Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 6.1.6
Report Generated On: Wed, 9 Jun 2021 16:03:40 -0700
Dependencies Scanned: 162 (154 unique)
Vulnerable Dependencies: 12
Vulnerabilities Found: 56
Vulnerabilities Suppressed: 0
...
NVD CVE Checked: 2021-06-09T12:40:34
NVD CVE Modified: 2021-06-09T11:00:01
VersionCheckOn: 2021-06-09T12:40:34

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
animal-sniffer-annotations-1.14.jar		pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14		0		25
aopalliance-repackaged-2.4.0-b34.jar		pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.4.0-b34		0		21
bluesky-1.0.10.jar		pkg:maven/org.primefaces.themes/bluesky@1.0.10		0		15
common.js				0		0
commons-codec-1.9.jar		pkg:maven/commons-codec/commons-codec@1.9		0		38
commons-lang3-3.3.2.jar		pkg:maven/org.apache.commons/commons-lang3@3.3.2		0		38
commons-math3-3.4.1.jar		pkg:maven/org.apache.commons/commons-math3@3.4.1		0		38
concurrent-trees-2.4.0.jar		pkg:maven/com.googlecode.concurrent-trees/concurrent-trees@2.4.0		0		24
dagre-d3.min.js				0		0
dom4j-1.6.1.jar	cpe:2.3:a:dom4j_project:dom4j:1.6.1:::::::*	pkg:maven/dom4j/dom4j@1.6.1		0	Highest	25
enrichment.js				0		0
error_prone_annotations-2.0.18.jar		pkg:maven/com.google.errorprone/error_prone_annotations@2.0.18		0		26
genes.js				0		0
gograph.js				0		0
gson-2.2.4.jar		pkg:maven/com.google.code.gson/gson@2.2.4		0		29
guava-23.0.jar	cpe:2.3:a:google:guava:23.0:::::::*	pkg:maven/com.google.guava/guava@23.0	MEDIUM	2	Highest	24
hk2-api-2.4.0-b34.jar		pkg:maven/org.glassfish.hk2/hk2-api@2.4.0-b34		0		25
hk2-locator-2.4.0-b34.jar		pkg:maven/org.glassfish.hk2/hk2-locator@2.4.0-b34		0		21
hk2-utils-2.4.0-b34.jar	cpe:2.3:a:oracle:utilities_framework:2.4.0.b34:::::::*	pkg:maven/org.glassfish.hk2/hk2-utils@2.4.0-b34		0	Low	29
hk2-utils-2.4.0-b34.jar (shaded: org.jvnet:tiger-types:1.4)		pkg:maven/org.jvnet/tiger-types@1.4		0		12
itextpdf-5.5.6.jar	cpe:2.3:a:itextpdf:itext:5.5.6:::::::*	pkg:maven/com.itextpdf/itextpdf@5.5.6	HIGH	1	High	31
j2objc-annotations-1.1.jar		pkg:maven/com.google.j2objc/j2objc-annotations@1.1		0		24
jackson-core-2.5.4.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.5.4:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-core@2.5.4	MEDIUM	1	Low	45
jackson-databind-2.5.4.jar	cpe:2.3:a:fasterxml:jackson-databind:2.5.4:::::::* cpe:2.3:a:fasterxml:jackson-modules-java8:2.5.4:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.5.4	CRITICAL	19	Highest	42
jackson-jaxrs-base-2.5.4.jar		pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.5.4		0		39
jackson-jaxrs-json-provider-2.5.4.jar		pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.5.4		0		39
jackson-module-jaxb-annotations-2.5.4.jar		pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.5.4		0		42
javassist-3.18.1-GA.jar		pkg:maven/org.javassist/javassist@3.18.1-GA		0		21
javax.annotation-api-1.2.jar		pkg:maven/javax.annotation/javax.annotation-api@1.2		0		37
javax.faces-2.3.3.jar	cpe:2.3:a:oracle:mojarra_javaserver_faces:2.3.3:::::::*	pkg:maven/org.glassfish/javax.faces@2.3.3		0	Low	40
javax.faces-2.3.3.jar: jsf-uncompressed.js				0		0
javax.faces-2.3.3.jar: jsf.js				0		0
javax.inject-2.4.0-b34.jar		pkg:maven/org.glassfish.hk2.external/javax.inject@2.4.0-b34		0		23
javax.json-1.1.jar		pkg:maven/org.glassfish/javax.json@1.1		0		36
javax.servlet-api-3.1.0.jar		pkg:maven/javax.servlet/javax.servlet-api@3.1.0		0		37
javax.transaction-api-1.2.jar		pkg:maven/javax.transaction/javax.transaction-api@1.2		0		37
javax.ws.rs-api-2.0.1.jar	cpe:2.3:a:oracle:web_services:2.0.1:::::::*	pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1		0	Low	41
jaxen-1.1.6.jar		pkg:maven/jaxen/jaxen@1.1.6		0		26
jbcrypt-0.3m.jar	cpe:2.3:a:mindrot:jbcrypt:0.3m:::::::*	pkg:maven/org.mindrot/jbcrypt@0.3m	MEDIUM	1	Highest	25
jersey-entity-filtering-2.21.1.jar	cpe:2.3:a:jersey_project:jersey:2.21.1:::::::*	pkg:maven/org.glassfish.jersey.ext/jersey-entity-filtering@2.21.1		0	Highest	27
jersey-gf-cdi-2.14.jar	cpe:2.3:a:jersey_project:jersey:2.14:::::::*	pkg:maven/org.glassfish.jersey.containers.glassfish/jersey-gf-cdi@2.14		0	Highest	28
jersey-server-2.22.2.jar	cpe:2.3:a:jersey_project:jersey:2.22.2:::::::*	pkg:maven/org.glassfish.jersey.core/jersey-server@2.22.2		0	Highest	29
jquery-ui.min.js				0		0
json-20140107.jar		pkg:maven/org.json/json@20140107		0		22
jsr305-1.3.9.jar		pkg:maven/com.google.code.findbugs/jsr305@1.3.9		0		16
jstl-1.2.jar		pkg:maven/javax.servlet/jstl@1.2	HIGH	1		26
jul-to-slf4j-1.6.6.jar		pkg:maven/org.slf4j/jul-to-slf4j@1.6.6		0		28
log4j-1.2.14.jar	cpe:2.3:a:apache:log4j:1.2.14:::::::*	pkg:maven/log4j/log4j@1.2.14	CRITICAL	2	Highest	23
lombok-1.16.20.jar		pkg:maven/org.projectlombok/lombok@1.16.20		0		22
lombok-1.16.20.jar: WindowsDriveInfo-i386.dll				0		4
lombok-1.16.20.jar: WindowsDriveInfo-x86_64.dll				0		2
mockito-all-1.10.19.jar		pkg:maven/org.mockito/mockito-all@1.10.19		0		24
mysql-connector-java-5.1.35.jar	cpe:2.3:a:mysql:mysql:5.1.35:::::::* cpe:2.3:a:oracle:mysql_connector\/j:5.1.35:::::::*	pkg:maven/mysql/mysql-connector-java@5.1.35	HIGH	8	Highest	38
omnifaces-3.0.jar		pkg:maven/org.omnifaces/omnifaces@3.0		0		31
omnifaces-3.0.jar: fixviewstate.js				0		0
omnifaces-3.0.jar: omnifaces.js				0		0
omnifaces-3.0.jar: unload.js				0		0
osgi-resource-locator-1.0.1.jar		pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1		0		28
plotting.js				0		0
poi-3.11.jar	cpe:2.3:a:apache:poi:3.11:::::::*	pkg:maven/org.apache.poi/poi@3.11	HIGH	6	Highest	29
primefaces-6.1.jar	cpe:2.3:a:primetek:primefaces:6.1:::::::*	pkg:maven/org.primefaces/primefaces@6.1	MEDIUM	2	Highest	23
primefaces-6.1.jar: beanvalidation.js				0		0
primefaces-6.1.jar: captcha.js				0		0
primefaces-6.1.jar: charts.js				0		0
primefaces-6.1.jar: clock.js				0		0
primefaces-6.1.jar: colorpicker.js				0		0
primefaces-6.1.jar: components-mobile.js				0		0
primefaces-6.1.jar: components.js				0		0
primefaces-6.1.jar: contentflow.js				0		0
primefaces-6.1.jar: core.js				0		0
primefaces-6.1.jar: datepicker.js				0		0
primefaces-6.1.jar: diagram.js				0		0
primefaces-6.1.jar: dock.js				0		0
primefaces-6.1.jar: editor.js				0		0
primefaces-6.1.jar: fileupload.js				0		0
primefaces-6.1.jar: galleria.js				0		0
primefaces-6.1.jar: gmap.js				0		0
primefaces-6.1.jar: hotkey.js				0		0
primefaces-6.1.jar: idlemonitor.js				0		0
primefaces-6.1.jar: imagecompare.js				0		0
primefaces-6.1.jar: imagecropper.js				0		0
primefaces-6.1.jar: imageswitch.js				0		0
primefaces-6.1.jar: inputnumber.js				0		0
primefaces-6.1.jar: inputswitch.js				0		0
primefaces-6.1.jar: jquery-mobile.js				0		0
primefaces-6.1.jar: jquery-plugins.js				0		0
primefaces-6.1.jar: jquery.js		pkg:javascript/jquery@1.11.3	MEDIUM	4		3
primefaces-6.1.jar: jquery.mousewheel.min.js				0		0
primefaces-6.1.jar: keyboard.js				0		0
primefaces-6.1.jar: keyfilter.js				0		0
primefaces-6.1.jar: knob.js				0		0
primefaces-6.1.jar: layout.js				0		0
primefaces-6.1.jar: lifecycle.js				0		0
primefaces-6.1.jar: log.js				0		0
primefaces-6.1.jar: mindmap.js				0		0
primefaces-6.1.jar: moment.js				0		0
primefaces-6.1.jar: organigram.js				0		0
primefaces-6.1.jar: photocam.js				0		0
primefaces-6.1.jar: printer.js				0		0
primefaces-6.1.jar: push.js				0		0
primefaces-6.1.jar: raphael.js				0		0
primefaces-6.1.jar: ribbon.js				0		0
primefaces-6.1.jar: ring.js				0		0
primefaces-6.1.jar: schedule.js				0		0
primefaces-6.1.jar: scrollpanel.js				0		0
primefaces-6.1.jar: signature.js				0		0
primefaces-6.1.jar: stack.js				0		0
primefaces-6.1.jar: terminal.js				0		0
primefaces-6.1.jar: texteditor.js				0		0
primefaces-6.1.jar: timeline.js				0		0
primefaces-6.1.jar: touchswipe.js				0		0
primefaces-6.1.jar: validation.js				0		0
primefaces-6.1.jar: watermark.js				0		0
primefaces-extensions-6.1.1.jar		pkg:maven/org.primefaces.extensions/primefaces-extensions@6.1.1		0		33
primefaces-extensions-6.1.1.jar: analogclock.js				0		0
primefaces-extensions-6.1.1.jar: blockui.js				0		0
primefaces-extensions-6.1.1.jar: calculator.js				0		0
primefaces-extensions-6.1.1.jar: clipboard.js				0		0
primefaces-extensions-6.1.1.jar: fluidgrid.js				0		0
primefaces-extensions-6.1.1.jar: github.js				0		0
primefaces-extensions-6.1.1.jar: imageareaselect.js				0		0
primefaces-extensions-6.1.1.jar: layout.js				0		0
primefaces-extensions-6.1.1.jar: pdf.viewer.js				0		0
primefaces-extensions-6.1.1.jar: pdf.worker.js				0		0
primefaces-extensions-6.1.1.jar: primefaces-extensions.js				0		0
primefaces-extensions-6.1.1.jar: qrcode.js				0		0
primefaces-extensions-6.1.1.jar: slideout.js				0		0
primefaces-extensions-6.1.1.jar: timepicker.js				0		0
primefaces-extensions-6.1.1.jar: timer.js				0		0
primefaces-extensions-6.1.1.jar: tooltip.js				0		0
primefaces-extensions-6.1.1.jar: waypoint.js				0		0
slf4j-api-1.6.6.jar		pkg:maven/org.slf4j/slf4j-api@1.6.6		0		27
slf4j-log4j12-1.6.6.jar		pkg:maven/org.slf4j/slf4j-log4j12@1.6.6		0		27
term.js				0		0
trends.js				0		0
trove4j-3.0.3.jar		pkg:maven/net.sf.trove4j/trove4j@3.0.3		0		20
utility.js				0		0
validation-api-1.1.0.Final.jar		pkg:maven/javax.validation/validation-api@1.1.0.Final		0		19
weld-servlet-shaded-3.0.0.Final.jar		pkg:maven/org.jboss.weld.servlet/weld-servlet-shaded@3.0.0.Final		0		38
weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.annotation:javax.annotation-api:1.3)		pkg:maven/javax.annotation/javax.annotation-api@1.3		0		18
weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.enterprise:cdi-api:2.0)	cpe:2.3:a:redhat:jboss_weld:2.0:::::::*	pkg:maven/javax.enterprise/cdi-api@2.0		0	Low	18
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.classfilewriter:jboss-classfilewriter:1.2.1.Final)		pkg:maven/org.jboss.classfilewriter/jboss-classfilewriter@1.2.1.Final		0		14
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.logging:jboss-logging:3.2.1.Final)		pkg:maven/org.jboss.logging/jboss-logging@3.2.1.Final		0		14
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.2_spec:1.0.0.Final)		pkg:maven/org.jboss.spec.javax.interceptor/jboss-interceptors-api_1.2_spec@1.0.0.Final		0		12
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.environment:weld-environment-common:3.0.0.Final)		pkg:maven/org.jboss.weld.environment/weld-environment-common@3.0.0.Final		0		13
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-jsf:3.0.0.Final)		pkg:maven/org.jboss.weld.module/weld-jsf@3.0.0.Final		0		13
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-web:3.0.0.Final)		pkg:maven/org.jboss.weld.module/weld-web@3.0.0.Final		0		13
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.probe:weld-probe-core:3.0.0.Final)		pkg:maven/org.jboss.weld.probe/weld-probe-core@3.0.0.Final		0		11
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.servlet:weld-servlet-core:3.0.0.Final)		pkg:maven/org.jboss.weld.servlet/weld-servlet-core@3.0.0.Final		0		13
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-api:3.0.Final)		pkg:maven/org.jboss.weld/weld-api@3.0.Final		0		13
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-core-impl:3.0.0.Final)		pkg:maven/org.jboss.weld/weld-core-impl@3.0.0.Final		0		13
weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-spi:3.0.Final)		pkg:maven/org.jboss.weld/weld-spi@3.0.Final		0		13
weld-servlet-shaded-3.0.0.Final.jar: probe.js		pkg:javascript/bootstrap@3.3.1 pkg:javascript/jquery@2.1.1 pkg:javascript/moment.js@2.8.4	low	9		9
xml-apis-1.0.b2.jar		pkg:maven/xml-apis/xml-apis@1.0.b2		0		47

Dependencies

animal-sniffer-annotations-1.14.jar

File Path: /root/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.14/animal-sniffer-annotations-1.14.jar
MD5: 9d42e46845c874f1710a9f6a741f6c14
SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5
SHA256:2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	animal-sniffer-annotations	Low
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	mojo	Low
Vendor	pom	parent-groupid	org.codehaus.mojo	Medium
Vendor	file	name	animal-sniffer-annotations	High
Vendor	pom	name	Animal Sniffer Annotations	High
Vendor	jar	package name	animal_sniffer	Low
Vendor	jar	package name	mojo	Highest
Vendor	pom	parent-artifactid	animal-sniffer-parent	Low
Vendor	jar	package name	codehaus	Low
Vendor	pom	groupid	org.codehaus.mojo	Highest
Vendor	pom	groupid	codehaus.mojo	Highest
Product	pom	artifactid	animal-sniffer-annotations	Highest
Product	pom	parent-artifactid	animal-sniffer-parent	Medium
Product	jar	package name	codehaus	Highest
Product	jar	package name	mojo	Highest
Product	jar	package name	mojo	Low
Product	jar	package name	ignorejrerequirement	Low
Product	pom	parent-groupid	org.codehaus.mojo	Medium
Product	file	name	animal-sniffer-annotations	High
Product	pom	name	Animal Sniffer Annotations	High
Product	jar	package name	animal_sniffer	Low
Product	pom	groupid	codehaus.mojo	Highest
Version	file	version	1.14	High
Version	pom	version	1.14	Highest

Identifiers

pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14 (Confidence:High)

aopalliance-repackaged-2.4.0-b34.jar

Description:

Dependency Injection Kernel

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html

File Path: /root/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.4.0-b34/aopalliance-repackaged-2.4.0-b34.jar
MD5: 57983543b3574e117d6f03ceff5f238c
SHA1: 3d5e856dbc91a3a2b0bcb3a3424f8b62421ae4cf
SHA256:5d3cb0cece722c7ba8ab987b931053cdbcb0cb12ad5c8c8a7691eb6f7e60a64b
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	aopalliance-repackaged	High
Vendor	Manifest	bundle-symbolicname	org.glassfish.hk2.external.aopalliance-repackaged	Medium
Vendor	jar	package name	aopalliance	Highest
Vendor	Manifest	bundle-docurl	http://www.oracle.com	Low
Vendor	pom	artifactid	aopalliance-repackaged	Low
Vendor	pom	name	aopalliance version ${aopalliance.version} repackaged as a module	High
Vendor	pom	groupid	org.glassfish.hk2.external	Highest
Vendor	pom	groupid	glassfish.hk2.external	Highest
Vendor	pom	parent-groupid	org.glassfish.hk2	Medium
Vendor	pom	parent-artifactid	external	Low
Product	file	name	aopalliance-repackaged	High
Product	Manifest	bundle-symbolicname	org.glassfish.hk2.external.aopalliance-repackaged	Medium
Product	pom	parent-artifactid	external	Medium
Product	jar	package name	aopalliance	Highest
Product	Manifest	bundle-docurl	http://www.oracle.com	Low
Product	Manifest	Bundle-Name	aopalliance version 1.0 repackaged as a module	Medium
Product	pom	name	aopalliance version ${aopalliance.version} repackaged as a module	High
Product	pom	artifactid	aopalliance-repackaged	Highest
Product	pom	groupid	glassfish.hk2.external	Highest
Product	pom	parent-groupid	org.glassfish.hk2	Medium
Version	pom	version	2.4.0-b34	Highest

Identifiers

pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.4.0-b34 (Confidence:High)

bluesky-1.0.10.jar

File Path: /root/.m2/repository/org/primefaces/themes/bluesky/1.0.10/bluesky-1.0.10.jar
MD5: eb5d8614955e174053e73de15d9a1bae
SHA1: ff53db9a87d1b3611b830b48fca1d4e3fbf791ab
SHA256:91eb23b541da6b635e891ba743521587ea73925b43a9abb432ef99bb6cb4d5a9
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.primefaces.themes	Medium
Vendor	pom	name	PrimeFaces Bluesky Theme	High
Vendor	pom	groupid	primefaces.themes	Highest
Vendor	pom	parent-artifactid	themes-project	Low
Vendor	file	name	bluesky	High
Vendor	pom	artifactid	bluesky	Low
Vendor	pom	groupid	org.primefaces.themes	Highest
Product	pom	parent-groupid	org.primefaces.themes	Medium
Product	pom	artifactid	bluesky	Highest
Product	pom	parent-artifactid	themes-project	Medium
Product	pom	name	PrimeFaces Bluesky Theme	High
Product	pom	groupid	primefaces.themes	Highest
Product	file	name	bluesky	High
Version	pom	version	1.0.10	Highest
Version	file	version	1.0.10	High

Identifiers

pkg:maven/org.primefaces.themes/bluesky@1.0.10 (Confidence:High)

common.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/common.js
MD5: 5580ab664925436cc5735c9989b1a40a
SHA1: 596078b11c577e6adb988893293edb1ea7b373ec
SHA256:e20e55b0812f1bcc973ed945049711cac2976b22fd4c095fb58d63f78f4fc3eb
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

commons-codec-1.9.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/commons-codec/commons-codec/1.9/commons-codec-1.9.jar
MD5: 75615356605c8128013da9e3ac62a249
SHA1: 9ce04e34240f674bc72680f8b843b1457383161a
SHA256:ad19d2601c3abf0b946b5c3a4113e226a8c1e3305e395b90013b78dd94a723ce
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	http://commons.apache.org/proper/commons-codec/	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-codec/	Low
Vendor	Manifest	implementation-build	tags/1.9-RC1@r1552874; 2013-12-20 22:56:50-0500	Low
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	jar	package name	encoder	Highest
Vendor	jar	package name	codec	Highest
Vendor	pom	name	Apache Commons Codec	High
Vendor	pom	groupid	commons-codec	Highest
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	jar	package name	apache	Highest
Vendor	Manifest	bundle-symbolicname	org.apache.commons.codec	Medium
Vendor	pom	artifactid	commons-codec	Low
Vendor	file	name	commons-codec	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	jar	package name	commons	Highest
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Product	Manifest	specification-title	Apache Commons Codec	Medium
Product	pom	parent-artifactid	commons-parent	Medium
Product	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-codec/	Low
Product	Manifest	Bundle-Name	Apache Commons Codec	Medium
Product	Manifest	implementation-build	tags/1.9-RC1@r1552874; 2013-12-20 22:56:50-0500	Low
Product	pom	url	http://commons.apache.org/proper/commons-codec/	Medium
Product	jar	package name	encoder	Highest
Product	jar	package name	codec	Highest
Product	pom	artifactid	commons-codec	Highest
Product	pom	name	Apache Commons Codec	High
Product	Manifest	Implementation-Title	Apache Commons Codec	High
Product	pom	groupid	commons-codec	Highest
Product	jar	package name	apache	Highest
Product	Manifest	bundle-symbolicname	org.apache.commons.codec	Medium
Product	file	name	commons-codec	High
Product	jar	package name	commons	Highest
Product	pom	parent-groupid	org.apache.commons	Medium
Version	file	version	1.9	High
Version	pom	version	1.9	Highest
Version	pom	parent-version	1.9	Low
Version	Manifest	Implementation-Version	1.9	High

Identifiers

pkg:maven/commons-codec/commons-codec@1.9 (Confidence:High)

commons-lang3-3.3.2.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
SHA256:6b81d10754dadf184d386011486e6509c2cc0c3d33565ced4fb4402b9413d47d
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	groupid	apache.commons	Highest
Vendor	pom	name	Apache Commons Lang	High
Vendor	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Vendor	file	name	commons-lang3	High
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	lang3	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	jar	package name	commons	Highest
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	Manifest	implementation-build	tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	artifactid	commons-lang3	Low
Vendor	pom	url	http://commons.apache.org/proper/commons-lang/	Highest
Product	pom	url	http://commons.apache.org/proper/commons-lang/	Medium
Product	pom	parent-artifactid	commons-parent	Medium
Product	Manifest	Implementation-Title	Apache Commons Lang	High
Product	pom	groupid	apache.commons	Highest
Product	pom	name	Apache Commons Lang	High
Product	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-lang/	Low
Product	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Product	file	name	commons-lang3	High
Product	jar	package name	apache	Highest
Product	jar	package name	lang3	Highest
Product	Manifest	Bundle-Name	Apache Commons Lang	Medium
Product	Manifest	specification-title	Apache Commons Lang	Medium
Product	pom	artifactid	commons-lang3	Highest
Product	jar	package name	commons	Highest
Product	Manifest	implementation-build	tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200	Low
Product	pom	parent-groupid	org.apache.commons	Medium
Version	pom	parent-version	3.3.2	Low
Version	pom	version	3.3.2	Highest
Version	Manifest	Bundle-Version	3.3.2	High
Version	Manifest	Implementation-Version	3.3.2	High
Version	file	version	3.3.2	High

Identifiers

pkg:maven/org.apache.commons/commons-lang3@3.3.2 (Confidence:High)

commons-math3-3.4.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/org/apache/commons/commons-math3/3.4.1/commons-math3-3.4.1.jar
MD5: 14a218d0ee57907dd2c7ef944b6c0afd
SHA1: 3ac44a8664228384bc68437264cf7c4cf112f579
SHA256:d1075b14a71087038b0bfd198f0f7dd8e49b5b3529d8e2eba99e7d9eb8565e4b
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	name	Apache Commons Math	High
Vendor	jar	package name	math3	Highest
Vendor	pom	groupid	apache.commons	Highest
Vendor	pom	artifactid	commons-math3	Low
Vendor	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-math/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	jar	package name	apache	Highest
Vendor	pom	url	http://commons.apache.org/proper/commons-math/	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	jar	package name	commons	Highest
Vendor	Manifest	implementation-build	ef6e0f882819e7c5230aece1610297e67775cca2; 2015-01-08 18:19:01+0100	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	file	name	commons-math3	High
Vendor	Manifest	bundle-symbolicname	org.apache.commons.math3	Medium
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	artifactid	commons-math3	Highest
Product	pom	name	Apache Commons Math	High
Product	jar	package name	math3	Highest
Product	pom	groupid	apache.commons	Highest
Product	pom	url	http://commons.apache.org/proper/commons-math/	Medium
Product	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-math/	Low
Product	jar	package name	apache	Highest
Product	Manifest	Bundle-Name	Apache Commons Math	Medium
Product	Manifest	specification-title	Apache Commons Math	Medium
Product	jar	package name	commons	Highest
Product	Manifest	implementation-build	ef6e0f882819e7c5230aece1610297e67775cca2; 2015-01-08 18:19:01+0100	Low
Product	Manifest	Implementation-Title	Apache Commons Math	High
Product	pom	parent-groupid	org.apache.commons	Medium
Product	file	name	commons-math3	High
Product	Manifest	bundle-symbolicname	org.apache.commons.math3	Medium
Version	Manifest	Implementation-Version	3.4.1	High
Version	Manifest	Bundle-Version	3.4.1	High
Version	file	version	3.4.1	High
Version	pom	version	3.4.1	Highest
Version	pom	parent-version	3.4.1	Low

Identifiers

pkg:maven/org.apache.commons/commons-math3@3.4.1 (Confidence:High)

concurrent-trees-2.4.0.jar

Description:

Concurrent Radix Trees and Concurrent Suffix Trees for Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/googlecode/concurrent-trees/concurrent-trees/2.4.0/concurrent-trees-2.4.0.jar
MD5: 19ce4b51b0fda34eb8eec583dad142ca
SHA1: 2e505b78f9216abebbbdf1c3254bf9f4c565ae43
SHA256:d8dd983b207e86f580ba2105747cb271f8b90f24b89c7447493d9125a472dc5d
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	googlecode.concurrent-trees	Highest
Vendor	file	name	concurrent-trees	High
Vendor	pom	groupid	com.googlecode.concurrent-trees	Highest
Vendor	jar	package name	googlecode	Low
Vendor	jar	package name	concurrenttrees	Low
Vendor	jar	package name	radix	Highest
Vendor	pom	artifactid	concurrent-trees	Low
Vendor	jar	package name	radix	Low
Vendor	pom	url	http://code.google.com/p/concurrent-trees/	Highest
Vendor	pom	name	Concurrent-Trees	High
Vendor	jar	package name	suffix	Highest
Vendor	jar	package name	googlecode	Highest
Product	pom	artifactid	concurrent-trees	Highest
Product	pom	groupid	googlecode.concurrent-trees	Highest
Product	jar	package name	radix	Low
Product	pom	name	Concurrent-Trees	High
Product	file	name	concurrent-trees	High
Product	pom	url	http://code.google.com/p/concurrent-trees/	Medium
Product	jar	package name	suffix	Highest
Product	jar	package name	concurrenttrees	Low
Product	jar	package name	googlecode	Highest
Product	jar	package name	radix	Highest
Version	file	version	2.4.0	High
Version	pom	version	2.4.0	Highest

Identifiers

pkg:maven/com.googlecode.concurrent-trees/concurrent-trees@2.4.0 (Confidence:High)

dagre-d3.min.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/dagre-d3.min.js
MD5: 74a58f5d4e64bf05bc912ad569a72006
SHA1: d062f5970bcea6631093aa1f71ad79a4d98936b1
SHA256:a18c7ef7b67c2ca3115398c4cbb1891307a089f8f0fef5b96abb7bda49c7fa9a
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

dom4j-1.6.1.jar

Description:

dom4j: the flexible XML framework for Java

File Path: /root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
SHA256:593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	MetaStuff Ltd.	High
Vendor	pom	organization url	http://sourceforge.net/projects/dom4j	Medium
Vendor	pom	groupid	dom4j	Highest
Vendor	Manifest	extension-name	dom4j	Medium
Vendor	file	name	dom4j	High
Vendor	pom	artifactid	dom4j	Low
Vendor	Manifest	specification-vendor	MetaStuff Ltd.	Low
Vendor	pom	url	http://dom4j.org	Highest
Vendor	pom	organization name	MetaStuff Ltd.	High
Vendor	pom	name	dom4j	High
Vendor	jar	package name	dom4j	Highest
Product	pom	groupid	dom4j	Highest
Product	Manifest	extension-name	dom4j	Medium
Product	file	name	dom4j	High
Product	pom	name	dom4j	High
Product	pom	artifactid	dom4j	Highest
Product	pom	organization name	MetaStuff Ltd.	Low
Product	jar	package name	dom4j	Highest
Product	Manifest	specification-title	dom4j : XML framework for Java	Medium
Product	pom	organization url	http://sourceforge.net/projects/dom4j	Low
Product	pom	url	http://dom4j.org	Medium
Product	Manifest	Implementation-Title	org.dom4j	High
Version	file	version	1.6.1	High
Version	Manifest	Implementation-Version	1.6.1	High
Version	pom	version	1.6.1	Highest

Identifiers

pkg:maven/dom4j/dom4j@1.6.1 (Confidence:High)
cpe:2.3:a:dom4j_project:dom4j:1.6.1:*:*:*:*:*:*:* (Confidence:Highest)

enrichment.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/enrichment.js
MD5: 3503c43603043655484d686c4cc40e5a
SHA1: 37cfd052341bfbee7c1f5a7731f6e9604a10ae6a
SHA256:56ef5930f53ef64f3f87408aec6ccbdddcbf67951641d2aed90452570211f6c6
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

error_prone_annotations-2.0.18.jar

File Path: /root/.m2/repository/com/google/errorprone/error_prone_annotations/2.0.18/error_prone_annotations-2.0.18.jar
MD5: 98051758c08c9b7111b3268655069432
SHA1: 5f65affce1684999e2f4024983835efc3504012e
SHA256:cb4cfad870bf563a07199f3ebea5763f0dec440fcda0b318640b1feaa788656b
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	google	Highest
Vendor	jar	package name	errorprone	Highest
Vendor	pom	parent-artifactid	error_prone_parent	Low
Vendor	pom	groupid	com.google.errorprone	Highest
Vendor	jar	package name	google	Low
Vendor	pom	artifactid	error_prone_annotations	Low
Vendor	jar	package name	errorprone	Low
Vendor	pom	parent-groupid	com.google.errorprone	Medium
Vendor	jar	package name	annotations	Highest
Vendor	pom	groupid	google.errorprone	Highest
Vendor	file	name	error_prone_annotations	High
Vendor	pom	name	error-prone annotations	High
Vendor	jar	package name	annotations	Low
Product	jar	package name	google	Highest
Product	jar	package name	errorprone	Highest
Product	pom	parent-artifactid	error_prone_parent	Medium
Product	jar	package name	errorprone	Low
Product	pom	parent-groupid	com.google.errorprone	Medium
Product	jar	package name	annotations	Highest
Product	pom	groupid	google.errorprone	Highest
Product	file	name	error_prone_annotations	High
Product	pom	artifactid	error_prone_annotations	Highest
Product	pom	name	error-prone annotations	High
Product	jar	package name	annotations	Low
Version	file	version	2.0.18	High
Version	pom	version	2.0.18	Highest

Identifiers

pkg:maven/com.google.errorprone/error_prone_annotations@2.0.18 (Confidence:High)

genes.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/genes.js
MD5: f1fd12c00a68a69bfe052a6aa5e2495c
SHA1: d402ec5253e116b854c4f3ccc50bb6594609a15d
SHA256:2b5aa409522b4263e3e2648147703557d1181732876af73976785de738ebea79
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

gograph.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/gograph.js
MD5: 9fba9676fb15e4061a5a40588598db31
SHA1: 04610a3f51c35911910cf809fdb4590428e0783d
SHA256:564578287ac1698d4d22ce2948de4c9585739d328bf855c17d3b378a5ac33093
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

gson-2.2.4.jar

Description:

Google Gson library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/google/code/gson/gson/2.2.4/gson-2.2.4.jar
MD5: 2f54fc24807a4cad7297012dd8cebf3d
SHA1: a60a5e993c98c864010053cb901b7eab25306568
SHA256:c0328cd07ca9e363a5acd00c1cf4afe8cf554bd6d373834981ba05cebec687fb
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	pom	name	Gson	High
Vendor	jar	package name	google	Highest
Vendor	pom	artifactid	gson	Low
Vendor	jar	package name	gson	Highest
Vendor	pom	organization name	Google, Inc.	High
Vendor	file	name	gson	High
Vendor	pom	organization url	http://www.google.com	Medium
Vendor	pom	url	http://code.google.com/p/google-gson/	Highest
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	pom	groupid	google.code.gson	Highest
Vendor	Manifest	bundle-symbolicname	com.google.gson	Medium
Vendor	Manifest	bundle-contactaddress	http://code.google.com/p/google-gson/	Low
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	pom	name	Gson	High
Product	jar	package name	google	Highest
Product	pom	url	http://code.google.com/p/google-gson/	Medium
Product	Manifest	Bundle-Name	Gson	Medium
Product	jar	package name	gson	Highest
Product	file	name	gson	High
Product	pom	organization name	Google, Inc.	Low
Product	pom	groupid	google.code.gson	Highest
Product	pom	organization url	http://www.google.com	Low
Product	pom	artifactid	gson	Highest
Product	Manifest	bundle-symbolicname	com.google.gson	Medium
Product	Manifest	bundle-contactaddress	http://code.google.com/p/google-gson/	Low
Version	file	version	2.2.4	High
Version	pom	version	2.2.4	Highest
Version	Manifest	Bundle-Version	2.2.4	High

Identifiers

pkg:maven/com.google.code.gson/gson@2.2.4 (Confidence:High)

guava-23.0.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/google/guava/guava/23.0/guava-23.0.jar
MD5: 7d7838b57e04ae0164714c56ac9e20d9
SHA1: c947004bb13d18182be60077ade044099e4f26f1
SHA256:7baa80df284117e5b945b19b98d367a85ea7b7801bd358ff657946c3bd1b6596
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	guava	High
Vendor	pom	parent-artifactid	guava-parent	Low
Vendor	pom	groupid	com.google.guava	Highest
Vendor	jar	package name	google	Highest
Vendor	pom	groupid	google.guava	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	guava	Low
Vendor	pom	name	Guava: Google Core Libraries for Java	High
Vendor	Manifest	bundle-symbolicname	com.google.guava	Medium
Vendor	pom	parent-groupid	com.google.guava	Medium
Vendor	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Product	file	name	guava	High
Product	jar	package name	google	Highest
Product	pom	groupid	google.guava	Highest
Product	pom	parent-artifactid	guava-parent	Medium
Product	Manifest	Bundle-Name	Guava: Google Core Libraries for Java	Medium
Product	pom	artifactid	guava	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	name	Guava: Google Core Libraries for Java	High
Product	Manifest	bundle-symbolicname	com.google.guava	Medium
Product	pom	parent-groupid	com.google.guava	Medium
Product	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Version	file	version	23.0	High
Version	pom	version	23.0	Highest

Identifiers

pkg:maven/com.google.guava/guava@23.0 (Confidence:High)
cpe:2.3:a:google:guava:23.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:

Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

Base Score: LOW (3.3)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

hk2-api-2.4.0-b34.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html

File Path: /root/.m2/repository/org/glassfish/hk2/hk2-api/2.4.0-b34/hk2-api-2.4.0-b34.jar
MD5: 2972849752ed511bd069812ba2b29d2d
SHA1: 1017432e219dbd1d4a1121b2d7e87c5b2f0bcfb9
SHA256:6eb071aaea327015ac3da18d5066c364c1a39978f4b6f94644158675ca5b9ced
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.glassfish.hk2	Highest
Vendor	pom	parent-artifactid	hk2-parent	Low
Vendor	Manifest	bundle-docurl	http://www.oracle.com	Low
Vendor	file	name	hk2-api	High
Vendor	jar	package name	api	Highest
Vendor	pom	parent-groupid	org.glassfish.hk2	Medium
Vendor	jar	package name	glassfish	Highest
Vendor	jar	package name	hk2	Highest
Vendor	pom	name	HK2 API module	High
Vendor	pom	artifactid	hk2-api	Low
Vendor	pom	groupid	glassfish.hk2	Highest
Vendor	Manifest	bundle-symbolicname	org.glassfish.hk2.api	Medium
Product	Manifest	bundle-docurl	http://www.oracle.com	Low
Product	pom	parent-artifactid	hk2-parent	Medium
Product	file	name	hk2-api	High
Product	jar	package name	api	Highest
Product	Manifest	Bundle-Name	HK2 API module	Medium
Product	pom	artifactid	hk2-api	Highest
Product	pom	parent-groupid	org.glassfish.hk2	Medium
Product	jar	package name	glassfish	Highest
Product	jar	package name	hk2	Highest
Product	pom	name	HK2 API module	High
Product	pom	groupid	glassfish.hk2	Highest
Product	Manifest	bundle-symbolicname	org.glassfish.hk2.api	Medium
Version	pom	version	2.4.0-b34	Highest

Identifiers

pkg:maven/org.glassfish.hk2/hk2-api@2.4.0-b34 (Confidence:High)

hk2-locator-2.4.0-b34.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html

File Path: /root/.m2/repository/org/glassfish/hk2/hk2-locator/2.4.0-b34/hk2-locator-2.4.0-b34.jar
MD5: 09eda1a8dd33d465ec7bac9536f3eaf7
SHA1: 1451fc3e5b7f00d7a5ca0feaff2c1bf68be5ac91
SHA256:ea47ebf7ed56ef751055710cfad36840bcc36383cf387c4a963b41447c066f8f
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	hk2-locator	High
Vendor	pom	groupid	org.glassfish.hk2	Highest
Vendor	pom	parent-artifactid	hk2-parent	Low
Vendor	Manifest	bundle-symbolicname	org.glassfish.hk2.locator	Medium
Vendor	jar	package name	hk2	Highest
Vendor	Manifest	bundle-docurl	http://www.oracle.com	Low
Vendor	pom	groupid	glassfish.hk2	Highest
Vendor	pom	name	ServiceLocator Default Implementation	High
Vendor	pom	artifactid	hk2-locator	Low
Vendor	pom	parent-groupid	org.glassfish.hk2	Medium
Product	file	name	hk2-locator	High
Product	Manifest	bundle-symbolicname	org.glassfish.hk2.locator	Medium
Product	jar	package name	hk2	Highest
Product	Manifest	bundle-docurl	http://www.oracle.com	Low
Product	pom	parent-artifactid	hk2-parent	Medium
Product	pom	artifactid	hk2-locator	Highest
Product	Manifest	Bundle-Name	ServiceLocator Default Implementation	Medium
Product	pom	groupid	glassfish.hk2	Highest
Product	pom	name	ServiceLocator Default Implementation	High
Product	pom	parent-groupid	org.glassfish.hk2	Medium
Version	pom	version	2.4.0-b34	Highest

Identifiers

pkg:maven/org.glassfish.hk2/hk2-locator@2.4.0-b34 (Confidence:High)

hk2-utils-2.4.0-b34.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html

File Path: /root/.m2/repository/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
MD5: f0c9e9df24ad2c2feb1f950b82146245
SHA1: aacce18411fffef9621d8fc91464ca0477119c38
SHA256:70211b1f918819bf6afbf69d3d19d4ae6e2a75d6e26f6c39ba9f20eb8e5612d7
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.glassfish.hk2	Highest
Vendor	pom	parent-artifactid	hk2-parent	Low
Vendor	Manifest	bundle-docurl	http://www.oracle.com	Low
Vendor	pom	name	HK2 Implementation Utilities	High
Vendor	Manifest	bundle-symbolicname	org.glassfish.hk2.utils	Medium
Vendor	pom	parent-groupid	org.glassfish.hk2	Medium
Vendor	pom	artifactid	hk2-utils	Low
Vendor	jar	package name	glassfish	Highest
Vendor	Manifest	originally-created-by	Apache Maven	Low
Vendor	jar	package name	hk2	Highest
Vendor	pom	groupid	glassfish.hk2	Highest
Vendor	Manifest	service	foo	Low
Vendor	file	name	hk2-utils	High
Vendor	jar	package name	utilities	Highest
Product	pom	artifactid	hk2-utils	Highest
Product	Manifest	Bundle-Name	HK2 Implementation Utilities	Medium
Product	Manifest	bundle-docurl	http://www.oracle.com	Low
Product	pom	parent-artifactid	hk2-parent	Medium
Product	pom	name	HK2 Implementation Utilities	High
Product	Manifest	bundle-symbolicname	org.glassfish.hk2.utils	Medium
Product	pom	parent-groupid	org.glassfish.hk2	Medium
Product	jar	package name	glassfish	Highest
Product	Manifest	originally-created-by	Apache Maven	Low
Product	jar	package name	hk2	Highest
Product	pom	groupid	glassfish.hk2	Highest
Product	Manifest	service	foo	Low
Product	file	name	hk2-utils	High
Product	jar	package name	utilities	Highest
Version	pom	version	2.4.0-b34	Highest

Identifiers

pkg:maven/org.glassfish.hk2/hk2-utils@2.4.0-b34 (Confidence:High)
cpe:2.3:a:oracle:utilities_framework:2.4.0.b34:*:*:*:*:*:*:* (Confidence:Low)

hk2-utils-2.4.0-b34.jar (shaded: org.jvnet:tiger-types:1.4)

File Path: /root/.m2/repository/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar/META-INF/maven/org.jvnet/tiger-types/pom.xml
MD5: 51329dba505e7cc4a9bc2719cf195be0
SHA1: 5855a7ee03b816073c2b448bce93319bd71f7029
SHA256:58794aca99cadb3aab687b56fd6d84871956590323dd0ea5d611db759e78c6b9
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Type arithmetic library for Java5	High
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	pom	artifactid	tiger-types	Low
Vendor	pom	groupid	jvnet	Highest
Vendor	pom	parent-groupid	net.java	Medium
Product	pom	artifactid	tiger-types	Highest
Product	pom	name	Type arithmetic library for Java5	High
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	pom	groupid	jvnet	Highest
Product	pom	parent-groupid	net.java	Medium
Version	pom	version	1.4	Highest
Version	pom	parent-version	1.4	Low

Identifiers

pkg:maven/org.jvnet/tiger-types@1.4 (Confidence:High)

itextpdf-5.5.6.jar

Description:

iText, a free Java-PDF library

License:

GNU Affero General Public License v3: http://www.fsf.org/licensing/licenses/agpl-3.0.html

File Path: /root/.m2/repository/com/itextpdf/itextpdf/5.5.6/itextpdf-5.5.6.jar
MD5: ce105599cd1ae696a04d14dd8f9de5a7
SHA1: 19448fdba5df68602aed364b86fd14d89c07a66e
SHA256:f15196c3c6b6c2db33425b6b3c7fd1aa8dd92d3862cb411b005a4b65e4677fde
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	itextpdf	High
Vendor	Manifest	implementation-build	${buildNumber}	Low
Vendor	Manifest	bundle-symbolicname	com.itextpdf	Medium
Vendor	pom	parent-groupid	com.itextpdf	Medium
Vendor	pom	artifactid	itextpdf	Low
Vendor	jar	package name	pdf	Highest
Vendor	pom	groupid	itextpdf	Highest
Vendor	pom	name	iText, a Free Java-PDF library	High
Vendor	pom	groupid	com.itextpdf	Highest
Vendor	jar	package name	itextpdf	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.itextpdf	Medium
Vendor	pom	parent-artifactid	itext-parent	Low
Vendor	pom	url	http://itextpdf.com	Highest
Product	pom	artifactid	itextpdf	Highest
Product	pom	parent-artifactid	itext-parent	Medium
Product	file	name	itextpdf	High
Product	Manifest	Implementation-Title	iText, a Free Java-PDF library	High
Product	Manifest	implementation-build	${buildNumber}	Low
Product	Manifest	bundle-symbolicname	com.itextpdf	Medium
Product	Manifest	Bundle-Name	iText, a Free Java-PDF library	Medium
Product	pom	parent-groupid	com.itextpdf	Medium
Product	jar	package name	pdf	Highest
Product	pom	groupid	itextpdf	Highest
Product	pom	name	iText, a Free Java-PDF library	High
Product	jar	package name	itextpdf	Highest
Product	pom	url	http://itextpdf.com	Medium
Version	file	version	5.5.6	High
Version	pom	parent-version	5.5.6	Low
Version	Manifest	Implementation-Version	5.5.6	High
Version	pom	version	5.5.6	Highest
Version	Manifest	Bundle-Version	5.5.6	High

Identifiers

pkg:maven/com.itextpdf/itextpdf@5.5.6 (Confidence:High)
cpe:2.3:a:itextpdf:itext:5.5.6:*:*:*:*:*:*:* (Confidence:High)

Published Vulnerabilities

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

j2objc-annotations-1.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
SHA256:2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	j2objc-annotations	High
Vendor	jar	package name	google	Highest
Vendor	jar	package name	j2objc	Highest
Vendor	pom	groupid	com.google.j2objc	Highest
Vendor	pom	groupid	google.j2objc	Highest
Vendor	pom	name	J2ObjC Annotations	High
Vendor	jar	package name	google	Low
Vendor	jar	package name	j2objc	Low
Vendor	pom	artifactid	j2objc-annotations	Low
Vendor	pom	url	google/j2objc/	Highest
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	annotations	Low
Product	file	name	j2objc-annotations	High
Product	pom	name	J2ObjC Annotations	High
Product	jar	package name	google	Highest
Product	jar	package name	j2objc	Highest
Product	pom	url	google/j2objc/	High
Product	jar	package name	j2objc	Low
Product	jar	package name	annotations	Highest
Product	pom	artifactid	j2objc-annotations	Highest
Product	pom	groupid	google.j2objc	Highest
Product	jar	package name	annotations	Low
Version	file	version	1.1	High
Version	pom	version	1.1	Highest

Identifiers

pkg:maven/com.google.j2objc/j2objc-annotations@1.1 (Confidence:High)

jackson-core-2.5.4.jar

Description:

Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.5.4/jackson-core-2.5.4.jar
MD5: 7a3aa950d37e75199d30426a467ddf83
SHA1: 0a57a2df1a23ca1ee32f129173ba7f5feaa9ac24
SHA256:6ac2781bfe152f3e03e1f45ffb06b6bf03821d806eaa2e290747da35611e3b98
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Vendor	pom	name	Jackson-core	High
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	parent-artifactid	jackson-parent	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Vendor	jar	package name	json	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	pom	artifactid	jackson-core	Low
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	implementation-build-date	2015-06-09 18:27:20-0700	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	jar	package name	core	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	groupid	fasterxml.jackson.core	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	pom	url	FasterXML/jackson	Highest
Vendor	file	name	jackson-core	High
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Product	Manifest	specification-title	Jackson-core	Medium
Product	pom	name	Jackson-core	High
Product	hint analyzer	product	modules	Highest
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	parent-artifactid	jackson-parent	Medium
Product	hint analyzer	product	java8	Highest
Product	pom	url	FasterXML/jackson	High
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Product	jar	package name	json	Highest
Product	Manifest	Implementation-Title	Jackson-core	High
Product	jar	package name	jackson	Highest
Product	Manifest	implementation-build-date	2015-06-09 18:27:20-0700	Low
Product	pom	artifactid	jackson-core	Highest
Product	jar	package name	version	Highest
Product	jar	package name	core	Highest
Product	Manifest	Bundle-Name	Jackson-core	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	groupid	fasterxml.jackson.core	Highest
Product	jar	package name	fasterxml	Highest
Product	file	name	jackson-core	High
Version	file	version	2.5.4	High
Version	pom	version	2.5.4	Highest
Version	Manifest	Implementation-Version	2.5.4	High
Version	pom	parent-version	2.5.4	Low
Version	Manifest	Bundle-Version	2.5.4	High

Related Dependencies

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-core@2.5.4 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.5.4:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

jackson-databind-2.5.4.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.5.4/jackson-databind-2.5.4.jar
MD5: a6c0a282905c8f5c4a80a36c75526485
SHA1: 5dfa42af84584b4a862ea488da84bbbebbb06c35
SHA256:338b9aa87b8b17d33026defdbd8d9c1ec498bf355e8b949381f303ea23c261ac
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-databind	High
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	parent-artifactid	jackson-parent	Low
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	pom	artifactid	jackson-databind	Low
Vendor	Manifest	implementation-build-date	2015-06-09 18:43:01-0700	Low
Vendor	pom	name	jackson-databind	High
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	databind	Highest
Vendor	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	pom	url	http://github.com/FasterXML/jackson	Highest
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	groupid	fasterxml.jackson.core	Highest
Vendor	jar	package name	fasterxml	Highest
Product	file	name	jackson-databind	High
Product	Manifest	Implementation-Title	jackson-databind	High
Product	hint analyzer	product	modules	Highest
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	parent-artifactid	jackson-parent	Medium
Product	pom	url	http://github.com/FasterXML/jackson	Medium
Product	pom	artifactid	jackson-databind	Highest
Product	hint analyzer	product	java8	Highest
Product	Manifest	implementation-build-date	2015-06-09 18:43:01-0700	Low
Product	Manifest	specification-title	jackson-databind	Medium
Product	pom	name	jackson-databind	High
Product	jar	package name	jackson	Highest
Product	jar	package name	databind	Highest
Product	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Product	Manifest	Bundle-Name	jackson-databind	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	groupid	fasterxml.jackson.core	Highest
Product	jar	package name	fasterxml	Highest
Version	file	version	2.5.4	High
Version	pom	version	2.5.4	Highest
Version	Manifest	Implementation-Version	2.5.4	High
Version	pom	parent-version	2.5.4	Low
Version	Manifest	Bundle-Version	2.5.4	High

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.5.4 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-databind:2.5.4:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.5.4:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2017-15095 (OSSINDEX)

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2017-15095] Deserialization of Untrusted Data

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2017-17485 (OSSINDEX)

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2017-17485] Improper Control of Generation of Code ("Code Injection")

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2017-7525 (OSSINDEX)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2017-7525] Deserialization of Untrusted Data

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11307 (OSSINDEX)

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2018-11307] An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use o...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2018-14718 (OSSINDEX)

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2018-14718] Deserialization of Untrusted Data

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2018-5968 (OSSINDEX)

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

CVSSv3:

Base Score: HIGH (8.1)
Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2018-7489

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete Blacklist

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

BID - 103203
CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CONFIRM - https://github.com/FasterXML/jackson-databind/issues/1931
CONFIRM - https://security.netapp.com/advisory/ntap-20180328-0001/
CONFIRM - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
CONFIRM - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
DEBIAN - DSA-4190
MISC - https://www.oracle.com/security-alerts/cpuoct2020.html
MISC - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
MISC - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MLIST - [druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves
OSSINDEX - [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data
REDHAT - RHSA-2018:1447
REDHAT - RHSA-2018:1448
REDHAT - RHSA-2018:1449
REDHAT - RHSA-2018:1450
REDHAT - RHSA-2018:1451
REDHAT - RHSA-2018:1786
REDHAT - RHSA-2018:2088
REDHAT - RHSA-2018:2089
REDHAT - RHSA-2018:2090
REDHAT - RHSA-2018:2938
REDHAT - RHSA-2018:2939
REDHAT - RHSA-2019:2858
REDHAT - RHSA-2019:3149
SECTRACK - 1040693
SECTRACK - 1041890

Vulnerable Software & Versions: (show all)

CVE-2019-14540 (OSSINDEX)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2019-14540] A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-14893 (OSSINDEX)

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2019-14893] A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.1...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-16335 (OSSINDEX)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2019-16335] A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-16942 (OSSINDEX)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2019-16942] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 th...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-16943 (OSSINDEX)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2019-16943] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 th...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-17267 (OSSINDEX)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2019-17267] A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-17531 (OSSINDEX)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2019-17531] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 th...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2019-20330 (OSSINDEX)

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2019-20330] FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache bloc...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

CVE-2020-35490

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (OSSINDEX)

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:

Base Score: MEDIUM (5.4)
Vector: CVSS:/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References:

OSSINDEX - CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.5.4:*:*:*:*:*:*:*

jackson-jaxrs-base-2.5.4.jar

Description:

Pile of code that is shared by all Jackson-based JAX-RS
providers.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.5.4/jackson-jaxrs-base-2.5.4.jar
MD5: dbd31df138ce1d8a266e0c9ce594e270
SHA1: 8af261181ae4fb16ccce5e116fa25bc3143785b8
SHA256:7f635fb13230210e3af5db6b0108c3bcd903404714c383a640aaa2d19af15b3f
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-docurl	http://wiki.fasterxml.com/JacksonHome/jackson-jaxrs-base	Low
Vendor	file	name	jackson-jaxrs-base	High
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.jaxrs.jackson-jaxrs-base	Medium
Vendor	pom	parent-artifactid	jackson-jaxrs-providers	Low
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	base	Highest
Vendor	pom	parent-groupid	com.fasterxml.jackson.jaxrs	Medium
Vendor	pom	name	Jackson-JAXRS-base	High
Vendor	Manifest	implementation-build-date	2015-06-09 22:22:50-0700	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	pom	groupid	com.fasterxml.jackson.jaxrs	Highest
Vendor	pom	artifactid	jackson-jaxrs-base	Low
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.jaxrs	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jaxrs	Highest
Vendor	pom	groupid	fasterxml.jackson.jaxrs	Highest
Product	Manifest	Implementation-Title	Jackson-JAXRS-base	High
Product	Manifest	bundle-docurl	http://wiki.fasterxml.com/JacksonHome/jackson-jaxrs-base	Low
Product	file	name	jackson-jaxrs-base	High
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.jaxrs.jackson-jaxrs-base	Medium
Product	pom	parent-artifactid	jackson-jaxrs-providers	Medium
Product	Manifest	specification-title	Jackson-JAXRS-base	Medium
Product	jar	package name	jackson	Highest
Product	jar	package name	base	Highest
Product	Manifest	Bundle-Name	Jackson-JAXRS-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson.jaxrs	Medium
Product	pom	name	Jackson-JAXRS-base	High
Product	Manifest	implementation-build-date	2015-06-09 22:22:50-0700	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	jar	package name	fasterxml	Highest
Product	pom	artifactid	jackson-jaxrs-base	Highest
Product	jar	package name	jaxrs	Highest
Product	pom	groupid	fasterxml.jackson.jaxrs	Highest
Version	file	version	2.5.4	High
Version	pom	version	2.5.4	Highest
Version	Manifest	Implementation-Version	2.5.4	High
Version	Manifest	Bundle-Version	2.5.4	High

Identifiers

pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.5.4 (Confidence:High)

jackson-jaxrs-json-provider-2.5.4.jar

Description:

Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.5.4/jackson-jaxrs-json-provider-2.5.4.jar
MD5: c41c05af8a1e131429f70e5faa4e5cbf
SHA1: 1c32a260754c3b13adcea6cc92259a78137751b6
SHA256:7517191a5a9af8ede688367964584b411c145b568d869376e4bbeda2eba1f31b
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-jaxrs-json-provider	High
Vendor	Manifest	bundle-docurl	http://wiki.fasterxml.com/JacksonHome/jackson-jaxrs-json-provider	Low
Vendor	pom	artifactid	jackson-jaxrs-json-provider	Low
Vendor	jar	package name	json	Highest
Vendor	pom	parent-artifactid	jackson-jaxrs-providers	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider	Medium
Vendor	pom	name	Jackson-JAXRS-JSON	High
Vendor	jar	package name	jackson	Highest
Vendor	pom	parent-groupid	com.fasterxml.jackson.jaxrs	Medium
Vendor	Manifest	implementation-build-date	2015-06-09 22:22:50-0700	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	pom	groupid	com.fasterxml.jackson.jaxrs	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.jaxrs	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jaxrs	Highest
Vendor	pom	groupid	fasterxml.jackson.jaxrs	Highest
Product	file	name	jackson-jaxrs-json-provider	High
Product	Manifest	bundle-docurl	http://wiki.fasterxml.com/JacksonHome/jackson-jaxrs-json-provider	Low
Product	Manifest	Implementation-Title	Jackson-JAXRS-JSON	High
Product	jar	package name	json	Highest
Product	pom	parent-artifactid	jackson-jaxrs-providers	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider	Medium
Product	Manifest	specification-title	Jackson-JAXRS-JSON	Medium
Product	pom	name	Jackson-JAXRS-JSON	High
Product	jar	package name	jackson	Highest
Product	pom	parent-groupid	com.fasterxml.jackson.jaxrs	Medium
Product	Manifest	implementation-build-date	2015-06-09 22:22:50-0700	Low
Product	pom	artifactid	jackson-jaxrs-json-provider	Highest
Product	Manifest	Bundle-Name	Jackson-JAXRS-JSON	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jaxrs	Highest
Product	pom	groupid	fasterxml.jackson.jaxrs	Highest
Version	file	version	2.5.4	High
Version	pom	version	2.5.4	Highest
Version	Manifest	Implementation-Version	2.5.4	High
Version	Manifest	Bundle-Version	2.5.4	High

Identifiers

pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.5.4 (Confidence:High)

jackson-module-jaxb-annotations-2.5.4.jar

Description:

Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring data binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.5.4/jackson-module-jaxb-annotations-2.5.4.jar
MD5: 0a3d56856384aa9a3c57fddcd4e17513
SHA1: 52c516db26a89b726a1351f7f24347c640204343
SHA256:069b97144bd8424c2c035bd15ce2e35beb85489e6f0604b5776f79cfd448057d
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	parent-artifactid	jackson-parent	Low
Vendor	jar	package name	jaxb	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.module	Medium
Vendor	Manifest	bundle-docurl	http://wiki.fasterxml.com/JacksonJAXBAnnotations	Low
Vendor	pom	groupid	com.fasterxml.jackson.module	Highest
Vendor	pom	artifactid	jackson-module-jaxb-annotations	Low
Vendor	jar	package name	module	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	implementation-build-date	2015-06-09 22:10:46-0700	Low
Vendor	pom	name	Jackson-module-JAXB-annotations	High
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	jar	package name	fasterxml	Highest
Vendor	pom	groupid	fasterxml.jackson.module	Highest
Vendor	pom	url	http://wiki.fasterxml.com/JacksonJAXBAnnotations	Highest
Vendor	file	name	jackson-module-jaxb-annotations	High
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.module.jackson-module-jaxb-annotations	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	parent-artifactid	jackson-parent	Medium
Product	pom	artifactid	jackson-module-jaxb-annotations	Highest
Product	jar	package name	jaxb	Highest
Product	Manifest	bundle-docurl	http://wiki.fasterxml.com/JacksonJAXBAnnotations	Low
Product	Manifest	specification-title	Jackson-module-JAXB-annotations	Medium
Product	jar	package name	module	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	implementation-build-date	2015-06-09 22:10:46-0700	Low
Product	pom	name	Jackson-module-JAXB-annotations	High
Product	Manifest	Bundle-Name	Jackson-module-JAXB-annotations	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	url	http://wiki.fasterxml.com/JacksonJAXBAnnotations	Medium
Product	jar	package name	fasterxml	Highest
Product	Manifest	Implementation-Title	Jackson-module-JAXB-annotations	High
Product	pom	groupid	fasterxml.jackson.module	Highest
Product	file	name	jackson-module-jaxb-annotations	High
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.module.jackson-module-jaxb-annotations	Medium
Version	file	version	2.5.4	High
Version	pom	version	2.5.4	Highest
Version	Manifest	Implementation-Version	2.5.4	High
Version	pom	parent-version	2.5.4	Low
Version	Manifest	Bundle-Version	2.5.4	High

Identifiers

pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.5.4 (Confidence:High)

javassist-3.18.1-GA.jar

Description:

  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/

File Path: /root/.m2/repository/org/javassist/javassist/3.18.1-GA/javassist-3.18.1-GA.jar
MD5: 5bb83868c87334320562af7eded65cc2
SHA1: d9a09f7732226af26bf99f19e2cffe0ae219db5b
SHA256:3fb71231afd098bb0f93f5eb97aa8291c8d0556379125e596f92ec8f944c6162
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	http://www.javassist.org/	Highest
Vendor	jar	package name	javassist	Highest
Vendor	pom	groupid	javassist	Highest
Vendor	Manifest	bundle-symbolicname	javassist	Medium
Vendor	Manifest	specification-vendor	Shigeru Chiba, www.javassist.org	Low
Vendor	jar	package name	bytecode	Highest
Vendor	file	name	javassist	High
Vendor	pom	artifactid	javassist	Low
Vendor	pom	groupid	org.javassist	Highest
Vendor	pom	name	Javassist	High
Product	Manifest	Bundle-Name	Javassist	Medium
Product	jar	package name	javassist	Highest
Product	pom	groupid	javassist	Highest
Product	jar	package name	bytecode	Highest
Product	Manifest	bundle-symbolicname	javassist	Medium
Product	Manifest	specification-title	Javassist	Medium
Product	file	name	javassist	High
Product	pom	url	http://www.javassist.org/	Medium
Product	pom	name	Javassist	High
Product	pom	artifactid	javassist	Highest
Version	pom	version	3.18.1-GA	Highest

Identifiers

pkg:maven/org.javassist/javassist@3.18.1-GA (Confidence:High)

javax.annotation-api-1.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /root/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	annotation	Highest
Vendor	pom	organization url	https://glassfish.java.net	Medium
Vendor	pom	artifactid	javax.annotation-api	Low
Vendor	pom	url	http://jcp.org/en/jsr/detail?id=250	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	pom	groupid	javax.annotation	Highest
Vendor	jar	package name	javax	Highest
Vendor	Manifest	bundle-docurl	https://glassfish.java.net	Low
Vendor	pom	name	${extension.name} API	High
Vendor	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Vendor	pom	organization name	GlassFish Community	High
Vendor	file	name	javax.annotation-api	High
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	Manifest	extension-name	javax.annotation	Medium
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	pom	parent-groupid	net.java	Medium
Product	pom	organization name	GlassFish Community	Low
Product	jar	package name	annotation	Highest
Product	pom	organization url	https://glassfish.java.net	Low
Product	pom	groupid	javax.annotation	Highest
Product	pom	url	http://jcp.org/en/jsr/detail?id=250	Medium
Product	pom	artifactid	javax.annotation-api	Highest
Product	Manifest	Bundle-Name	javax.annotation API	Medium
Product	jar	package name	javax	Highest
Product	Manifest	bundle-docurl	https://glassfish.java.net	Low
Product	pom	name	${extension.name} API	High
Product	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Product	file	name	javax.annotation-api	High
Product	Manifest	extension-name	javax.annotation	Medium
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	pom	parent-groupid	net.java	Medium
Version	pom	version	1.2	Highest
Version	Manifest	Bundle-Version	1.2	High
Version	Manifest	Implementation-Version	1.2	High
Version	file	version	1.2	High
Version	pom	parent-version	1.2	Low

Identifiers

pkg:maven/javax.annotation/javax.annotation-api@1.2 (Confidence:High)

javax.faces-2.3.3.jar

Description:

        This is the master POM file for Oracle's Implementation of the JSF 2.3 Specification.

License:

                COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) plus GPL
            : http://glassfish.java.net/nonav/public/CDDL+GPL.html

File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar
MD5: 963f70ee469f8034d3010cf3f6123cfc
SHA1: 3a95587c0c94f9d6d3a971ee6d2f3608e737f8de
SHA256:02cb44439458455e7f3f86d1f2c755c51a9859c9e3d9048de50411cefa1fe06e
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	javax.faces	High
Vendor	Manifest	docname	Mojarra Implementation Javadoc	Medium
Vendor	jar	package name	faces	Highest
Vendor	Manifest	Implementation-Vendor	Oracle America, Inc.	High
Vendor	pom	groupid	glassfish	Highest
Vendor	pom	groupid	org.glassfish	Highest
Vendor	pom	name	Oracle's implementation of the JSF 2.3 specification.	High
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	javax.faces	Low
Vendor	pom	organization name	Oracle America, Inc	High
Vendor	pom	organization url	http://www.oracle.com/	Medium
Vendor	pom	url	http://jsf.java.net/	Highest
Vendor	jar	package name	javax	Highest
Vendor	Manifest	extension-name	javax.faces	Medium
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	jar	package name	sun	Highest
Vendor	Manifest	bundle-symbolicname	org.glassfish.javax.faces	Medium
Vendor	Manifest	originally-created-by	1.5.0_19-137 (Apple Inc.)	Low
Product	file	name	javax.faces	High
Product	Manifest	specification-title	JavaServer Faces	Medium
Product	pom	organization url	http://www.oracle.com/	Low
Product	Manifest	docname	Mojarra Implementation Javadoc	Medium
Product	pom	url	http://jsf.java.net/	Medium
Product	jar	package name	faces	Highest
Product	pom	groupid	glassfish	Highest
Product	pom	name	Oracle's implementation of the JSF 2.3 specification.	High
Product	pom	artifactid	javax.faces	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	jar	package name	javax	Highest
Product	Manifest	extension-name	javax.faces	Medium
Product	Manifest	Bundle-Name	Mojarra JSF Implementation 2.3.3 (20171008-2230) 673408fa9199477d87f44521ff873d709128c88b	Medium
Product	pom	organization name	Oracle America, Inc	Low
Product	Manifest	Implementation-Title	Mojarra	High
Product	Manifest	bundle-symbolicname	org.glassfish.javax.faces	Medium
Product	Manifest	originally-created-by	1.5.0_19-137 (Apple Inc.)	Low
Version	pom	version	2.3.3	Highest
Version	file	version	2.3.3	High
Version	Manifest	Bundle-Version	2.3.3	High
Version	Manifest	Implementation-Version	2.3.3	High

Identifiers

pkg:maven/org.glassfish/javax.faces@2.3.3 (Confidence:High)
cpe:2.3:a:oracle:mojarra_javaserver_faces:2.3.3:*:*:*:*:*:*:* (Confidence:Low)

javax.faces-2.3.3.jar: jsf-uncompressed.js

File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar/META-INF/resources/javax.faces/jsf-uncompressed.js
MD5: 071fa1c95f9cac7f876e4293854babb1
SHA1: d85a0182b1957e7e6d461825ddab759bda1d57c2
SHA256:607f41972bc4c4d161a7e583e68305043b4e2862fce77304b2e8c966e5a6c60f
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

javax.faces-2.3.3.jar: jsf.js

File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar/META-INF/resources/javax.faces/jsf.js
MD5: 33458a9fe6cce1f8b4dac96058a8ad22
SHA1: 380521f722b47f7d7c1a44f410e35428f4b3d61c
SHA256:336652121c49ce830d0d8e998442c5f77ce3f3456143a8666eb5f634cf30eea4
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

javax.inject-2.4.0-b34.jar

Description:

Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html

File Path: /root/.m2/repository/org/glassfish/hk2/external/javax.inject/2.4.0-b34/javax.inject-2.4.0-b34.jar
MD5: 0299609004955f54207ab8562273b5af
SHA1: a6a3d4935af7b03e44126b5aac2c2a0ce98fe6e9
SHA256:fdbf80a01b854045bd4004b7c6b1fdc2da81db475bfbd08ed574eeffcf9a7b1a
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	javax	Highest
Vendor	file	name	javax.inject	High
Vendor	Manifest	bundle-docurl	http://www.oracle.com	Low
Vendor	pom	name	javax.inject:${javax-inject.version} as OSGi bundle	High
Vendor	Manifest	bundle-symbolicname	org.glassfish.hk2.external.javax.inject	Medium
Vendor	pom	artifactid	javax.inject	Low
Vendor	pom	groupid	org.glassfish.hk2.external	Highest
Vendor	jar	package name	inject	Highest
Vendor	pom	groupid	glassfish.hk2.external	Highest
Vendor	pom	parent-groupid	org.glassfish.hk2	Medium
Vendor	pom	parent-artifactid	external	Low
Product	jar	package name	javax	Highest
Product	file	name	javax.inject	High
Product	pom	parent-artifactid	external	Medium
Product	Manifest	bundle-docurl	http://www.oracle.com	Low
Product	pom	name	javax.inject:${javax-inject.version} as OSGi bundle	High
Product	Manifest	bundle-symbolicname	org.glassfish.hk2.external.javax.inject	Medium
Product	pom	artifactid	javax.inject	Highest
Product	Manifest	Bundle-Name	javax.inject:1 as OSGi bundle	Medium
Product	jar	package name	inject	Highest
Product	pom	groupid	glassfish.hk2.external	Highest
Product	pom	parent-groupid	org.glassfish.hk2	Medium
Version	pom	version	2.4.0-b34	Highest

Identifiers

pkg:maven/org.glassfish.hk2.external/javax.inject@2.4.0-b34 (Confidence:High)

javax.json-1.1.jar

Description:

Default provider for JSR 374:Java API for Processing JSON

License:

https://oss.oracle.com/licenses/CDDL+GPL-1.1

File Path: /root/.m2/repository/org/glassfish/javax.json/1.1/javax.json-1.1.jar
MD5: 318c3ce1746e2106d826301c6074a547
SHA1: 6f8ce9246049c7af84926758aeea7bc24f5dd160
SHA256:4b1f21bc50b728aaae5f44ff550383182b58b67647362959e31004e4522ee24f
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	javax.json	Low
Vendor	Manifest	bundle-docurl	http://www.oracle.com	Low
Vendor	pom	groupid	glassfish	Highest
Vendor	pom	groupid	org.glassfish	Highest
Vendor	pom	parent-groupid	org.glassfish	Medium
Vendor	jar	package name	api	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	jar	package name	json	Highest
Vendor	Manifest	extension-name	javax.json	Medium
Vendor	file	name	javax.json	High
Vendor	Manifest	bundle-symbolicname	org.glassfish.javax.json	Medium
Vendor	jar	package name	glassfish	Highest
Vendor	pom	parent-artifactid	json	Low
Vendor	jar	package name	javax	Highest
Vendor	pom	name	JSR 374 (JSON Processing) Default Provider	High
Vendor	pom	url	https://javaee.github.io/jsonp	Highest
Product	Manifest	bundle-docurl	http://www.oracle.com	Low
Product	pom	groupid	glassfish	Highest
Product	pom	parent-groupid	org.glassfish	Medium
Product	jar	package name	api	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	jar	package name	json	Highest
Product	Manifest	extension-name	javax.json	Medium
Product	file	name	javax.json	High
Product	Manifest	bundle-symbolicname	org.glassfish.javax.json	Medium
Product	jar	package name	glassfish	Highest
Product	jar	package name	javax	Highest
Product	pom	artifactid	javax.json	Highest
Product	pom	parent-artifactid	json	Medium
Product	pom	name	JSR 374 (JSON Processing) Default Provider	High
Product	Manifest	Bundle-Name	JSR 374 (JSON Processing) Default Provider	Medium
Product	pom	url	https://javaee.github.io/jsonp	Medium
Version	Manifest	Implementation-Version	1.1	High
Version	Manifest	Bundle-Version	1.1	High
Version	file	version	1.1	High
Version	pom	version	1.1	Highest

Identifiers

pkg:maven/org.glassfish/javax.json@1.1 (Confidence:High)

javax.servlet-api-3.1.0.jar

Description:

Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /root/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256:af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope:gotrack:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	javax.servlet	Highest
Vendor	jar	package name	servlet	Highest
Vendor	Manifest	bundle-symbolicname	javax.servlet-api	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	pom	url	http://servlet-spec.java.net	Highest
Vendor	pom	name	Java Servlet API	High
Vendor	file	name	javax.servlet-api	High
Vendor	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Vendor	pom	artifactid	javax.servlet-api	Low
Vendor	jar	package name	javax	Highest
Vendor	pom	organization name	GlassFish Community	High
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	Manifest	extension-name	javax.servlet	Medium
Vendor	pom	parent-groupid	net.java	Medium
Vendor	pom	organization url	https://glassfish.dev.java.net	Medium
Product	jar	package name	servlet	Highest
Product	pom	groupid	javax.servlet	Highest
Product	pom	organization name	GlassFish Community	Low
Product	pom	artifactid	javax.servlet-api	Highest
Product	Manifest	bundle-symbolicname	javax.servlet-api	Medium
Product	Manifest	Bundle-Name	Java Servlet API	Medium
Product	pom	name	Java Servlet API	High
Product	file	name	javax.servlet-api	High
Product	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Product	pom	url	http://servlet-spec.java.net	Medium
Product	jar	package name	javax	Highest
Product	pom	organization url	https://glassfish.dev.java.net	Low
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	Manifest	extension-name	javax.servlet	Medium
Product	pom	parent-groupid	net.java	Medium
Version	pom	parent-version	3.1.0	Low
Version	file	version	3.1.0	High
Version	Manifest	Implementation-Version	3.1.0	High
Version	pom	version	3.1.0	Highest
Version	Manifest	Bundle-Version	3.1.0	High

Identifiers

pkg:maven/javax.servlet/javax.servlet-api@3.1.0 (Confidence:High)

javax.transaction-api-1.2.jar

Description:

Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /root/.m2/repository/javax/transaction/javax.transaction-api/1.2/javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e
SHA256:9528449583c34d9d63aa1d8d15069790f925ae1f27b33784773b8099eff4c9ff
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	javax.transaction	Highest
Vendor	file	name	javax.transaction-api	High
Vendor	pom	organization url	https://glassfish.java.net	Medium
Vendor	jar	package name	transaction	Highest
Vendor	Manifest	bundle-symbolicname	javax.transaction-api	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	extension-name	javax.transaction	Medium
Vendor	jar	package name	javax	Highest
Vendor	Manifest	bundle-docurl	https://glassfish.java.net	Low
Vendor	pom	artifactid	javax.transaction-api	Low
Vendor	pom	name	${extension.name} API	High
Vendor	pom	organization name	GlassFish Community	High
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	url	http://jta-spec.java.net	Highest
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	pom	parent-groupid	net.java	Medium
Product	pom	organization name	GlassFish Community	Low
Product	pom	groupid	javax.transaction	Highest
Product	file	name	javax.transaction-api	High
Product	pom	artifactid	javax.transaction-api	Highest
Product	jar	package name	transaction	Highest
Product	Manifest	bundle-symbolicname	javax.transaction-api	Medium
Product	pom	organization url	https://glassfish.java.net	Low
Product	Manifest	extension-name	javax.transaction	Medium
Product	jar	package name	javax	Highest
Product	Manifest	bundle-docurl	https://glassfish.java.net	Low
Product	Manifest	Bundle-Name	javax.transaction API	Medium
Product	pom	name	${extension.name} API	High
Product	pom	url	http://jta-spec.java.net	Medium
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	pom	parent-groupid	net.java	Medium
Version	pom	version	1.2	Highest
Version	Manifest	Bundle-Version	1.2	High
Version	Manifest	Implementation-Version	1.2	High
Version	file	version	1.2	High
Version	pom	parent-version	1.2	Low

Identifiers

pkg:maven/javax.transaction/javax.transaction-api@1.2 (Confidence:High)

javax.ws.rs-api-2.0.1.jar

Description:

Java API for RESTful Web Services (JAX-RS)

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html

File Path: /root/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256:38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	ws	Highest
Vendor	pom	artifactid	javax.ws.rs-api	Low
Vendor	file	name	javax.ws.rs-api	High
Vendor	pom	url	http://jax-rs-spec.java.net	Highest
Vendor	jar	package name	rs	Highest
Vendor	pom	organization name	Oracle Corporation	High
Vendor	pom	organization url	http://www.oracle.com/	Medium
Vendor	jar	package name	javax	Highest
Vendor	Manifest	bundle-symbolicname	javax.ws.rs-api	Medium
Vendor	Manifest	extension-name	javax.ws.rs	Medium
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	hint analyzer	vendor	web services	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	name	javax.ws.rs-api	High
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	pom	groupid	javax.ws.rs	Highest
Vendor	Manifest	bundle-docurl	http://www.oracle.com/	Low
Vendor	pom	parent-groupid	net.java	Medium
Product	jar	package name	ws	Highest
Product	pom	organization url	http://www.oracle.com/	Low
Product	file	name	javax.ws.rs-api	High
Product	Manifest	Bundle-Name	javax.ws.rs-api	Medium
Product	hint analyzer	product	web services	Medium
Product	jar	package name	rs	Highest
Product	pom	organization name	Oracle Corporation	Low
Product	pom	artifactid	javax.ws.rs-api	Highest
Product	jar	package name	javax	Highest
Product	Manifest	bundle-symbolicname	javax.ws.rs-api	Medium
Product	Manifest	extension-name	javax.ws.rs	Medium
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	name	javax.ws.rs-api	High
Product	pom	url	http://jax-rs-spec.java.net	Medium
Product	pom	groupid	javax.ws.rs	Highest
Product	Manifest	bundle-docurl	http://www.oracle.com/	Low
Product	pom	parent-groupid	net.java	Medium
Version	Manifest	Implementation-Version	2.0.1	High
Version	pom	version	2.0.1	Highest
Version	Manifest	Bundle-Version	2.0.1	High
Version	pom	parent-version	2.0.1	Low
Version	file	version	2.0.1	High

Identifiers

pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1 (Confidence:High)
cpe:2.3:a:oracle:web_services:2.0.1:*:*:*:*:*:*:* (Confidence:Low)

jaxen-1.1.6.jar

Description:

Jaxen is a universal Java XPath engine.

License:

http://jaxen.codehaus.org/license.html

File Path: /root/.m2/repository/jaxen/jaxen/1.1.6/jaxen-1.1.6.jar
MD5: a140517286b56eea981e188dcc3a13f6
SHA1: 3f8c36d9a0578e8e98f030c662b69888b1430ac0
SHA256:5ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3eb
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	jaxen	Highest
Vendor	pom	artifactid	jaxen	Low
Vendor	Manifest	bundle-docurl	http://codehaus.org	Low
Vendor	pom	organization url	http://codehaus.org	Medium
Vendor	pom	organization name	Codehaus	High
Vendor	file	name	jaxen	High
Vendor	pom	name	jaxen	High
Vendor	pom	url	http://jaxen.codehaus.org/	Highest
Vendor	jar	package name	xpath	Highest
Vendor	pom	groupid	jaxen	Highest
Vendor	Manifest	bundle-symbolicname	jaxen	Medium
Product	Manifest	bundle-docurl	http://codehaus.org	Low
Product	pom	name	jaxen	High
Product	jar	package name	xpath	Highest
Product	pom	organization name	Codehaus	Low
Product	Manifest	bundle-symbolicname	jaxen	Medium
Product	jar	package name	jaxen	Highest
Product	pom	url	http://jaxen.codehaus.org/	Medium
Product	pom	artifactid	jaxen	Highest
Product	file	name	jaxen	High
Product	pom	organization url	http://codehaus.org	Low
Product	pom	groupid	jaxen	Highest
Product	Manifest	Bundle-Name	jaxen	Medium
Version	file	version	1.1.6	High
Version	pom	version	1.1.6	Highest
Version	Manifest	Bundle-Version	1.1.6	High

Identifiers

pkg:maven/jaxen/jaxen@1.1.6 (Confidence:High)

jbcrypt-0.3m.jar

Description:

        jBCrypt is a Java implementation of OpenBSD's Blowfish password hashing code, as described in A Future-Adaptable Password Scheme by Niels Provos and David Mazières, by Damien Miller.

License:

ISC/BSD License

File Path: /root/.m2/repository/org/mindrot/jbcrypt/0.3m/jbcrypt-0.3m.jar
MD5: 5cc2288708d15dd43bc8681f5b5541b0
SHA1: fe2d9c5f23767d681a7e38fc8986b812400ec583
SHA256:c0717079f4fe18f72f36ad1ab15a2afa63c6544fee4b9ac2128851330b5e1031
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jbcrypt	High
Vendor	pom	url	http://www.mindrot.org/	Highest
Vendor	jar	package name	jbcrypt	Low
Vendor	pom	organization name	mindrot.org	High
Vendor	pom	groupid	org.mindrot	Highest
Vendor	pom	name	jbcrypt	High
Vendor	pom	organization url	http://www.mindrot.org/	Medium
Vendor	jar	package name	mindrot	Highest
Vendor	jar	package name	jbcrypt	Highest
Vendor	pom	artifactid	jbcrypt	Low
Vendor	jar	package name	mindrot	Low
Vendor	pom	groupid	mindrot	Highest
Product	file	name	jbcrypt	High
Product	pom	name	jbcrypt	High
Product	pom	url	http://www.mindrot.org/	Medium
Product	jar	package name	bcrypt	Low
Product	jar	package name	mindrot	Highest
Product	jar	package name	jbcrypt	Highest
Product	jar	package name	jbcrypt	Low
Product	pom	organization url	http://www.mindrot.org/	Low
Product	pom	artifactid	jbcrypt	Highest
Product	pom	organization name	mindrot.org	Low
Product	pom	groupid	mindrot	Highest
Version	pom	version	0.3m	Highest
Version	file	version	0.3m	High

Identifiers

pkg:maven/org.mindrot/jbcrypt@0.3m (Confidence:High)
cpe:2.3:a:mindrot:jbcrypt:0.3m:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2015-0886

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

CWE-190 Integer Overflow or Wraparound

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

CONFIRM - http://www.mindrot.org/projects/jBCrypt/news/rel04.html
CONFIRM - https://bugzilla.mindrot.org/show_bug.cgi?id=2097
FEDORA - FEDORA-2015-2994
FEDORA - FEDORA-2015-3032
FEDORA - FEDORA-2015-3120
JVN - JVN#77718330
JVNDB - JVNDB-2015-000033

Vulnerable Software & Versions:

cpe:2.3:a:mindrot:jbcrypt:*:*:*:*:*:*:*:* versions up to (excluding) 0.4

jersey-entity-filtering-2.21.1.jar

Description:

        Jersey extension module providing support for Entity Data Filtering.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html

File Path: /root/.m2/repository/org/glassfish/jersey/ext/jersey-entity-filtering/2.21.1/jersey-entity-filtering-2.21.1.jar
MD5: ffacef7b6e28f0de4a47eb46bf8988f4
SHA1: 72ab7264b13fe5cc3cf839b40e9d11ec1ea68fcb
SHA256:45c12147b44afc5412f9ee84587d01d8f37a472195e37d08ec8ba4ac9a10ff7a
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	org.glassfish.jersey.ext.jersey-entity-filtering	Medium
Vendor	pom	artifactid	jersey-entity-filtering	Low
Vendor	jar	package name	filtering	Highest
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.glassfish.jersey.ext	Medium
Vendor	jar	package name	jersey	Highest
Vendor	pom	groupid	glassfish.jersey.ext	Highest
Vendor	jar	package name	glassfish	Highest
Vendor	pom	groupid	org.glassfish.jersey.ext	Highest
Vendor	file	name	jersey-entity-filtering	High
Vendor	pom	name	jersey-ext-entity-filtering	High
Vendor	Manifest	bundle-docurl	http://www.oracle.com/	Low
Product	Manifest	bundle-symbolicname	org.glassfish.jersey.ext.jersey-entity-filtering	Medium
Product	Manifest	Bundle-Name	jersey-ext-entity-filtering	Medium
Product	jar	package name	filtering	Highest
Product	pom	parent-groupid	org.glassfish.jersey.ext	Medium
Product	jar	package name	jersey	Highest
Product	pom	groupid	glassfish.jersey.ext	Highest
Product	jar	package name	glassfish	Highest
Product	pom	artifactid	jersey-entity-filtering	Highest
Product	file	name	jersey-entity-filtering	High
Product	pom	parent-artifactid	project	Medium
Product	pom	name	jersey-ext-entity-filtering	High
Product	Manifest	bundle-docurl	http://www.oracle.com/	Low
Version	file	version	2.21.1	High
Version	pom	version	2.21.1	Highest
Version	Manifest	Bundle-Version	2.21.1	High

Related Dependencies

Identifiers

pkg:maven/org.glassfish.jersey.ext/jersey-entity-filtering@2.21.1 (Confidence:High)
cpe:2.3:a:jersey_project:jersey:2.21.1:*:*:*:*:*:*:* (Confidence:Highest)

jersey-gf-cdi-2.14.jar

Description:

Jersey CDI for GlassFish integration

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html

File Path: /root/.m2/repository/org/glassfish/jersey/containers/glassfish/jersey-gf-cdi/2.14/jersey-gf-cdi-2.14.jar
MD5: 1e9b6f7618413ebd57d70517d58aa26c
SHA1: 8bf02124ff290fc01ac4f507bf3bf03fa9a106a9
SHA256:ab5c8a12611e70b2d932abbfc36e352b5958ce7ae9268bf103a8ebcf36e1828e
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jersey-gf-cdi	High
Vendor	Manifest	bundle-symbolicname	org.glassfish.jersey.containers.glassfish.jersey-gf-cdi	Medium
Vendor	pom	parent-artifactid	project	Low
Vendor	jar	package name	cdi	Highest
Vendor	jar	package name	jersey	Highest
Vendor	pom	groupid	org.glassfish.jersey.containers.glassfish	Highest
Vendor	pom	groupid	glassfish.jersey.containers.glassfish	Highest
Vendor	jar	package name	glassfish	Highest
Vendor	pom	parent-groupid	org.glassfish.jersey.containers.glassfish	Medium
Vendor	pom	name	jersey-gf-cdi	High
Vendor	jar	package name	gf	Highest
Vendor	pom	artifactid	jersey-gf-cdi	Low
Vendor	Manifest	bundle-docurl	http://www.oracle.com/	Low
Product	file	name	jersey-gf-cdi	High
Product	Manifest	bundle-symbolicname	org.glassfish.jersey.containers.glassfish.jersey-gf-cdi	Medium
Product	jar	package name	cdi	Highest
Product	jar	package name	jersey	Highest
Product	pom	groupid	glassfish.jersey.containers.glassfish	Highest
Product	Manifest	Bundle-Name	jersey-gf-cdi	Medium
Product	jar	package name	glassfish	Highest
Product	pom	parent-groupid	org.glassfish.jersey.containers.glassfish	Medium
Product	pom	name	jersey-gf-cdi	High
Product	jar	package name	gf	Highest
Product	pom	parent-artifactid	project	Medium
Product	pom	artifactid	jersey-gf-cdi	Highest
Product	Manifest	bundle-docurl	http://www.oracle.com/	Low
Version	pom	version	2.14	Highest
Version	file	version	2.14	High

Identifiers

pkg:maven/org.glassfish.jersey.containers.glassfish/jersey-gf-cdi@2.14 (Confidence:High)
cpe:2.3:a:jersey_project:jersey:2.14:*:*:*:*:*:*:* (Confidence:Highest)

jersey-server-2.22.2.jar

Description:

Jersey core server implementation

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html

File Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-server/2.22.2/jersey-server-2.22.2.jar
MD5: 62d36194c28af7a49966554af421488f
SHA1: 5ede3e5f98f8b14d31d1d0fffe9908df2bd41c0f
SHA256:8f8649b568d068f053362fa3def56206166dfceb3baa74e9f19eff6f8f8d9f1f
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	glassfish.jersey.core	Highest
Vendor	pom	parent-artifactid	project	Low
Vendor	jar	package name	server	Highest
Vendor	jar	package name	jersey	Highest
Vendor	pom	artifactid	jersey-server	Low
Vendor	jar	package name	org	Highest
Vendor	jar	package name	glassfish	Highest
Vendor	pom	groupid	org.glassfish.jersey.core	Highest
Vendor	Manifest	bundle-symbolicname	org.glassfish.jersey.core.jersey-server	Medium
Vendor	pom	parent-groupid	org.glassfish.jersey	Medium
Vendor	pom	name	jersey-core-server	High
Vendor	file	name	jersey-server	High
Vendor	Manifest	bundle-docurl	http://www.oracle.com/	Low
Product	pom	artifactid	jersey-server	Highest
Product	pom	groupid	glassfish.jersey.core	Highest
Product	jar	package name	server	Highest
Product	jar	package name	jersey	Highest
Product	Manifest	Bundle-Name	jersey-core-server	Medium
Product	jar	package name	org	Highest
Product	jar	package name	glassfish	Highest
Product	Manifest	bundle-symbolicname	org.glassfish.jersey.core.jersey-server	Medium
Product	pom	parent-groupid	org.glassfish.jersey	Medium
Product	pom	name	jersey-core-server	High
Product	pom	parent-artifactid	project	Medium
Product	file	name	jersey-server	High
Product	Manifest	bundle-docurl	http://www.oracle.com/	Low
Version	Manifest	Bundle-Version	2.22.2	High
Version	file	version	2.22.2	High
Version	pom	version	2.22.2	Highest

Related Dependencies

jersey-container-servlet-core-2.22.2.jar
- File Path: /root/.m2/repository/org/glassfish/jersey/containers/jersey-container-servlet-core/2.22.2/jersey-container-servlet-core-2.22.2.jar
- MD5: a4adb948604d7908ba9e207d3746c171
- SHA1: 212c534c5b030594ccf5c4b929e8f7cbf26eb1ba
- SHA256: 7d5ef749aeafd22f25bf06b479be92201b34e8aa8e9ad4dbee69bbcf4dc1ce07
- pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.22.2
jersey-container-servlet-2.22.2.jar
- File Path: /root/.m2/repository/org/glassfish/jersey/containers/jersey-container-servlet/2.22.2/jersey-container-servlet-2.22.2.jar
- MD5: b2c2437fc6bd593cffdc21fca596eb8f
- SHA1: d90487b9809f822af7731abb8896a2183e7c4a0c
- SHA256: 24567da42f73047d6f302b1bcafc552e8fddf6219f07cc72774eaac4a56d57e7
- pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.22.2
jersey-guava-2.22.2.jar
- File Path: /root/.m2/repository/org/glassfish/jersey/bundles/repackaged/jersey-guava/2.22.2/jersey-guava-2.22.2.jar
- MD5: d5da552c520f65980a21e9703f30453c
- SHA1: 7422c693c89640c9685dfa99dbef2da745aa4617
- SHA256: 0fdcc75d025aff4032d3b8be909b5a082913b27d953ad82dd5df2ad29aea636b
- pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.22.2
jersey-common-2.22.2.jar
- File Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-common/2.22.2/jersey-common-2.22.2.jar
- MD5: d855b5f16119a933768c13690c099375
- SHA1: 1209b89878b60ce7d49afadeff7522d2fde0e217
- SHA256: 33c51bda7fe94c27056af05c6b6bb1a0c2968b5bcf09b4c098ccbe953231186d
- pkg:maven/org.glassfish.jersey.core/jersey-common@2.22.2
jersey-client-2.22.2.jar
- File Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-client/2.22.2/jersey-client-2.22.2.jar
- MD5: 2954068011b278e9eeb81333325114b3
- SHA1: 1712fff037ce5a59e3d67f90fff29222989799ee
- SHA256: c2229f74968db3d0e676f680a58c1148278def927499f6f2eb1e932aba41fbd5
- pkg:maven/org.glassfish.jersey.core/jersey-client@2.22.2
jersey-media-jaxb-2.22.2.jar
- File Path: /root/.m2/repository/org/glassfish/jersey/media/jersey-media-jaxb/2.22.2/jersey-media-jaxb-2.22.2.jar
- MD5: 8c868cadfd83b1c7c27a3d7455733293
- SHA1: 7a9adf97790a92d09a1f2c027dbd34af15ffee04
- SHA256: 0a99789dd4f2f24451f7cf423d5682dbef39a34609555f455b73546967b9c225
- pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.22.2

Identifiers

pkg:maven/org.glassfish.jersey.core/jersey-server@2.22.2 (Confidence:High)
cpe:2.3:a:jersey_project:jersey:2.22.2:*:*:*:*:*:*:* (Confidence:Highest)

jquery-ui.min.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/jquery-ui.min.js
MD5: 3edcb0072067447a6214eb62123a9c69
SHA1: b4d3edf48e252a8a948e1e0373e0779cf4d050b6
SHA256:9a20b4a966bc22f2aaff8e71cb73453bdb6acc5ca1eede917f238c3d1b618a0a
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

json-20140107.jar

Description:

		JSON is a light-weight, language independent, data interchange format.
		See http://www.JSON.org/

		The files in this package implement JSON encoders/decoders in Java.
		It also includes the capability to convert between JSON and XML, HTTP
		headers, Cookies, and CDL.

		This is a reference implementation. There is a large number of JSON packages
		in Java. Perhaps someday the Java community will standardize on one. Until
		then, choose carefully.

		The license includes this restriction: "The software shall be used for good,
		not evil." If your conscience cannot live with that, then choose a different
		package.

		The package compiles on Java 1.2 thru Java 1.4.

License:

The JSON License: http://json.org/license.html

File Path: /root/.m2/repository/org/json/json/20140107/json-20140107.jar
MD5: 8ca2437d3dbbaa2e76195adedfd901f4
SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3
SHA256:8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	cdl	Highest
Vendor	jar	package name	xml	Highest
Vendor	jar	package name	json	Low
Vendor	pom	name	JSON in Java	High
Vendor	file	name	json-20140107	High
Vendor	pom	groupid	json	Highest
Vendor	jar	package name	json	Highest
Vendor	pom	artifactid	json	Low
Vendor	jar	package name	http	Highest
Vendor	pom	url	douglascrockford/JSON-java	Highest
Vendor	pom	groupid	org.json	Highest
Product	jar	package name	cdl	Highest
Product	jar	package name	xml	Highest
Product	pom	artifactid	json	Highest
Product	pom	name	JSON in Java	High
Product	file	name	json-20140107	High
Product	pom	groupid	json	Highest
Product	jar	package name	json	Highest
Product	jar	package name	http	Highest
Product	pom	url	douglascrockford/JSON-java	High
Version	file	version	20140107	Medium
Version	pom	version	20140107	Highest

Identifiers

pkg:maven/org.json/json@20140107 (Confidence:High)

jsr305-1.3.9.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
SHA256:905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	annotation	Low
Vendor	jar	package name	javax	Low
Vendor	file	name	jsr305	High
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	jar	package name	annotation	Low
Product	file	name	jsr305	High
Product	pom	groupid	google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	artifactid	jsr305	Highest
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	1.3.9	High
Version	pom	version	1.3.9	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@1.3.9 (Confidence:High)

jstl-1.2.jar

File Path: /root/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar
MD5: 51e15f798e69358cb893e38c50596b9b
SHA1: 74aca283cd4f4b4f3e425f5820cda58f44409547
SHA256:c6273119354a41522877e663582041012b22f8204fe72bba337ed84c7e649b0a
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	javax.servlet	Highest
Vendor	jar	package name	servlet	Highest
Vendor	file	name	jstl	High
Vendor	Manifest	specification-vendor	Sun Microsystems, Inc.	Low
Vendor	pom	artifactid	jstl	Low
Vendor	jar	package name	jstl	Highest
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	javax	Highest
Vendor	Manifest	Implementation-Vendor	Sun Microsystems, Inc.	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	jar	package name	jsp	Highest
Vendor	Manifest	extension-name	javax.servlet.jsp.jstl	Medium
Product	jar	package name	servlet	Highest
Product	pom	groupid	javax.servlet	Highest
Product	jar	package name	javax	Highest
Product	jar	package name	standard	Highest
Product	file	name	jstl	High
Product	jar	package name	jsp	Highest
Product	pom	artifactid	jstl	Highest
Product	jar	package name	jstl	Highest
Product	jar	package name	tag	Highest
Product	Manifest	specification-title	JavaServer Pages(TM) Standard Tag Library	Medium
Product	Manifest	extension-name	javax.servlet.jsp.jstl	Medium
Version	pom	version	1.2	Highest
Version	Manifest	Implementation-Version	1.2	High
Version	file	version	1.2	High

Identifiers

pkg:maven/javax.servlet/jstl@1.2 (Confidence:High)

Published Vulnerabilities

CVE-2015-0254 (OSSINDEX)

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

OSSINDEX - [CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar...

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:javax.servlet:jstl:1.2:*:*:*:*:*:*:*

jul-to-slf4j-1.6.6.jar

Description:

JUL to SLF4J bridge

File Path: /root/.m2/repository/org/slf4j/jul-to-slf4j/1.6.6/jul-to-slf4j-1.6.6.jar
MD5: 8c086f7494b96d9633ed858fb1738c36
SHA1: e25c3dab7c510a04f807a8f8f07fbc98cc7f309d
SHA256:7253dbe2a5ffdbb1bdbb0eb79d43c5fa9085f209f0858e808db122a58f9cee7b
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	jar	package name	bridge	Highest
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.3	Low
Vendor	pom	artifactid	jul-to-slf4j	Low
Vendor	Manifest	bundle-symbolicname	jul.to.slf4j	Medium
Vendor	pom	name	JUL to SLF4J bridge	High
Vendor	file	name	jul-to-slf4j	High
Vendor	jar	package name	slf4j	Highest
Product	Manifest	Bundle-Name	jul-to-slf4j	Medium
Product	jar	package name	bridge	Highest
Product	pom	groupid	slf4j	Highest
Product	pom	parent-groupid	org.slf4j	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.3	Low
Product	pom	url	http://www.slf4j.org	Medium
Product	pom	artifactid	jul-to-slf4j	Highest
Product	Manifest	bundle-symbolicname	jul.to.slf4j	Medium
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	name	JUL to SLF4J bridge	High
Product	file	name	jul-to-slf4j	High
Product	jar	package name	slf4j	Highest
Version	file	version	1.6.6	High
Version	Manifest	Bundle-Version	1.6.6	High
Version	pom	version	1.6.6	Highest
Version	Manifest	Implementation-Version	1.6.6	High

Identifiers

pkg:maven/org.slf4j/jul-to-slf4j@1.6.6 (Confidence:High)

log4j-1.2.14.jar

Description:

Log4j

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/log4j/log4j/1.2.14/log4j-1.2.14.jar
MD5: 599b8ba07d1d04f0ea34414e861d7ad1
SHA1: 03b254c872b95141751f414e353a25c2ac261b51
SHA256:e3bff9ab64a09b1ac2800f3b5fb1e3d99728064acb6dd3924938507638a404fb
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	log4j	Highest
Vendor	jar	package name	apache	Highest
Vendor	pom	organization url	http://www.apache.org	Medium
Vendor	pom	url	http://logging.apache.org/log4j/docs/	Highest
Vendor	jar	package name	log4j	Highest
Vendor	file	name	log4j	High
Vendor	pom	artifactid	log4j	Low
Vendor	pom	name	Log4j	High
Vendor	manifest: org/apache/log4j/	Implementation-Vendor	"Apache Software Foundation"	Medium
Vendor	pom	organization name	Apache Software Foundation	High
Product	pom	groupid	log4j	Highest
Product	jar	package name	apache	Highest
Product	pom	url	http://logging.apache.org/log4j/docs/	Medium
Product	jar	package name	log4j	Highest
Product	file	name	log4j	High
Product	pom	organization url	http://www.apache.org	Low
Product	pom	name	Log4j	High
Product	pom	organization name	Apache Software Foundation	Low
Product	manifest: org/apache/log4j/	Implementation-Title	log4j	Medium
Product	pom	artifactid	log4j	Highest
Version	pom	version	1.2.14	Highest
Version	file	version	1.2.14	High
Version	manifest: org/apache/log4j/	Implementation-Version	1.2.14	Medium

Identifiers

pkg:maven/log4j/log4j@1.2.14 (Confidence:High)
cpe:2.3:a:apache:log4j:1.2.14:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2019-17571

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

CWE-295 Improper Certificate Validation

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3:

Base Score: LOW (3.7)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

lombok-1.16.20.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE

File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar
MD5: 006c258e47684d5e8955f315d717049a
SHA1: ac76d9b956045631d1561a09289cbf472e077c01
SHA256:c5178b18caaa1a15e17b99ba5e4023d2de2ebc18b58cde0f5a04ca4b31c10e6d
Referenced In Project/Scope:gotrack:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	lombok	Low
Vendor	file	name	lombok	High
Vendor	pom	groupid	projectlombok	Highest
Vendor	pom	name	Project Lombok	High
Vendor	jar	package name	java	Highest
Vendor	pom	url	https://projectlombok.org	Highest
Vendor	pom	groupid	org.projectlombok	Highest
Vendor	jar	package name	lombok	Highest
Vendor	jar	package name	tostring	Highest
Vendor	Manifest	can-redefine-classes	true	Low
Product	pom	artifactid	lombok	Highest
Product	file	name	lombok	High
Product	pom	groupid	projectlombok	Highest
Product	pom	name	Project Lombok	High
Product	jar	package name	java	Highest
Product	jar	package name	lombok	Highest
Product	jar	package name	tostring	Highest
Product	pom	url	https://projectlombok.org	Medium
Product	Manifest	can-redefine-classes	true	Low
Version	Manifest	lombok-version	1.16.20	Medium
Version	file	version	1.16.20	High
Version	pom	version	1.16.20	Highest

Identifiers

pkg:maven/org.projectlombok/lombok@1.16.20 (Confidence:High)

lombok-1.16.20.jar: WindowsDriveInfo-i386.dll

File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar/lombok/installer/WindowsDriveInfo-i386.dll
MD5: c4d7064e400a22cc9a59d2d97382b5b8
SHA1: 63ac163436b8400dcc25f7d13e7a86313fd28a98
SHA256:f210056ba0dfd996646b91e92f4665399b33bf4da651dea26b4888f87215ec29
Referenced In Project/Scope:gotrack:provided

Evidence

Identifiers

None

lombok-1.16.20.jar: WindowsDriveInfo-x86_64.dll

File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar/lombok/installer/WindowsDriveInfo-x86_64.dll
MD5: cdf042a66f9681f362c365131e3c38dd
SHA1: a4598a189d82ae291faead4c0eec6abf22b256be
SHA256:4897fff1914b3534f61fbba4ef7e26892b1f32b525e06f1e264bf1eaf08ce4fe
Referenced In Project/Scope:gotrack:provided

Evidence

Identifiers

None

mockito-all-1.10.19.jar

Description:

Mock objects library for java

License:

The MIT License: http://github.com/mockito/mockito/blob/master/LICENSE

File Path: /root/.m2/repository/org/mockito/mockito-all/1.10.19/mockito-all-1.10.19.jar
MD5: 979ec16f27b6b541278e0ecd10efd771
SHA1: 539df70269cc254a58cccc5d8e43286b4a73bf30
SHA256:d1a7a7ef14b3db5c0fc3e0a63a81b374b510afe85add9f7984b97911f4c70605
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	mockito	Highest
Vendor	file	name	mockito-all	High
Vendor	pom	artifactid	mockito-all	Low
Vendor	pom	url	http://www.mockito.org	Highest
Vendor	jar	package name	mockito	Highest
Vendor	pom	name	Mockito	High
Vendor	Manifest	bundle-symbolicname	org.mockito.mockito-all	Medium
Vendor	pom	groupid	org.mockito	Highest
Vendor	jar	package name	mock	Highest
Product	jar	package name	objenesis	Highest
Product	jar	package name	mockito	Highest
Product	pom	name	Mockito	High
Product	pom	url	http://www.mockito.org	Medium
Product	Manifest	Bundle-Name	Mockito Mock Library for Java. Hamcrest-core & Objenesis included in the bundle.	Medium
Product	jar	package name	hamcrest	Highest
Product	jar	package name	mock	Highest
Product	pom	groupid	mockito	Highest
Product	file	name	mockito-all	High
Product	jar	package name	core	Highest
Product	Manifest	bundle-symbolicname	org.mockito.mockito-all	Medium
Product	pom	artifactid	mockito-all	Highest
Version	pom	version	1.10.19	Highest
Version	Manifest	Bundle-Version	1.10.19	High
Version	file	version	1.10.19	High

Identifiers

pkg:maven/org.mockito/mockito-all@1.10.19 (Confidence:High)

mysql-connector-java-5.1.35.jar

Description:

MySQL JDBC Type 4 driver

License:

The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

File Path: /root/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
MD5: 9e125f3d56d651184de1c9fde811540b
SHA1: b6ac941b7288376a7e8bc6490264bbd4427fb94e
SHA256:5097662ca4c417eb60b8dbf7d324d0c781c7a69cfae7f167617be2a9fdfd3704
Referenced In Project/Scope:gotrack:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	com.mysql.jdbc	Medium
Vendor	hint analyzer (hint)	vendor	sun	Highest
Vendor	pom	name	MySQL Connector/J	High
Vendor	pom	organization name	Oracle Corporation	High
Vendor	pom	groupid	mysql	Highest
Vendor	file	name	mysql-connector-java	High
Vendor	Manifest	Implementation-Vendor	Oracle	High
Vendor	hint analyzer	vendor	oracle	Highest
Vendor	pom	organization url	http://www.oracle.com	Medium
Vendor	Manifest (hint)	Implementation-Vendor	sun	High
Vendor	jar	package name	mysql	Highest
Vendor	pom	artifactid	mysql-connector-java	Low
Vendor	pom	url	http://dev.mysql.com/doc/connector-j/en/	Highest
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	jar	package name	jdbc	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.mysql	Medium
Vendor	jar	package name	driver	Highest
Product	pom	artifactid	mysql-connector-java	Highest
Product	Manifest	bundle-symbolicname	com.mysql.jdbc	Medium
Product	Manifest	Implementation-Title	MySQL Connector Java	High
Product	pom	url	http://dev.mysql.com/doc/connector-j/en/	Medium
Product	pom	name	MySQL Connector/J	High
Product	pom	organization name	Oracle Corporation	Low
Product	file	name	mysql-connector-java	High
Product	pom	groupid	mysql	Highest
Product	hint analyzer	product	mysql_connectors	Highest
Product	Manifest	Bundle-Name	Oracle Corporation's JDBC Driver for MySQL	Medium
Product	Manifest	specification-title	JDBC	Medium
Product	jar	package name	mysql	Highest
Product	pom	organization url	http://www.oracle.com	Low
Product	hint analyzer	product	mysql_connector/j	Highest
Product	jar	package name	jdbc	Highest
Product	hint analyzer	product	mysql_connector_j	Highest
Product	jar	package name	driver	Highest
Version	file	version	5.1.35	High
Version	Manifest	Implementation-Version	5.1.35	High
Version	pom	version	5.1.35	Highest
Version	Manifest	Bundle-Version	5.1.35	High

Identifiers

pkg:maven/mysql/mysql-connector-java@5.1.35 (Confidence:High)
cpe:2.3:a:mysql:mysql:5.1.35:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:oracle:mysql_connector\/j:5.1.35:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2017-15945

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.

CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:

Base Score: HIGH (7.2)
Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSSv3:

Base Score: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://bugs.gentoo.org/630822
GENTOO - GLSA-201711-04

Vulnerable Software & Versions: (show all)

CVE-2017-3523 (OSSINDEX)

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSSv3:

Base Score: HIGH (8.5)
Vector: CVSS:/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2017-3523] Improper Access Control

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:mysql:mysql-connector-java:5.1.35:*:*:*:*:*:*:*

CVE-2017-3589 (OSSINDEX)

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CVSSv3:

Base Score: LOW (3.3)
Vector: CVSS:/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

OSSINDEX - [CVE-2017-3589] Improper Access Control

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:mysql:mysql-connector-java:5.1.35:*:*:*:*:*:*:*

CVE-2018-3258 (OSSINDEX)

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

OSSINDEX - [CVE-2018-3258] Improper Access Control

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:mysql:mysql-connector-java:5.1.35:*:*:*:*:*:*:*

CVE-2019-2692

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

NVD-CWE-noinfo

CVSSv2:

Base Score: LOW (3.5)
Vector: /AV:L/AC:H/Au:S/C:P/I:P/A:P

CVSSv3:

Base Score: MEDIUM (6.3)
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References:

BID - 107925
CONFIRM - https://security.netapp.com/advisory/ntap-20190423-0002/
MISC - http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Vulnerable Software & Versions:

cpe:2.3:a:oracle:mysql_connector\/j:*:*:*:*:*:*:*:* versions up to (including) 8.0.15

CVE-2020-2875

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).

NVD-CWE-noinfo

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.7)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

DEBIAN - DSA-4703
FEDORA - FEDORA-2020-35995bb2d3
FEDORA - FEDORA-2020-747ec39700
GENTOO - GLSA-202105-27
MISC - https://www.oracle.com/security-alerts/cpuapr2020.html
MLIST - [debian-lts-announce] 20200611 [SECURITY] [DLA 2245-1] mysql-connector-java security update

Vulnerable Software & Versions: (show all)

CVE-2020-2933

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).

NVD-CWE-noinfo

CVSSv2:

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: LOW (2.2)
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

References:

DEBIAN - DSA-4703
FEDORA - FEDORA-2020-35995bb2d3
FEDORA - FEDORA-2020-747ec39700
GENTOO - GLSA-202105-27
MISC - https://www.oracle.com/security-alerts/cpuapr2020.html
MLIST - [debian-lts-announce] 20200611 [SECURITY] [DLA 2245-1] mysql-connector-java security update

Vulnerable Software & Versions:

cpe:2.3:a:oracle:mysql_connector\/j:*:*:*:*:*:*:*:* versions up to (including) 5.1.48

CVE-2020-2934

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).

NVD-CWE-noinfo

CVSSv2:

Base Score: MEDIUM (5.1)
Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: MEDIUM (5.0)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

DEBIAN - DSA-4703
FEDORA - FEDORA-2020-35995bb2d3
FEDORA - FEDORA-2020-747ec39700
GENTOO - GLSA-202105-27
MISC - https://www.oracle.com/security-alerts/cpuapr2020.html
MLIST - [debian-lts-announce] 20200611 [SECURITY] [DLA 2245-1] mysql-connector-java security update

Vulnerable Software & Versions: (show all)

omnifaces-3.0.jar

Description:

JSF 2.2+ utility library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar
MD5: 993acf6b529f85c8ee450973a4be8fa7
SHA1: 23422c1484c2fe9eded4d00ec1911e268254c3c7
SHA256:882520f34ea645da9490232af4e932172a2478564db0b27fd7246643018e7d42
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	OmniFaces	High
Vendor	pom	organization url	http://omnifaces.org	Medium
Vendor	Manifest	implementation-url	http://omnifaces.org	Low
Vendor	Manifest	specification-vendor	OmniFaces	Low
Vendor	pom	artifactid	omnifaces	Low
Vendor	pom	organization name	OmniFaces	High
Vendor	jar	package name	omnifaces	Highest
Vendor	Manifest	extension-name	omnifaces	Medium
Vendor	pom	groupid	org.omnifaces	Highest
Vendor	pom	name	OmniFaces	High
Vendor	pom	url	http://omnifaces.org	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.omnifaces	Medium
Vendor	file	name	omnifaces	High
Vendor	Manifest	url	http://omnifaces.org	Low
Vendor	pom	groupid	omnifaces	Highest
Product	pom	url	http://omnifaces.org	Medium
Product	Manifest	implementation-url	http://omnifaces.org	Low
Product	pom	artifactid	omnifaces	Highest
Product	jar	package name	omnifaces	Highest
Product	Manifest	specification-title	OmniFaces	Medium
Product	pom	organization name	OmniFaces	Low
Product	Manifest	extension-name	omnifaces	Medium
Product	pom	name	OmniFaces	High
Product	pom	organization url	http://omnifaces.org	Low
Product	file	name	omnifaces	High
Product	Manifest	url	http://omnifaces.org	Low
Product	pom	groupid	omnifaces	Highest
Product	Manifest	Implementation-Title	OmniFaces	High
Version	Manifest	Implementation-Version	3.0	High
Version	pom	version	3.0	Highest
Version	file	version	3.0	High

Identifiers

pkg:maven/org.omnifaces/omnifaces@3.0 (Confidence:High)

omnifaces-3.0.jar: fixviewstate.js

File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/fixviewstate.js
MD5: 24c2badf2e50107af44e7fd28c9836d0
SHA1: 8f678cad084fe0ddb1cb590af25b97de5f3a58dc
SHA256:e878fba7561765a61e8f13409bfb2d260ba430f4eed14b6d81ecce70f004a604
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

omnifaces-3.0.jar: omnifaces.js

File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/omnifaces.js
MD5: 3e6d3650c9686efc2cec9f171afe96cd
SHA1: 8d9689b3e96643ea439fad9ca26621d93bfc9e6a
SHA256:d64be3f545aacbffbcb7b06bf47ee85fe7ef61f3edfc88d92435c4ce09292387
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

omnifaces-3.0.jar: unload.js

File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/unload.js
MD5: 9b18e661eef08f977d0726118afc545d
SHA1: 4ed89c14cfa22d1a8fd3c818814fec53095537e9
SHA256:fb7742a9cf53fbc1040167a6576113751dea76dbac77f803180802deae698bc8
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

osgi-resource-locator-1.0.1.jar

Description:

 See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information

License:

https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /root/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar
MD5: 51e70ad8fc9d1e9fb19debeb55555b75
SHA1: 4ed2b2d4738aed5786cfa64cba5a332779c4c708
SHA256:775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.glassfish.hk2	Highest
Vendor	pom	name	OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers.	High
Vendor	pom	parent-groupid	org.glassfish	Medium
Vendor	pom	artifactid	osgi-resource-locator	Low
Vendor	Manifest	bundle-symbolicname	org.glassfish.hk2.osgi-resource-locator	Medium
Vendor	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Vendor	jar	package name	glassfish	Highest
Vendor	jar	package name	hk2	Highest
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	pom	parent-artifactid	pom	Low
Vendor	pom	groupid	glassfish.hk2	Highest
Vendor	file	name	osgi-resource-locator	High
Product	pom	name	OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers.	High
Product	Manifest	Bundle-Name	OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers.	Medium
Product	pom	parent-groupid	org.glassfish	Medium
Product	pom	parent-artifactid	pom	Medium
Product	Manifest	bundle-symbolicname	org.glassfish.hk2.osgi-resource-locator	Medium
Product	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Product	jar	package name	glassfish	Highest
Product	jar	package name	hk2	Highest
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	pom	artifactid	osgi-resource-locator	Highest
Product	pom	groupid	glassfish.hk2	Highest
Product	file	name	osgi-resource-locator	High
Version	pom	parent-version	1.0.1	Low
Version	Manifest	Bundle-Version	1.0.1	High
Version	pom	version	1.0.1	Highest
Version	file	version	1.0.1	High

Identifiers

pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1 (Confidence:High)

plotting.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/plotting.js
MD5: 4040bfdf03dbc750bb0f2c3b3622b585
SHA1: 4dce360f428ae9637a2c0e10950c33edebe297ca
SHA256:219f9b50bcbd66ab11629b2809e79c33c70f044273f82352f7b93c0357a3ced6
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

poi-3.11.jar

Description:

Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/org/apache/poi/poi/3.11/poi-3.11.jar
MD5: 47af95b1bbe1d2db5b6794f887c0bad7
SHA1: 51058d9db469437a5ed0aa508e7de8937019e1d9
SHA256:1412f527ed0a766a6a3697c81705381fa1c34aecc15c4cdcca12a1e52de24d0e
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	organization url	http://www.apache.org/	Medium
Vendor	pom	name	Apache POI	High
Vendor	pom	groupid	org.apache.poi	Highest
Vendor	jar	package name	poi	Highest
Vendor	pom	artifactid	poi	Low
Vendor	pom	groupid	apache.poi	Highest
Vendor	file	name	poi	High
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	format	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.apache.poi	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	organization name	Apache Software Foundation	High
Vendor	pom	url	http://poi.apache.org/	Highest
Product	Manifest	specification-title	Apache POI	Medium
Product	pom	organization name	Apache Software Foundation	Low
Product	pom	name	Apache POI	High
Product	jar	package name	poi	Highest
Product	pom	groupid	apache.poi	Highest
Product	file	name	poi	High
Product	jar	package name	apache	Highest
Product	Manifest	Implementation-Title	Apache POI	High
Product	jar	package name	format	Highest
Product	pom	organization url	http://www.apache.org/	Low
Product	pom	artifactid	poi	Highest
Product	pom	url	http://poi.apache.org/	Medium
Version	pom	version	3.11	Highest
Version	file	version	3.11	High
Version	Manifest	Implementation-Version	3.11	High

Identifiers

pkg:maven/org.apache.poi/poi@3.11 (Confidence:High)
cpe:2.3:a:apache:poi:3.11:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2014-3574

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

NVD-CWE-Other

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

BID - 69648
CONFIRM - http://poi.apache.org/changes.html
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21996759
CONFIRM - http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
CONFIRM - https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations
REDHAT - RHSA-2014:1370
REDHAT - RHSA-2014:1398
REDHAT - RHSA-2014:1399
REDHAT - RHSA-2014:1400
SECUNIA - 59943
SECUNIA - 60419
SECUNIA - 61766
XF - apache-poi-cve20143574-dos(95768)

Vulnerable Software & Versions: (show all)

CVE-2014-9527

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

CWE-399 Resource Management Errors

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

BID - 77726
CONFIRM - http://poi.apache.org/changes.html
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21996759
CONFIRM - https://issues.apache.org/bugzilla/show_bug.cgi?id=57272
FEDORA - FEDORA-2015-2090
OSSINDEX - [CVE-2014-9527] Resource Management Errors
REDHAT - RHSA-2016:1135
SECUNIA - 61953

Vulnerable Software & Versions:

cpe:2.3:a:apache:poi:*:beta3:*:*:*:*:*:* versions up to (including) 3.11

CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3:

Base Score: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:* versions up to (including) 3.13

CVE-2017-12626

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:* versions up to (excluding) 3.17

CVE-2017-5644

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv2:

Base Score: HIGH (7.1)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSSv3:

Base Score: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:* versions up to (including) 3.14

CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:

Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

Base Score: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:* versions up to (including) 4.1.0

primefaces-6.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar
MD5: 451e8f4972278f2f81a998fab5d4ce6c
SHA1: 8ec2b8a42b06ddb70fc1a614b9a4c90771ca5f9c
SHA256:b7435f17450d35f343ae932e84d2838a6fed5869f99bf3ca23cb03543878fccf
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	primefaces	Low
Vendor	pom	name	primefaces	High
Vendor	file	name	primefaces	High
Vendor	Manifest	bundle-symbolicname	org.primefaces	Medium
Vendor	pom	groupid	org.primefaces	Highest
Vendor	jar	package name	primefaces	Highest
Vendor	pom	url	http://www.primefaces.org	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.primefaces	Medium
Vendor	hint analyzer	vendor	primetek	Highest
Vendor	pom	groupid	primefaces	Highest
Product	Manifest	Implementation-Title	primefaces	High
Product	pom	name	primefaces	High
Product	file	name	primefaces	High
Product	Manifest	bundle-symbolicname	org.primefaces	Medium
Product	pom	url	http://www.primefaces.org	Medium
Product	jar	package name	primefaces	Highest
Product	Manifest	specification-title	primefaces	Medium
Product	Manifest	Bundle-Name	primefaces	Medium
Product	pom	artifactid	primefaces	Highest
Product	pom	groupid	primefaces	Highest
Version	file	version	6.1	High
Version	pom	version	6.1	Highest
Version	Manifest	Implementation-Version	6.1	High

Identifiers

pkg:maven/org.primefaces/primefaces@6.1 (Confidence:High)
cpe:2.3:a:primetek:primefaces:6.1:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2015-9251 (OSSINDEX)

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

OSSINDEX - [CVE-2015-9251] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.primefaces:primefaces:6.1:*:*:*:*:*:*:*

CVE-2019-11358 (OSSINDEX)

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

OSSINDEX - [CVE-2019-11358] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.primefaces:primefaces:6.1:*:*:*:*:*:*:*

primefaces-6.1.jar: beanvalidation.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/validation/beanvalidation.js
MD5: 07f5d5dd6d5f55ab616d5cca7eedb19a
SHA1: 8c679a6b27b493302cf670da9bd57a1d7c63f6ed
SHA256:b161e729b507f2a53fca68bfca4cae4d9303b4449ccd48e197d1e070ba42f0b4
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: captcha.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/captcha/captcha.js
MD5: 449cf2603b8d61e0ba1959560b062442
SHA1: bd4c2940dfbadbd0196ef660d773b9f68165af6f
SHA256:2bffea0b5b49524dc088d403f0f05c169aa2562b396dd869a70984e4860bfc29
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: charts.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/charts/charts.js
MD5: 0e0305eba378e337ea9e72fb2f4a359c
SHA1: 333bc15da9c333ab2cd8e2385e40c79e021f99f0
SHA256:1c86e469d244e59b64dda37b23579e32ea2b064e4435ceace92ca6f67d4de3dc
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: clock.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/clock/clock.js
MD5: 7b4fd3bddcb581c7c63c6a6046e5b294
SHA1: e4d052994102768f1fd285b1e7c3a49cb3750d71
SHA256:5003270b12697ee409c3582397c29299771bf3b75ef5c15fdd33dcc41fd6c499
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: colorpicker.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/colorpicker/colorpicker.js
MD5: b8f861f1e069cfe54c4135e889243ed7
SHA1: 4fee5dc548c8d1e475f64d102eb1743933140b99
SHA256:661c179e5714a344e3ef7c36688b5e36fcbcd7e2d7d4eb2a4781973d758091e3
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: components-mobile.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/components-mobile.js
MD5: 993697f1e6f7f707e2d9193f87e7d3a9
SHA1: 15dc19d85a39b5cd5ba0e5f3aaab5c2c51ea9923
SHA256:049f574b88eacb890fb4a78d7025560e380c877f54a1d6b3a47d121d9568427a
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: components.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/components.js
MD5: 9d924a241b45daf8384de7875131a787
SHA1: a5ec38b736825b9caffb2d93cc364400c170fa96
SHA256:29866c30f5a1c1d47fb3635f92922bf2c106651497410d8f00ef728a41850c29
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: contentflow.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/contentflow/contentflow.js
MD5: c8d9cdf5711a39be71dd5ae2747f8fc9
SHA1: 89baf86d5e387eb7b5ad7dbc067e954db322482b
SHA256:cb3bac6685e19416a5d16d65c75320e74fb49c6d31f21b388a975982183cc52f
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: core.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/core.js
MD5: 52ab254da4664a28266b84d30733861e
SHA1: fe0b98a515b326bc0608fcce8abf24ea62fd167f
SHA256:f84592dda40124c2e0557d4d084c0de0dc486c4417cb5a81d4e4941be23065f9
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: datepicker.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mobile/widgets/datepicker.js
MD5: b23740c8959ce614b37962e373731a2c
SHA1: a752ab0bbd3ff4800cebfa7880ea04831c425ae1
SHA256:c1c1737219ab9f78fc3ca1a198c64fcf136c0d9c929e0e982fc979d72b03a79d
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: diagram.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/diagram/diagram.js
MD5: 3691f163651e32d9407109a1252aec9c
SHA1: be376ba09df59316dad5159df94244e2f35bf324
SHA256:df7134a14d720733f773a99b58bc11af13c137ecbf99208dda38f9102853e3a7
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: dock.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/dock/dock.js
MD5: b62b292965e50040dd3f86daa110d2d5
SHA1: 3a2ecf41b650cc5e0797d3cdf4b9c1fe6495d096
SHA256:b557c3c0240012c2064f3523ba737993d55509f9e0213eb37eaace6997ce25c4
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: editor.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/editor/editor.js
MD5: 03327b0eec98503c7d6df63eaf99334b
SHA1: ae61199bcc34f65caa9d3c558ac938121e6c2393
SHA256:b075210f7b5f5c12148e3c44e022462c0097bd9c7fd62b783e76e85063fd5863
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: fileupload.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/fileupload/fileupload.js
MD5: 76dc9f19663bb9c7a5228f6dcafcd35f
SHA1: e2d72620a571c56b1aeb251c01a0d19c415116cd
SHA256:30f7df787a019d693a5155f0d2225791db8f1720e53ecd2847dc76b950b2a0e3
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: galleria.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/galleria/galleria.js
MD5: 5844c2920cd79afca014cd80f189c955
SHA1: bcbf2fc5bae139bc80d56a5f93e250e466e0deed
SHA256:53ca1fe107263952bc5064ed5d8fac5ddd839f7b93369c2c5665aa966c604756
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: gmap.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/gmap/gmap.js
MD5: 19747981f8104f11776e761ed698f7f5
SHA1: 306292e4db02f77fcd1311384c1f131a3a05d9e0
SHA256:2d82b098fccdcdf61845cd970c543f5a8e5fe7b7f933c8972eda32e209dedb0e
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: hotkey.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/hotkey/hotkey.js
MD5: 3ec16aa44d720657743fb21b8843a42a
SHA1: 63585295acaccefa397927146cdf66dd4e61b2d1
SHA256:aa45349925767e946b92475663269f3388b684612caf430e23e5080c60d617df
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: idlemonitor.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/idlemonitor/idlemonitor.js
MD5: 500d46c23eb7227467c5e27f7949710b
SHA1: 356cb4c29fe3c7d85ba4529e0015008265a727bf
SHA256:885d3edafab78ea25bb24cc75b438d06f81cf85d0ba5d6b285fce7b139d20d58
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: imagecompare.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/imagecompare/imagecompare.js
MD5: cad71f0b2a19194a75c72a12d87e2ad1
SHA1: 0278150105abcae6653b5b4c826456df75b17072
SHA256:b9764d322c7df4da3bc5f3a68c8b865d32e3e3971d5501e398473221154302fe
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: imagecropper.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/imagecropper/imagecropper.js
MD5: 8bc69ab8d05ce5498d0fcb32f2bc3e84
SHA1: 89842195cab5f49b1de5122ee241d5b4eed0cc68
SHA256:9e2c3860a9fcfa55a1330d8dd1d2953d4f3a4245f9dac13b0f7df0856b01504f
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: imageswitch.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/imageswitch/imageswitch.js
MD5: f853e3f43ea19e3660feeb60e9616929
SHA1: 017dbed88eb59a51ea3fd2af193cee2a20b80d1d
SHA256:0d080b090caa17e01316a274428b6f623a46d6e1a1eb9e2a2c0f3fbfe45a8006
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: inputnumber.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/inputnumber/inputnumber.js
MD5: 06ab9b692da7494dfa33db4052cb34e7
SHA1: f0bf8344c843ba3e9da1af84956731adeda54d12
SHA256:b78363a908f6197189a2ec068518fe3c357f0e014ebf5dfef60010bee59b29c7
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: inputswitch.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/inputswitch/inputswitch.js
MD5: 7311f429b690f6d3dcd81ef129c31521
SHA1: adccb449e3f42e3df60edc005ab5413b1ab0d954
SHA256:c626e3b161fcc8d3468814b9e5d70d5d959279be3a14bcf592b23b83f402f0d8
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: jquery-mobile.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mobile/jquery-mobile.js
MD5: a30baf4e982bfc71cd7ec04d9ae0e2e0
SHA1: 267073ba806d22313ec932e8e1a18461fd92f659
SHA256:fdbaa32533fadcd7eb6c4f2ab0371efeb23d24083f6ac0f0b9fccc9d441b59d5
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: jquery-plugins.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/jquery/jquery-plugins.js
MD5: d8c90d33e167692aa3d929f3cb3a56ba
SHA1: 0e8876f2289b30864e2b3fd0e4aca8e71400ac64
SHA256:740eb50ab97564fb1816d5a4ecd515499a239c156bb009ed55f401753b62343b
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: jquery.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/jquery/jquery.js
MD5: a7f7f8654d7091d750423993d94dc436
SHA1: 329b1a9d48023ac8ae9098eddbbc594d4cadb717
SHA256:e6be08d782165ce3f7d792f7b0574ee595cd242986a81af1c873c3ab571cffc3
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

pkg:javascript/jquery@1.11.3 (Confidence:Highest)

Published Vulnerabilities

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*

primefaces-6.1.jar: jquery.mousewheel.min.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mousewheel/jquery.mousewheel.min.js
MD5: a19660331d2924f8cabf797593582e42
SHA1: 854d8ef9e717c513c29e87b422149fa253b636c0
SHA256:d32437988bc7da1a0ee7856876ac50943cb639b20505fad3a0d4f00c25329cc4
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: keyboard.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/keyboard/keyboard.js
MD5: 6e2e99dd7cda7db266d6ae313873a480
SHA1: edf9f799315317d21f15724f21b1a42fb458423e
SHA256:3363f0acfb5045feb9a86d7bdabc6fcdc9ea8da4a26e7ede216938ce782d3c8f
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: keyfilter.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/keyfilter/keyfilter.js
MD5: 85b24c28db15874e9ade5d6e04a5de71
SHA1: 91b0472294804ae3dff5bf165c78f1e2b3bda879
SHA256:413b0c794363eefdee1efd14378c7bfc7e12e9ba28d04442446f9e36b5a395c9
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: knob.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/knob/knob.js
MD5: 289622044e5ae85d93faa62418765513
SHA1: 4f72b1a616292cdb9be6b43d69ae14bfc62428a9
SHA256:69a5c253d1c9abe10a34935cab7104f1880c5b6bd92b329785d8bf1841e4eda9
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: layout.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/layout/layout.js
MD5: 5d2bc563a9349fe9fa8cdddb91ce0bbd
SHA1: b5aed2c657f1dac7b44f5d9893f0133616abb09b
SHA256:2becf1c328440683e8d136209c43d6fc4da5a05d8bc877130698c14e1cdb000a
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: lifecycle.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/lifecycle/lifecycle.js
MD5: 9627c1e2d672df7f7f2c26498278b606
SHA1: c382df2afdd378164416b829074e7c2bb8780da8
SHA256:553b35162fcdc9aafce567ee18a8c501daa5b5c2f1a6634d6cb7618e6aef7572
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: log.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/log/log.js
MD5: 1190223bc485e58c760a0fb104d451ac
SHA1: 3dc24dd0f24ede52341bf8e6fdc3aad7ec7b2865
SHA256:b8c8953932f206b0e573e38b4a40fda53ef404ed4f6eeb07d6fca596810bac9a
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: mindmap.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/mindmap/mindmap.js
MD5: 141bc9c6ed0144287a62b5f388398fb5
SHA1: 1def023b3777ee500d3e9843ec05f716eb816a87
SHA256:0b7b1c440f42107771f58669f0f43e1ffa37babbbbd989f47538075f573b371e
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: moment.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/moment/moment.js
MD5: 46d56ea445e0e7caceec78247dfd78dd
SHA1: aef2cad740086e09b23352778ef85b354869099e
SHA256:bdbadb35558db161f776055ce1a92555a684c44011942bffcc49ffd0002f779d
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: organigram.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/organigram/organigram.js
MD5: fdb7ec5fbd417c5e9c1fc5a68ef092c5
SHA1: b396b9993cb4aa0880c1b8406de7478e201ebb14
SHA256:67a1e3de53a1716705460b0080448d6e1c06e38d7cdbd22ecfe46d786813f07a
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: photocam.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/photocam/photocam.js
MD5: d2305b3415a7f82126c2e0d9930d014a
SHA1: b838077c14658dec55e65782d329318f991e5023
SHA256:c21270776ca97e2424fc371b1fb29a5ef315dcfd8fb30da4c072981dbb354a0b
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: printer.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/printer/printer.js
MD5: db0d7817812477bf26a9c4888dbaeaff
SHA1: d416c41ef0681ae1d1bd04c3ec7892975bde8dba
SHA256:892fac1746ce117fc7caa9c73cdf81b4a7f828ea51671dcde4ded7f8d97a9029
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: push.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/push/push.js
MD5: 3251876ccfa8be8b3a766a4eccf64725
SHA1: 15384ebdee77cbb0b46d291d9c0971ec6d427585
SHA256:a5a75b1a068033439ef121a77eebe107e7f0be7d89b02e6117ac2c968ffef860
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: raphael.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/raphael/raphael.js
MD5: f6d76d75ffb57b71e2b49ee1e613990b
SHA1: e87839ecb03847547c1f7d174e3019b2e8cac88f
SHA256:912889c2c44c303f7d08918816a5390a255788f1f7fa827bc91c9eedf255369d
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: ribbon.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/ribbon/ribbon.js
MD5: e20363c3eba3abe543419b99105c1492
SHA1: e28da8b53ccaeafe210b16b28060c8b40396c966
SHA256:1ced20e3352796edde12c56f8c4ce12d6b7e58bec2e5716e5c199bd224a5431f
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: ring.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/ring/ring.js
MD5: f8bea47761887836c0d8a0f1641cc862
SHA1: 1f9daaf9e1b3c8191536a85ff587f2eafb1200a6
SHA256:b0edd1950427161e18c1a2a83197b645d3b1174f093774f01a92db592c6f0142
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: schedule.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/schedule/schedule.js
MD5: 64e4284021f2ffc31c7cb90fc7852d83
SHA1: 3e6e0161aa4d29157fe87bdfd0421965389ad2e3
SHA256:f7b69ae993c56dc0b3d855fd59c8a2c21919026820f6b2fd623328489d394d54
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: scrollpanel.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/scrollpanel/scrollpanel.js
MD5: b4b7ba9c7337af83694d569ad1557199
SHA1: f0f0e09848a02db156c6bd7f60adc69eb30f3bb9
SHA256:f1ca242c6c2209c3e007cf27299a2b23063e67433df1bfe6d7e5f296261f346d
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: signature.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/signature/signature.js
MD5: de47d5b7f4d3bfceb64953b29ad71566
SHA1: 8e67cb30e0b439151efa6909617cae98a665568e
SHA256:528d46fccd936c902569e1a5d9a770625180fdf997cacf7ee9ee1616032f7a37
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: stack.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/stack/stack.js
MD5: a54aad057e55ae776353ac26fefdb52f
SHA1: 7b2f9b0f672585f8171bb22c8df5eb509ff9cecd
SHA256:81908db529ecbf178975923066c65fb71ae6861c87de16b8a2b3e9cfee08b1fd
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: terminal.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/terminal/terminal.js
MD5: 0e7d65edb8e61048e5e8f0f70542f8fa
SHA1: 16b58b5898faf98396fb70147e9ab66e8c49330b
SHA256:f13c06e5606b228948a572e856cf049d16d40c93a0ce846fc0657f05ed9426df
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: texteditor.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/texteditor/texteditor.js
MD5: 7650d4387b8a3a2bc307701abf1cd8ee
SHA1: 8061fcf936147038ee4a5e9da39941399ee1791f
SHA256:9187206ff8cd37c0d9685f504345601675cba6eee65a2082ceae89cab2430ef1
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: timeline.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/timeline/timeline.js
MD5: bf1d0f2b1bced3751bd301d2ccfb3c75
SHA1: 6743e1a224b2428095fbe651d0e4ec86d116a645
SHA256:fd2dd283c0cef65ec7ad76b1d236eac95e7f8b685238a949ea2e2030b09f3fa8
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: touchswipe.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/touch/touchswipe.js
MD5: 6f38c3f2a756c8b947eb00dc86826944
SHA1: fd78cf40dcc11ca868195fc891027c22256746e1
SHA256:aa248a002e1a43c44ed11fbe0652d54c3fe07f06e6a668f27d759467130ac70e
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: validation.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/validation/validation.js
MD5: 0c135158bb0f2e697d5ba4775d24904b
SHA1: 840aa417fce4aad535ca9cac7b403e7b37b16977
SHA256:0f5db59606e8f2016c431dd1c361e97d567e32bb0e379e7ea29b4078681659ec
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-6.1.jar: watermark.js

File Path: /root/.m2/repository/org/primefaces/primefaces/6.1/primefaces-6.1.jar/META-INF/resources/primefaces/watermark/watermark.js
MD5: e8f78b7aeb9de00cffbc206ed609d55c
SHA1: f07a5bfbcaa94dc7a6ddae96b0d01f7cf8365efd
SHA256:e5a6c207a3153f5650a788e557e1d67626f2f6035f602503b1d54d6a8151e95a
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar

Description:

        PrimeFaces Extensions Project for Maven.

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar
MD5: 1f910d4ad0a197424cc38208cc900a36
SHA1: e15af78625c4bfbab75a05c1f8feb2bbea726e2e
SHA256:4a47585d79f725cb2076be755270f732d28dbfb24d41b77e16405285e9be3deb
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.primefaces.extensions	Highest
Vendor	Manifest	x-compile-target	1.6	Low
Vendor	Manifest	Implementation-Vendor-Id	org.primefaces.extensions	Medium
Vendor	pom	artifactid	primefaces-extensions	Low
Vendor	file	name	primefaces-extensions	High
Vendor	Manifest	x-compile-source	1.6	Low
Vendor	pom	name	PrimeFaces Extensions	High
Vendor	jar	package name	extensions	Highest
Vendor	pom	groupid	primefaces.extensions	Highest
Vendor	jar	package name	primefaces	Highest
Vendor	Manifest	bundle-symbolicname	org.primefaces.extensions	Medium
Vendor	pom	parent-groupid	org.primefaces.extensions	Medium
Vendor	pom	parent-artifactid	master-pom	Low
Vendor	Manifest	implementation-url	https://github.com/primefaces-extensions/primefaces-extensions	Low
Product	Manifest	specification-title	PrimeFaces Extensions	Medium
Product	Manifest	x-compile-target	1.6	Low
Product	file	name	primefaces-extensions	High
Product	Manifest	x-compile-source	1.6	Low
Product	pom	name	PrimeFaces Extensions	High
Product	jar	package name	extensions	Highest
Product	jar	package name	github	Highest
Product	Manifest	Implementation-Title	PrimeFaces Extensions	High
Product	pom	artifactid	primefaces-extensions	Highest
Product	Manifest	Bundle-Name	primefaces.extensions	Medium
Product	pom	groupid	primefaces.extensions	Highest
Product	jar	package name	primefaces	Highest
Product	Manifest	bundle-symbolicname	org.primefaces.extensions	Medium
Product	pom	parent-groupid	org.primefaces.extensions	Medium
Product	pom	parent-artifactid	master-pom	Medium
Product	Manifest	implementation-url	https://github.com/primefaces-extensions/primefaces-extensions	Low
Version	pom	version	6.1.1	Highest
Version	Manifest	Implementation-Version	6.1.1	High
Version	file	version	6.1.1	High

Identifiers

pkg:maven/org.primefaces.extensions/primefaces-extensions@6.1.1 (Confidence:High)

primefaces-extensions-6.1.1.jar: analogclock.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/analogclock/analogclock.js
MD5: 922b2c3b78829445e3552d9f7c36adc5
SHA1: 8715ed3d5d69bf77735581087fa76c62612843c5
SHA256:8280cbe97432485fc20fe501d098bdd7e4e17e1160861b5218347354900178e5
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: blockui.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/blockui/blockui.js
MD5: b899b7bf50623e0fbc71710b88a922bf
SHA1: 49d6aa9f339920bdb37df90739ff2e4df21026e3
SHA256:96d6abff9f0178a6dcf35dd2f625da9010e709bb82413bb804ad3ab63112a53b
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: calculator.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/calculator/calculator.js
MD5: 6dcef19d605fa6cf1c0567e30dcd61d0
SHA1: d00d8c4750a524c69dec10845c39e472bf29f72c
SHA256:f9be2da77715fb00e557cff7537ebeec19136d0433e3a6eed36091febe55a360
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: clipboard.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/clipboard/clipboard.js
MD5: 66552d0b3555ffaf3ec7f43843a29d8c
SHA1: 307f28150a4d2856fec3c99adaf01e54f0e1632c
SHA256:e5b6e711314ef612c3f46253938ecbd66673159129fe9a68865523b88aafd1ea
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: fluidgrid.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/fluidgrid/fluidgrid.js
MD5: 714edde2b3e8329e1413c0ea76f8279a
SHA1: 92a322b7d9ca1708d919141966689b756aab37b8
SHA256:039eb2ea6c2a7f92b01c9c42410fda90f32258173b2093095e00e2fad518e6f3
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: github.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/github/github.js
MD5: 132578be4e19727b105d7b7d1c5ad24b
SHA1: e7fc1083bb8a336a9c32dedd4fe571e286caa262
SHA256:8e9614eed26195ca84ecda4961e28c43c217ae00e2f29871eac6dc02eaf27538
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: imageareaselect.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/imageareaselect/imageareaselect.js
MD5: 8b357b36d524d2cfc2e42aa1e13719ea
SHA1: a3784383b88ea45becd0cf8501a121785f1f887e
SHA256:50aa2c538ee7565ced66e5a1d4011cf230b3df3db2bdde4d77d34f81b8898404
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: layout.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/layout/layout.js
MD5: ce42c19a75ca07994347715e46ebba9d
SHA1: 013f294905817d239ae688e168f36f61b1ff1bfc
SHA256:8ab74d766e01a1f36d036c339cca08cf0b0389451e264dccef985fd0a0627c6b
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: pdf.viewer.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/documentviewer/pdf.viewer.js
MD5: 19fd98802d221ebf3e4dfdf179c4fdcf
SHA1: ccacafb055e19ec7e3616fdf919125b5cf7b9954
SHA256:bc0c3cf61daede9db29cd820299312e3f146006bc31b795e204bc048c2474770
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: pdf.worker.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/documentviewer/pdf.worker.js
MD5: 83d8de27fb1c6c169ec4ca841eda15c8
SHA1: 91e8186ae9eb08381ff3ed44e91860cc254df0c4
SHA256:1f65891df9ba19d26dad690b26f7be5767481b84c05b8c87b63a44247cfbad9e
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: primefaces-extensions.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/primefaces-extensions.js
MD5: e84ddf8dc099a96b014d2343dffb399c
SHA1: 7ccde71278d29f424cefc0aa821320868e3a0daf
SHA256:d30bfc21efd5359d59b97d79c107c9cbf927df0e40251dde2de5728d52fd05e0
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: qrcode.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/qrcode/qrcode.js
MD5: cb788bd59aec6ef818a4773526e3f623
SHA1: a670541819f37583e58edf2eb1c9e64e0f078b0e
SHA256:be6efc9ef4f191f34b3b02d72d74c1fe6baaf9292dbf096a5e8eb59c3ae6e0e0
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: slideout.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/slideout/slideout.js
MD5: 78638d4fb368e705cacf4b375cd01331
SHA1: c244e15d31cc7c3ac21613587417ccad3f9b04a3
SHA256:ad2a1babfd5ebb5aa31a443940a4a6f424136a69aae32fffa3bedf6bf06d4e68
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: timepicker.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/timepicker/timepicker.js
MD5: 0beb1ae1028872ca302bdf44b337eab1
SHA1: 230050f8b8c179c15d75c0368d31af64bf80cb9f
SHA256:91f17dc993b34036f37d25be8bb61e47ba9bf98585864966df4d44d846452507
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: timer.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/timer/timer.js
MD5: ca179c1b2914b133c73bf4f31c9ff164
SHA1: 920d4aafaed979022d3a362bbbc7e7a7361d5e60
SHA256:aaafe3a45e1194ed1dd25e463a70f7bbec0905403264ca599ad4a3c3e209f932
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: tooltip.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/tooltip/tooltip.js
MD5: 650e176870d7a25551aaece7f3dbd438
SHA1: ebd81aaf82837affac703b9b0500838f0a400629
SHA256:c336523a503ece04e4dd24a1354639cf87c339d7fb48b5a6a2cafce69358a052
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

primefaces-extensions-6.1.1.jar: waypoint.js

File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.1.1/primefaces-extensions-6.1.1.jar/META-INF/resources/primefaces-extensions/waypoint/waypoint.js
MD5: 3840bc02f6cd963ed114e7d82eb4220c
SHA1: d90640e75002dc30388f981f2a4fa8aa9914dd83
SHA256:d334fb739b9af254b07ad34a140b7f72200be5dd1c674ce7e29c6501057de47b
Referenced In Project/Scope:gotrack:compile

Evidence

Identifiers

None

slf4j-api-1.6.6.jar

Description:

The slf4j API

File Path: /root/.m2/repository/org/slf4j/slf4j-api/1.6.6/slf4j-api-1.6.6.jar
MD5: 17ba6715f5defd50b2e781201f57b408
SHA1: ce53b0a0e2cfbb27e8a59d38f79a18a5c6a8d2b0
SHA256:43456b2ee31529a9c512d581e53e285c65feddec204a2c146945e032b07810ba
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.slf4j	Highest
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.3	Low
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	pom	artifactid	slf4j-api	Low
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	slf4j	Highest
Product	pom	parent-groupid	org.slf4j	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.3	Low
Product	pom	url	http://www.slf4j.org	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	name	SLF4J API Module	High
Product	Manifest	Bundle-Name	slf4j-api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Version	file	version	1.6.6	High
Version	Manifest	Bundle-Version	1.6.6	High
Version	pom	version	1.6.6	Highest
Version	Manifest	Implementation-Version	1.6.6	High

Identifiers

pkg:maven/org.slf4j/slf4j-api@1.6.6 (Confidence:High)

slf4j-log4j12-1.6.6.jar

Description:

SLF4J LOG4J-12 Binding

File Path: /root/.m2/repository/org/slf4j/slf4j-log4j12/1.6.6/slf4j-log4j12-1.6.6.jar
MD5: 00e5efbc17122d31a1c02c179e6d6e0b
SHA1: 5cd9b4fbc3ff6a97beaade3206137d76f65df805
SHA256:1e44890f21765cb92aeeda2e62b72ae37be230193880e9a8b7b768fde1a10b2c
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.slf4j	Highest
Vendor	file	name	slf4j-log4j12	High
Vendor	pom	name	SLF4J LOG4J-12 Binding	High
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	Manifest	bundle-symbolicname	slf4j.log4j12	Medium
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	pom	artifactid	slf4j-log4j12	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.3	Low
Vendor	jar	package name	slf4j	Highest
Product	file	name	slf4j-log4j12	High
Product	Manifest	Implementation-Title	slf4j-log4j12	High
Product	pom	artifactid	slf4j-log4j12	Highest
Product	pom	groupid	slf4j	Highest
Product	Manifest	bundle-symbolicname	slf4j.log4j12	Medium
Product	pom	parent-groupid	org.slf4j	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.3	Low
Product	pom	url	http://www.slf4j.org	Medium
Product	pom	name	SLF4J LOG4J-12 Binding	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	Manifest	Bundle-Name	slf4j-log4j12	Medium
Product	jar	package name	slf4j	Highest
Version	file	version	1.6.6	High
Version	Manifest	Bundle-Version	1.6.6	High
Version	pom	version	1.6.6	Highest
Version	Manifest	Implementation-Version	1.6.6	High

Identifiers

pkg:maven/org.slf4j/slf4j-log4j12@1.6.6 (Confidence:High)

term.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/term.js
MD5: 14ad2e406311c5618e73131498efcd97
SHA1: 774fedc9720b93a38d2b728523277fb603fb49d6
SHA256:8c2f65cf6f797433160acd272c1438e6991aee3fa9883562c50a50d671cee807
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

trends.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/trends.js
MD5: cbd272f095dbeebc9672469aa91fb598
SHA1: a09f229f4c26ae679b9e4402247b6b06c12c10c6
SHA256:dbd7bff5f5062bff751b00d59704331928e3a69a31df6c0ec9bb451cd1b0d57a
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

trove4j-3.0.3.jar

Description:

The Trove library provides high speed regular and primitive
        collections for Java.

License:

GNU Lesser General Public License 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt

File Path: /root/.m2/repository/net/sf/trove4j/trove4j/3.0.3/trove4j-3.0.3.jar
MD5: 8fc4d4e0129244f9fd39650c5f30feb2
SHA1: 42ccaf4761f0dfdfa805c9e340d99a755907e2dd
SHA256:3c8616203d61a12a7e3487e8b34f3c198c2b5ba9e90da0c7ea32d99cd4958012
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	trove4j	High
Vendor	jar	package name	trove	Highest
Vendor	pom	name	GNU Trove	High
Vendor	jar	package name	gnu	Highest
Vendor	pom	url	http://trove4j.sf.net	Highest
Vendor	pom	artifactid	trove4j	Low
Vendor	Manifest	implementation-url	http://trove4j.sourceforge.net/	Low
Vendor	pom	groupid	net.sf.trove4j	Highest
Product	file	name	trove4j	High
Product	jar	package name	trove	Highest
Product	pom	name	GNU Trove	High
Product	jar	package name	gnu	Highest
Product	Manifest	Implementation-Title	Trove	High
Product	pom	artifactid	trove4j	Highest
Product	pom	url	http://trove4j.sf.net	Medium
Product	Manifest	implementation-url	http://trove4j.sourceforge.net/	Low
Product	pom	groupid	net.sf.trove4j	Highest
Version	file	version	3.0.3	High
Version	pom	version	3.0.3	Highest
Version	Manifest	Implementation-Version	3.0.3	High

Identifiers

pkg:maven/net.sf.trove4j/trove4j@3.0.3 (Confidence:High)

utility.js

File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/utility.js
MD5: 35fd1ed10e1e7e84f93d73b1d901e055
SHA1: 5fca54fd9a39fb246385a3ecf66b295dfbf1495b
SHA256:7e900c2cb048f23dc57bdc71c34b5040e2b2c3f46ff74d42798dea2795968ff1
Referenced In Project/Scope:gotrack

Evidence

Identifiers

None

validation-api-1.1.0.Final.jar

Description:

        Bean Validation API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
SHA256:f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	javax	Highest
Vendor	file	name	validation-api	High
Vendor	pom	name	Bean Validation API	High
Vendor	pom	artifactid	validation-api	Low
Vendor	pom	groupid	javax.validation	Highest
Vendor	pom	url	http://beanvalidation.org	Highest
Vendor	Manifest	bundle-symbolicname	javax.validation.api	Medium
Vendor	jar	package name	validation	Highest
Product	jar	package name	javax	Highest
Product	file	name	validation-api	High
Product	pom	name	Bean Validation API	High
Product	pom	groupid	javax.validation	Highest
Product	pom	url	http://beanvalidation.org	Medium
Product	Manifest	Bundle-Name	Bean Validation API	Medium
Product	pom	artifactid	validation-api	Highest
Product	jar	package name	validation	Highest
Product	Manifest	bundle-symbolicname	javax.validation.api	Medium
Version	pom	version	1.1.0.Final	Highest
Version	Manifest	Bundle-Version	1.1.0.Final	High

Identifiers

pkg:maven/javax.validation/validation-api@1.1.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar

Description:

This jar bundles all the bits of Weld and CDI required for running in a Servlet container.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar
MD5: 0856fb1cc23b31b273f260bf2fb5c48c
SHA1: 3714f2ceea7b41cc981dbee409df81dda874fdd4
SHA256:08762cdb8f7fc5aa8524db1cffe6644b0f161d9df3b81828754f4479e529d6c0
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	servlet	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	groupid	org.jboss.weld.servlet	Highest
Vendor	jar	package name	container	Highest
Vendor	pom	parent-groupid	org.jboss.weld.servlet	Medium
Vendor	pom	name	Weld Servlet (Uber Jar)	High
Vendor	Manifest	build-time	2017-05-12 10:59	Low
Vendor	pom	artifactid	weld-servlet-shaded	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	jboss	Highest
Vendor	pom	url	http://weld.cdi-spec.org	Highest
Vendor	Manifest	os-name	Linux	Medium
Vendor	Manifest	scm	42e40b56341205984c9275b44a5b73fb098237c7	Low
Vendor	pom	groupid	jboss.weld.servlet	Highest
Vendor	jar	package name	weld	Highest
Vendor	pom	parent-artifactid	weld-servlet-parent	Low
Vendor	file	name	weld-servlet-shaded	High
Product	jar	package name	servlet	Highest
Product	pom	url	http://weld.cdi-spec.org	Medium
Product	jar	package name	injection	Highest
Product	jar	package name	container	Highest
Product	pom	artifactid	weld-servlet-shaded	Highest
Product	Manifest	Implementation-Title	Weld Servlet (Uber Jar)	High
Product	pom	parent-groupid	org.jboss.weld.servlet	Medium
Product	pom	name	Weld Servlet (Uber Jar)	High
Product	Manifest	build-time	2017-05-12 10:59	Low
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	jboss	Highest
Product	Manifest	os-name	Linux	Medium
Product	Manifest	scm	42e40b56341205984c9275b44a5b73fb098237c7	Low
Product	jar	package name	weld	Highest
Product	pom	groupid	jboss.weld.servlet	Highest
Product	file	name	weld-servlet-shaded	High
Product	Manifest	specification-title	JSR-365 Contexts and Dependency Injection for Java	Medium
Product	jar	package name	contexts	Highest
Product	pom	parent-artifactid	weld-servlet-parent	Medium
Version	pom	version	3.0.0.Final	Highest
Version	Manifest	Implementation-Version	3.0.0.Final	High

Identifiers

pkg:maven/org.jboss.weld.servlet/weld-servlet-shaded@3.0.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.annotation:javax.annotation-api:1.3)

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml
MD5: f7dc10c2df67f8377c83eb8c1d46ee05
SHA1: 0df1867b4b7930cc1ec2c1267330720f96cb336c
SHA256:710cc43d8a7d9239e74f4532550fa58eb06e959a547bdc750c33f83b6180ce97
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	${extension.name} API	High
Vendor	pom	organization name	GlassFish Community	High
Vendor	pom	organization url	https://glassfish.java.net	Medium
Vendor	pom	artifactid	javax.annotation-api	Low
Vendor	pom	url	http://jcp.org/en/jsr/detail?id=250	Highest
Vendor	pom	groupid	javax.annotation	Highest
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	pom	parent-groupid	net.java	Medium
Product	pom	organization name	GlassFish Community	Low
Product	pom	name	${extension.name} API	High
Product	pom	organization url	https://glassfish.java.net	Low
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	pom	groupid	javax.annotation	Highest
Product	pom	url	http://jcp.org/en/jsr/detail?id=250	Medium
Product	pom	artifactid	javax.annotation-api	Highest
Product	pom	parent-groupid	net.java	Medium
Version	pom	version	1.3	Highest
Version	pom	parent-version	1.3	Low

Identifiers

pkg:maven/javax.annotation/javax.annotation-api@1.3 (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: javax.enterprise:cdi-api:2.0)

Description:

APIs for CDI (Contexts and Dependency Injection for Java)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/javax.enterprise/cdi-api/pom.xml
MD5: 61a45158a999ab92d9a82fb2645d4b7d
SHA1: 1ce9a75771a35ad14ba1bd9dd5677d48c5c984d9
SHA256:6074b4dc3a8533226ca8dd3fe9e5b425522d9ccc1ae2ed7b6041f3d6d1bb1d68
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	organization name	JBoss by Red Hat, Inc.	High
Vendor	pom	groupid	javax.enterprise	Highest
Vendor	pom	name	CDI APIs	High
Vendor	pom	artifactid	cdi-api	Low
Vendor	pom	parent-groupid	org.jboss.weld	Medium
Vendor	pom	url	http://cdi-spec.org	Highest
Vendor	pom	organization url	http://jboss.org	Medium
Vendor	pom	parent-artifactid	weld-parent	Low
Product	pom	groupid	javax.enterprise	Highest
Product	pom	name	CDI APIs	High
Product	pom	parent-groupid	org.jboss.weld	Medium
Product	pom	artifactid	cdi-api	Highest
Product	pom	url	http://cdi-spec.org	Medium
Product	pom	organization url	http://jboss.org	Low
Product	pom	organization name	JBoss by Red Hat, Inc.	Low
Product	pom	parent-artifactid	weld-parent	Medium
Version	pom	version	2.0	Highest
Version	pom	parent-version	2.0	Low

Identifiers

pkg:maven/javax.enterprise/cdi-api@2.0 (Confidence:High)
cpe:2.3:a:redhat:jboss_weld:2.0:*:*:*:*:*:*:* (Confidence:Low)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.classfilewriter:jboss-classfilewriter:1.2.1.Final)

Description:

A bytecode writer that creates .class files at runtime

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.classfilewriter/jboss-classfilewriter/pom.xml
MD5: 7d4f88033b845281d1ccf7deedc824e3
SHA1: 144c5027fb0e386f0ccc4155a7d963e92ae458f5
SHA256:620e1364621b5beab50f564454307c1b2704c3b9e42268372c40e207e3a4c21c
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	pom	groupid	jboss.classfilewriter	Highest
Vendor	pom	parent-artifactid	jboss-parent	Low
Vendor	pom	name	classfilewriter	High
Vendor	pom	artifactid	jboss-classfilewriter	Low
Vendor	pom	url	jbossas/jboss-classfilewriter	Highest
Product	pom	parent-groupid	org.jboss	Medium
Product	pom	groupid	jboss.classfilewriter	Highest
Product	pom	artifactid	jboss-classfilewriter	Highest
Product	pom	url	jbossas/jboss-classfilewriter	High
Product	pom	name	classfilewriter	High
Product	pom	parent-artifactid	jboss-parent	Medium
Version	pom	version	1.2.1.Final	Highest
Version	pom	parent-version	1.2.1.Final	Low

Identifiers

pkg:maven/org.jboss.classfilewriter/jboss-classfilewriter@1.2.1.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.logging:jboss-logging:3.2.1.Final)

Description:

The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.logging/jboss-logging/pom.xml
MD5: 7e9423d688132d4112921ef91644f95e
SHA1: 81b599e87480e076b1db6e2fa103185b145aab68
SHA256:b7bab8229f58450a45f0bcbf3bdbf87a33c529aea5f9697bc705a51f5199f40e
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	http://www.jboss.org	Highest
Vendor	pom	groupid	jboss.logging	Highest
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	pom	name	JBoss Logging 3	High
Vendor	pom	artifactid	jboss-logging	Low
Vendor	pom	parent-artifactid	jboss-parent	Low
Product	pom	groupid	jboss.logging	Highest
Product	pom	parent-groupid	org.jboss	Medium
Product	pom	url	http://www.jboss.org	Medium
Product	pom	name	JBoss Logging 3	High
Product	pom	artifactid	jboss-logging	Highest
Product	pom	parent-artifactid	jboss-parent	Medium
Version	pom	parent-version	3.2.1.Final	Low
Version	pom	version	3.2.1.Final	Highest

Identifiers

pkg:maven/org.jboss.logging/jboss-logging@3.2.1.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.2_spec:1.0.0.Final)

Description:

The Java(TM) EE  Interceptors 1.2 API classes from JSR 318.

License:

Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.spec.javax.interceptor/jboss-interceptors-api_1.2_spec/pom.xml
MD5: 0df27a83e30022fa745517e734f20114
SHA1: 4af3d311be850614438a8f2a38a1f216ae9ce110
SHA256:e42b23ee4551f521a1f6cffec0954131a0905fb90dabfcb863e58d4af1acc391
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	jboss.spec.javax.interceptor	Highest
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	pom	name	Java(TM) EE Interceptors 1.2 API	High
Vendor	pom	parent-artifactid	jboss-parent	Low
Vendor	pom	artifactid	jboss-interceptors-api_1.2_spec	Low
Product	pom	groupid	jboss.spec.javax.interceptor	Highest
Product	pom	parent-groupid	org.jboss	Medium
Product	pom	artifactid	jboss-interceptors-api_1.2_spec	Highest
Product	pom	name	Java(TM) EE Interceptors 1.2 API	High
Product	pom	parent-artifactid	jboss-parent	Medium
Version	pom	parent-version	1.0.0.Final	Low
Version	pom	version	1.0.0.Final	Highest

Identifiers

pkg:maven/org.jboss.spec.javax.interceptor/jboss-interceptors-api_1.2_spec@1.0.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.environment:weld-environment-common:3.0.0.Final)

Description:

Common tools for non-standard Weld environments (SE, Servlet containers)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.environment/weld-environment-common/pom.xml
MD5: e6f15188d548fc3fbbbfcd73927af658
SHA1: efa1230476f0a296cd4d43370ca5e357bf4b709a
SHA256:f0ae7c01d4cb6a873937f1f1ad70f2b2e4b7504c3b42060b47616a2a12b581d7
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.jboss.weld	Medium
Vendor	pom	url	http://weld.cdi-spec.org	Highest
Vendor	pom	artifactid	weld-environment-common	Low
Vendor	pom	groupid	jboss.weld.environment	Highest
Vendor	pom	name	Weld Environment Common	High
Vendor	pom	parent-artifactid	weld-core-parent	Low
Product	pom	url	http://weld.cdi-spec.org	Medium
Product	pom	parent-artifactid	weld-core-parent	Medium
Product	pom	parent-groupid	org.jboss.weld	Medium
Product	pom	groupid	jboss.weld.environment	Highest
Product	pom	name	Weld Environment Common	High
Product	pom	artifactid	weld-environment-common	Highest
Version	pom	version	3.0.0.Final	Highest

Identifiers

pkg:maven/org.jboss.weld.environment/weld-environment-common@3.0.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-jsf:3.0.0.Final)

Description:

Weld JSF support

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.module/weld-jsf/pom.xml
MD5: e701c277de40cfba059163fe3959c9e8
SHA1: c64769af972c5ae55ec7a1d654d0ea2b31d97c4f
SHA256:b34797a0f6135e14bd0ed48d2f9db06bb8cce7865d19caa6895155c3f307878a
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.jboss.weld	Medium
Vendor	pom	url	http://weld.cdi-spec.org	Highest
Vendor	pom	name	Weld JSF	High
Vendor	pom	groupid	jboss.weld.module	Highest
Vendor	pom	artifactid	weld-jsf	Low
Vendor	pom	parent-artifactid	weld-core-parent	Low
Product	pom	url	http://weld.cdi-spec.org	Medium
Product	pom	parent-artifactid	weld-core-parent	Medium
Product	pom	parent-groupid	org.jboss.weld	Medium
Product	pom	artifactid	weld-jsf	Highest
Product	pom	name	Weld JSF	High
Product	pom	groupid	jboss.weld.module	Highest
Version	pom	version	3.0.0.Final	Highest

Identifiers

pkg:maven/org.jboss.weld.module/weld-jsf@3.0.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.module:weld-web:3.0.0.Final)

Description:

Weld Web module

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.module/weld-web/pom.xml
MD5: 8cb62e727d8748b0afa57e140afc226e
SHA1: f9b5cf0939755e25a3e8d744a4f1fdafb7970f7f
SHA256:239e601141d2241ccbcf48bb52cdc7980091f6c412729e50982531bf61498ebb
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.jboss.weld	Medium
Vendor	pom	url	http://weld.cdi-spec.org	Highest
Vendor	pom	artifactid	weld-web	Low
Vendor	pom	name	Weld Web	High
Vendor	pom	groupid	jboss.weld.module	Highest
Vendor	pom	parent-artifactid	weld-core-parent	Low
Product	pom	url	http://weld.cdi-spec.org	Medium
Product	pom	artifactid	weld-web	Highest
Product	pom	parent-artifactid	weld-core-parent	Medium
Product	pom	parent-groupid	org.jboss.weld	Medium
Product	pom	name	Weld Web	High
Product	pom	groupid	jboss.weld.module	Highest
Version	pom	version	3.0.0.Final	Highest

Identifiers

pkg:maven/org.jboss.weld.module/weld-web@3.0.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.probe:weld-probe-core:3.0.0.Final)

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.probe/weld-probe-core/pom.xml
MD5: f1fad02dd2a1bdafcad6a237a7e8f9be
SHA1: 9f9eb494a3c84d499b79516ecef0fe91d01a2a0e
SHA256:0212b16baf671b0e43c0b3b21507eceb1beb13af0268558c4d8464e0f0d8cec9
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Weld Probe Core	High
Vendor	pom	parent-groupid	org.jboss.weld.probe	Medium
Vendor	pom	groupid	jboss.weld.probe	Highest
Vendor	pom	parent-artifactid	weld-probe-parent	Low
Vendor	pom	artifactid	weld-probe-core	Low
Product	pom	name	Weld Probe Core	High
Product	pom	parent-groupid	org.jboss.weld.probe	Medium
Product	pom	groupid	jboss.weld.probe	Highest
Product	pom	parent-artifactid	weld-probe-parent	Medium
Product	pom	artifactid	weld-probe-core	Highest
Version	pom	version	3.0.0.Final	Highest

Identifiers

pkg:maven/org.jboss.weld.probe/weld-probe-core@3.0.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld.servlet:weld-servlet-core:3.0.0.Final)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld.servlet/weld-servlet-core/pom.xml
MD5: 5dd72a50bc738f1da9be3f62fe126fe1
SHA1: 4f705ee14557f790c471ee911ab9d440f3a39a25
SHA256:65f09d35223113ac9cb7926669fbc67ac3eacea6fad95d5f523164bd4ea7fc28
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	http://weld.cdi-spec.org	Highest
Vendor	pom	artifactid	weld-servlet-core	Low
Vendor	pom	parent-groupid	org.jboss.weld.servlet	Medium
Vendor	pom	groupid	jboss.weld.servlet	Highest
Vendor	pom	parent-artifactid	weld-servlet-parent	Low
Vendor	pom	name	Weld Servlet Core	High
Product	pom	url	http://weld.cdi-spec.org	Medium
Product	pom	parent-groupid	org.jboss.weld.servlet	Medium
Product	pom	groupid	jboss.weld.servlet	Highest
Product	pom	artifactid	weld-servlet-core	Highest
Product	pom	parent-artifactid	weld-servlet-parent	Medium
Product	pom	name	Weld Servlet Core	High
Version	pom	version	3.0.0.Final	Highest

Identifiers

pkg:maven/org.jboss.weld.servlet/weld-servlet-core@3.0.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-api:3.0.Final)

Description:

Weld specifc extensions to the CDI API

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld/weld-api/pom.xml
MD5: 2d26b787129c1b64ce948b39e143baf3
SHA1: c0ecef8e8a5647171b32ed10cc98f72b556b5d3d
SHA256:407f32735d3ab855d08b5021860d073558a0dec86834746225fbce879433f454
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	weld-api	Low
Vendor	pom	parent-groupid	org.jboss.weld	Medium
Vendor	pom	url	http://weld.cdi-spec.org	Highest
Vendor	pom	parent-artifactid	weld-api-parent	Low
Vendor	pom	name	Weld APIs	High
Vendor	pom	groupid	jboss.weld	Highest
Product	pom	url	http://weld.cdi-spec.org	Medium
Product	pom	parent-artifactid	weld-api-parent	Medium
Product	pom	parent-groupid	org.jboss.weld	Medium
Product	pom	name	Weld APIs	High
Product	pom	artifactid	weld-api	Highest
Product	pom	groupid	jboss.weld	Highest
Version	pom	version	3.0.Final	Highest

Identifiers

pkg:maven/org.jboss.weld/weld-api@3.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-core-impl:3.0.0.Final)

Description:

Weld's implementation of CDI

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld/weld-core-impl/pom.xml
MD5: 091c240768b2164eb329d776ddbec6c5
SHA1: becf697c1bcb31f0c04c81144de1aea685f1a156
SHA256:d7b741d6542c9c9c059cb91459b1efd793ae5864b65444d073fc05d008fad618
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Weld Implementation (Core)	High
Vendor	pom	parent-groupid	org.jboss.weld	Medium
Vendor	pom	url	http://weld.cdi-spec.org	Highest
Vendor	pom	artifactid	weld-core-impl	Low
Vendor	pom	groupid	jboss.weld	Highest
Vendor	pom	parent-artifactid	weld-core-parent	Low
Product	pom	url	http://weld.cdi-spec.org	Medium
Product	pom	name	Weld Implementation (Core)	High
Product	pom	parent-artifactid	weld-core-parent	Medium
Product	pom	parent-groupid	org.jboss.weld	Medium
Product	pom	artifactid	weld-core-impl	Highest
Product	pom	groupid	jboss.weld	Highest
Version	pom	version	3.0.0.Final	Highest

Identifiers

pkg:maven/org.jboss.weld/weld-core-impl@3.0.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar (shaded: org.jboss.weld:weld-spi:3.0.Final)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/maven/org.jboss.weld/weld-spi/pom.xml
MD5: e4a12d320708f8010b233c6dda4a356a
SHA1: bbb507b105026ea2cc7b1af86d62d63d8dddde89
SHA256:891ab3a79ea6feeef946d1992c8c2aed093b842626e3932cceee798c3142b44f
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.jboss.weld	Medium
Vendor	pom	url	http://weld.cdi-spec.org	Highest
Vendor	pom	parent-artifactid	weld-api-parent	Low
Vendor	pom	groupid	jboss.weld	Highest
Vendor	pom	artifactid	weld-spi	Low
Vendor	pom	name	Weld SPIs for container integration	High
Product	pom	url	http://weld.cdi-spec.org	Medium
Product	pom	parent-artifactid	weld-api-parent	Medium
Product	pom	parent-groupid	org.jboss.weld	Medium
Product	pom	artifactid	weld-spi	Highest
Product	pom	groupid	jboss.weld	Highest
Product	pom	name	Weld SPIs for container integration	High
Version	pom	version	3.0.Final	Highest

Identifiers

pkg:maven/org.jboss.weld/weld-spi@3.0.Final (Confidence:High)

weld-servlet-shaded-3.0.0.Final.jar: probe.js

File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.0.0.Final/weld-servlet-shaded-3.0.0.Final.jar/META-INF/client/probe.js
MD5: 5c1cce0e82e969138c6c2b371a360f61
SHA1: 192af923ab718cb0f1b71e168209d811b204050b
SHA256:bb6b4ed0993e560dcb3404b74f1aaafb86dc7fd571cafc99d1c25d1a8020421b
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jquery	High
Vendor	file	name	moment.js	High
Vendor	file	name	bootstrap	High
Product	file	name	jquery	High
Product	file	name	moment.js	High
Product	file	name	bootstrap	High
Version	file	version	2.1.1	High
Version	file	version	2.8.4	High
Version	file	version	3.3.1	High

Identifiers

pkg:javascript/bootstrap@3.3.1 (Confidence:Highest)
pkg:javascript/jquery@2.1.1 (Confidence:Highest)
pkg:javascript/moment.js@2.8.4 (Confidence:Highest)

Published Vulnerabilities

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*

CVE-2018-14040

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*

CVE-2018-14041

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*

CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7

CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*

reDOS - regular expression denial of service (RETIREJS)

reDOS - regular expression denial of service

Unscored:

Severity: low

References:

info - https://github.com/moment/moment/issues/2936

xml-apis-1.0.b2.jar

Description:

xml-commons provides an Apache-hosted set of DOM, SAX, and 
    JAXP interfaces for use in other xml-based projects. Our hope is that we 
    can standardize on both a common version and packaging scheme for these 
    critical XML standards interfaces to make the lives of both our developers 
    and users easier. The External Components portion of xml-commons contains 
    interfaces that are defined by external standards organizations. For DOM, 
    that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for 
    JAXP it's Sun.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.m2/repository/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar
MD5: 458715c0f7646a56b1c6ad3138098beb
SHA1: 3136ca936f64c9d68529f048c2618bd356bf85c9
SHA256:8232f3482c346d843e5e3fb361055771c1acc105b6d8a189eb9018c55948cf9f
Referenced In Project/Scope:gotrack:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	manifest: org/xml/sax/	Implementation-Vendor	David Megginson	Medium
Vendor	jar	package name	dom	Highest
Vendor	pom	organization url	http://www.apache.org/	Medium
Vendor	pom	groupid	xml-apis	Highest
Vendor	file	name	xml-apis	High
Vendor	jar	package name	apache	Highest
Vendor	pom	name	XML Commons External Components XML APIs	High
Vendor	jar	package name	xml	Highest
Vendor	jar	package name	w3c	Highest
Vendor	pom	url	http://xml.apache.org/commons/#external	Highest
Vendor	manifest: org/apache/xmlcommons/Version	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	jar	package name	version	Highest
Vendor	manifest: javax/xml/transform/	Implementation-Vendor	Sun Microsystems Inc.	Medium
Vendor	manifest: org/w3c/dom/	Implementation-Vendor	World Wide Web Consortium	Medium
Vendor	pom	organization name	Apache Software Foundation	High
Vendor	jar	package name	sax	Highest
Vendor	manifest: javax/xml/parsers/	Implementation-Vendor	Sun Microsystems Inc.	Medium
Vendor	pom	artifactid	xml-apis	Low
Product	jar	package name	dom	Highest
Product	pom	url	http://xml.apache.org/commons/#external	Medium
Product	manifest: javax/xml/transform/	Specification-Title	Java API for XML Processing	Medium
Product	manifest: org/w3c/dom/	Implementation-Title	org.w3c.dom	Medium
Product	manifest: org/w3c/dom/	Specification-Title	Document Object Model, Level 2 Core	Medium
Product	manifest: org/xml/sax/	Implementation-Title	org.xml.sax	Medium
Product	jar	package name	document	Highest
Product	file	name	xml-apis	High
Product	jar	package name	xml	Highest
Product	jar	package name	w3c	Highest
Product	manifest: javax/xml/parsers/	Specification-Title	Java API for XML Processing	Medium
Product	jar	package name	version	Highest
Product	jar	package name	transform	Highest
Product	manifest: javax/xml/transform/	Implementation-Title	javax.xml.transform	Medium
Product	pom	organization name	Apache Software Foundation	Low
Product	manifest: org/apache/xmlcommons/Version	Implementation-Title	org.apache.xmlcommons.Version	Medium
Product	pom	groupid	xml-apis	Highest
Product	manifest: org/xml/sax/	Specification-Title	Simple API for XML	Medium
Product	jar	package name	xmlcommons	Highest
Product	jar	package name	javax	Highest
Product	jar	package name	apache	Highest
Product	pom	name	XML Commons External Components XML APIs	High
Product	pom	organization url	http://www.apache.org/	Low
Product	pom	artifactid	xml-apis	Highest
Product	jar	package name	sax	Highest
Product	manifest: javax/xml/parsers/	Implementation-Title	javax.xml.transform	Medium
Version	file	version	1.0.b2	High
Version	manifest: org/apache/xmlcommons/Version	Implementation-Version	1.0.b2	Medium
Version	pom	version	1.0.b2	Highest

Identifiers

pkg:maven/xml-apis/xml-apis@1.0.b2 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: gotrack

ubc.pavlab:gotrack:1.7-SNAPSHOT

Summary

Dependencies

animal-sniffer-annotations-1.14.jar

Evidence

Identifiers

aopalliance-repackaged-2.4.0-b34.jar

Evidence

Identifiers

bluesky-1.0.10.jar

Evidence

Identifiers

common.js

Evidence

Identifiers

commons-codec-1.9.jar

Evidence

Identifiers

commons-lang3-3.3.2.jar

Evidence

Identifiers

commons-math3-3.4.1.jar

Evidence

Identifiers

concurrent-trees-2.4.0.jar

Evidence

Identifiers

dagre-d3.min.js

Evidence

Identifiers

dom4j-1.6.1.jar

Evidence

Identifiers

enrichment.js

Evidence

Identifiers

error_prone_annotations-2.0.18.jar

Evidence

Identifiers

genes.js

Evidence

Identifiers

gograph.js

Evidence

Identifiers

gson-2.2.4.jar

Evidence

Identifiers

guava-23.0.jar

Evidence

Identifiers

Published Vulnerabilities

hk2-api-2.4.0-b34.jar

Evidence

Identifiers

hk2-locator-2.4.0-b34.jar

Evidence

Identifiers

hk2-utils-2.4.0-b34.jar

Evidence

Identifiers

hk2-utils-2.4.0-b34.jar (shaded: org.jvnet:tiger-types:1.4)

Evidence

Identifiers

itextpdf-5.5.6.jar

Evidence

Identifiers

Published Vulnerabilities

j2objc-annotations-1.1.jar

Evidence

Identifiers

jackson-core-2.5.4.jar

Evidence

Related Dependencies

Identifiers

Published Vulnerabilities

jackson-databind-2.5.4.jar

Evidence

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor