactid javax.ws.rs-api Highest Product jar package name javax Highest Product Manifest bundle-symbolicname javax.ws.rs-api Medium Product Manifest extension-name javax.ws.rs Medium Product pom parent-artifactid jvnet-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom name javax.ws.rs-api High Product pom url http://jax-rs-spec.java.net Medium Product pom groupid javax.ws.rs Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product pom parent-groupid net.java Medium Version Manifest Implementation-Version 2.0.1 High Version pom version 2.0.1 Highest Version Manifest Bundle-Version 2.0.1 High Version pom parent-version 2.0.1 Low Version file version 2.0.1 High
jaxen-1.1.6.jarDescription:
Jaxen is a universal Java XPath engine. License:
http://jaxen.codehaus.org/license.html File Path: /root/.m2/repository/jaxen/jaxen/1.1.6/jaxen-1.1.6.jar
MD5: a140517286b56eea981e188dcc3a13f6
SHA1: 3f8c36d9a0578e8e98f030c662b69888b1430ac0
SHA256: 5ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3eb
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name jaxen Highest Vendor pom artifactid jaxen Low Vendor Manifest bundle-docurl http://codehaus.org Low Vendor pom organization url http://codehaus.org Medium Vendor pom organization name Codehaus High Vendor file name jaxen High Vendor pom name jaxen High Vendor pom url http://jaxen.codehaus.org/ Highest Vendor jar package name xpath Highest Vendor pom groupid jaxen Highest Vendor Manifest bundle-symbolicname jaxen Medium Product Manifest bundle-docurl http://codehaus.org Low Product pom name jaxen High Product jar package name xpath Highest Product pom organization name Codehaus Low Product Manifest bundle-symbolicname jaxen Medium Product jar package name jaxen Highest Product pom url http://jaxen.codehaus.org/ Medium Product pom artifactid jaxen Highest Product file name jaxen High Product pom organization url http://codehaus.org Low Product pom groupid jaxen Highest Product Manifest Bundle-Name jaxen Medium Version file version 1.1.6 High Version pom version 1.1.6 Highest Version Manifest Bundle-Version 1.1.6 High
jbcrypt-0.3m.jarDescription:
jBCrypt is a Java implementation of OpenBSD's Blowfish password hashing code, as described in A Future-Adaptable Password Scheme by Niels Provos and David Mazières, by Damien Miller.
License:
ISC/BSD License File Path: /root/.m2/repository/org/mindrot/jbcrypt/0.3m/jbcrypt-0.3m.jar
MD5: 5cc2288708d15dd43bc8681f5b5541b0
SHA1: fe2d9c5f23767d681a7e38fc8986b812400ec583
SHA256: c0717079f4fe18f72f36ad1ab15a2afa63c6544fee4b9ac2128851330b5e1031
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name jbcrypt High Vendor pom url http://www.mindrot.org/ Highest Vendor jar package name jbcrypt Low Vendor pom organization name mindrot.org High Vendor pom groupid org.mindrot Highest Vendor pom name jbcrypt High Vendor pom organization url http://www.mindrot.org/ Medium Vendor jar package name mindrot Highest Vendor jar package name jbcrypt Highest Vendor pom artifactid jbcrypt Low Vendor jar package name mindrot Low Vendor pom groupid mindrot Highest Product file name jbcrypt High Product pom name jbcrypt High Product pom url http://www.mindrot.org/ Medium Product jar package name bcrypt Low Product jar package name mindrot Highest Product jar package name jbcrypt Highest Product jar package name jbcrypt Low Product pom organization url http://www.mindrot.org/ Low Product pom artifactid jbcrypt Highest Product pom organization name mindrot.org Low Product pom groupid mindrot Highest Version pom version 0.3m Highest Version file version 0.3m High
Published Vulnerabilities CVE-2015-0886 suppress
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent. CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions:
jersey-entity-filtering-2.21.1.jarDescription:
Jersey extension module providing support for Entity Data Filtering.
License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/jersey/ext/jersey-entity-filtering/2.21.1/jersey-entity-filtering-2.21.1.jar
MD5: ffacef7b6e28f0de4a47eb46bf8988f4
SHA1: 72ab7264b13fe5cc3cf839b40e9d11ec1ea68fcb
SHA256: 45c12147b44afc5412f9ee84587d01d8f37a472195e37d08ec8ba4ac9a10ff7a
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.glassfish.jersey.ext.jersey-entity-filtering Medium Vendor pom artifactid jersey-entity-filtering Low Vendor jar package name filtering Highest Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.glassfish.jersey.ext Medium Vendor jar package name jersey Highest Vendor pom groupid glassfish.jersey.ext Highest Vendor jar package name glassfish Highest Vendor pom groupid org.glassfish.jersey.ext Highest Vendor file name jersey-entity-filtering High Vendor pom name jersey-ext-entity-filtering High Vendor Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest bundle-symbolicname org.glassfish.jersey.ext.jersey-entity-filtering Medium Product Manifest Bundle-Name jersey-ext-entity-filtering Medium Product jar package name filtering Highest Product pom parent-groupid org.glassfish.jersey.ext Medium Product jar package name jersey Highest Product pom groupid glassfish.jersey.ext Highest Product jar package name glassfish Highest Product pom artifactid jersey-entity-filtering Highest Product file name jersey-entity-filtering High Product pom parent-artifactid project Medium Product pom name jersey-ext-entity-filtering High Product Manifest bundle-docurl http://www.oracle.com/ Low Version file version 2.21.1 High Version pom version 2.21.1 Highest Version Manifest Bundle-Version 2.21.1 High
Related Dependencies jersey-media-json-jackson-2.21.1.jarFile Path: /root/.m2/repository/org/glassfish/jersey/media/jersey-media-json-jackson/2.21.1/jersey-media-json-jackson-2.21.1.jar MD5: 39b07a993a4943e85336df82ddbf5433 SHA1: fc193097cff86f6c8bd5d9fcd4dc05286762af88 SHA256: 8439467aeab0b652b7cd539400660bc181e96597d201f404c4edc4866c161955 pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.21.1 jersey-gf-cdi-2.14.jarDescription:
Jersey CDI for GlassFish integration License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/jersey/containers/glassfish/jersey-gf-cdi/2.14/jersey-gf-cdi-2.14.jar
MD5: 1e9b6f7618413ebd57d70517d58aa26c
SHA1: 8bf02124ff290fc01ac4f507bf3bf03fa9a106a9
SHA256: ab5c8a12611e70b2d932abbfc36e352b5958ce7ae9268bf103a8ebcf36e1828e
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name jersey-gf-cdi High Vendor Manifest bundle-symbolicname org.glassfish.jersey.containers.glassfish.jersey-gf-cdi Medium Vendor pom parent-artifactid project Low Vendor jar package name cdi Highest Vendor jar package name jersey Highest Vendor pom groupid org.glassfish.jersey.containers.glassfish Highest Vendor pom groupid glassfish.jersey.containers.glassfish Highest Vendor jar package name glassfish Highest Vendor pom parent-groupid org.glassfish.jersey.containers.glassfish Medium Vendor pom name jersey-gf-cdi High Vendor jar package name gf Highest Vendor pom artifactid jersey-gf-cdi Low Vendor Manifest bundle-docurl http://www.oracle.com/ Low Product file name jersey-gf-cdi High Product Manifest bundle-symbolicname org.glassfish.jersey.containers.glassfish.jersey-gf-cdi Medium Product jar package name cdi Highest Product jar package name jersey Highest Product pom groupid glassfish.jersey.containers.glassfish Highest Product Manifest Bundle-Name jersey-gf-cdi Medium Product jar package name glassfish Highest Product pom parent-groupid org.glassfish.jersey.containers.glassfish Medium Product pom name jersey-gf-cdi High Product jar package name gf Highest Product pom parent-artifactid project Medium Product pom artifactid jersey-gf-cdi Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Version pom version 2.14 Highest Version file version 2.14 High
jersey-server-2.22.2.jarDescription:
Jersey core server implementation License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-server/2.22.2/jersey-server-2.22.2.jar
MD5: 62d36194c28af7a49966554af421488f
SHA1: 5ede3e5f98f8b14d31d1d0fffe9908df2bd41c0f
SHA256: 8f8649b568d068f053362fa3def56206166dfceb3baa74e9f19eff6f8f8d9f1f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid glassfish.jersey.core Highest Vendor pom parent-artifactid project Low Vendor jar package name server Highest Vendor jar package name jersey Highest Vendor pom artifactid jersey-server Low Vendor jar package name org Highest Vendor jar package name glassfish Highest Vendor pom groupid org.glassfish.jersey.core Highest Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Vendor pom parent-groupid org.glassfish.jersey Medium Vendor pom name jersey-core-server High Vendor file name jersey-server High Vendor Manifest bundle-docurl http://www.oracle.com/ Low Product pom artifactid jersey-server Highest Product pom groupid glassfish.jersey.core Highest Product jar package name server Highest Product jar package name jersey Highest Product Manifest Bundle-Name jersey-core-server Medium Product jar package name org Highest Product jar package name glassfish Highest Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Product pom parent-groupid org.glassfish.jersey Medium Product pom name jersey-core-server High Product pom parent-artifactid project Medium Product file name jersey-server High Product Manifest bundle-docurl http://www.oracle.com/ Low Version Manifest Bundle-Version 2.22.2 High Version file version 2.22.2 High Version pom version 2.22.2 Highest
Related Dependencies jersey-container-servlet-core-2.22.2.jar jersey-container-servlet-2.22.2.jar jersey-guava-2.22.2.jar jersey-common-2.22.2.jarFile Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-common/2.22.2/jersey-common-2.22.2.jar MD5: d855b5f16119a933768c13690c099375 SHA1: 1209b89878b60ce7d49afadeff7522d2fde0e217 SHA256: 33c51bda7fe94c27056af05c6b6bb1a0c2968b5bcf09b4c098ccbe953231186d pkg:maven/org.glassfish.jersey.core/jersey-common@2.22.2 jersey-client-2.22.2.jarFile Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-client/2.22.2/jersey-client-2.22.2.jar MD5: 2954068011b278e9eeb81333325114b3 SHA1: 1712fff037ce5a59e3d67f90fff29222989799ee SHA256: c2229f74968db3d0e676f680a58c1148278def927499f6f2eb1e932aba41fbd5 pkg:maven/org.glassfish.jersey.core/jersey-client@2.22.2 jersey-media-jaxb-2.22.2.jarFile Path: /root/.m2/repository/org/glassfish/jersey/media/jersey-media-jaxb/2.22.2/jersey-media-jaxb-2.22.2.jar MD5: 8c868cadfd83b1c7c27a3d7455733293 SHA1: 7a9adf97790a92d09a1f2c027dbd34af15ffee04 SHA256: 0a99789dd4f2f24451f7cf423d5682dbef39a34609555f455b73546967b9c225 pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.22.2 jquery-ui.min.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/jquery-ui.min.jsMD5: 3edcb0072067447a6214eb62123a9c69SHA1: b4d3edf48e252a8a948e1e0373e0779cf4d050b6SHA256: 9a20b4a966bc22f2aaff8e71cb73453bdb6acc5ca1eede917f238c3d1b618a0aReferenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
json-20140107.jarDescription:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There is a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
The license includes this restriction: "The software shall be used for good,
not evil." If your conscience cannot live with that, then choose a different
package.
The package compiles on Java 1.2 thru Java 1.4.
License:
The JSON License: http://json.org/license.html File Path: /root/.m2/repository/org/json/json/20140107/json-20140107.jar
MD5: 8ca2437d3dbbaa2e76195adedfd901f4
SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3
SHA256: 8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name cdl Highest Vendor jar package name xml Highest Vendor jar package name json Low Vendor pom name JSON in Java High Vendor file name json-20140107 High Vendor pom groupid json Highest Vendor jar package name json Highest Vendor pom artifactid json Low Vendor jar package name http Highest Vendor pom url douglascrockford/JSON-java Highest Vendor pom groupid org.json Highest Product jar package name cdl Highest Product jar package name xml Highest Product pom artifactid json Highest Product pom name JSON in Java High Product file name json-20140107 High Product pom groupid json Highest Product jar package name json Highest Product jar package name http Highest Product pom url douglascrockford/JSON-java High Version file version 20140107 Medium Version pom version 20140107 Highest
jsr305-1.3.9.jarDescription:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
SHA256: 905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name annotation Low Vendor jar package name javax Low Vendor file name jsr305 High Vendor pom artifactid jsr305 Low Vendor pom groupid google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom groupid com.google.code.findbugs Highest Vendor pom url http://findbugs.sourceforge.net/ Highest Product jar package name annotation Low Product file name jsr305 High Product pom groupid google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom artifactid jsr305 Highest Product pom url http://findbugs.sourceforge.net/ Medium Version file version 1.3.9 High Version pom version 1.3.9 Highest
jstl-1.2.jarFile Path: /root/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jarMD5: 51e15f798e69358cb893e38c50596b9bSHA1: 74aca283cd4f4b4f3e425f5820cda58f44409547SHA256: c6273119354a41522877e663582041012b22f8204fe72bba337ed84c7e649b0aReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid javax.servlet Highest Vendor jar package name servlet Highest Vendor file name jstl High Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jstl Low Vendor jar package name jstl Highest Vendor jar package name apache Highest Vendor jar package name javax Highest Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor jar package name jsp Highest Vendor Manifest extension-name javax.servlet.jsp.jstl Medium Product jar package name servlet Highest Product pom groupid javax.servlet Highest Product jar package name javax Highest Product jar package name standard Highest Product file name jstl High Product jar package name jsp Highest Product pom artifactid jstl Highest Product jar package name jstl Highest Product jar package name tag Highest Product Manifest specification-title JavaServer Pages(TM) Standard Tag Library Medium Product Manifest extension-name javax.servlet.jsp.jstl Medium Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 High
Published Vulnerabilities CVE-2015-0254 (OSSINDEX) suppress
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:javax.servlet:jstl:1.2:*:*:*:*:*:*:* jul-to-slf4j-1.6.6.jarDescription:
JUL to SLF4J bridge File Path: /root/.m2/repository/org/slf4j/jul-to-slf4j/1.6.6/jul-to-slf4j-1.6.6.jarMD5: 8c086f7494b96d9633ed858fb1738c36SHA1: e25c3dab7c510a04f807a8f8f07fbc98cc7f309dSHA256: 7253dbe2a5ffdbb1bdbb0eb79d43c5fa9085f209f0858e808db122a58f9cee7bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.slf4j Highest Vendor pom url http://www.slf4j.org Highest Vendor jar package name bridge Highest Vendor pom groupid slf4j Highest Vendor pom parent-artifactid slf4j-parent Low Vendor pom parent-groupid org.slf4j Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor pom artifactid jul-to-slf4j Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor pom name JUL to SLF4J bridge High Vendor file name jul-to-slf4j High Vendor jar package name slf4j Highest Product Manifest Bundle-Name jul-to-slf4j Medium Product jar package name bridge Highest Product pom groupid slf4j Highest Product pom parent-groupid org.slf4j Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product pom url http://www.slf4j.org Medium Product pom artifactid jul-to-slf4j Highest Product Manifest bundle-symbolicname jul.to.slf4j Medium Product pom parent-artifactid slf4j-parent Medium Product pom name JUL to SLF4J bridge High Product file name jul-to-slf4j High Product jar package name slf4j Highest Version file version 1.6.6 High Version Manifest Bundle-Version 1.6.6 High Version pom version 1.6.6 Highest Version Manifest Implementation-Version 1.6.6 High
log4j-1.2.14.jarDescription:
Log4j License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/log4j/log4j/1.2.14/log4j-1.2.14.jar
MD5: 599b8ba07d1d04f0ea34414e861d7ad1
SHA1: 03b254c872b95141751f414e353a25c2ac261b51
SHA256: e3bff9ab64a09b1ac2800f3b5fb1e3d99728064acb6dd3924938507638a404fb
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid log4j Highest Vendor jar package name apache Highest Vendor pom organization url http://www.apache.org Medium Vendor pom url http://logging.apache.org/log4j/docs/ Highest Vendor jar package name log4j Highest Vendor file name log4j High Vendor pom artifactid log4j Low Vendor pom name Log4j High Vendor manifest: org/apache/log4j/ Implementation-Vendor "Apache Software Foundation" Medium Vendor pom organization name Apache Software Foundation High Product pom groupid log4j Highest Product jar package name apache Highest Product pom url http://logging.apache.org/log4j/docs/ Medium Product jar package name log4j Highest Product file name log4j High Product pom organization url http://www.apache.org Low Product pom name Log4j High Product pom organization name Apache Software Foundation Low Product manifest: org/apache/log4j/ Implementation-Title log4j Medium Product pom artifactid log4j Highest Version pom version 1.2.14 Highest Version file version 1.2.14 High Version manifest: org/apache/log4j/ Implementation-Version 1.2.14 Medium
Published Vulnerabilities CVE-2019-17571 suppress
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-9488 suppress
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
lombok-1.16.20.jarDescription:
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! License:
The MIT License: https://projectlombok.org/LICENSE File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar
MD5: 006c258e47684d5e8955f315d717049a
SHA1: ac76d9b956045631d1561a09289cbf472e077c01
SHA256: c5178b18caaa1a15e17b99ba5e4023d2de2ebc18b58cde0f5a04ca4b31c10e6d
Referenced In Project/Scope: gotrack:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid lombok Low Vendor file name lombok High Vendor pom groupid projectlombok Highest Vendor pom name Project Lombok High Vendor jar package name java Highest Vendor pom url https://projectlombok.org Highest Vendor pom groupid org.projectlombok Highest Vendor jar package name lombok Highest Vendor jar package name tostring Highest Vendor Manifest can-redefine-classes true Low Product pom artifactid lombok Highest Product file name lombok High Product pom groupid projectlombok Highest Product pom name Project Lombok High Product jar package name java Highest Product jar package name lombok Highest Product jar package name tostring Highest Product pom url https://projectlombok.org Medium Product Manifest can-redefine-classes true Low Version Manifest lombok-version 1.16.20 Medium Version file version 1.16.20 High Version pom version 1.16.20 Highest
lombok-1.16.20.jar: WindowsDriveInfo-i386.dllFile Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar/lombok/installer/WindowsDriveInfo-i386.dllMD5: c4d7064e400a22cc9a59d2d97382b5b8SHA1: 63ac163436b8400dcc25f7d13e7a86313fd28a98SHA256: f210056ba0dfd996646b91e92f4665399b33bf4da651dea26b4888f87215ec29Referenced In Project/Scope: gotrack:provided
Evidence Type Source Name Value Confidence Vendor file name WindowsDriveInfo-i386 High Product file name WindowsDriveInfo-i386 High Version file name WindowsDriveInfo-i386 Medium Version file version 386 Medium
lombok-1.16.20.jar: WindowsDriveInfo-x86_64.dllFile Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar/lombok/installer/WindowsDriveInfo-x86_64.dllMD5: cdf042a66f9681f362c365131e3c38ddSHA1: a4598a189d82ae291faead4c0eec6abf22b256beSHA256: 4897fff1914b3534f61fbba4ef7e26892b1f32b525e06f1e264bf1eaf08ce4feReferenced In Project/Scope: gotrack:provided
Evidence Type Source Name Value Confidence Vendor file name WindowsDriveInfo-x86_64 High Product file name WindowsDriveInfo-x86_64 High
mockito-all-1.10.19.jarDescription:
Mock objects library for java License:
The MIT License: http://github.com/mockito/mockito/blob/master/LICENSE File Path: /root/.m2/repository/org/mockito/mockito-all/1.10.19/mockito-all-1.10.19.jar
MD5: 979ec16f27b6b541278e0ecd10efd771
SHA1: 539df70269cc254a58cccc5d8e43286b4a73bf30
SHA256: d1a7a7ef14b3db5c0fc3e0a63a81b374b510afe85add9f7984b97911f4c70605
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid mockito Highest Vendor file name mockito-all High Vendor pom artifactid mockito-all Low Vendor pom url http://www.mockito.org Highest Vendor jar package name mockito Highest Vendor pom name Mockito High Vendor Manifest bundle-symbolicname org.mockito.mockito-all Medium Vendor pom groupid org.mockito Highest Vendor jar package name mock Highest Product jar package name objenesis Highest Product jar package name mockito Highest Product pom name Mockito High Product pom url http://www.mockito.org Medium Product Manifest Bundle-Name Mockito Mock Library for Java. Hamcrest-core & Objenesis included in the bundle. Medium Product jar package name hamcrest Highest Product jar package name mock Highest Product pom groupid mockito Highest Product file name mockito-all High Product jar package name core Highest Product Manifest bundle-symbolicname org.mockito.mockito-all Medium Product pom artifactid mockito-all Highest Version pom version 1.10.19 Highest Version Manifest Bundle-Version 1.10.19 High Version file version 1.10.19 High
mysql-connector-java-5.1.35.jarDescription:
MySQL JDBC Type 4 driver License:
The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html File Path: /root/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
MD5: 9e125f3d56d651184de1c9fde811540b
SHA1: b6ac941b7288376a7e8bc6490264bbd4427fb94e
SHA256: 5097662ca4c417eb60b8dbf7d324d0c781c7a69cfae7f167617be2a9fdfd3704
Referenced In Project/Scope: gotrack:provided
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname com.mysql.jdbc Medium Vendor hint analyzer (hint) vendor sun Highest Vendor pom name MySQL Connector/J High Vendor pom organization name Oracle Corporation High Vendor pom groupid mysql Highest Vendor file name mysql-connector-java High Vendor Manifest Implementation-Vendor Oracle High Vendor hint analyzer vendor oracle Highest Vendor pom organization url http://www.oracle.com Medium Vendor Manifest (hint) Implementation-Vendor sun High Vendor jar package name mysql Highest Vendor pom artifactid mysql-connector-java Low Vendor pom url http://dev.mysql.com/doc/connector-j/en/ Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor jar package name jdbc Highest Vendor Manifest Implementation-Vendor-Id com.mysql Medium Vendor jar package name driver Highest Product pom artifactid mysql-connector-java Highest Product Manifest bundle-symbolicname com.mysql.jdbc Medium Product Manifest Implementation-Title MySQL Connector Java High Product pom url http://dev.mysql.com/doc/connector-j/en/ Medium Product pom name MySQL Connector/J High Product pom organization name Oracle Corporation Low Product file name mysql-connector-java High Product pom groupid mysql Highest Product hint analyzer product mysql_connectors Highest Product Manifest Bundle-Name Oracle Corporation's JDBC Driver for MySQL Medium Product Manifest specification-title JDBC Medium Product jar package name mysql Highest Product pom organization url http://www.oracle.com Low Product hint analyzer product mysql_connector/j Highest Product jar package name jdbc Highest Product hint analyzer product mysql_connector_j Highest Product jar package name driver Highest Version file version 5.1.35 High Version Manifest Implementation-Version 5.1.35 High Version pom version 5.1.35 Highest Version Manifest Bundle-Version 5.1.35 High
Published Vulnerabilities CVE-2017-15945 suppress
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: HIGH (7.2) Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2017-3523 (OSSINDEX) suppress
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). CVSSv3:
Base Score: HIGH (8.5) Vector: CVSS:/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:mysql:mysql-connector-java:5.1.35:*:*:*:*:*:*:* CVE-2017-3589 (OSSINDEX) suppress
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:mysql:mysql-connector-java:5.1.35:*:*:*:*:*:*:* CVE-2018-3258 (OSSINDEX) suppress
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:mysql:mysql-connector-java:5.1.35:*:*:*:*:*:*:* CVE-2019-2692 suppress
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:L/AC:H/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: MEDIUM (6.3) Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
CVE-2020-2875 suppress
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-2933 suppress
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: LOW (2.2) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L References:
Vulnerable Software & Versions:
CVE-2020-2934 suppress
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.1) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: MEDIUM (5.0) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions: (show all )
omnifaces-3.0.jarDescription:
JSF 2.2+ utility library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar
MD5: 993acf6b529f85c8ee450973a4be8fa7
SHA1: 23422c1484c2fe9eded4d00ec1911e268254c3c7
SHA256: 882520f34ea645da9490232af4e932172a2478564db0b27fd7246643018e7d42
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor OmniFaces High Vendor pom organization url http://omnifaces.org Medium Vendor Manifest implementation-url http://omnifaces.org Low Vendor Manifest specification-vendor OmniFaces Low Vendor pom artifactid omnifaces Low Vendor pom organization name OmniFaces High Vendor jar package name omnifaces Highest Vendor Manifest extension-name omnifaces Medium Vendor pom groupid org.omnifaces Highest Vendor pom name OmniFaces High Vendor pom url http://omnifaces.org Highest Vendor Manifest Implementation-Vendor-Id org.omnifaces Medium Vendor file name omnifaces High Vendor Manifest url http://omnifaces.org Low Vendor pom groupid omnifaces Highest Product pom url http://omnifaces.org Medium Product Manifest implementation-url http://omnifaces.org Low Product pom artifactid omnifaces Highest Product jar package name omnifaces Highest Product Manifest specification-title OmniFaces Medium Product pom organization name OmniFaces Low Product Manifest extension-name omnifaces Medium Product pom name OmniFaces High Product pom organization url http://omnifaces.org Low Product file name omnifaces High Product Manifest url http://omnifaces.org Low Product pom groupid omnifaces Highest Product Manifest Implementation-Title OmniFaces High Version Manifest Implementation-Version 3.0 High Version pom version 3.0 Highest Version file version 3.0 High
omnifaces-3.0.jar: fixviewstate.jsFile Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/fixviewstate.jsMD5: 24c2badf2e50107af44e7fd28c9836d0SHA1: 8f678cad084fe0ddb1cb590af25b97de5f3a58dcSHA256: e878fba7561765a61e8f13409bfb2d260ba430f4eed14b6d81ecce70f004a604Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
omnifaces-3.0.jar: omnifaces.jsFile Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/omnifaces.jsMD5: 3e6d3650c9686efc2cec9f171afe96cdSHA1: 8d9689b3e96643ea439fad9ca26621d93bfc9e6aSHA256: d64be3f545aacbffbcb7b06bf47ee85fe7ef61f3edfc88d92435c4ce09292387Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
omnifaces-3.0.jar: unload.jsFile Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/unload.jsMD5: 9b18e661eef08f977d0726118afc545dSHA1: 4ed89c14cfa22d1a8fd3c818814fec53095537e9SHA256: fb7742a9cf53fbc1040167a6576113751dea76dbac77f803180802deae698bc8Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
osgi-resource-locator-1.0.1.jarDescription:
See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information License:
https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar
MD5: 51e70ad8fc9d1e9fb19debeb55555b75
SHA1: 4ed2b2d4738aed5786cfa64cba5a332779c4c708
SHA256: 775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Vendor pom parent-groupid org.glassfish Medium Vendor pom artifactid osgi-resource-locator Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor pom parent-artifactid pom Low Vendor pom groupid glassfish.hk2 Highest Vendor file name osgi-resource-locator High Product pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Product Manifest Bundle-Name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. Medium Product pom parent-groupid org.glassfish Medium Product pom parent-artifactid pom Medium Product Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-activationpolicy lazy Low Product pom artifactid osgi-resource-locator Highest Product pom groupid glassfish.hk2 Highest Product file name osgi-resource-locator High Version pom parent-version 1.0.1 Low Version Manifest Bundle-Version 1.0.1 High Version pom version 1.0.1 Highest Version file version 1.0.1 High
plotting.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/plotting.jsMD5: 4040bfdf03dbc750bb0f2c3b3622b585SHA1: 4dce360f428ae9637a2c0e10950c33edebe297caSHA256: 219f9b50bcbd66ab11629b2809e79c33c70f044273f82352f7b93c0357a3ced6Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
poi-3.11.jarDescription:
Apache POI - Java API To Access Microsoft Format Files License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/apache/poi/poi/3.11/poi-3.11.jar
MD5: 47af95b1bbe1d2db5b6794f887c0bad7
SHA1: 51058d9db469437a5ed0aa508e7de8937019e1d9
SHA256: 1412f527ed0a766a6a3697c81705381fa1c34aecc15c4cdcca12a1e52de24d0e
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom organization url http://www.apache.org/ Medium Vendor pom name Apache POI High Vendor pom groupid org.apache.poi Highest Vendor jar package name poi Highest Vendor pom artifactid poi Low Vendor pom groupid apache.poi Highest Vendor file name poi High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor jar package name format Highest Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom organization name Apache Software Foundation High Vendor pom url http://poi.apache.org/ Highest Product Manifest specification-title Apache POI Medium Product pom organization name Apache Software Foundation Low Product pom name Apache POI High Product jar package name poi Highest Product pom groupid apache.poi Highest Product file name poi High Product jar package name apache Highest Product Manifest Implementation-Title Apache POI High Product jar package name format Highest Product pom organization url http://www.apache.org/ Low Product pom artifactid poi Highest Product pom url http://poi.apache.org/ Medium Version pom version 3.11 Highest Version file version 3.11 High Version Manifest Implementation-Version 3.11 High
Published Vulnerabilities CVE-2014-3574 suppress
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2014-9527 suppress
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. CWE-399 Resource Management Errors
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P References:
Vulnerable Software & Versions:
CVE-2016-5000 suppress
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2017-12626 suppress
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2017-5644 suppress
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: HIGH (7.1) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2019-12415 suppress
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
primefaces-6.1.jarLicense:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar
MD5: 451e8f4972278f2f81a998fab5d4ce6c
SHA1: 8ec2b8a42b06ddb70fc1a614b9a4c90771ca5f9c
SHA256: b7435f17450d35f343ae932e84d2838a6fed5869f99bf3ca23cb03543878fccf
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid primefaces Low Vendor pom name primefaces High Vendor file name primefaces High Vendor Manifest bundle-symbolicname org.primefaces Medium Vendor pom groupid org.primefaces Highest Vendor jar package name primefaces Highest Vendor pom url http://www.primefaces.org Highest Vendor Manifest Implementation-Vendor-Id org.primefaces Medium Vendor hint analyzer vendor primetek Highest Vendor pom groupid primefaces Highest Product Manifest Implementation-Title primefaces High Product pom name primefaces High Product file name primefaces High Product Manifest bundle-symbolicname org.primefaces Medium Product pom url http://www.primefaces.org Medium Product jar package name primefaces Highest Product Manifest specification-title primefaces Medium Product Manifest Bundle-Name primefaces Medium Product pom artifactid primefaces Highest Product pom groupid primefaces Highest Version file version 6.1 High Version pom version 6.1 Highest Version Manifest Implementation-Version 6.1 High
Published Vulnerabilities CVE-2015-9251 (OSSINDEX) suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.primefaces:primefaces:6.1:*:*:*:*:*:*:* CVE-2019-11358 (OSSINDEX) suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.primefaces:primefaces:6.1:*:*:*:*:*:*:* primefaces-6.1.jar: beanvalidation.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/validation/beanvalidation.jsMD5: 07f5d5dd6d5f55ab616d5cca7eedb19aSHA1: 8c679a6b27b493302cf670da9bd57a1d7c63f6edSHA256: b161e729b507f2a53fca68bfca4cae4d9303b4449ccd48e197d1e070ba42f0b4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: captcha.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/captcha/captcha.jsMD5: 449cf2603b8d61e0ba1959560b062442SHA1: bd4c2940dfbadbd0196ef660d773b9f68165af6fSHA256: 2bffea0b5b49524dc088d403f0f05c169aa2562b396dd869a70984e4860bfc29Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: charts.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/charts/charts.jsMD5: 0e0305eba378e337ea9e72fb2f4a359cSHA1: 333bc15da9c333ab2cd8e2385e40c79e021f99f0SHA256: 1c86e469d244e59b64dda37b23579e32ea2b064e4435ceace92ca6f67d4de3dcReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: clock.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/clock/clock.jsMD5: 7b4fd3bddcb581c7c63c6a6046e5b294SHA1: e4d052994102768f1fd285b1e7c3a49cb3750d71SHA256: 5003270b12697ee409c3582397c29299771bf3b75ef5c15fdd33dcc41fd6c499Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: colorpicker.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/colorpicker/colorpicker.jsMD5: b8f861f1e069cfe54c4135e889243ed7SHA1: 4fee5dc548c8d1e475f64d102eb1743933140b99SHA256: 661c179e5714a344e3ef7c36688b5e36fcbcd7e2d7d4eb2a4781973d758091e3Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: components-mobile.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/components-mobile.jsMD5: 993697f1e6f7f707e2d9193f87e7d3a9SHA1: 15dc19d85a39b5cd5ba0e5f3aaab5c2c51ea9923SHA256: 049f574b88eacb890fb4a78d7025560e380c877f54a1d6b3a47d121d9568427aReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: components.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/components.jsMD5: 9d924a241b45daf8384de7875131a787SHA1: a5ec38b736825b9caffb2d93cc364400c170fa96SHA256: 29866c30f5a1c1d47fb3635f92922bf2c106651497410d8f00ef728a41850c29Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: contentflow.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/contentflow/contentflow.jsMD5: c8d9cdf5711a39be71dd5ae2747f8fc9SHA1: 89baf86d5e387eb7b5ad7dbc067e954db322482bSHA256: cb3bac6685e19416a5d16d65c75320e74fb49c6d31f21b388a975982183cc52fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: core.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/core.jsMD5: 52ab254da4664a28266b84d30733861eSHA1: fe0b98a515b326bc0608fcce8abf24ea62fd167fSHA256: f84592dda40124c2e0557d4d084c0de0dc486c4417cb5a81d4e4941be23065f9Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: datepicker.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mobile/widgets/datepicker.jsMD5: b23740c8959ce614b37962e373731a2cSHA1: a752ab0bbd3ff4800cebfa7880ea04831c425ae1SHA256: c1c1737219ab9f78fc3ca1a198c64fcf136c0d9c929e0e982fc979d72b03a79dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: diagram.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/diagram/diagram.jsMD5: 3691f163651e32d9407109a1252aec9cSHA1: be376ba09df59316dad5159df94244e2f35bf324SHA256: df7134a14d720733f773a99b58bc11af13c137ecbf99208dda38f9102853e3a7Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: dock.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/dock/dock.jsMD5: b62b292965e50040dd3f86daa110d2d5SHA1: 3a2ecf41b650cc5e0797d3cdf4b9c1fe6495d096SHA256: b557c3c0240012c2064f3523ba737993d55509f9e0213eb37eaace6997ce25c4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: editor.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/editor/editor.jsMD5: 03327b0eec98503c7d6df63eaf99334bSHA1: ae61199bcc34f65caa9d3c558ac938121e6c2393SHA256: b075210f7b5f5c12148e3c44e022462c0097bd9c7fd62b783e76e85063fd5863Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: fileupload.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/fileupload/fileupload.jsMD5: 76dc9f19663bb9c7a5228f6dcafcd35fSHA1: e2d72620a571c56b1aeb251c01a0d19c415116cdSHA256: 30f7df787a019d693a5155f0d2225791db8f1720e53ecd2847dc76b950b2a0e3Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: galleria.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/galleria/galleria.jsMD5: 5844c2920cd79afca014cd80f189c955SHA1: bcbf2fc5bae139bc80d56a5f93e250e466e0deedSHA256: 53ca1fe107263952bc5064ed5d8fac5ddd839f7b93369c2c5665aa966c604756Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: gmap.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/gmap/gmap.jsMD5: 19747981f8104f11776e761ed698f7f5SHA1: 306292e4db02f77fcd1311384c1f131a3a05d9e0SHA256: 2d82b098fccdcdf61845cd970c543f5a8e5fe7b7f933c8972eda32e209dedb0eReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: hotkey.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/hotkey/hotkey.jsMD5: 3ec16aa44d720657743fb21b8843a42aSHA1: 63585295acaccefa397927146cdf66dd4e61b2d1SHA256: aa45349925767e946b92475663269f3388b684612caf430e23e5080c60d617dfReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: idlemonitor.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/idlemonitor/idlemonitor.jsMD5: 500d46c23eb7227467c5e27f7949710bSHA1: 356cb4c29fe3c7d85ba4529e0015008265a727bfSHA256: 885d3edafab78ea25bb24cc75b438d06f81cf85d0ba5d6b285fce7b139d20d58Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: imagecompare.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/imagecompare/imagecompare.jsMD5: cad71f0b2a19194a75c72a12d87e2ad1SHA1: 0278150105abcae6653b5b4c826456df75b17072SHA256: b9764d322c7df4da3bc5f3a68c8b865d32e3e3971d5501e398473221154302feReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: imagecropper.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/imagecropper/imagecropper.jsMD5: 8bc69ab8d05ce5498d0fcb32f2bc3e84SHA1: 89842195cab5f49b1de5122ee241d5b4eed0cc68SHA256: 9e2c3860a9fcfa55a1330d8dd1d2953d4f3a4245f9dac13b0f7df0856b01504fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: imageswitch.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/imageswitch/imageswitch.jsMD5: f853e3f43ea19e3660feeb60e9616929SHA1: 017dbed88eb59a51ea3fd2af193cee2a20b80d1dSHA256: 0d080b090caa17e01316a274428b6f623a46d6e1a1eb9e2a2c0f3fbfe45a8006Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: inputnumber.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/inputnumber/inputnumber.jsMD5: 06ab9b692da7494dfa33db4052cb34e7SHA1: f0bf8344c843ba3e9da1af84956731adeda54d12SHA256: b78363a908f6197189a2ec068518fe3c357f0e014ebf5dfef60010bee59b29c7Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: inputswitch.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/inputswitch/inputswitch.jsMD5: 7311f429b690f6d3dcd81ef129c31521SHA1: adccb449e3f42e3df60edc005ab5413b1ab0d954SHA256: c626e3b161fcc8d3468814b9e5d70d5d959279be3a14bcf592b23b83f402f0d8Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: jquery-mobile.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mobile/jquery-mobile.jsMD5: a30baf4e982bfc71cd7ec04d9ae0e2e0SHA1: 267073ba806d22313ec932e8e1a18461fd92f659SHA256: fdbaa32533fadcd7eb6c4f2ab0371efeb23d24083f6ac0f0b9fccc9d441b59d5Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: jquery-plugins.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/jquery/jquery-plugins.jsMD5: d8c90d33e167692aa3d929f3cb3a56baSHA1: 0e8876f2289b30864e2b3fd0e4aca8e71400ac64SHA256: 740eb50ab97564fb1816d5a4ecd515499a239c156bb009ed55f401753b62343bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: jquery.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/jquery/jquery.jsMD5: a7f7f8654d7091d750423993d94dc436SHA1: 329b1a9d48023ac8ae9098eddbbc594d4cadb717SHA256: e6be08d782165ce3f7d792f7b0574ee595cd242986a81af1c873c3ab571cffc3Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.11.3 High
Published Vulnerabilities CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* primefaces-6.1.jar: jquery.mousewheel.min.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mousewheel/jquery.mousewheel.min.jsMD5: a19660331d2924f8cabf797593582e42SHA1: 854d8ef9e717c513c29e87b422149fa253b636c0SHA256: d32437988bc7da1a0ee7856876ac50943cb639b20505fad3a0d4f00c25329cc4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: keyboard.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/keyboard/keyboard.jsMD5: 6e2e99dd7cda7db266d6ae313873a480SHA1: edf9f799315317d21f15724f21b1a42fb458423eSHA256: 3363f0acfb5045feb9a86d7bdabc6fcdc9ea8da4a26e7ede216938ce782d3c8fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: keyfilter.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/keyfilter/keyfilter.jsMD5: 85b24c28db15874e9ade5d6e04a5de71SHA1: 91b0472294804ae3dff5bf165c78f1e2b3bda879SHA256: 413b0c794363eefdee1efd14378c7bfc7e12e9ba28d04442446f9e36b5a395c9Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: knob.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/knob/knob.jsMD5: 289622044e5ae85d93faa62418765513SHA1: 4f72b1a616292cdb9be6b43d69ae14bfc62428a9SHA256: 69a5c253d1c9abe10a34935cab7104f1880c5b6bd92b329785d8bf1841e4eda9Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: layout.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/layout/layout.jsMD5: 5d2bc563a9349fe9fa8cdddb91ce0bbdSHA1: b5aed2c657f1dac7b44f5d9893f0133616abb09bSHA256: 2becf1c328440683e8d136209c43d6fc4da5a05d8bc877130698c14e1cdb000aReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: lifecycle.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/lifecycle/lifecycle.jsMD5: 9627c1e2d672df7f7f2c26498278b606SHA1: c382df2afdd378164416b829074e7c2bb8780da8SHA256: 553b35162fcdc9aafce567ee18a8c501daa5b5c2f1a6634d6cb7618e6aef7572Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: log.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/log/log.jsMD5: 1190223bc485e58c760a0fb104d451acSHA1: 3dc24dd0f24ede52341bf8e6fdc3aad7ec7b2865SHA256: b8c8953932f206b0e573e38b4a40fda53ef404ed4f6eeb07d6fca596810bac9aReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: mindmap.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mindmap/mindmap.jsMD5: 141bc9c6ed0144287a62b5f388398fb5SHA1: 1def023b3777ee500d3e9843ec05f716eb816a87SHA256: 0b7b1c440f42107771f58669f0f43e1ffa37babbbbd989f47538075f573b371eReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: moment.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/moment/moment.jsMD5: 46d56ea445e0e7caceec78247dfd78ddSHA1: aef2cad740086e09b23352778ef85b354869099eSHA256: bdbadb35558db161f776055ce1a92555a684c44011942bffcc49ffd0002f779dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: organigram.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/organigram/organigram.jsMD5: fdb7ec5fbd417c5e9c1fc5a68ef092c5SHA1: b396b9993cb4aa0880c1b8406de7478e201ebb14SHA256: 67a1e3de53a1716705460b0080448d6e1c06e38d7cdbd22ecfe46d786813f07aReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: photocam.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/photocam/photocam.jsMD5: d2305b3415a7f82126c2e0d9930d014aSHA1: b838077c14658dec55e65782d329318f991e5023SHA256: c21270776ca97e2424fc371b1fb29a5ef315dcfd8fb30da4c072981dbb354a0bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: printer.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/printer/printer.jsMD5: db0d7817812477bf26a9c4888dbaeaffSHA1: d416c41ef0681ae1d1bd04c3ec7892975bde8dbaSHA256: 892fac1746ce117fc7caa9c73cdf81b4a7f828ea51671dcde4ded7f8d97a9029Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: push.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/push/push.jsMD5: 3251876ccfa8be8b3a766a4eccf64725SHA1: 15384ebdee77cbb0b46d291d9c0971ec6d427585SHA256: a5a75b1a068033439ef121a77eebe107e7f0be7d89b02e6117ac2c968ffef860Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: raphael.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/raphael/raphael.jsMD5: f6d76d75ffb57b71e2b49ee1e613990bSHA1: e87839ecb03847547c1f7d174e3019b2e8cac88fSHA256: 912889c2c44c303f7d08918816a5390a255788f1f7fa827bc91c9eedf255369dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: ribbon.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/ribbon/ribbon.jsMD5: e20363c3eba3abe543419b99105c1492SHA1: e28da8b53ccaeafe210b16b28060c8b40396c966SHA256: 1ced20e3352796edde12c56f8c4ce12d6b7e58bec2e5716e5c199bd224a5431fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: ring.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/ring/ring.jsMD5: f8bea47761887836c0d8a0f1641cc862SHA1: 1f9daaf9e1b3c8191536a85ff587f2eafb1200a6SHA256: b0edd1950427161e18c1a2a83197b645d3b1174f093774f01a92db592c6f0142Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: schedule.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/schedule/schedule.jsMD5: 64e4284021f2ffc31c7cb90fc7852d83SHA1: 3e6e0161aa4d29157fe87bdfd0421965389ad2e3SHA256: f7b69ae993c56dc0b3d855fd59c8a2c21919026820f6b2fd623328489d394d54Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: scrollpanel.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/scrollpanel/scrollpanel.jsMD5: b4b7ba9c7337af83694d569ad1557199SHA1: f0f0e09848a02db156c6bd7f60adc69eb30f3bb9SHA256: f1ca242c6c2209c3e007cf27299a2b23063e67433df1bfe6d7e5f296261f346dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: signature.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/signature/signature.jsMD5: de47d5b7f4d3bfceb64953b29ad71566SHA1: 8e67cb30e0b439151efa6909617cae98a665568eSHA256: 528d46fccd936c902569e1a5d9a770625180fdf997cacf7ee9ee1616032f7a37Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: stack.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/stack/stack.jsMD5: a54aad057e55ae776353ac26fefdb52fSHA1: 7b2f9b0f672585f8171bb22c8df5eb509ff9cecdSHA256: 81908db529ecbf178975923066c65fb71ae6861c87de16b8a2b3e9cfee08b1fdReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: terminal.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/terminal/terminal.jsMD5: 0e7d65edb8e61048e5e8f0f70542f8faSHA1: 16b58b5898faf98396fb70147e9ab66e8c49330bSHA256: f13c06e5606b228948a572e856cf049d16d40c93a0ce846fc0657f05ed9426dfReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: texteditor.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/texteditor/texteditor.jsMD5: 7650d4387b8a3a2bc307701abf1cd8eeSHA1: 8061fcf936147038ee4a5e9da39941399ee1791fSHA256: 9187206ff8cd37c0d9685f504345601675cba6eee65a2082ceae89cab2430ef1Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: timeline.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/timeline/timeline.jsMD5: bf1d0f2b1bced3751bd301d2ccfb3c75SHA1: 6743e1a224b2428095fbe651d0e4ec86d116a645SHA256: fd2dd283c0cef65ec7ad76b1d236eac95e7f8b685238a949ea2e2030b09f3fa8Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: touchswipe.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/touch/touchswipe.jsMD5: 6f38c3f2a756c8b947eb00dc86826944SHA1: fd78cf40dcc11ca868195fc891027c22256746e1SHA256: aa248a002e1a43c44ed11fbe0652d54c3fe07f06e6a668f27d759467130ac70eReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: validation.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/validation/validation.jsMD5: 0c135158bb0f2e697d5ba4775d24904bSHA1: 840aa417fce4aad535ca9cac7b403e7b37b16977SHA256: 0f5db59606e8f2016c431dd1c361e97d567e32bb0e379e7ea29b4078681659ecReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-6.1.jar: watermark.jsFile Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/watermark/watermark.jsMD5: e8f78b7aeb9de00cffbc206ed609d55cSHA1: f07a5bfbcaa94dc7a6ddae96b0d01f7cf8365efdSHA256: e5a6c207a3153f5650a788e557e1d67626f2f6035f602503b1d54d6a8151e95aReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jarDescription:
PrimeFaces Extensions Project for Maven.
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jarMD5: 1f910d4ad0a197424cc38208cc900a36SHA1: e15af78625c4bfbab75a05c1f8feb2bbea726e2eSHA256: 4a47585d79f725cb2076be755270f732d28dbfb24d41b77e16405285e9be3debReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.primefaces.extensions Highest Vendor Manifest x-compile-target 1.6 Low Vendor Manifest Implementation-Vendor-Id org.primefaces.extensions Medium Vendor pom artifactid primefaces-extensions Low Vendor file name primefaces-extensions High Vendor Manifest x-compile-source 1.6 Low Vendor pom name PrimeFaces Extensions High Vendor jar package name extensions Highest Vendor pom groupid primefaces.extensions Highest Vendor jar package name primefaces Highest Vendor Manifest bundle-symbolicname org.primefaces.extensions Medium Vendor pom parent-groupid org.primefaces.extensions Medium Vendor pom parent-artifactid master-pom Low Vendor Manifest implementation-url https://github.com/primefaces-extensions/primefaces-extensions Low Product Manifest specification-title PrimeFaces Extensions Medium Product Manifest x-compile-target 1.6 Low Product file name primefaces-extensions High Product Manifest x-compile-source 1.6 Low Product pom name PrimeFaces Extensions High Product jar package name extensions Highest Product jar package name github Highest Product Manifest Implementation-Title PrimeFaces Extensions High Product pom artifactid primefaces-extensions Highest Product Manifest Bundle-Name primefaces.extensions Medium Product pom groupid primefaces.extensions Highest Product jar package name primefaces Highest Product Manifest bundle-symbolicname org.primefaces.extensions Medium Product pom parent-groupid org.primefaces.extensions Medium Product pom parent-artifactid master-pom Medium Product Manifest implementation-url https://github.com/primefaces-extensions/primefaces-extensions Low Version pom version 6.1.1 Highest Version Manifest Implementation-Version 6.1.1 High Version file version 6.1.1 High
primefaces-extensions-6.1.1.jar: analogclock.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/analogclock/analogclock.jsMD5: 922b2c3b78829445e3552d9f7c36adc5SHA1: 8715ed3d5d69bf77735581087fa76c62612843c5SHA256: 8280cbe97432485fc20fe501d098bdd7e4e17e1160861b5218347354900178e5Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: blockui.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/blockui/blockui.jsMD5: b899b7bf50623e0fbc71710b88a922bfSHA1: 49d6aa9f339920bdb37df90739ff2e4df21026e3SHA256: 96d6abff9f0178a6dcf35dd2f625da9010e709bb82413bb804ad3ab63112a53bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: calculator.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/calculator/calculator.jsMD5: 6dcef19d605fa6cf1c0567e30dcd61d0SHA1: d00d8c4750a524c69dec10845c39e472bf29f72cSHA256: f9be2da77715fb00e557cff7537ebeec19136d0433e3a6eed36091febe55a360Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: clipboard.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/clipboard/clipboard.jsMD5: 66552d0b3555ffaf3ec7f43843a29d8cSHA1: 307f28150a4d2856fec3c99adaf01e54f0e1632cSHA256: e5b6e711314ef612c3f46253938ecbd66673159129fe9a68865523b88aafd1eaReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: fluidgrid.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/fluidgrid/fluidgrid.jsMD5: 714edde2b3e8329e1413c0ea76f8279aSHA1: 92a322b7d9ca1708d919141966689b756aab37b8SHA256: 039eb2ea6c2a7f92b01c9c42410fda90f32258173b2093095e00e2fad518e6f3Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: github.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/github/github.jsMD5: 132578be4e19727b105d7b7d1c5ad24bSHA1: e7fc1083bb8a336a9c32dedd4fe571e286caa262SHA256: 8e9614eed26195ca84ecda4961e28c43c217ae00e2f29871eac6dc02eaf27538Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: imageareaselect.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/imageareaselect/imageareaselect.jsMD5: 8b357b36d524d2cfc2e42aa1e13719eaSHA1: a3784383b88ea45becd0cf8501a121785f1f887eSHA256: 50aa2c538ee7565ced66e5a1d4011cf230b3df3db2bdde4d77d34f81b8898404Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: layout.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/layout/layout.jsMD5: ce42c19a75ca07994347715e46ebba9dSHA1: 013f294905817d239ae688e168f36f61b1ff1bfcSHA256: 8ab74d766e01a1f36d036c339cca08cf0b0389451e264dccef985fd0a0627c6bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: pdf.viewer.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/documentviewer/pdf.viewer.jsMD5: 19fd98802d221ebf3e4dfdf179c4fdcfSHA1: ccacafb055e19ec7e3616fdf919125b5cf7b9954SHA256: bc0c3cf61daede9db29cd820299312e3f146006bc31b795e204bc048c2474770Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: pdf.worker.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/documentviewer/pdf.worker.jsMD5: 83d8de27fb1c6c169ec4ca841eda15c8SHA1: 91e8186ae9eb08381ff3ed44e91860cc254df0c4SHA256: 1f65891df9ba19d26dad690b26f7be5767481b84c05b8c87b63a44247cfbad9eReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: primefaces-extensions.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/primefaces-extensions.jsMD5: e84ddf8dc099a96b014d2343dffb399cSHA1: 7ccde71278d29f424cefc0aa821320868e3a0dafSHA256: d30bfc21efd5359d59b97d79c107c9cbf927df0e40251dde2de5728d52fd05e0Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: qrcode.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/qrcode/qrcode.jsMD5: cb788bd59aec6ef818a4773526e3f623SHA1: a670541819f37583e58edf2eb1c9e64e0f078b0eSHA256: be6efc9ef4f191f34b3b02d72d74c1fe6baaf9292dbf096a5e8eb59c3ae6e0e0Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: slideout.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/slideout/slideout.jsMD5: 78638d4fb368e705cacf4b375cd01331SHA1: c244e15d31cc7c3ac21613587417ccad3f9b04a3SHA256: ad2a1babfd5ebb5aa31a443940a4a6f424136a69aae32fffa3bedf6bf06d4e68Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: timepicker.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/timepicker/timepicker.jsMD5: 0beb1ae1028872ca302bdf44b337eab1SHA1: 230050f8b8c179c15d75c0368d31af64bf80cb9fSHA256: 91f17dc993b34036f37d25be8bb61e47ba9bf98585864966df4d44d846452507Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: timer.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/timer/timer.jsMD5: ca179c1b2914b133c73bf4f31c9ff164SHA1: 920d4aafaed979022d3a362bbbc7e7a7361d5e60SHA256: aaafe3a45e1194ed1dd25e463a70f7bbec0905403264ca599ad4a3c3e209f932Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: tooltip.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/tooltip/tooltip.jsMD5: 650e176870d7a25551aaece7f3dbd438SHA1: ebd81aaf82837affac703b9b0500838f0a400629SHA256: c336523a503ece04e4dd24a1354639cf87c339d7fb48b5a6a2cafce69358a052Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
primefaces-extensions-6.1.1.jar: waypoint.jsFile Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/waypoint/waypoint.jsMD5: 3840bc02f6cd963ed114e7d82eb4220cSHA1: d90640e75002dc30388f981f2a4fa8aa9914dd83SHA256: d334fb739b9af254b07ad34a140b7f72200be5dd1c674ce7e29c6501057de47bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
slf4j-api-1.6.6.jarDescription:
The slf4j API File Path: /root/.m2/repository/org/slf4j/slf4j-api/1.6.6/slf4j-api-1.6.6.jarMD5: 17ba6715f5defd50b2e781201f57b408SHA1: ce53b0a0e2cfbb27e8a59d38f79a18a5c6a8d2b0SHA256: 43456b2ee31529a9c512d581e53e285c65feddec204a2c146945e032b07810baReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.slf4j Highest Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom url http://www.slf4j.org Highest Vendor pom name SLF4J API Module High Vendor pom groupid slf4j Highest Vendor pom parent-artifactid slf4j-parent Low Vendor pom parent-groupid org.slf4j Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor pom artifactid slf4j-api Low Product pom artifactid slf4j-api Highest Product pom groupid slf4j Highest Product pom parent-groupid org.slf4j Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product pom url http://www.slf4j.org Medium Product Manifest bundle-symbolicname slf4j.api Medium Product pom parent-artifactid slf4j-parent Medium Product pom name SLF4J API Module High Product Manifest Bundle-Name slf4j-api Medium Product Manifest Implementation-Title slf4j-api High Product file name slf4j-api High Product jar package name slf4j Highest Version file version 1.6.6 High Version Manifest Bundle-Version 1.6.6 High Version pom version 1.6.6 Highest Version Manifest Implementation-Version 1.6.6 High
slf4j-log4j12-1.6.6.jarDescription:
SLF4J LOG4J-12 Binding File Path: /root/.m2/repository/org/slf4j/slf4j-log4j12/1.6.6/slf4j-log4j12-1.6.6.jarMD5: 00e5efbc17122d31a1c02c179e6d6e0bSHA1: 5cd9b4fbc3ff6a97beaade3206137d76f65df805SHA256: 1e44890f21765cb92aeeda2e62b72ae37be230193880e9a8b7b768fde1a10b2cReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.slf4j Highest Vendor file name slf4j-log4j12 High Vendor pom name SLF4J LOG4J-12 Binding High Vendor pom url http://www.slf4j.org Highest Vendor pom groupid slf4j Highest Vendor pom parent-artifactid slf4j-parent Low Vendor Manifest bundle-symbolicname slf4j.log4j12 Medium Vendor pom parent-groupid org.slf4j Medium Vendor pom artifactid slf4j-log4j12 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor jar package name slf4j Highest Product file name slf4j-log4j12 High Product Manifest Implementation-Title slf4j-log4j12 High Product pom artifactid slf4j-log4j12 Highest Product pom groupid slf4j Highest Product Manifest bundle-symbolicname slf4j.log4j12 Medium Product pom parent-groupid org.slf4j Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product pom url http://www.slf4j.org Medium Product pom name SLF4J LOG4J-12 Binding High Product pom parent-artifactid slf4j-parent Medium Product Manifest Bundle-Name slf4j-log4j12 Medium Product jar package name slf4j Highest Version file version 1.6.6 High Version Manifest Bundle-Version 1.6.6 High Version pom version 1.6.6 Highest Version Manifest Implementation-Version 1.6.6 High
term.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/term.jsMD5: 14ad2e406311c5618e73131498efcd97SHA1: 774fedc9720b93a38d2b728523277fb603fb49d6SHA256: 8c2f65cf6f797433160acd272c1438e6991aee3fa9883562c50a50d671cee807Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
trends.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/trends.jsMD5: cbd272f095dbeebc9672469aa91fb598SHA1: a09f229f4c26ae679b9e4402247b6b06c12c10c6SHA256: dbd7bff5f5062bff751b00d59704331928e3a69a31df6c0ec9bb451cd1b0d57aReferenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
trove4j-3.0.3.jarDescription:
The Trove library provides high speed regular and primitive
collections for Java.
License:
GNU Lesser General Public License 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt File Path: /root/.m2/repository/net/sf/trove4j/trove4j/3.0.3/trove4j-3.0.3.jar
MD5: 8fc4d4e0129244f9fd39650c5f30feb2
SHA1: 42ccaf4761f0dfdfa805c9e340d99a755907e2dd
SHA256: 3c8616203d61a12a7e3487e8b34f3c198c2b5ba9e90da0c7ea32d99cd4958012
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name trove4j High Vendor jar package name trove Highest Vendor pom name GNU Trove High Vendor jar package name gnu Highest Vendor pom url http://trove4j.sf.net Highest Vendor pom artifactid trove4j Low Vendor Manifest implementation-url http://trove4j.sourceforge.net/ Low Vendor pom groupid net.sf.trove4j Highest Product file name trove4j High Product jar package name trove Highest Product pom name GNU Trove High Product jar package name gnu Highest Product Manifest Implementation-Title Trove High Product pom artifactid trove4j Highest Product pom url http://trove4j.sf.net Medium Product Manifest implementation-url http://trove4j.sourceforge.net/ Low Product pom groupid net.sf.trove4j Highest Version file version 3.0.3 High Version pom version 3.0.3 Highest Version Manifest Implementation-Version 3.0.3 High
utility.jsFile Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/utility.jsMD5: 35fd1ed10e1e7e84f93d73b1d901e055SHA1: 5fca54fd9a39fb246385a3ecf66b295dfbf1495bSHA256: 7e900c2cb048f23dc57bdc71c34b5040e2b2c3f46ff74d42798dea2795968ff1Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
validation-api-1.1.0.Final.jarDescription:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name javax Highest Vendor file name validation-api High Vendor pom name Bean Validation API High Vendor pom artifactid validation-api Low Vendor pom groupid javax.validation Highest Vendor pom url http://beanvalidation.org Highest Vendor Manifest bundle-symbolicname javax.validation.api Medium Vendor jar package name validation Highest Product jar package name javax Highest Product file name validation-api High Product pom name Bean Validation API High Product pom groupid javax.validation Highest Product pom url http://beanvalidation.org Medium Product Manifest Bundle-Name Bean Validation API Medium Product pom artifactid validation-api Highest Product jar package name validation Highest Product Manifest bundle-symbolicname javax.validation.api Medium Version pom version 1.1.0.Final Highest Version Manifest Bundle-Version 1.1.0.Final High
weld-servlet-shaded-3.0.0.Final.jarDescription:
This jar bundles all the bits of Weld and CDI required for running in a Servlet container. License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar
MD5: 0856fb1cc23b31b273f260bf2fb5c48c
SHA1: 3714f2ceea7b41cc981dbee409df81dda874fdd4
SHA256: 08762cdb8f7fc5aa8524db1cffe6644b0f161d9df3b81828754f4479e529d6c0
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name servlet Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom groupid org.jboss.weld.servlet Highest Vendor jar package name container Highest Vendor pom parent-groupid org.jboss.weld.servlet Medium Vendor pom name Weld Servlet (Uber Jar) High Vendor Manifest build-time 2017-05-12 10:59 Low Vendor pom artifactid weld-servlet-shaded Low Vendor Manifest os-arch amd64 Low Vendor jar package name jboss Highest Vendor pom url http://weld.cdi-spec.org Highest Vendor Manifest os-name Linux Medium Vendor Manifest scm 42e40b56341205984c9275b44a5b73fb098237c7 Low Vendor pom groupid jboss.weld.servlet Highest Vendor jar package name weld Highest Vendor pom parent-artifactid weld-servlet-parent Low Vendor file name weld-servlet-shaded High Product jar package name servlet Highest Product pom url http://weld.cdi-spec.org Medium Product jar package name injection Highest Product jar package name container Highest Product pom artifactid weld-servlet-shaded Highest Product Manifest Implementation-Title Weld Servlet (Uber Jar) High Product pom parent-groupid org.jboss.weld.servlet Medium Product pom name Weld Servlet (Uber Jar) High Product Manifest build-time 2017-05-12 10:59 Low Product Manifest os-arch amd64 Low Product jar package name jboss Highest Product Manifest os-name Linux Medium Product Manifest scm 42e40b56341205984c9275b44a5b73fb098237c7 Low Product jar package name weld Highest Product pom groupid jboss.weld.servlet Highest Product file name weld-servlet-shaded High Product Manifest specification-title JSR-365 Contexts and Dependency Injection for Java Medium Product jar package name contexts Highest Product pom parent-artifactid weld-servlet-parent Medium Version pom version 3.0.0.Final Highest Version Manifest Implementation-Version 3.0.0.Final High
weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.annotation:javax.annotation-api:1.3)Description:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml
MD5: f7dc10c2df67f8377c83eb8c1d46ee05
SHA1: 0df1867b4b7930cc1ec2c1267330720f96cb336c
SHA256: 710cc43d8a7d9239e74f4532550fa58eb06e959a547bdc750c33f83b6180ce97
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name ${extension.name} API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://glassfish.java.net Medium Vendor pom artifactid javax.annotation-api Low Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Vendor pom groupid javax.annotation Highest Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Product pom organization name GlassFish Community Low Product pom name ${extension.name} API High Product pom organization url https://glassfish.java.net Low Product pom parent-artifactid jvnet-parent Medium Product pom groupid javax.annotation Highest Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Product pom artifactid javax.annotation-api Highest Product pom parent-groupid net.java Medium Version pom version 1.3 Highest Version pom parent-version 1.3 Low
weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.enterprise:cdi-api:2.0)Description:
APIs for CDI (Contexts and Dependency Injection for Java) License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/javax.enterprise/cdi-api/pom.xml
MD5: 61a45158a999ab92d9a82fb2645d4b7d
SHA1: 1ce9a75771a35ad14ba1bd9dd5677d48c5c984d9
SHA256: 6074b4dc3a8533226ca8dd3fe9e5b425522d9ccc1ae2ed7b6041f3d6d1bb1d68
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom organization name JBoss by Red Hat, Inc. High Vendor pom groupid javax.enterprise Highest Vendor pom name CDI APIs High Vendor pom artifactid cdi-api Low Vendor pom parent-groupid org.jboss.weld Medium Vendor pom url http://cdi-spec.org Highest Vendor pom organization url http://jboss.org Medium Vendor pom parent-artifactid weld-parent Low Product pom groupid javax.enterprise Highest Product pom name CDI APIs High Product pom parent-groupid org.jboss.weld Medium Product pom artifactid cdi-api Highest Product pom url http://cdi-spec.org Medium Product pom organization url http://jboss.org Low Product pom organization name JBoss by Red Hat, Inc. Low Product pom parent-artifactid weld-parent Medium Version pom version 2.0 Highest Version pom parent-version 2.0 Low
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.classfilewriter:jboss-classfilewriter:1.2.1.Final)Description:
A bytecode writer that creates .class files at runtime License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.classfilewriter/jboss-classfilewriter/pom.xml
MD5: 7d4f88033b845281d1ccf7deedc824e3
SHA1: 144c5027fb0e386f0ccc4155a7d963e92ae458f5
SHA256: 620e1364621b5beab50f564454307c1b2704c3b9e42268372c40e207e3a4c21c
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss Medium Vendor pom groupid jboss.classfilewriter Highest Vendor pom parent-artifactid jboss-parent Low Vendor pom name classfilewriter High Vendor pom artifactid jboss-classfilewriter Low Vendor pom url jbossas/jboss-classfilewriter Highest Product pom parent-groupid org.jboss Medium Product pom groupid jboss.classfilewriter Highest Product pom artifactid jboss-classfilewriter Highest Product pom url jbossas/jboss-classfilewriter High Product pom name classfilewriter High Product pom parent-artifactid jboss-parent Medium Version pom version 1.2.1.Final Highest Version pom parent-version 1.2.1.Final Low
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.logging:jboss-logging:3.2.1.Final)Description:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.logging/jboss-logging/pom.xml
MD5: 7e9423d688132d4112921ef91644f95e
SHA1: 81b599e87480e076b1db6e2fa103185b145aab68
SHA256: b7bab8229f58450a45f0bcbf3bdbf87a33c529aea5f9697bc705a51f5199f40e
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom url http://www.jboss.org Highest Vendor pom groupid jboss.logging Highest Vendor pom parent-groupid org.jboss Medium Vendor pom name JBoss Logging 3 High Vendor pom artifactid jboss-logging Low Vendor pom parent-artifactid jboss-parent Low Product pom groupid jboss.logging Highest Product pom parent-groupid org.jboss Medium Product pom url http://www.jboss.org Medium Product pom name JBoss Logging 3 High Product pom artifactid jboss-logging Highest Product pom parent-artifactid jboss-parent Medium Version pom parent-version 3.2.1.Final Low Version pom version 3.2.1.Final Highest
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.2_spec:1.0.0.Final)Description:
The Java(TM) EE Interceptors 1.2 API classes from JSR 318. License:
Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.spec.javax.interceptor/jboss-interceptors-api_1.2_spec/pom.xml
MD5: 0df27a83e30022fa745517e734f20114
SHA1: 4af3d311be850614438a8f2a38a1f216ae9ce110
SHA256: e42b23ee4551f521a1f6cffec0954131a0905fb90dabfcb863e58d4af1acc391
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.spec.javax.interceptor Highest Vendor pom parent-groupid org.jboss Medium Vendor pom name Java(TM) EE Interceptors 1.2 API High Vendor pom parent-artifactid jboss-parent Low Vendor pom artifactid jboss-interceptors-api_1.2_spec Low Product pom groupid jboss.spec.javax.interceptor Highest Product pom parent-groupid org.jboss Medium Product pom artifactid jboss-interceptors-api_1.2_spec Highest Product pom name Java(TM) EE Interceptors 1.2 API High Product pom parent-artifactid jboss-parent Medium Version pom parent-version 1.0.0.Final Low Version pom version 1.0.0.Final Highest
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.environment:weld-environment-common:3.0.0.Final)Description:
Common tools for non-standard Weld environments (SE, Servlet containers) License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.environment/weld-environment-common/pom.xml
MD5: e6f15188d548fc3fbbbfcd73927af658
SHA1: efa1230476f0a296cd4d43370ca5e357bf4b709a
SHA256: f0ae7c01d4cb6a873937f1f1ad70f2b2e4b7504c3b42060b47616a2a12b581d7
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss.weld Medium Vendor pom url http://weld.cdi-spec.org Highest Vendor pom artifactid weld-environment-common Low Vendor pom groupid jboss.weld.environment Highest Vendor pom name Weld Environment Common High Vendor pom parent-artifactid weld-core-parent Low Product pom url http://weld.cdi-spec.org Medium Product pom parent-artifactid weld-core-parent Medium Product pom parent-groupid org.jboss.weld Medium Product pom groupid jboss.weld.environment Highest Product pom name Weld Environment Common High Product pom artifactid weld-environment-common Highest Version pom version 3.0.0.Final Highest
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-jsf:3.0.0.Final)Description:
Weld JSF support License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.module/weld-jsf/pom.xml
MD5: e701c277de40cfba059163fe3959c9e8
SHA1: c64769af972c5ae55ec7a1d654d0ea2b31d97c4f
SHA256: b34797a0f6135e14bd0ed48d2f9db06bb8cce7865d19caa6895155c3f307878a
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss.weld Medium Vendor pom url http://weld.cdi-spec.org Highest Vendor pom name Weld JSF High Vendor pom groupid jboss.weld.module Highest Vendor pom artifactid weld-jsf Low Vendor pom parent-artifactid weld-core-parent Low Product pom url http://weld.cdi-spec.org Medium Product pom parent-artifactid weld-core-parent Medium Product pom parent-groupid org.jboss.weld Medium Product pom artifactid weld-jsf Highest Product pom name Weld JSF High Product pom groupid jboss.weld.module Highest Version pom version 3.0.0.Final Highest
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-web:3.0.0.Final)Description:
Weld Web module License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.module/weld-web/pom.xml
MD5: 8cb62e727d8748b0afa57e140afc226e
SHA1: f9b5cf0939755e25a3e8d744a4f1fdafb7970f7f
SHA256: 239e601141d2241ccbcf48bb52cdc7980091f6c412729e50982531bf61498ebb
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss.weld Medium Vendor pom url http://weld.cdi-spec.org Highest Vendor pom artifactid weld-web Low Vendor pom name Weld Web High Vendor pom groupid jboss.weld.module Highest Vendor pom parent-artifactid weld-core-parent Low Product pom url http://weld.cdi-spec.org Medium Product pom artifactid weld-web Highest Product pom parent-artifactid weld-core-parent Medium Product pom parent-groupid org.jboss.weld Medium Product pom name Weld Web High Product pom groupid jboss.weld.module Highest Version pom version 3.0.0.Final Highest
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.probe:weld-probe-core:3.0.0.Final)File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.probe/weld-probe-core/pom.xmlMD5: f1fad02dd2a1bdafcad6a237a7e8f9beSHA1: 9f9eb494a3c84d499b79516ecef0fe91d01a2a0eSHA256: 0212b16baf671b0e43c0b3b21507eceb1beb13af0268558c4d8464e0f0d8cec9Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name Weld Probe Core High Vendor pom parent-groupid org.jboss.weld.probe Medium Vendor pom groupid jboss.weld.probe Highest Vendor pom parent-artifactid weld-probe-parent Low Vendor pom artifactid weld-probe-core Low Product pom name Weld Probe Core High Product pom parent-groupid org.jboss.weld.probe Medium Product pom groupid jboss.weld.probe Highest Product pom parent-artifactid weld-probe-parent Medium Product pom artifactid weld-probe-core Highest Version pom version 3.0.0.Final Highest
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.servlet:weld-servlet-core:3.0.0.Final)License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.servlet/weld-servlet-core/pom.xml
MD5: 5dd72a50bc738f1da9be3f62fe126fe1
SHA1: 4f705ee14557f790c471ee911ab9d440f3a39a25
SHA256: 65f09d35223113ac9cb7926669fbc67ac3eacea6fad95d5f523164bd4ea7fc28
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom url http://weld.cdi-spec.org Highest Vendor pom artifactid weld-servlet-core Low Vendor pom parent-groupid org.jboss.weld.servlet Medium Vendor pom groupid jboss.weld.servlet Highest Vendor pom parent-artifactid weld-servlet-parent Low Vendor pom name Weld Servlet Core High Product pom url http://weld.cdi-spec.org Medium Product pom parent-groupid org.jboss.weld.servlet Medium Product pom groupid jboss.weld.servlet Highest Product pom artifactid weld-servlet-core Highest Product pom parent-artifactid weld-servlet-parent Medium Product pom name Weld Servlet Core High Version pom version 3.0.0.Final Highest
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-api:3.0.Final)Description:
Weld specifc extensions to the CDI API License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld/weld-api/pom.xml
MD5: 2d26b787129c1b64ce948b39e143baf3
SHA1: c0ecef8e8a5647171b32ed10cc98f72b556b5d3d
SHA256: 407f32735d3ab855d08b5021860d073558a0dec86834746225fbce879433f454
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid weld-api Low Vendor pom parent-groupid org.jboss.weld Medium Vendor pom url http://weld.cdi-spec.org Highest Vendor pom parent-artifactid weld-api-parent Low Vendor pom name Weld APIs High Vendor pom groupid jboss.weld Highest Product pom url http://weld.cdi-spec.org Medium Product pom parent-artifactid weld-api-parent Medium Product pom parent-groupid org.jboss.weld Medium Product pom name Weld APIs High Product pom artifactid weld-api Highest Product pom groupid jboss.weld Highest Version pom version 3.0.Final Highest
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-core-impl:3.0.0.Final)Description:
Weld's implementation of CDI License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld/weld-core-impl/pom.xml
MD5: 091c240768b2164eb329d776ddbec6c5
SHA1: becf697c1bcb31f0c04c81144de1aea685f1a156
SHA256: d7b741d6542c9c9c059cb91459b1efd793ae5864b65444d073fc05d008fad618
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name Weld Implementation (Core) High Vendor pom parent-groupid org.jboss.weld Medium Vendor pom url http://weld.cdi-spec.org Highest Vendor pom artifactid weld-core-impl Low Vendor pom groupid jboss.weld Highest Vendor pom parent-artifactid weld-core-parent Low Product pom url http://weld.cdi-spec.org Medium Product pom name Weld Implementation (Core) High Product pom parent-artifactid weld-core-parent Medium Product pom parent-groupid org.jboss.weld Medium Product pom artifactid weld-core-impl Highest Product pom groupid jboss.weld Highest Version pom version 3.0.0.Final Highest
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-spi:3.0.Final)License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld/weld-spi/pom.xml
MD5: e4a12d320708f8010b233c6dda4a356a
SHA1: bbb507b105026ea2cc7b1af86d62d63d8dddde89
SHA256: 891ab3a79ea6feeef946d1992c8c2aed093b842626e3932cceee798c3142b44f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss.weld Medium Vendor pom url http://weld.cdi-spec.org Highest Vendor pom parent-artifactid weld-api-parent Low Vendor pom groupid jboss.weld Highest Vendor pom artifactid weld-spi Low Vendor pom name Weld SPIs for container integration High Product pom url http://weld.cdi-spec.org Medium Product pom parent-artifactid weld-api-parent Medium Product pom parent-groupid org.jboss.weld Medium Product pom artifactid weld-spi Highest Product pom groupid jboss.weld Highest Product pom name Weld SPIs for container integration High Version pom version 3.0.Final Highest
weld-servlet-shaded-3.0.0.Final.jar: probe.jsFile Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/client/probe.jsMD5: 5c1cce0e82e969138c6c2b371a360f61SHA1: 192af923ab718cb0f1b71e168209d811b204050bSHA256: bb6b4ed0993e560dcb3404b74f1aaafb86dc7fd571cafc99d1c25d1a8020421bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name jquery High Vendor file name moment.js High Vendor file name bootstrap High Product file name jquery High Product file name moment.js High Product file name bootstrap High Version file version 2.1.1 High Version file version 2.8.4 High Version file version 3.3.1 High
Published Vulnerabilities CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* CVE-2018-14040 suppress
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* CVE-2018-14041 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* CVE-2018-14042 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 CVE-2019-8331 suppress
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* reDOS - regular expression denial of service (RETIREJS) suppress
reDOS - regular expression denial of service Unscored:
References:
xml-apis-1.0.b2.jarDescription:
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar
MD5: 458715c0f7646a56b1c6ad3138098beb
SHA1: 3136ca936f64c9d68529f048c2618bd356bf85c9
SHA256: 8232f3482c346d843e5e3fb361055771c1acc105b6d8a189eb9018c55948cf9f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor jar package name dom Highest Vendor pom organization url http://www.apache.org/ Medium Vendor pom groupid xml-apis Highest Vendor file name xml-apis High Vendor jar package name apache Highest Vendor pom name XML Commons External Components XML APIs High Vendor jar package name xml Highest Vendor jar package name w3c Highest Vendor pom url http://xml.apache.org/commons/#external Highest Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium Vendor jar package name version Highest Vendor manifest: javax/xml/transform/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor pom organization name Apache Software Foundation High Vendor jar package name sax Highest Vendor manifest: javax/xml/parsers/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor pom artifactid xml-apis Low Product jar package name dom Highest Product pom url http://xml.apache.org/commons/#external Medium Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 2 Core Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product jar package name document Highest Product file name xml-apis High Product jar package name xml Highest Product jar package name w3c Highest Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product jar package name version Highest Product jar package name transform Highest Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product pom organization name Apache Software Foundation Low Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium Product pom groupid xml-apis Highest Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product jar package name xmlcommons Highest Product jar package name javax Highest Product jar package name apache Highest Product pom name XML Commons External Components XML APIs High Product pom organization url http://www.apache.org/ Low Product pom artifactid xml-apis Highest Product jar package name sax Highest Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.transform Medium Version file version 1.0.b2 High Version manifest: org/apache/xmlcommons/Version Implementation-Version 1.0.b2 Medium Version pom version 1.0.b2 Highest