Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: gotrack

ubc.pavlab:gotrack:1.7-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
animal-sniffer-annotations-1.14.jarpkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14 025
aopalliance-repackaged-2.4.0-b34.jarpkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.4.0-b34 021
bluesky-1.0.10.jarpkg:maven/org.primefaces.themes/bluesky@1.0.10 015
common.js 00
commons-codec-1.9.jarpkg:maven/commons-codec/commons-codec@1.9 038
commons-lang3-3.3.2.jarpkg:maven/org.apache.commons/commons-lang3@3.3.2 038
commons-math3-3.4.1.jarpkg:maven/org.apache.commons/commons-math3@3.4.1 038
concurrent-trees-2.4.0.jarpkg:maven/com.googlecode.concurrent-trees/concurrent-trees@2.4.0 024
dagre-d3.min.js 00
dom4j-1.6.1.jarcpe:2.3:a:dom4j_project:dom4j:1.6.1:*:*:*:*:*:*:*pkg:maven/dom4j/dom4j@1.6.1 0Highest25
enrichment.js 00
error_prone_annotations-2.0.18.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.0.18 026
genes.js 00
gograph.js 00
gson-2.2.4.jarpkg:maven/com.google.code.gson/gson@2.2.4 029
guava-23.0.jarcpe:2.3:a:google:guava:23.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@23.0MEDIUM2Highest24
hk2-api-2.4.0-b34.jarpkg:maven/org.glassfish.hk2/hk2-api@2.4.0-b34 025
hk2-locator-2.4.0-b34.jarpkg:maven/org.glassfish.hk2/hk2-locator@2.4.0-b34 021
hk2-utils-2.4.0-b34.jarcpe:2.3:a:oracle:utilities_framework:2.4.0.b34:*:*:*:*:*:*:*pkg:maven/org.glassfish.hk2/hk2-utils@2.4.0-b34 0Low29
hk2-utils-2.4.0-b34.jar (shaded: org.jvnet:tiger-types:1.4)pkg:maven/org.jvnet/tiger-types@1.4 012
itextpdf-5.5.6.jarcpe:2.3:a:itextpdf:itext:5.5.6:*:*:*:*:*:*:*pkg:maven/com.itextpdf/itextpdf@5.5.6HIGH1High31
j2objc-annotations-1.1.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.1 024
jackson-core-2.5.4.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.5.4:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.5.4MEDIUM1Low45
jackson-databind-2.5.4.jarcpe:2.3:a:fasterxml:jackson-databind:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.5.4:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.5.4CRITICAL19Highest42
jackson-jaxrs-base-2.5.4.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.5.4 039
jackson-jaxrs-json-provider-2.5.4.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.5.4 039
jackson-module-jaxb-annotations-2.5.4.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.5.4 042
javassist-3.18.1-GA.jarpkg:maven/org.javassist/javassist@3.18.1-GA 021
javax.annotation-api-1.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.2 037
javax.faces-2.3.3.jarcpe:2.3:a:oracle:mojarra_javaserver_faces:2.3.3:*:*:*:*:*:*:*pkg:maven/org.glassfish/javax.faces@2.3.3 0Low40
javax.faces-2.3.3.jar: jsf-uncompressed.js 00
javax.faces-2.3.3.jar: jsf.js 00
javax.inject-2.4.0-b34.jarpkg:maven/org.glassfish.hk2.external/javax.inject@2.4.0-b34 023
javax.json-1.1.jarpkg:maven/org.glassfish/javax.json@1.1 036
javax.servlet-api-3.1.0.jarpkg:maven/javax.servlet/javax.servlet-api@3.1.0 037
javax.transaction-api-1.2.jarpkg:maven/javax.transaction/javax.transaction-api@1.2 037
javax.ws.rs-api-2.0.1.jarcpe:2.3:a:oracle:web_services:2.0.1:*:*:*:*:*:*:*pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1 0Low41
jaxen-1.1.6.jarpkg:maven/jaxen/jaxen@1.1.6 026
jbcrypt-0.3m.jarcpe:2.3:a:mindrot:jbcrypt:0.3m:*:*:*:*:*:*:*pkg:maven/org.mindrot/jbcrypt@0.3mMEDIUM1Highest25
jersey-entity-filtering-2.21.1.jarcpe:2.3:a:jersey_project:jersey:2.21.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.jersey.ext/jersey-entity-filtering@2.21.1 0Highest27
jersey-gf-cdi-2.14.jarcpe:2.3:a:jersey_project:jersey:2.14:*:*:*:*:*:*:*pkg:maven/org.glassfish.jersey.containers.glassfish/jersey-gf-cdi@2.14 0Highest28
jersey-server-2.22.2.jarcpe:2.3:a:jersey_project:jersey:2.22.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jersey.core/jersey-server@2.22.2 0Highest29
jquery-ui.min.js 00
json-20140107.jarpkg:maven/org.json/json@20140107 022
jsr305-1.3.9.jarpkg:maven/com.google.code.findbugs/jsr305@1.3.9 016
jstl-1.2.jarpkg:maven/javax.servlet/jstl@1.2HIGH126
jul-to-slf4j-1.6.6.jarpkg:maven/org.slf4j/jul-to-slf4j@1.6.6 028
log4j-1.2.14.jarcpe:2.3:a:apache:log4j:1.2.14:*:*:*:*:*:*:*pkg:maven/log4j/log4j@1.2.14CRITICAL2Highest23
lombok-1.16.20.jarpkg:maven/org.projectlombok/lombok@1.16.20 022
lombok-1.16.20.jar: WindowsDriveInfo-i386.dll 04
lombok-1.16.20.jar: WindowsDriveInfo-x86_64.dll 02
mockito-all-1.10.19.jarpkg:maven/org.mockito/mockito-all@1.10.19 024
mysql-connector-java-5.1.35.jarcpe:2.3:a:mysql:mysql:5.1.35:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:5.1.35:*:*:*:*:*:*:*
pkg:maven/mysql/mysql-connector-java@5.1.35HIGH8Highest38
omnifaces-3.0.jarpkg:maven/org.omnifaces/omnifaces@3.0 031
omnifaces-3.0.jar: fixviewstate.js 00
omnifaces-3.0.jar: omnifaces.js 00
omnifaces-3.0.jar: unload.js 00
osgi-resource-locator-1.0.1.jarpkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1 028
plotting.js 00
poi-3.11.jarcpe:2.3:a:apache:poi:3.11:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@3.11HIGH6Highest29
primefaces-6.1.jarcpe:2.3:a:primetek:primefaces:6.1:*:*:*:*:*:*:*pkg:maven/org.primefaces/primefaces@6.1MEDIUM2Highest23
primefaces-6.1.jar: beanvalidation.js 00
primefaces-6.1.jar: captcha.js 00
primefaces-6.1.jar: charts.js 00
primefaces-6.1.jar: clock.js 00
primefaces-6.1.jar: colorpicker.js 00
primefaces-6.1.jar: components-mobile.js 00
primefaces-6.1.jar: components.js 00
primefaces-6.1.jar: contentflow.js 00
primefaces-6.1.jar: core.js 00
primefaces-6.1.jar: datepicker.js 00
primefaces-6.1.jar: diagram.js 00
primefaces-6.1.jar: dock.js 00
primefaces-6.1.jar: editor.js 00
primefaces-6.1.jar: fileupload.js 00
primefaces-6.1.jar: galleria.js 00
primefaces-6.1.jar: gmap.js 00
primefaces-6.1.jar: hotkey.js 00
primefaces-6.1.jar: idlemonitor.js 00
primefaces-6.1.jar: imagecompare.js 00
primefaces-6.1.jar: imagecropper.js 00
primefaces-6.1.jar: imageswitch.js 00
primefaces-6.1.jar: inputnumber.js 00
primefaces-6.1.jar: inputswitch.js 00
primefaces-6.1.jar: jquery-mobile.js 00
primefaces-6.1.jar: jquery-plugins.js 00
primefaces-6.1.jar: jquery.jspkg:javascript/jquery@1.11.3MEDIUM43
primefaces-6.1.jar: jquery.mousewheel.min.js 00
primefaces-6.1.jar: keyboard.js 00
primefaces-6.1.jar: keyfilter.js 00
primefaces-6.1.jar: knob.js 00
primefaces-6.1.jar: layout.js 00
primefaces-6.1.jar: lifecycle.js 00
primefaces-6.1.jar: log.js 00
primefaces-6.1.jar: mindmap.js 00
primefaces-6.1.jar: moment.js 00
primefaces-6.1.jar: organigram.js 00
primefaces-6.1.jar: photocam.js 00
primefaces-6.1.jar: printer.js 00
primefaces-6.1.jar: push.js 00
primefaces-6.1.jar: raphael.js 00
primefaces-6.1.jar: ribbon.js 00
primefaces-6.1.jar: ring.js 00
primefaces-6.1.jar: schedule.js 00
primefaces-6.1.jar: scrollpanel.js 00
primefaces-6.1.jar: signature.js 00
primefaces-6.1.jar: stack.js 00
primefaces-6.1.jar: terminal.js 00
primefaces-6.1.jar: texteditor.js 00
primefaces-6.1.jar: timeline.js 00
primefaces-6.1.jar: touchswipe.js 00
primefaces-6.1.jar: validation.js 00
primefaces-6.1.jar: watermark.js 00
primefaces-extensions-6.1.1.jarpkg:maven/org.primefaces.extensions/primefaces-extensions@6.1.1 033
primefaces-extensions-6.1.1.jar: analogclock.js 00
primefaces-extensions-6.1.1.jar: blockui.js 00
primefaces-extensions-6.1.1.jar: calculator.js 00
primefaces-extensions-6.1.1.jar: clipboard.js 00
primefaces-extensions-6.1.1.jar: fluidgrid.js 00
primefaces-extensions-6.1.1.jar: github.js 00
primefaces-extensions-6.1.1.jar: imageareaselect.js 00
primefaces-extensions-6.1.1.jar: layout.js 00
primefaces-extensions-6.1.1.jar: pdf.viewer.js 00
primefaces-extensions-6.1.1.jar: pdf.worker.js 00
primefaces-extensions-6.1.1.jar: primefaces-extensions.js 00
primefaces-extensions-6.1.1.jar: qrcode.js 00
primefaces-extensions-6.1.1.jar: slideout.js 00
primefaces-extensions-6.1.1.jar: timepicker.js 00
primefaces-extensions-6.1.1.jar: timer.js 00
primefaces-extensions-6.1.1.jar: tooltip.js 00
primefaces-extensions-6.1.1.jar: waypoint.js 00
slf4j-api-1.6.6.jarpkg:maven/org.slf4j/slf4j-api@1.6.6 027
slf4j-log4j12-1.6.6.jarpkg:maven/org.slf4j/slf4j-log4j12@1.6.6 027
term.js 00
trends.js 00
trove4j-3.0.3.jarpkg:maven/net.sf.trove4j/trove4j@3.0.3 020
utility.js 00
validation-api-1.1.0.Final.jarpkg:maven/javax.validation/validation-api@1.1.0.Final 019
weld-servlet-shaded-3.0.0.Final.jarpkg:maven/org.jboss.weld.servlet/weld-servlet-shaded@3.0.0.Final 038
weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.annotation:javax.annotation-api:1.3)pkg:maven/javax.annotation/javax.annotation-api@1.3 018
weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.enterprise:cdi-api:2.0)cpe:2.3:a:redhat:jboss_weld:2.0:*:*:*:*:*:*:*pkg:maven/javax.enterprise/cdi-api@2.0 0Low18
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.classfilewriter:jboss-classfilewriter:1.2.1.Final)pkg:maven/org.jboss.classfilewriter/jboss-classfilewriter@1.2.1.Final 014
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.logging:jboss-logging:3.2.1.Final)pkg:maven/org.jboss.logging/jboss-logging@3.2.1.Final 014
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.2_spec:1.0.0.Final)pkg:maven/org.jboss.spec.javax.interceptor/jboss-interceptors-api_1.2_spec@1.0.0.Final 012
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.environment:weld-environment-common:3.0.0.Final)pkg:maven/org.jboss.weld.environment/weld-environment-common@3.0.0.Final 013
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-jsf:3.0.0.Final)pkg:maven/org.jboss.weld.module/weld-jsf@3.0.0.Final 013
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-web:3.0.0.Final)pkg:maven/org.jboss.weld.module/weld-web@3.0.0.Final 013
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.probe:weld-probe-core:3.0.0.Final)pkg:maven/org.jboss.weld.probe/weld-probe-core@3.0.0.Final 011
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.servlet:weld-servlet-core:3.0.0.Final)pkg:maven/org.jboss.weld.servlet/weld-servlet-core@3.0.0.Final 013
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-api:3.0.Final)pkg:maven/org.jboss.weld/weld-api@3.0.Final 013
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-core-impl:3.0.0.Final)pkg:maven/org.jboss.weld/weld-core-impl@3.0.0.Final 013
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-spi:3.0.Final)pkg:maven/org.jboss.weld/weld-spi@3.0.Final 013
weld-servlet-shaded-3.0.0.Final.jar: probe.jspkg:javascript/bootstrap@3.3.1
pkg:javascript/jquery@2.1.1
pkg:javascript/moment.js@2.8.4
low99
xml-apis-1.0.b2.jarpkg:maven/xml-apis/xml-apis@1.0.b2 047

Dependencies

animal-sniffer-annotations-1.14.jar

File Path: /root/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.14/animal-sniffer-annotations-1.14.jar
MD5: 9d42e46845c874f1710a9f6a741f6c14
SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5
SHA256:2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d
Referenced In Project/Scope:gotrack:compile

Identifiers

aopalliance-repackaged-2.4.0-b34.jar

Description:

Dependency Injection Kernel

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /root/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.4.0-b34/aopalliance-repackaged-2.4.0-b34.jar
MD5: 57983543b3574e117d6f03ceff5f238c
SHA1: 3d5e856dbc91a3a2b0bcb3a3424f8b62421ae4cf
SHA256:5d3cb0cece722c7ba8ab987b931053cdbcb0cb12ad5c8c8a7691eb6f7e60a64b
Referenced In Project/Scope:gotrack:compile

Identifiers

bluesky-1.0.10.jar

File Path: /root/.m2/repository/org/primefaces/themes/bluesky/1.0.10/bluesky-1.0.10.jar
MD5: eb5d8614955e174053e73de15d9a1bae
SHA1: ff53db9a87d1b3611b830b48fca1d4e3fbf791ab
SHA256:91eb23b541da6b635e891ba743521587ea73925b43a9abb432ef99bb6cb4d5a9
Referenced In Project/Scope:gotrack:compile

Identifiers

common.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/common.js
MD5: 5580ab664925436cc5735c9989b1a40a
SHA1: 596078b11c577e6adb988893293edb1ea7b373ec
SHA256:e20e55b0812f1bcc973ed945049711cac2976b22fd4c095fb58d63f78f4fc3eb
Referenced In Project/Scope:gotrack

Identifiers

  • None

commons-codec-1.9.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.
    

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/commons-codec/commons-codec/1.9/commons-codec-1.9.jar
MD5: 75615356605c8128013da9e3ac62a249
SHA1: 9ce04e34240f674bc72680f8b843b1457383161a
SHA256:ad19d2601c3abf0b946b5c3a4113e226a8c1e3305e395b90013b78dd94a723ce
Referenced In Project/Scope:gotrack:compile

Identifiers

commons-lang3-3.3.2.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
SHA256:6b81d10754dadf184d386011486e6509c2cc0c3d33565ced4fb4402b9413d47d
Referenced In Project/Scope:gotrack:compile

Identifiers

commons-math3-3.4.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/org/apache/commons/commons-math3/3.4.1/commons-math3-3.4.1.jar
MD5: 14a218d0ee57907dd2c7ef944b6c0afd
SHA1: 3ac44a8664228384bc68437264cf7c4cf112f579
SHA256:d1075b14a71087038b0bfd198f0f7dd8e49b5b3529d8e2eba99e7d9eb8565e4b
Referenced In Project/Scope:gotrack:compile

Identifiers

concurrent-trees-2.4.0.jar

Description:

Concurrent Radix Trees and Concurrent Suffix Trees for Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/googlecode/concurrent-trees/concurrent-trees/2.4.0/concurrent-trees-2.4.0.jar
MD5: 19ce4b51b0fda34eb8eec583dad142ca
SHA1: 2e505b78f9216abebbbdf1c3254bf9f4c565ae43
SHA256:d8dd983b207e86f580ba2105747cb271f8b90f24b89c7447493d9125a472dc5d
Referenced In Project/Scope:gotrack:compile

Identifiers

dagre-d3.min.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/dagre-d3.min.js
MD5: 74a58f5d4e64bf05bc912ad569a72006
SHA1: d062f5970bcea6631093aa1f71ad79a4d98936b1
SHA256:a18c7ef7b67c2ca3115398c4cbb1891307a089f8f0fef5b96abb7bda49c7fa9a
Referenced In Project/Scope:gotrack

Identifiers

  • None

dom4j-1.6.1.jar

Description:

dom4j: the flexible XML framework for Java

File Path: /root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
SHA256:593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73
Referenced In Project/Scope:gotrack:compile

Identifiers

enrichment.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/enrichment.js
MD5: 3503c43603043655484d686c4cc40e5a
SHA1: 37cfd052341bfbee7c1f5a7731f6e9604a10ae6a
SHA256:56ef5930f53ef64f3f87408aec6ccbdddcbf67951641d2aed90452570211f6c6
Referenced In Project/Scope:gotrack

Identifiers

  • None

error_prone_annotations-2.0.18.jar

File Path: /root/.m2/repository/com/google/errorprone/error_prone_annotations/2.0.18/error_prone_annotations-2.0.18.jar
MD5: 98051758c08c9b7111b3268655069432
SHA1: 5f65affce1684999e2f4024983835efc3504012e
SHA256:cb4cfad870bf563a07199f3ebea5763f0dec440fcda0b318640b1feaa788656b
Referenced In Project/Scope:gotrack:compile

Identifiers

genes.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/genes.js
MD5: f1fd12c00a68a69bfe052a6aa5e2495c
SHA1: d402ec5253e116b854c4f3ccc50bb6594609a15d
SHA256:2b5aa409522b4263e3e2648147703557d1181732876af73976785de738ebea79
Referenced In Project/Scope:gotrack

Identifiers

  • None

gograph.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/gograph.js
MD5: 9fba9676fb15e4061a5a40588598db31
SHA1: 04610a3f51c35911910cf809fdb4590428e0783d
SHA256:564578287ac1698d4d22ce2948de4c9585739d328bf855c17d3b378a5ac33093
Referenced In Project/Scope:gotrack

Identifiers

  • None

gson-2.2.4.jar

Description:

Google Gson library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/google/code/gson/gson/2.2.4/gson-2.2.4.jar
MD5: 2f54fc24807a4cad7297012dd8cebf3d
SHA1: a60a5e993c98c864010053cb901b7eab25306568
SHA256:c0328cd07ca9e363a5acd00c1cf4afe8cf554bd6d373834981ba05cebec687fb
Referenced In Project/Scope:gotrack:compile

Identifiers

guava-23.0.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/google/guava/guava/23.0/guava-23.0.jar
MD5: 7d7838b57e04ae0164714c56ac9e20d9
SHA1: c947004bb13d18182be60077ade044099e4f26f1
SHA256:7baa80df284117e5b945b19b98d367a85ea7b7801bd358ff657946c3bd1b6596
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2018-10237  

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

hk2-api-2.4.0-b34.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /root/.m2/repository/org/glassfish/hk2/hk2-api/2.4.0-b34/hk2-api-2.4.0-b34.jar
MD5: 2972849752ed511bd069812ba2b29d2d
SHA1: 1017432e219dbd1d4a1121b2d7e87c5b2f0bcfb9
SHA256:6eb071aaea327015ac3da18d5066c364c1a39978f4b6f94644158675ca5b9ced
Referenced In Project/Scope:gotrack:compile

Identifiers

hk2-locator-2.4.0-b34.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /root/.m2/repository/org/glassfish/hk2/hk2-locator/2.4.0-b34/hk2-locator-2.4.0-b34.jar
MD5: 09eda1a8dd33d465ec7bac9536f3eaf7
SHA1: 1451fc3e5b7f00d7a5ca0feaff2c1bf68be5ac91
SHA256:ea47ebf7ed56ef751055710cfad36840bcc36383cf387c4a963b41447c066f8f
Referenced In Project/Scope:gotrack:compile

Identifiers

hk2-utils-2.4.0-b34.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /root/.m2/repository/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
MD5: f0c9e9df24ad2c2feb1f950b82146245
SHA1: aacce18411fffef9621d8fc91464ca0477119c38
SHA256:70211b1f918819bf6afbf69d3d19d4ae6e2a75d6e26f6c39ba9f20eb8e5612d7
Referenced In Project/Scope:gotrack:compile

Identifiers

hk2-utils-2.4.0-b34.jar (shaded: org.jvnet:tiger-types:1.4)

File Path: /root/.m2/repository/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar/META-INF/maven/org.jvnet/tiger-types/pom.xml
MD5: 51329dba505e7cc4a9bc2719cf195be0
SHA1: 5855a7ee03b816073c2b448bce93319bd71f7029
SHA256:58794aca99cadb3aab687b56fd6d84871956590323dd0ea5d611db759e78c6b9
Referenced In Project/Scope:gotrack:compile

Identifiers

itextpdf-5.5.6.jar

Description:

iText, a free Java-PDF library

License:

GNU Affero General Public License v3: http://www.fsf.org/licensing/licenses/agpl-3.0.html
File Path: /root/.m2/repository/com/itextpdf/itextpdf/5.5.6/itextpdf-5.5.6.jar
MD5: ce105599cd1ae696a04d14dd8f9de5a7
SHA1: 19448fdba5df68602aed364b86fd14d89c07a66e
SHA256:f15196c3c6b6c2db33425b6b3c7fd1aa8dd92d3862cb411b005a4b65e4677fde
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2017-9096  

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

j2objc-annotations-1.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.
  

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
SHA256:2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6
Referenced In Project/Scope:gotrack:compile

Identifiers

jackson-core-2.5.4.jar

Description:

Core Jackson abstractions, basic JSON streaming API implementation
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.5.4/jackson-core-2.5.4.jar
MD5: 7a3aa950d37e75199d30426a467ddf83
SHA1: 0a57a2df1a23ca1ee32f129173ba7f5feaa9ac24
SHA256:6ac2781bfe152f3e03e1f45ffb06b6bf03821d806eaa2e290747da35611e3b98
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

jackson-databind-2.5.4.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.5.4/jackson-databind-2.5.4.jar
MD5: a6c0a282905c8f5c4a80a36c75526485
SHA1: 5dfa42af84584b4a862ea488da84bbbebbb06c35
SHA256:338b9aa87b8b17d33026defdbd8d9c1ec498bf355e8b949381f303ea23c261ac
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2017-15095 (OSSINDEX)  

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2017-17485 (OSSINDEX)  

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2017-7525 (OSSINDEX)  

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11307 (OSSINDEX)  

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2018-14718 (OSSINDEX)  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2018-5968 (OSSINDEX)  

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2018-7489  

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete Blacklist

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14540 (OSSINDEX)  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-14893 (OSSINDEX)  

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-16335 (OSSINDEX)  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-16942 (OSSINDEX)  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-16943 (OSSINDEX)  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-17267 (OSSINDEX)  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-17531 (OSSINDEX)  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-20330 (OSSINDEX)  

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2020-35490  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35491  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (OSSINDEX)  

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: CVSS:/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

jackson-jaxrs-base-2.5.4.jar

Description:

Pile of code that is shared by all Jackson-based JAX-RS
providers.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.5.4/jackson-jaxrs-base-2.5.4.jar
MD5: dbd31df138ce1d8a266e0c9ce594e270
SHA1: 8af261181ae4fb16ccce5e116fa25bc3143785b8
SHA256:7f635fb13230210e3af5db6b0108c3bcd903404714c383a640aaa2d19af15b3f
Referenced In Project/Scope:gotrack:compile

Identifiers

jackson-jaxrs-json-provider-2.5.4.jar

Description:

Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.5.4/jackson-jaxrs-json-provider-2.5.4.jar
MD5: c41c05af8a1e131429f70e5faa4e5cbf
SHA1: 1c32a260754c3b13adcea6cc92259a78137751b6
SHA256:7517191a5a9af8ede688367964584b411c145b568d869376e4bbeda2eba1f31b
Referenced In Project/Scope:gotrack:compile

Identifiers

jackson-module-jaxb-annotations-2.5.4.jar

Description:

Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring data binding.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.5.4/jackson-module-jaxb-annotations-2.5.4.jar
MD5: 0a3d56856384aa9a3c57fddcd4e17513
SHA1: 52c516db26a89b726a1351f7f24347c640204343
SHA256:069b97144bd8424c2c035bd15ce2e35beb85489e6f0604b5776f79cfd448057d
Referenced In Project/Scope:gotrack:compile

Identifiers

javassist-3.18.1-GA.jar

Description:

  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.
  

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /root/.m2/repository/org/javassist/javassist/3.18.1-GA/javassist-3.18.1-GA.jar
MD5: 5bb83868c87334320562af7eded65cc2
SHA1: d9a09f7732226af26bf99f19e2cffe0ae219db5b
SHA256:3fb71231afd098bb0f93f5eb97aa8291c8d0556379125e596f92ec8f944c6162
Referenced In Project/Scope:gotrack:compile

Identifiers

javax.annotation-api-1.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /root/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope:gotrack:compile

Identifiers

javax.faces-2.3.3.jar

Description:

        This is the master POM file for Oracle's Implementation of the JSF 2.3 Specification.
    

License:

                COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) plus GPL
            : http://glassfish.java.net/nonav/public/CDDL+GPL.html
File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar
MD5: 963f70ee469f8034d3010cf3f6123cfc
SHA1: 3a95587c0c94f9d6d3a971ee6d2f3608e737f8de
SHA256:02cb44439458455e7f3f86d1f2c755c51a9859c9e3d9048de50411cefa1fe06e
Referenced In Project/Scope:gotrack:compile

Identifiers

javax.faces-2.3.3.jar: jsf-uncompressed.js

File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar/META-INF/resources/javax.faces/jsf-uncompressed.js
MD5: 071fa1c95f9cac7f876e4293854babb1
SHA1: d85a0182b1957e7e6d461825ddab759bda1d57c2
SHA256:607f41972bc4c4d161a7e583e68305043b4e2862fce77304b2e8c966e5a6c60f
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

javax.faces-2.3.3.jar: jsf.js

File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar/META-INF/resources/javax.faces/jsf.js
MD5: 33458a9fe6cce1f8b4dac96058a8ad22
SHA1: 380521f722b47f7d7c1a44f410e35428f4b3d61c
SHA256:336652121c49ce830d0d8e998442c5f77ce3f3456143a8666eb5f634cf30eea4
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

javax.inject-2.4.0-b34.jar

Description:

Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /root/.m2/repository/org/glassfish/hk2/external/javax.inject/2.4.0-b34/javax.inject-2.4.0-b34.jar
MD5: 0299609004955f54207ab8562273b5af
SHA1: a6a3d4935af7b03e44126b5aac2c2a0ce98fe6e9
SHA256:fdbf80a01b854045bd4004b7c6b1fdc2da81db475bfbd08ed574eeffcf9a7b1a
Referenced In Project/Scope:gotrack:compile

Identifiers

javax.json-1.1.jar

Description:

Default provider for JSR 374:Java API for Processing JSON

License:

https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /root/.m2/repository/org/glassfish/javax.json/1.1/javax.json-1.1.jar
MD5: 318c3ce1746e2106d826301c6074a547
SHA1: 6f8ce9246049c7af84926758aeea7bc24f5dd160
SHA256:4b1f21bc50b728aaae5f44ff550383182b58b67647362959e31004e4522ee24f
Referenced In Project/Scope:gotrack:compile

Identifiers

javax.servlet-api-3.1.0.jar

Description:

Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /root/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256:af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope:gotrack:provided

Identifiers

javax.transaction-api-1.2.jar

Description:

Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /root/.m2/repository/javax/transaction/javax.transaction-api/1.2/javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e
SHA256:9528449583c34d9d63aa1d8d15069790f925ae1f27b33784773b8099eff4c9ff
Referenced In Project/Scope:gotrack:compile

Identifiers

javax.ws.rs-api-2.0.1.jar

Description:

Java API for RESTful Web Services (JAX-RS)

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /root/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256:38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Project/Scope:gotrack:compile

Identifiers

jaxen-1.1.6.jar

Description:

Jaxen is a universal Java XPath engine.

License:

http://jaxen.codehaus.org/license.html
File Path: /root/.m2/repository/jaxen/jaxen/1.1.6/jaxen-1.1.6.jar
MD5: a140517286b56eea981e188dcc3a13f6
SHA1: 3f8c36d9a0578e8e98f030c662b69888b1430ac0
SHA256:5ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3eb
Referenced In Project/Scope:gotrack:compile

Identifiers

jbcrypt-0.3m.jar

Description:

        jBCrypt is a Java implementation of OpenBSD's Blowfish password hashing code, as described in A Future-Adaptable Password Scheme by Niels Provos and David Mazières, by Damien Miller.
    

License:

ISC/BSD License
File Path: /root/.m2/repository/org/mindrot/jbcrypt/0.3m/jbcrypt-0.3m.jar
MD5: 5cc2288708d15dd43bc8681f5b5541b0
SHA1: fe2d9c5f23767d681a7e38fc8986b812400ec583
SHA256:c0717079f4fe18f72f36ad1ab15a2afa63c6544fee4b9ac2128851330b5e1031
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2015-0886  

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
CWE-190 Integer Overflow or Wraparound

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

jersey-entity-filtering-2.21.1.jar

Description:

        Jersey extension module providing support for Entity Data Filtering.
    

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /root/.m2/repository/org/glassfish/jersey/ext/jersey-entity-filtering/2.21.1/jersey-entity-filtering-2.21.1.jar
MD5: ffacef7b6e28f0de4a47eb46bf8988f4
SHA1: 72ab7264b13fe5cc3cf839b40e9d11ec1ea68fcb
SHA256:45c12147b44afc5412f9ee84587d01d8f37a472195e37d08ec8ba4ac9a10ff7a
Referenced In Project/Scope:gotrack:compile

Identifiers

jersey-gf-cdi-2.14.jar

Description:

Jersey CDI for GlassFish integration

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /root/.m2/repository/org/glassfish/jersey/containers/glassfish/jersey-gf-cdi/2.14/jersey-gf-cdi-2.14.jar
MD5: 1e9b6f7618413ebd57d70517d58aa26c
SHA1: 8bf02124ff290fc01ac4f507bf3bf03fa9a106a9
SHA256:ab5c8a12611e70b2d932abbfc36e352b5958ce7ae9268bf103a8ebcf36e1828e
Referenced In Project/Scope:gotrack:compile

Identifiers

jersey-server-2.22.2.jar

Description:

Jersey core server implementation

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-server/2.22.2/jersey-server-2.22.2.jar
MD5: 62d36194c28af7a49966554af421488f
SHA1: 5ede3e5f98f8b14d31d1d0fffe9908df2bd41c0f
SHA256:8f8649b568d068f053362fa3def56206166dfceb3baa74e9f19eff6f8f8d9f1f
Referenced In Project/Scope:gotrack:compile

Identifiers

jquery-ui.min.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/jquery-ui.min.js
MD5: 3edcb0072067447a6214eb62123a9c69
SHA1: b4d3edf48e252a8a948e1e0373e0779cf4d050b6
SHA256:9a20b4a966bc22f2aaff8e71cb73453bdb6acc5ca1eede917f238c3d1b618a0a
Referenced In Project/Scope:gotrack

Identifiers

  • None

json-20140107.jar

Description:

		JSON is a light-weight, language independent, data interchange format.
		See http://www.JSON.org/

		The files in this package implement JSON encoders/decoders in Java.
		It also includes the capability to convert between JSON and XML, HTTP
		headers, Cookies, and CDL.

		This is a reference implementation. There is a large number of JSON packages
		in Java. Perhaps someday the Java community will standardize on one. Until
		then, choose carefully.

		The license includes this restriction: "The software shall be used for good,
		not evil." If your conscience cannot live with that, then choose a different
		package.

		The package compiles on Java 1.2 thru Java 1.4.
	

License:

The JSON License: http://json.org/license.html
File Path: /root/.m2/repository/org/json/json/20140107/json-20140107.jar
MD5: 8ca2437d3dbbaa2e76195adedfd901f4
SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3
SHA256:8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622
Referenced In Project/Scope:gotrack:compile

Identifiers

jsr305-1.3.9.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
SHA256:905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed
Referenced In Project/Scope:gotrack:compile

Identifiers

jstl-1.2.jar

File Path: /root/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar
MD5: 51e15f798e69358cb893e38c50596b9b
SHA1: 74aca283cd4f4b4f3e425f5820cda58f44409547
SHA256:c6273119354a41522877e663582041012b22f8204fe72bba337ed84c7e649b0a
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2015-0254 (OSSINDEX)  

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:javax.servlet:jstl:1.2:*:*:*:*:*:*:*

jul-to-slf4j-1.6.6.jar

Description:

JUL to SLF4J bridge

File Path: /root/.m2/repository/org/slf4j/jul-to-slf4j/1.6.6/jul-to-slf4j-1.6.6.jar
MD5: 8c086f7494b96d9633ed858fb1738c36
SHA1: e25c3dab7c510a04f807a8f8f07fbc98cc7f309d
SHA256:7253dbe2a5ffdbb1bdbb0eb79d43c5fa9085f209f0858e808db122a58f9cee7b
Referenced In Project/Scope:gotrack:compile

Identifiers

log4j-1.2.14.jar

Description:

Log4j

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/log4j/log4j/1.2.14/log4j-1.2.14.jar
MD5: 599b8ba07d1d04f0ea34414e861d7ad1
SHA1: 03b254c872b95141751f414e353a25c2ac261b51
SHA256:e3bff9ab64a09b1ac2800f3b5fb1e3d99728064acb6dd3924938507638a404fb
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2019-17571  

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9488  

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.7)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

lombok-1.16.20.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar
MD5: 006c258e47684d5e8955f315d717049a
SHA1: ac76d9b956045631d1561a09289cbf472e077c01
SHA256:c5178b18caaa1a15e17b99ba5e4023d2de2ebc18b58cde0f5a04ca4b31c10e6d
Referenced In Project/Scope:gotrack:provided

Identifiers

lombok-1.16.20.jar: WindowsDriveInfo-i386.dll

File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar/lombok/installer/WindowsDriveInfo-i386.dll
MD5: c4d7064e400a22cc9a59d2d97382b5b8
SHA1: 63ac163436b8400dcc25f7d13e7a86313fd28a98
SHA256:f210056ba0dfd996646b91e92f4665399b33bf4da651dea26b4888f87215ec29
Referenced In Project/Scope:gotrack:provided

Identifiers

  • None

lombok-1.16.20.jar: WindowsDriveInfo-x86_64.dll

File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar/lombok/installer/WindowsDriveInfo-x86_64.dll
MD5: cdf042a66f9681f362c365131e3c38dd
SHA1: a4598a189d82ae291faead4c0eec6abf22b256be
SHA256:4897fff1914b3534f61fbba4ef7e26892b1f32b525e06f1e264bf1eaf08ce4fe
Referenced In Project/Scope:gotrack:provided

Identifiers

  • None

mockito-all-1.10.19.jar

Description:

Mock objects library for java

License:

The MIT License: http://github.com/mockito/mockito/blob/master/LICENSE
File Path: /root/.m2/repository/org/mockito/mockito-all/1.10.19/mockito-all-1.10.19.jar
MD5: 979ec16f27b6b541278e0ecd10efd771
SHA1: 539df70269cc254a58cccc5d8e43286b4a73bf30
SHA256:d1a7a7ef14b3db5c0fc3e0a63a81b374b510afe85add9f7984b97911f4c70605
Referenced In Project/Scope:gotrack:compile

Identifiers

mysql-connector-java-5.1.35.jar

Description:

MySQL JDBC Type 4 driver

License:

The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /root/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
MD5: 9e125f3d56d651184de1c9fde811540b
SHA1: b6ac941b7288376a7e8bc6490264bbd4427fb94e
SHA256:5097662ca4c417eb60b8dbf7d324d0c781c7a69cfae7f167617be2a9fdfd3704
Referenced In Project/Scope:gotrack:provided

Identifiers

CVE-2017-15945  

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2017-3523 (OSSINDEX)  

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSSv3:
  • Base Score: HIGH (8.5)
  • Vector: CVSS:/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:mysql:mysql-connector-java:5.1.35:*:*:*:*:*:*:*

CVE-2017-3589 (OSSINDEX)  

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:mysql:mysql-connector-java:5.1.35:*:*:*:*:*:*:*

CVE-2018-3258 (OSSINDEX)  

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:mysql:mysql-connector-java:5.1.35:*:*:*:*:*:*:*

CVE-2019-2692  

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
NVD-CWE-noinfo

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:L/AC:H/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: MEDIUM (6.3)
  • Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2020-2875  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-2933  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
NVD-CWE-noinfo

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: LOW (2.2)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions:

CVE-2020-2934  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions: (show all)

omnifaces-3.0.jar

Description:

JSF 2.2+ utility library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar
MD5: 993acf6b529f85c8ee450973a4be8fa7
SHA1: 23422c1484c2fe9eded4d00ec1911e268254c3c7
SHA256:882520f34ea645da9490232af4e932172a2478564db0b27fd7246643018e7d42
Referenced In Project/Scope:gotrack:compile

Identifiers

omnifaces-3.0.jar: fixviewstate.js

File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/fixviewstate.js
MD5: 24c2badf2e50107af44e7fd28c9836d0
SHA1: 8f678cad084fe0ddb1cb590af25b97de5f3a58dc
SHA256:e878fba7561765a61e8f13409bfb2d260ba430f4eed14b6d81ecce70f004a604
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

omnifaces-3.0.jar: omnifaces.js

File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/omnifaces.js
MD5: 3e6d3650c9686efc2cec9f171afe96cd
SHA1: 8d9689b3e96643ea439fad9ca26621d93bfc9e6a
SHA256:d64be3f545aacbffbcb7b06bf47ee85fe7ef61f3edfc88d92435c4ce09292387
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

omnifaces-3.0.jar: unload.js

File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/unload.js
MD5: 9b18e661eef08f977d0726118afc545d
SHA1: 4ed89c14cfa22d1a8fd3c818814fec53095537e9
SHA256:fb7742a9cf53fbc1040167a6576113751dea76dbac77f803180802deae698bc8
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

osgi-resource-locator-1.0.1.jar

Description:

 See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information

License:

https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /root/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar
MD5: 51e70ad8fc9d1e9fb19debeb55555b75
SHA1: 4ed2b2d4738aed5786cfa64cba5a332779c4c708
SHA256:775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843
Referenced In Project/Scope:gotrack:compile

Identifiers

plotting.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/plotting.js
MD5: 4040bfdf03dbc750bb0f2c3b3622b585
SHA1: 4dce360f428ae9637a2c0e10950c33edebe297ca
SHA256:219f9b50bcbd66ab11629b2809e79c33c70f044273f82352f7b93c0357a3ced6
Referenced In Project/Scope:gotrack

Identifiers

  • None

poi-3.11.jar

Description:

Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/org/apache/poi/poi/3.11/poi-3.11.jar
MD5: 47af95b1bbe1d2db5b6794f887c0bad7
SHA1: 51058d9db469437a5ed0aa508e7de8937019e1d9
SHA256:1412f527ed0a766a6a3697c81705381fa1c34aecc15c4cdcca12a1e52de24d0e
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2014-3574  

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-9527  

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions:

CVE-2016-5000  

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2017-12626  

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2017-5644  

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv2:
  • Base Score: HIGH (7.1)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2019-12415  

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

primefaces-6.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar
MD5: 451e8f4972278f2f81a998fab5d4ce6c
SHA1: 8ec2b8a42b06ddb70fc1a614b9a4c90771ca5f9c
SHA256:b7435f17450d35f343ae932e84d2838a6fed5869f99bf3ca23cb03543878fccf
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2015-9251 (OSSINDEX)  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.primefaces:primefaces:6.1:*:*:*:*:*:*:*

CVE-2019-11358 (OSSINDEX)  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.primefaces:primefaces:6.1:*:*:*:*:*:*:*

primefaces-6.1.jar: beanvalidation.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/validation/beanvalidation.js
MD5: 07f5d5dd6d5f55ab616d5cca7eedb19a
SHA1: 8c679a6b27b493302cf670da9bd57a1d7c63f6ed
SHA256:b161e729b507f2a53fca68bfca4cae4d9303b4449ccd48e197d1e070ba42f0b4
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: captcha.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/captcha/captcha.js
MD5: 449cf2603b8d61e0ba1959560b062442
SHA1: bd4c2940dfbadbd0196ef660d773b9f68165af6f
SHA256:2bffea0b5b49524dc088d403f0f05c169aa2562b396dd869a70984e4860bfc29
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: charts.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/charts/charts.js
MD5: 0e0305eba378e337ea9e72fb2f4a359c
SHA1: 333bc15da9c333ab2cd8e2385e40c79e021f99f0
SHA256:1c86e469d244e59b64dda37b23579e32ea2b064e4435ceace92ca6f67d4de3dc
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: clock.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/clock/clock.js
MD5: 7b4fd3bddcb581c7c63c6a6046e5b294
SHA1: e4d052994102768f1fd285b1e7c3a49cb3750d71
SHA256:5003270b12697ee409c3582397c29299771bf3b75ef5c15fdd33dcc41fd6c499
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: colorpicker.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/colorpicker/colorpicker.js
MD5: b8f861f1e069cfe54c4135e889243ed7
SHA1: 4fee5dc548c8d1e475f64d102eb1743933140b99
SHA256:661c179e5714a344e3ef7c36688b5e36fcbcd7e2d7d4eb2a4781973d758091e3
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: components-mobile.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/components-mobile.js
MD5: 993697f1e6f7f707e2d9193f87e7d3a9
SHA1: 15dc19d85a39b5cd5ba0e5f3aaab5c2c51ea9923
SHA256:049f574b88eacb890fb4a78d7025560e380c877f54a1d6b3a47d121d9568427a
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: components.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/components.js
MD5: 9d924a241b45daf8384de7875131a787
SHA1: a5ec38b736825b9caffb2d93cc364400c170fa96
SHA256:29866c30f5a1c1d47fb3635f92922bf2c106651497410d8f00ef728a41850c29
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: contentflow.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/contentflow/contentflow.js
MD5: c8d9cdf5711a39be71dd5ae2747f8fc9
SHA1: 89baf86d5e387eb7b5ad7dbc067e954db322482b
SHA256:cb3bac6685e19416a5d16d65c75320e74fb49c6d31f21b388a975982183cc52f
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: core.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/core.js
MD5: 52ab254da4664a28266b84d30733861e
SHA1: fe0b98a515b326bc0608fcce8abf24ea62fd167f
SHA256:f84592dda40124c2e0557d4d084c0de0dc486c4417cb5a81d4e4941be23065f9
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: datepicker.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mobile/widgets/datepicker.js
MD5: b23740c8959ce614b37962e373731a2c
SHA1: a752ab0bbd3ff4800cebfa7880ea04831c425ae1
SHA256:c1c1737219ab9f78fc3ca1a198c64fcf136c0d9c929e0e982fc979d72b03a79d
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: diagram.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/diagram/diagram.js
MD5: 3691f163651e32d9407109a1252aec9c
SHA1: be376ba09df59316dad5159df94244e2f35bf324
SHA256:df7134a14d720733f773a99b58bc11af13c137ecbf99208dda38f9102853e3a7
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: dock.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/dock/dock.js
MD5: b62b292965e50040dd3f86daa110d2d5
SHA1: 3a2ecf41b650cc5e0797d3cdf4b9c1fe6495d096
SHA256:b557c3c0240012c2064f3523ba737993d55509f9e0213eb37eaace6997ce25c4
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: editor.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/editor/editor.js
MD5: 03327b0eec98503c7d6df63eaf99334b
SHA1: ae61199bcc34f65caa9d3c558ac938121e6c2393
SHA256:b075210f7b5f5c12148e3c44e022462c0097bd9c7fd62b783e76e85063fd5863
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: fileupload.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/fileupload/fileupload.js
MD5: 76dc9f19663bb9c7a5228f6dcafcd35f
SHA1: e2d72620a571c56b1aeb251c01a0d19c415116cd
SHA256:30f7df787a019d693a5155f0d2225791db8f1720e53ecd2847dc76b950b2a0e3
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: galleria.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/galleria/galleria.js
MD5: 5844c2920cd79afca014cd80f189c955
SHA1: bcbf2fc5bae139bc80d56a5f93e250e466e0deed
SHA256:53ca1fe107263952bc5064ed5d8fac5ddd839f7b93369c2c5665aa966c604756
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: gmap.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/gmap/gmap.js
MD5: 19747981f8104f11776e761ed698f7f5
SHA1: 306292e4db02f77fcd1311384c1f131a3a05d9e0
SHA256:2d82b098fccdcdf61845cd970c543f5a8e5fe7b7f933c8972eda32e209dedb0e
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: hotkey.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/hotkey/hotkey.js
MD5: 3ec16aa44d720657743fb21b8843a42a
SHA1: 63585295acaccefa397927146cdf66dd4e61b2d1
SHA256:aa45349925767e946b92475663269f3388b684612caf430e23e5080c60d617df
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: idlemonitor.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/idlemonitor/idlemonitor.js
MD5: 500d46c23eb7227467c5e27f7949710b
SHA1: 356cb4c29fe3c7d85ba4529e0015008265a727bf
SHA256:885d3edafab78ea25bb24cc75b438d06f81cf85d0ba5d6b285fce7b139d20d58
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: imagecompare.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/imagecompare/imagecompare.js
MD5: cad71f0b2a19194a75c72a12d87e2ad1
SHA1: 0278150105abcae6653b5b4c826456df75b17072
SHA256:b9764d322c7df4da3bc5f3a68c8b865d32e3e3971d5501e398473221154302fe
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: imagecropper.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/imagecropper/imagecropper.js
MD5: 8bc69ab8d05ce5498d0fcb32f2bc3e84
SHA1: 89842195cab5f49b1de5122ee241d5b4eed0cc68
SHA256:9e2c3860a9fcfa55a1330d8dd1d2953d4f3a4245f9dac13b0f7df0856b01504f
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: imageswitch.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/imageswitch/imageswitch.js
MD5: f853e3f43ea19e3660feeb60e9616929
SHA1: 017dbed88eb59a51ea3fd2af193cee2a20b80d1d
SHA256:0d080b090caa17e01316a274428b6f623a46d6e1a1eb9e2a2c0f3fbfe45a8006
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: inputnumber.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/inputnumber/inputnumber.js
MD5: 06ab9b692da7494dfa33db4052cb34e7
SHA1: f0bf8344c843ba3e9da1af84956731adeda54d12
SHA256:b78363a908f6197189a2ec068518fe3c357f0e014ebf5dfef60010bee59b29c7
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: inputswitch.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/inputswitch/inputswitch.js
MD5: 7311f429b690f6d3dcd81ef129c31521
SHA1: adccb449e3f42e3df60edc005ab5413b1ab0d954
SHA256:c626e3b161fcc8d3468814b9e5d70d5d959279be3a14bcf592b23b83f402f0d8
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: jquery-mobile.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mobile/jquery-mobile.js
MD5: a30baf4e982bfc71cd7ec04d9ae0e2e0
SHA1: 267073ba806d22313ec932e8e1a18461fd92f659
SHA256:fdbaa32533fadcd7eb6c4f2ab0371efeb23d24083f6ac0f0b9fccc9d441b59d5
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: jquery-plugins.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/jquery/jquery-plugins.js
MD5: d8c90d33e167692aa3d929f3cb3a56ba
SHA1: 0e8876f2289b30864e2b3fd0e4aca8e71400ac64
SHA256:740eb50ab97564fb1816d5a4ecd515499a239c156bb009ed55f401753b62343b
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: jquery.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/jquery/jquery.js
MD5: a7f7f8654d7091d750423993d94dc436
SHA1: 329b1a9d48023ac8ae9098eddbbc594d4cadb717
SHA256:e6be08d782165ce3f7d792f7b0574ee595cd242986a81af1c873c3ab571cffc3
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6

CVE-2020-11023  

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*

primefaces-6.1.jar: jquery.mousewheel.min.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mousewheel/jquery.mousewheel.min.js
MD5: a19660331d2924f8cabf797593582e42
SHA1: 854d8ef9e717c513c29e87b422149fa253b636c0
SHA256:d32437988bc7da1a0ee7856876ac50943cb639b20505fad3a0d4f00c25329cc4
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: keyboard.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/keyboard/keyboard.js
MD5: 6e2e99dd7cda7db266d6ae313873a480
SHA1: edf9f799315317d21f15724f21b1a42fb458423e
SHA256:3363f0acfb5045feb9a86d7bdabc6fcdc9ea8da4a26e7ede216938ce782d3c8f
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: keyfilter.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/keyfilter/keyfilter.js
MD5: 85b24c28db15874e9ade5d6e04a5de71
SHA1: 91b0472294804ae3dff5bf165c78f1e2b3bda879
SHA256:413b0c794363eefdee1efd14378c7bfc7e12e9ba28d04442446f9e36b5a395c9
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: knob.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/knob/knob.js
MD5: 289622044e5ae85d93faa62418765513
SHA1: 4f72b1a616292cdb9be6b43d69ae14bfc62428a9
SHA256:69a5c253d1c9abe10a34935cab7104f1880c5b6bd92b329785d8bf1841e4eda9
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: layout.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/layout/layout.js
MD5: 5d2bc563a9349fe9fa8cdddb91ce0bbd
SHA1: b5aed2c657f1dac7b44f5d9893f0133616abb09b
SHA256:2becf1c328440683e8d136209c43d6fc4da5a05d8bc877130698c14e1cdb000a
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: lifecycle.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/lifecycle/lifecycle.js
MD5: 9627c1e2d672df7f7f2c26498278b606
SHA1: c382df2afdd378164416b829074e7c2bb8780da8
SHA256:553b35162fcdc9aafce567ee18a8c501daa5b5c2f1a6634d6cb7618e6aef7572
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: log.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/log/log.js
MD5: 1190223bc485e58c760a0fb104d451ac
SHA1: 3dc24dd0f24ede52341bf8e6fdc3aad7ec7b2865
SHA256:b8c8953932f206b0e573e38b4a40fda53ef404ed4f6eeb07d6fca596810bac9a
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: mindmap.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mindmap/mindmap.js
MD5: 141bc9c6ed0144287a62b5f388398fb5
SHA1: 1def023b3777ee500d3e9843ec05f716eb816a87
SHA256:0b7b1c440f42107771f58669f0f43e1ffa37babbbbd989f47538075f573b371e
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: moment.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/moment/moment.js
MD5: 46d56ea445e0e7caceec78247dfd78dd
SHA1: aef2cad740086e09b23352778ef85b354869099e
SHA256:bdbadb35558db161f776055ce1a92555a684c44011942bffcc49ffd0002f779d
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: organigram.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/organigram/organigram.js
MD5: fdb7ec5fbd417c5e9c1fc5a68ef092c5
SHA1: b396b9993cb4aa0880c1b8406de7478e201ebb14
SHA256:67a1e3de53a1716705460b0080448d6e1c06e38d7cdbd22ecfe46d786813f07a
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: photocam.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/photocam/photocam.js
MD5: d2305b3415a7f82126c2e0d9930d014a
SHA1: b838077c14658dec55e65782d329318f991e5023
SHA256:c21270776ca97e2424fc371b1fb29a5ef315dcfd8fb30da4c072981dbb354a0b
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: printer.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/printer/printer.js
MD5: db0d7817812477bf26a9c4888dbaeaff
SHA1: d416c41ef0681ae1d1bd04c3ec7892975bde8dba
SHA256:892fac1746ce117fc7caa9c73cdf81b4a7f828ea51671dcde4ded7f8d97a9029
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: push.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/push/push.js
MD5: 3251876ccfa8be8b3a766a4eccf64725
SHA1: 15384ebdee77cbb0b46d291d9c0971ec6d427585
SHA256:a5a75b1a068033439ef121a77eebe107e7f0be7d89b02e6117ac2c968ffef860
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: raphael.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/raphael/raphael.js
MD5: f6d76d75ffb57b71e2b49ee1e613990b
SHA1: e87839ecb03847547c1f7d174e3019b2e8cac88f
SHA256:912889c2c44c303f7d08918816a5390a255788f1f7fa827bc91c9eedf255369d
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: ribbon.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/ribbon/ribbon.js
MD5: e20363c3eba3abe543419b99105c1492
SHA1: e28da8b53ccaeafe210b16b28060c8b40396c966
SHA256:1ced20e3352796edde12c56f8c4ce12d6b7e58bec2e5716e5c199bd224a5431f
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: ring.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/ring/ring.js
MD5: f8bea47761887836c0d8a0f1641cc862
SHA1: 1f9daaf9e1b3c8191536a85ff587f2eafb1200a6
SHA256:b0edd1950427161e18c1a2a83197b645d3b1174f093774f01a92db592c6f0142
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: schedule.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/schedule/schedule.js
MD5: 64e4284021f2ffc31c7cb90fc7852d83
SHA1: 3e6e0161aa4d29157fe87bdfd0421965389ad2e3
SHA256:f7b69ae993c56dc0b3d855fd59c8a2c21919026820f6b2fd623328489d394d54
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: scrollpanel.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/scrollpanel/scrollpanel.js
MD5: b4b7ba9c7337af83694d569ad1557199
SHA1: f0f0e09848a02db156c6bd7f60adc69eb30f3bb9
SHA256:f1ca242c6c2209c3e007cf27299a2b23063e67433df1bfe6d7e5f296261f346d
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: signature.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/signature/signature.js
MD5: de47d5b7f4d3bfceb64953b29ad71566
SHA1: 8e67cb30e0b439151efa6909617cae98a665568e
SHA256:528d46fccd936c902569e1a5d9a770625180fdf997cacf7ee9ee1616032f7a37
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: stack.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/stack/stack.js
MD5: a54aad057e55ae776353ac26fefdb52f
SHA1: 7b2f9b0f672585f8171bb22c8df5eb509ff9cecd
SHA256:81908db529ecbf178975923066c65fb71ae6861c87de16b8a2b3e9cfee08b1fd
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: terminal.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/terminal/terminal.js
MD5: 0e7d65edb8e61048e5e8f0f70542f8fa
SHA1: 16b58b5898faf98396fb70147e9ab66e8c49330b
SHA256:f13c06e5606b228948a572e856cf049d16d40c93a0ce846fc0657f05ed9426df
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: texteditor.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/texteditor/texteditor.js
MD5: 7650d4387b8a3a2bc307701abf1cd8ee
SHA1: 8061fcf936147038ee4a5e9da39941399ee1791f
SHA256:9187206ff8cd37c0d9685f504345601675cba6eee65a2082ceae89cab2430ef1
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: timeline.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/timeline/timeline.js
MD5: bf1d0f2b1bced3751bd301d2ccfb3c75
SHA1: 6743e1a224b2428095fbe651d0e4ec86d116a645
SHA256:fd2dd283c0cef65ec7ad76b1d236eac95e7f8b685238a949ea2e2030b09f3fa8
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: touchswipe.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/touch/touchswipe.js
MD5: 6f38c3f2a756c8b947eb00dc86826944
SHA1: fd78cf40dcc11ca868195fc891027c22256746e1
SHA256:aa248a002e1a43c44ed11fbe0652d54c3fe07f06e6a668f27d759467130ac70e
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: validation.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/validation/validation.js
MD5: 0c135158bb0f2e697d5ba4775d24904b
SHA1: 840aa417fce4aad535ca9cac7b403e7b37b16977
SHA256:0f5db59606e8f2016c431dd1c361e97d567e32bb0e379e7ea29b4078681659ec
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-6.1.jar: watermark.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/watermark/watermark.js
MD5: e8f78b7aeb9de00cffbc206ed609d55c
SHA1: f07a5bfbcaa94dc7a6ddae96b0d01f7cf8365efd
SHA256:e5a6c207a3153f5650a788e557e1d67626f2f6035f602503b1d54d6a8151e95a
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar

Description:

        PrimeFaces Extensions Project for Maven.
    

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar
MD5: 1f910d4ad0a197424cc38208cc900a36
SHA1: e15af78625c4bfbab75a05c1f8feb2bbea726e2e
SHA256:4a47585d79f725cb2076be755270f732d28dbfb24d41b77e16405285e9be3deb
Referenced In Project/Scope:gotrack:compile

Identifiers

primefaces-extensions-6.1.1.jar: analogclock.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/analogclock/analogclock.js
MD5: 922b2c3b78829445e3552d9f7c36adc5
SHA1: 8715ed3d5d69bf77735581087fa76c62612843c5
SHA256:8280cbe97432485fc20fe501d098bdd7e4e17e1160861b5218347354900178e5
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: blockui.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/blockui/blockui.js
MD5: b899b7bf50623e0fbc71710b88a922bf
SHA1: 49d6aa9f339920bdb37df90739ff2e4df21026e3
SHA256:96d6abff9f0178a6dcf35dd2f625da9010e709bb82413bb804ad3ab63112a53b
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: calculator.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/calculator/calculator.js
MD5: 6dcef19d605fa6cf1c0567e30dcd61d0
SHA1: d00d8c4750a524c69dec10845c39e472bf29f72c
SHA256:f9be2da77715fb00e557cff7537ebeec19136d0433e3a6eed36091febe55a360
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: clipboard.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/clipboard/clipboard.js
MD5: 66552d0b3555ffaf3ec7f43843a29d8c
SHA1: 307f28150a4d2856fec3c99adaf01e54f0e1632c
SHA256:e5b6e711314ef612c3f46253938ecbd66673159129fe9a68865523b88aafd1ea
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: fluidgrid.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/fluidgrid/fluidgrid.js
MD5: 714edde2b3e8329e1413c0ea76f8279a
SHA1: 92a322b7d9ca1708d919141966689b756aab37b8
SHA256:039eb2ea6c2a7f92b01c9c42410fda90f32258173b2093095e00e2fad518e6f3
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: github.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/github/github.js
MD5: 132578be4e19727b105d7b7d1c5ad24b
SHA1: e7fc1083bb8a336a9c32dedd4fe571e286caa262
SHA256:8e9614eed26195ca84ecda4961e28c43c217ae00e2f29871eac6dc02eaf27538
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: imageareaselect.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/imageareaselect/imageareaselect.js
MD5: 8b357b36d524d2cfc2e42aa1e13719ea
SHA1: a3784383b88ea45becd0cf8501a121785f1f887e
SHA256:50aa2c538ee7565ced66e5a1d4011cf230b3df3db2bdde4d77d34f81b8898404
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: layout.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/layout/layout.js
MD5: ce42c19a75ca07994347715e46ebba9d
SHA1: 013f294905817d239ae688e168f36f61b1ff1bfc
SHA256:8ab74d766e01a1f36d036c339cca08cf0b0389451e264dccef985fd0a0627c6b
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: pdf.viewer.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/documentviewer/pdf.viewer.js
MD5: 19fd98802d221ebf3e4dfdf179c4fdcf
SHA1: ccacafb055e19ec7e3616fdf919125b5cf7b9954
SHA256:bc0c3cf61daede9db29cd820299312e3f146006bc31b795e204bc048c2474770
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: pdf.worker.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/documentviewer/pdf.worker.js
MD5: 83d8de27fb1c6c169ec4ca841eda15c8
SHA1: 91e8186ae9eb08381ff3ed44e91860cc254df0c4
SHA256:1f65891df9ba19d26dad690b26f7be5767481b84c05b8c87b63a44247cfbad9e
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: primefaces-extensions.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/primefaces-extensions.js
MD5: e84ddf8dc099a96b014d2343dffb399c
SHA1: 7ccde71278d29f424cefc0aa821320868e3a0daf
SHA256:d30bfc21efd5359d59b97d79c107c9cbf927df0e40251dde2de5728d52fd05e0
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: qrcode.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/qrcode/qrcode.js
MD5: cb788bd59aec6ef818a4773526e3f623
SHA1: a670541819f37583e58edf2eb1c9e64e0f078b0e
SHA256:be6efc9ef4f191f34b3b02d72d74c1fe6baaf9292dbf096a5e8eb59c3ae6e0e0
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: slideout.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/slideout/slideout.js
MD5: 78638d4fb368e705cacf4b375cd01331
SHA1: c244e15d31cc7c3ac21613587417ccad3f9b04a3
SHA256:ad2a1babfd5ebb5aa31a443940a4a6f424136a69aae32fffa3bedf6bf06d4e68
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: timepicker.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/timepicker/timepicker.js
MD5: 0beb1ae1028872ca302bdf44b337eab1
SHA1: 230050f8b8c179c15d75c0368d31af64bf80cb9f
SHA256:91f17dc993b34036f37d25be8bb61e47ba9bf98585864966df4d44d846452507
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: timer.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/timer/timer.js
MD5: ca179c1b2914b133c73bf4f31c9ff164
SHA1: 920d4aafaed979022d3a362bbbc7e7a7361d5e60
SHA256:aaafe3a45e1194ed1dd25e463a70f7bbec0905403264ca599ad4a3c3e209f932
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: tooltip.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/tooltip/tooltip.js
MD5: 650e176870d7a25551aaece7f3dbd438
SHA1: ebd81aaf82837affac703b9b0500838f0a400629
SHA256:c336523a503ece04e4dd24a1354639cf87c339d7fb48b5a6a2cafce69358a052
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

primefaces-extensions-6.1.1.jar: waypoint.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/waypoint/waypoint.js
MD5: 3840bc02f6cd963ed114e7d82eb4220c
SHA1: d90640e75002dc30388f981f2a4fa8aa9914dd83
SHA256:d334fb739b9af254b07ad34a140b7f72200be5dd1c674ce7e29c6501057de47b
Referenced In Project/Scope:gotrack:compile

Identifiers

  • None

slf4j-api-1.6.6.jar

Description:

The slf4j API

File Path: /root/.m2/repository/org/slf4j/slf4j-api/1.6.6/slf4j-api-1.6.6.jar
MD5: 17ba6715f5defd50b2e781201f57b408
SHA1: ce53b0a0e2cfbb27e8a59d38f79a18a5c6a8d2b0
SHA256:43456b2ee31529a9c512d581e53e285c65feddec204a2c146945e032b07810ba
Referenced In Project/Scope:gotrack:compile

Identifiers

slf4j-log4j12-1.6.6.jar

Description:

SLF4J LOG4J-12 Binding

File Path: /root/.m2/repository/org/slf4j/slf4j-log4j12/1.6.6/slf4j-log4j12-1.6.6.jar
MD5: 00e5efbc17122d31a1c02c179e6d6e0b
SHA1: 5cd9b4fbc3ff6a97beaade3206137d76f65df805
SHA256:1e44890f21765cb92aeeda2e62b72ae37be230193880e9a8b7b768fde1a10b2c
Referenced In Project/Scope:gotrack:compile

Identifiers

term.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/term.js
MD5: 14ad2e406311c5618e73131498efcd97
SHA1: 774fedc9720b93a38d2b728523277fb603fb49d6
SHA256:8c2f65cf6f797433160acd272c1438e6991aee3fa9883562c50a50d671cee807
Referenced In Project/Scope:gotrack

Identifiers

  • None

trends.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/trends.js
MD5: cbd272f095dbeebc9672469aa91fb598
SHA1: a09f229f4c26ae679b9e4402247b6b06c12c10c6
SHA256:dbd7bff5f5062bff751b00d59704331928e3a69a31df6c0ec9bb451cd1b0d57a
Referenced In Project/Scope:gotrack

Identifiers

  • None

trove4j-3.0.3.jar

Description:

The Trove library provides high speed regular and primitive
        collections for Java.
    

License:

GNU Lesser General Public License 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt
File Path: /root/.m2/repository/net/sf/trove4j/trove4j/3.0.3/trove4j-3.0.3.jar
MD5: 8fc4d4e0129244f9fd39650c5f30feb2
SHA1: 42ccaf4761f0dfdfa805c9e340d99a755907e2dd
SHA256:3c8616203d61a12a7e3487e8b34f3c198c2b5ba9e90da0c7ea32d99cd4958012
Referenced In Project/Scope:gotrack:compile

Identifiers

utility.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/utility.js
MD5: 35fd1ed10e1e7e84f93d73b1d901e055
SHA1: 5fca54fd9a39fb246385a3ecf66b295dfbf1495b
SHA256:7e900c2cb048f23dc57bdc71c34b5040e2b2c3f46ff74d42798dea2795968ff1
Referenced In Project/Scope:gotrack

Identifiers

  • None

validation-api-1.1.0.Final.jar

Description:

        Bean Validation API
    

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
SHA256:f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar

Description:

This jar bundles all the bits of Weld and CDI required for running in a Servlet container.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar
MD5: 0856fb1cc23b31b273f260bf2fb5c48c
SHA1: 3714f2ceea7b41cc981dbee409df81dda874fdd4
SHA256:08762cdb8f7fc5aa8524db1cffe6644b0f161d9df3b81828754f4479e529d6c0
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.annotation:javax.annotation-api:1.3)

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml
MD5: f7dc10c2df67f8377c83eb8c1d46ee05
SHA1: 0df1867b4b7930cc1ec2c1267330720f96cb336c
SHA256:710cc43d8a7d9239e74f4532550fa58eb06e959a547bdc750c33f83b6180ce97
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.enterprise:cdi-api:2.0)

Description:

APIs for CDI (Contexts and Dependency Injection for Java)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/javax.enterprise/cdi-api/pom.xml
MD5: 61a45158a999ab92d9a82fb2645d4b7d
SHA1: 1ce9a75771a35ad14ba1bd9dd5677d48c5c984d9
SHA256:6074b4dc3a8533226ca8dd3fe9e5b425522d9ccc1ae2ed7b6041f3d6d1bb1d68
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.classfilewriter:jboss-classfilewriter:1.2.1.Final)

Description:

A bytecode writer that creates .class files at runtime

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.classfilewriter/jboss-classfilewriter/pom.xml
MD5: 7d4f88033b845281d1ccf7deedc824e3
SHA1: 144c5027fb0e386f0ccc4155a7d963e92ae458f5
SHA256:620e1364621b5beab50f564454307c1b2704c3b9e42268372c40e207e3a4c21c
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.logging:jboss-logging:3.2.1.Final)

Description:

The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.logging/jboss-logging/pom.xml
MD5: 7e9423d688132d4112921ef91644f95e
SHA1: 81b599e87480e076b1db6e2fa103185b145aab68
SHA256:b7bab8229f58450a45f0bcbf3bdbf87a33c529aea5f9697bc705a51f5199f40e
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.2_spec:1.0.0.Final)

Description:

The Java(TM) EE  Interceptors 1.2 API classes from JSR 318.

License:

Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.spec.javax.interceptor/jboss-interceptors-api_1.2_spec/pom.xml
MD5: 0df27a83e30022fa745517e734f20114
SHA1: 4af3d311be850614438a8f2a38a1f216ae9ce110
SHA256:e42b23ee4551f521a1f6cffec0954131a0905fb90dabfcb863e58d4af1acc391
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.environment:weld-environment-common:3.0.0.Final)

Description:

Common tools for non-standard Weld environments (SE, Servlet containers)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.environment/weld-environment-common/pom.xml
MD5: e6f15188d548fc3fbbbfcd73927af658
SHA1: efa1230476f0a296cd4d43370ca5e357bf4b709a
SHA256:f0ae7c01d4cb6a873937f1f1ad70f2b2e4b7504c3b42060b47616a2a12b581d7
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-jsf:3.0.0.Final)

Description:

Weld JSF support

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.module/weld-jsf/pom.xml
MD5: e701c277de40cfba059163fe3959c9e8
SHA1: c64769af972c5ae55ec7a1d654d0ea2b31d97c4f
SHA256:b34797a0f6135e14bd0ed48d2f9db06bb8cce7865d19caa6895155c3f307878a
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-web:3.0.0.Final)

Description:

Weld Web module

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.module/weld-web/pom.xml
MD5: 8cb62e727d8748b0afa57e140afc226e
SHA1: f9b5cf0939755e25a3e8d744a4f1fdafb7970f7f
SHA256:239e601141d2241ccbcf48bb52cdc7980091f6c412729e50982531bf61498ebb
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.probe:weld-probe-core:3.0.0.Final)

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.probe/weld-probe-core/pom.xml
MD5: f1fad02dd2a1bdafcad6a237a7e8f9be
SHA1: 9f9eb494a3c84d499b79516ecef0fe91d01a2a0e
SHA256:0212b16baf671b0e43c0b3b21507eceb1beb13af0268558c4d8464e0f0d8cec9
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.servlet:weld-servlet-core:3.0.0.Final)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.servlet/weld-servlet-core/pom.xml
MD5: 5dd72a50bc738f1da9be3f62fe126fe1
SHA1: 4f705ee14557f790c471ee911ab9d440f3a39a25
SHA256:65f09d35223113ac9cb7926669fbc67ac3eacea6fad95d5f523164bd4ea7fc28
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-api:3.0.Final)

Description:

Weld specifc extensions to the CDI API

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld/weld-api/pom.xml
MD5: 2d26b787129c1b64ce948b39e143baf3
SHA1: c0ecef8e8a5647171b32ed10cc98f72b556b5d3d
SHA256:407f32735d3ab855d08b5021860d073558a0dec86834746225fbce879433f454
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-core-impl:3.0.0.Final)

Description:

Weld's implementation of CDI

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld/weld-core-impl/pom.xml
MD5: 091c240768b2164eb329d776ddbec6c5
SHA1: becf697c1bcb31f0c04c81144de1aea685f1a156
SHA256:d7b741d6542c9c9c059cb91459b1efd793ae5864b65444d073fc05d008fad618
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-spi:3.0.Final)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld/weld-spi/pom.xml
MD5: e4a12d320708f8010b233c6dda4a356a
SHA1: bbb507b105026ea2cc7b1af86d62d63d8dddde89
SHA256:891ab3a79ea6feeef946d1992c8c2aed093b842626e3932cceee798c3142b44f
Referenced In Project/Scope:gotrack:compile

Identifiers

weld-servlet-shaded-3.0.0.Final.jar: probe.js

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/client/probe.js
MD5: 5c1cce0e82e969138c6c2b371a360f61
SHA1: 192af923ab718cb0f1b71e168209d811b204050b
SHA256:bb6b4ed0993e560dcb3404b74f1aaafb86dc7fd571cafc99d1c25d1a8020421b
Referenced In Project/Scope:gotrack:compile

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*

CVE-2018-14040  

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6

CVE-2020-11023  

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*

reDOS - regular expression denial of service (RETIREJS)  

reDOS - regular expression denial of service
Unscored:
  • Severity: low

References:

xml-apis-1.0.b2.jar

Description:

xml-commons provides an Apache-hosted set of DOM, SAX, and 
    JAXP interfaces for use in other xml-based projects. Our hope is that we 
    can standardize on both a common version and packaging scheme for these 
    critical XML standards interfaces to make the lives of both our developers 
    and users easier. The External Components portion of xml-commons contains 
    interfaces that are defined by external standards organizations. For DOM, 
    that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for 
    JAXP it's Sun.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /root/.m2/repository/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar
MD5: 458715c0f7646a56b1c6ad3138098beb
SHA1: 3136ca936f64c9d68529f048c2618bd356bf85c9
SHA256:8232f3482c346d843e5e3fb361055771c1acc105b6d8a189eb9018c55948cf9f
Referenced In Project/Scope:gotrack:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.