Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 6.1.6Report Generated On : Wed, 30 Jun 2021 15:00:27 -0700Dependencies Scanned : 177 (169 unique)Vulnerable Dependencies : 4 Vulnerabilities Found : 15Vulnerabilities Suppressed : 0... NVD CVE Checked : 2021-06-30T15:00:16NVD CVE Modified : 2021-06-30T13:00:02VersionCheckOn : 2021-06-09T12:40:34Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
An efficient sparse bitset implementation for Java License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/zaxxer/SparseBitSet/1.2/SparseBitSet-1.2.jar
MD5: 1c6032441aec11b523e1a7bfa96d60cf
SHA1: 8467c813d442837fcaeddbc42cf5c5359fab4933
SHA256: 91e6b318c901a0f2dd1f6ce781d62474435ae627d22fbac9b21bbc39ffd804b6
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom url brettwooldridge/SparseBitSet Highest Vendor pom groupid com.zaxxer Highest Vendor pom organization name Zaxxer.com High Vendor file name SparseBitSet High Vendor pom artifactid SparseBitSet Low Vendor pom groupid zaxxer Highest Vendor jar package name sparsebitset Highest Vendor jar package name sparsebits Low Vendor jar package name zaxxer Low Vendor jar package name zaxxer Highest Vendor pom organization url brettwooldridge/SparseBitSet Medium Vendor pom name SparseBitSet High Product jar package name sparsebitset Highest Product pom organization name Zaxxer.com Low Product pom url brettwooldridge/SparseBitSet High Product jar package name sparsebits Low Product jar package name zaxxer Highest Product pom artifactid SparseBitSet Highest Product file name SparseBitSet High Product pom groupid zaxxer Highest Product pom name SparseBitSet High Version pom version 1.2 Highest Version file version 1.2 High
Description:
Dependency Injection Kernel License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.4.0-b34/aopalliance-repackaged-2.4.0-b34.jar
MD5: 57983543b3574e117d6f03ceff5f238c
SHA1: 3d5e856dbc91a3a2b0bcb3a3424f8b62421ae4cf
SHA256: 5d3cb0cece722c7ba8ab987b931053cdbcb0cb12ad5c8c8a7691eb6f7e60a64b
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor pom groupid org.glassfish.hk2.external Highest Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Vendor pom parent-artifactid external Low Vendor pom groupid glassfish.hk2.external Highest Vendor jar package name aopalliance Highest Vendor file name aopalliance-repackaged High Vendor pom artifactid aopalliance-repackaged Low Vendor pom name aopalliance version ${aopalliance.version} repackaged as a module High Product Manifest bundle-docurl http://www.oracle.com Low Product pom parent-groupid org.glassfish.hk2 Medium Product pom parent-artifactid external Medium Product pom artifactid aopalliance-repackaged Highest Product Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Product Manifest Bundle-Name aopalliance version 1.0 repackaged as a module Medium Product pom groupid glassfish.hk2.external Highest Product jar package name aopalliance Highest Product file name aopalliance-repackaged High Product pom name aopalliance version ${aopalliance.version} repackaged as a module High Version pom version 2.4.0-b34 Highest
File Path: /root/.m2/repository/org/primefaces/themes/bluesky/1.0.10/bluesky-1.0.10.jarMD5: eb5d8614955e174053e73de15d9a1baeSHA1: ff53db9a87d1b3611b830b48fca1d4e3fbf791abSHA256: 91eb23b541da6b635e891ba743521587ea73925b43a9abb432ef99bb6cb4d5a9Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.primefaces.themes Highest Vendor pom groupid primefaces.themes Highest Vendor pom parent-artifactid themes-project Low Vendor pom artifactid bluesky Low Vendor pom parent-groupid org.primefaces.themes Medium Vendor file name bluesky High Vendor pom name PrimeFaces Bluesky Theme High Product pom groupid primefaces.themes Highest Product pom parent-artifactid themes-project Medium Product pom parent-groupid org.primefaces.themes Medium Product file name bluesky High Product pom artifactid bluesky Highest Product pom name PrimeFaces Bluesky Theme High Version file version 1.0.10 High Version pom version 1.0.10 Highest
Description:
Checker Qual is the set of annotations (qualifiers) and supporting classes
used by the Checker Framework to type check Java source code.
Please
see artifact:
org.checkerframework:checker
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /root/.m2/repository/org/checkerframework/checker-qual/3.8.0/checker-qual-3.8.0.jar
MD5: b9822b33f72326c74abded69b7c717cc
SHA1: 6b83e4a33220272c3a08991498ba9dc09519f190
SHA256: c88c2e6a5fdaeb9f26fcf879264042de8a9ee9d376e2477838feaabcfa44dda6
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor pom groupid checkerframework Highest Vendor Manifest automatic-module-name org.checkerframework.checker.qual Medium Vendor Manifest bundle-symbolicname checker-qual Medium Vendor jar package name checker Highest Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom groupid org.checkerframework Highest Vendor pom artifactid checker-qual Low Vendor pom name Checker Qual High Vendor jar package name qual Highest Vendor jar package name checkerframework Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom url https://checkerframework.org Highest Vendor jar package name framework Highest Product file name checker-qual High Product pom groupid checkerframework Highest Product Manifest automatic-module-name org.checkerframework.checker.qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product jar package name checker Highest Product Manifest implementation-url https://checkerframework.org Low Product pom url https://checkerframework.org Medium Product pom name Checker Qual High Product jar package name qual Highest Product pom artifactid checker-qual Highest Product jar package name checkerframework Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest Bundle-Name checker-qual Medium Product jar package name framework Highest Version pom version 3.8.0 Highest Version Manifest Bundle-Version 3.8.0 High Version Manifest Implementation-Version 3.8.0 High Version file version 3.8.0 High
File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/common.jsMD5: 5580ab664925436cc5735c9989b1a40aSHA1: 596078b11c577e6adb988893293edb1ea7b373ecSHA256: e20e55b0812f1bcc973ed945049711cac2976b22fd4c095fb58d63f78f4fc3ebReferenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar
MD5: 303baf002ce6d382198090aedd9d79a2
SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d
SHA256: b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name Apache Commons Codec High Vendor jar package name codec Highest Vendor jar package name encoder Highest Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Vendor pom url https://commons.apache.org/proper/commons-codec/ Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name commons Highest Vendor pom parent-artifactid commons-parent Low Vendor Manifest automatic-module-name org.apache.commons.codec Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Vendor jar package name apache Highest Vendor pom artifactid commons-codec Low Vendor pom groupid commons-codec Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor file name commons-codec High Product pom name Apache Commons Codec High Product jar package name codec Highest Product jar package name encoder Highest Product pom parent-artifactid commons-parent Medium Product Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Product pom artifactid commons-codec Highest Product Manifest Implementation-Title Apache Commons Codec High Product jar package name commons Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Product pom url https://commons.apache.org/proper/commons-codec/ Medium Product pom parent-groupid org.apache.commons Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Product jar package name apache Highest Product pom groupid commons-codec Highest Product Manifest specification-title Apache Commons Codec Medium Product Manifest build-jdk-spec 1.8 Low Product file name commons-codec High Version pom version 1.15 Highest Version Manifest Implementation-Version 1.15 High Version pom parent-version 1.15 Low Version file version 1.15 High
Description:
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256: 1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom url https://commons.apache.org/proper/commons-collections/ Highest Vendor Manifest implementation-url https://commons.apache.org/proper/commons-collections/ Low Vendor pom groupid apache.commons Highest Vendor Manifest automatic-module-name org.apache.commons.collections4 Medium Vendor jar package name collections4 Highest Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor pom groupid org.apache.commons Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name commons Highest Vendor pom parent-artifactid commons-parent Low Vendor pom name Apache Commons Collections High Vendor Manifest bundle-symbolicname org.apache.commons.commons-collections4 Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-collections/ Low Vendor pom artifactid commons-collections4 Low Vendor file name commons-collections4 High Product Manifest implementation-url https://commons.apache.org/proper/commons-collections/ Low Product pom groupid apache.commons Highest Product Manifest Implementation-Title Apache Commons Collections High Product Manifest automatic-module-name org.apache.commons.collections4 Medium Product pom parent-artifactid commons-parent Medium Product jar package name collections4 Highest Product pom artifactid commons-collections4 Highest Product Manifest specification-title Apache Commons Collections Medium Product jar package name commons Highest Product pom name Apache Commons Collections High Product pom url https://commons.apache.org/proper/commons-collections/ Medium Product Manifest bundle-symbolicname org.apache.commons.commons-collections4 Medium Product pom parent-groupid org.apache.commons Medium Product jar package name apache Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-docurl https://commons.apache.org/proper/commons-collections/ Low Product file name commons-collections4 High Version pom parent-version 4.4 Low Version file version 4.4 High Version pom version 4.4 Highest Version Manifest Implementation-Version 4.4 High
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
SHA256: 6b81d10754dadf184d386011486e6509c2cc0c3d33565ced4fb4402b9413d47d
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.commons Highest Vendor jar package name lang3 Highest Vendor pom artifactid commons-lang3 Low Vendor pom groupid org.apache.commons Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-build tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200 Low Vendor jar package name commons Highest Vendor pom parent-artifactid commons-parent Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor file name commons-lang3 High Vendor jar package name apache Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor pom name Apache Commons Lang High Product pom artifactid commons-lang3 Highest Product Manifest Implementation-Title Apache Commons Lang High Product pom groupid apache.commons Highest Product pom parent-artifactid commons-parent Medium Product jar package name lang3 Highest Product Manifest implementation-build tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200 Low Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product jar package name commons Highest Product Manifest specification-title Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product pom parent-groupid org.apache.commons Medium Product file name commons-lang3 High Product jar package name apache Highest Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product pom name Apache Commons Lang High Version pom parent-version 3.3.2 Low Version file version 3.3.2 High Version Manifest Bundle-Version 3.3.2 High Version Manifest Implementation-Version 3.3.2 High Version pom version 3.3.2 Highest
Description:
The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/apache/commons/commons-math3/3.4.1/commons-math3-3.4.1.jar
MD5: 14a218d0ee57907dd2c7ef944b6c0afd
SHA1: 3ac44a8664228384bc68437264cf7c4cf112f579
SHA256: d1075b14a71087038b0bfd198f0f7dd8e49b5b3529d8e2eba99e7d9eb8565e4b
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.commons Highest Vendor jar package name math3 Highest Vendor pom url http://commons.apache.org/proper/commons-math/ Highest Vendor pom groupid org.apache.commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.math3 Medium Vendor pom artifactid commons-math3 Low Vendor file name commons-math3 High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name commons Highest Vendor pom parent-artifactid commons-parent Low Vendor pom name Apache Commons Math High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-math/ Low Vendor jar package name apache Highest Vendor Manifest implementation-build ef6e0f882819e7c5230aece1610297e67775cca2; 2015-01-08 18:19:01+0100 Low Product pom groupid apache.commons Highest Product jar package name math3 Highest Product Manifest Implementation-Title Apache Commons Math High Product pom parent-artifactid commons-parent Medium Product Manifest bundle-symbolicname org.apache.commons.math3 Medium Product file name commons-math3 High Product Manifest Bundle-Name Apache Commons Math Medium Product jar package name commons Highest Product pom name Apache Commons Math High Product pom parent-groupid org.apache.commons Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-math/ Low Product Manifest specification-title Apache Commons Math Medium Product jar package name apache Highest Product pom url http://commons.apache.org/proper/commons-math/ Medium Product Manifest implementation-build ef6e0f882819e7c5230aece1610297e67775cca2; 2015-01-08 18:19:01+0100 Low Product pom artifactid commons-math3 Highest Version Manifest Bundle-Version 3.4.1 High Version pom version 3.4.1 Highest Version pom parent-version 3.4.1 Low Version file version 3.4.1 High Version Manifest Implementation-Version 3.4.1 High
Description:
Concurrent Radix Trees and Concurrent Suffix Trees for Java. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/googlecode/concurrent-trees/concurrent-trees/2.4.0/concurrent-trees-2.4.0.jar
MD5: 19ce4b51b0fda34eb8eec583dad142ca
SHA1: 2e505b78f9216abebbbdf1c3254bf9f4c565ae43
SHA256: d8dd983b207e86f580ba2105747cb271f8b90f24b89c7447493d9125a472dc5d
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid com.googlecode.concurrent-trees Highest Vendor jar package name suffix Highest Vendor jar package name googlecode Low Vendor jar package name concurrenttrees Low Vendor pom name Concurrent-Trees High Vendor jar package name radix Low Vendor jar package name googlecode Highest Vendor jar package name radix Highest Vendor pom artifactid concurrent-trees Low Vendor pom url http://code.google.com/p/concurrent-trees/ Highest Vendor file name concurrent-trees High Vendor pom groupid googlecode.concurrent-trees Highest Product pom name Concurrent-Trees High Product jar package name radix Low Product jar package name googlecode Highest Product jar package name radix Highest Product pom url http://code.google.com/p/concurrent-trees/ Medium Product jar package name suffix Highest Product pom artifactid concurrent-trees Highest Product jar package name concurrenttrees Low Product file name concurrent-trees High Product pom groupid googlecode.concurrent-trees Highest Version file version 2.4.0 High Version pom version 2.4.0 Highest
File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/dagre-d3.min.jsMD5: 74a58f5d4e64bf05bc912ad569a72006SHA1: d062f5970bcea6631093aa1f71ad79a4d98936b1SHA256: a18c7ef7b67c2ca3115398c4cbb1891307a089f8f0fef5b96abb7bda49c7fa9aReferenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
Description:
dom4j: the flexible XML framework for Java File Path: /root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jarMD5: 4d8f51d3fe3900efc6e395be48030d6dSHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94SHA256: 593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom url http://dom4j.org Highest Vendor Manifest Implementation-Vendor MetaStuff Ltd. High Vendor jar package name dom4j Highest Vendor pom organization url http://sourceforge.net/projects/dom4j Medium Vendor Manifest specification-vendor MetaStuff Ltd. Low Vendor pom groupid dom4j Highest Vendor file name dom4j High Vendor pom name dom4j High Vendor Manifest extension-name dom4j Medium Vendor pom artifactid dom4j Low Vendor pom organization name MetaStuff Ltd. High Product pom url http://dom4j.org Medium Product pom organization name MetaStuff Ltd. Low Product jar package name dom4j Highest Product pom groupid dom4j Highest Product pom organization url http://sourceforge.net/projects/dom4j Low Product file name dom4j High Product Manifest Implementation-Title org.dom4j High Product Manifest specification-title dom4j : XML framework for Java Medium Product pom name dom4j High Product Manifest extension-name dom4j Medium Product pom artifactid dom4j Highest Version Manifest Implementation-Version 1.6.1 High Version pom version 1.6.1 Highest Version file version 1.6.1 High
File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/enrichment.jsMD5: 3503c43603043655484d686c4cc40e5aSHA1: 37cfd052341bfbee7c1f5a7731f6e9604a10ae6aSHA256: 56ef5930f53ef64f3f87408aec6ccbdddcbf67951641d2aed90452570211f6c6Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/errorprone/error_prone_annotations/2.5.1/error_prone_annotations-2.5.1.jar
MD5: 2bf3239388cf5c817cd83ecb692b045f
SHA1: 562d366678b89ce5d6b6b82c1a073880341e3fba
SHA256: ff80626baaf12a09342befd4e84cba9d50662f5fcd7f7a9b3490a6b7cf87e66c
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name annotations Highest Vendor pom groupid google.errorprone Highest Vendor Manifest automatic-module-name com.google.errorprone.annotations Medium Vendor pom parent-groupid com.google.errorprone Medium Vendor pom name error-prone annotations High Vendor pom artifactid error_prone_annotations Low Vendor file name error_prone_annotations High Vendor pom parent-artifactid error_prone_parent Low Vendor jar package name errorprone Highest Vendor jar package name google Highest Vendor pom groupid com.google.errorprone Highest Product jar package name annotations Highest Product pom groupid google.errorprone Highest Product Manifest automatic-module-name com.google.errorprone.annotations Medium Product pom artifactid error_prone_annotations Highest Product pom parent-groupid com.google.errorprone Medium Product pom name error-prone annotations High Product pom parent-artifactid error_prone_parent Medium Product file name error_prone_annotations High Product jar package name errorprone Highest Product jar package name google Highest Version pom version 2.5.1 Highest Version file version 2.5.1 High
Description:
Contains
com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
InternalFutures. Most users will never need to use this artifact. Its
classes is conceptually a part of Guava, but they're in this separate
artifact so that Android libraries can use them without pulling in all of
Guava (just as they can use ListenableFuture by depending on the
listenablefuture artifact).
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256: a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name failureaccess High Vendor pom parent-artifactid guava-parent Low Vendor jar package name concurrent Highest Vendor pom groupid google.guava Highest Vendor jar package name common Highest Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor pom parent-groupid com.google.guava Medium Vendor pom artifactid failureaccess Low Vendor pom name Guava InternalFutureFailureAccess and InternalFutures High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest bundle-symbolicname com.google.guava.failureaccess Medium Vendor pom groupid com.google.guava Highest Vendor jar package name util Highest Vendor jar package name google Highest Product file name failureaccess High Product jar package name concurrent Highest Product pom groupid google.guava Highest Product jar package name common Highest Product pom artifactid failureaccess Highest Product Manifest bundle-docurl https://github.com/google/guava/ Low Product pom parent-groupid com.google.guava Medium Product pom name Guava InternalFutureFailureAccess and InternalFutures High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest Bundle-Name Guava InternalFutureFailureAccess and InternalFutures Medium Product Manifest bundle-symbolicname com.google.guava.failureaccess Medium Product pom parent-artifactid guava-parent Medium Product jar package name util Highest Product jar package name google Highest Version file version 1.0.1 High Version pom version 1.0.1 Highest Version Manifest Bundle-Version 1.0.1 High Version pom parent-version 1.0.1 Low
File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/genes.jsMD5: f1fd12c00a68a69bfe052a6aa5e2495cSHA1: d402ec5253e116b854c4f3ccc50bb6594609a15dSHA256: 2b5aa409522b4263e3e2648147703557d1181732876af73976785de738ebea79Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/gograph.jsMD5: 9fba9676fb15e4061a5a40588598db31SHA1: 04610a3f51c35911910cf809fdb4590428e0783dSHA256: 564578287ac1698d4d22ce2948de4c9585739d328bf855c17d3b378a5ac33093Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
Description:
Gson JSON library File Path: /root/.m2/repository/com/google/code/gson/gson/2.8.2/gson-2.8.2.jarMD5: 2330bde3467e7cfec44d38e74f27dab8SHA1: 3edcfe49d2c6053a70a2a47e4e1c2f94998a49cfSHA256: b7134929f7cc7c04021ec1cc27ef63ab907e410cf0588e397b8851181eb91092Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name gson Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid gson Low Vendor pom parent-groupid com.google.code.gson Medium Vendor pom name Gson High Vendor pom groupid google.code.gson Highest Vendor pom groupid com.google.code.gson Highest Vendor file name gson High Vendor Manifest bundle-contactaddress https://github.com/google/gson Low Vendor pom parent-artifactid gson-parent Low Vendor Manifest bundle-symbolicname com.google.gson Medium Vendor jar package name google Highest Product jar package name gson Highest Product pom parent-artifactid gson-parent Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid gson Highest Product pom parent-groupid com.google.code.gson Medium Product pom name Gson High Product pom groupid google.code.gson Highest Product file name gson High Product Manifest bundle-contactaddress https://github.com/google/gson Low Product Manifest bundle-symbolicname com.google.gson Medium Product Manifest Bundle-Name Gson Medium Product jar package name google Highest Version pom version 2.8.2 Highest Version file version 2.8.2 High Version Manifest Bundle-Version 2.8.2 High
Description:
Guava is a suite of core and expanded libraries that include
utility classes, Google's collections, I/O classes, and
much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar
MD5: 05374f163d0a4141db672fff9df95b12
SHA1: 87e0fd1df874ea3cbe577702fe6f17068b790fd8
SHA256: 44ce229ce26d880bf3afc362bbfcec34d7e6903d195bbb1db9f3b6e0d9834f06
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name guava High Vendor pom parent-artifactid guava-parent Low Vendor Manifest automatic-module-name com.google.common Medium Vendor pom groupid google.guava Highest Vendor jar package name common Highest Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor pom parent-groupid com.google.guava Medium Vendor pom artifactid guava Low Vendor pom name Guava: Google Core Libraries for Java High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid com.google.guava Highest Vendor jar package name google Highest Product file name guava High Product Manifest automatic-module-name com.google.common Medium Product pom groupid google.guava Highest Product jar package name common Highest Product pom artifactid guava Highest Product Manifest bundle-symbolicname com.google.guava Medium Product Manifest bundle-docurl https://github.com/google/guava/ Low Product pom parent-groupid com.google.guava Medium Product pom name Guava: Google Core Libraries for Java High Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom parent-artifactid guava-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name google Highest Version pom version 30.1.1-jre Highest
Description:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/hk2-api/2.4.0-b34/hk2-api-2.4.0-b34.jar
MD5: 2972849752ed511bd069812ba2b29d2d
SHA1: 1017432e219dbd1d4a1121b2d7e87c5b2f0bcfb9
SHA256: 6eb071aaea327015ac3da18d5066c364c1a39978f4b6f94644158675ca5b9ced
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name api Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom parent-artifactid hk2-parent Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.api Medium Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor pom groupid glassfish.hk2 Highest Vendor pom groupid org.glassfish.hk2 Highest Vendor jar package name hk2 Highest Vendor jar package name glassfish Highest Vendor pom artifactid hk2-api Low Vendor pom name HK2 API module High Vendor file name hk2-api High Product jar package name api Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 API module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.api Medium Product pom parent-groupid org.glassfish.hk2 Medium Product pom artifactid hk2-api Highest Product pom groupid glassfish.hk2 Highest Product jar package name hk2 Highest Product jar package name glassfish Highest Product pom parent-artifactid hk2-parent Medium Product pom name HK2 API module High Product file name hk2-api High Version pom version 2.4.0-b34 Highest
Description:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/hk2-locator/2.4.0-b34/hk2-locator-2.4.0-b34.jar
MD5: 09eda1a8dd33d465ec7bac9536f3eaf7
SHA1: 1451fc3e5b7f00d7a5ca0feaff2c1bf68be5ac91
SHA256: ea47ebf7ed56ef751055710cfad36840bcc36383cf387c4a963b41447c066f8f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor pom groupid glassfish.hk2 Highest Vendor file name hk2-locator High Vendor pom groupid org.glassfish.hk2 Highest Vendor pom artifactid hk2-locator Low Vendor pom parent-artifactid hk2-parent Low Vendor jar package name hk2 Highest Vendor pom name ServiceLocator Default Implementation High Vendor Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Product pom artifactid hk2-locator Highest Product Manifest bundle-docurl http://www.oracle.com Low Product pom parent-groupid org.glassfish.hk2 Medium Product pom groupid glassfish.hk2 Highest Product file name hk2-locator High Product Manifest Bundle-Name ServiceLocator Default Implementation Medium Product jar package name hk2 Highest Product pom name ServiceLocator Default Implementation High Product pom parent-artifactid hk2-parent Medium Product Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Version pom version 2.4.0-b34 Highest
Description:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
MD5: f0c9e9df24ad2c2feb1f950b82146245
SHA1: aacce18411fffef9621d8fc91464ca0477119c38
SHA256: 70211b1f918819bf6afbf69d3d19d4ae6e2a75d6e26f6c39ba9f20eb8e5612d7
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor file name hk2-utils High Vendor pom name HK2 Implementation Utilities High Vendor pom parent-artifactid hk2-parent Low Vendor Manifest originally-created-by Apache Maven Low Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor pom groupid glassfish.hk2 Highest Vendor pom artifactid hk2-utils Low Vendor pom groupid org.glassfish.hk2 Highest Vendor jar package name utilities Highest Vendor Manifest service foo Low Vendor jar package name hk2 Highest Vendor jar package name glassfish Highest Vendor Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Product Manifest bundle-docurl http://www.oracle.com Low Product file name hk2-utils High Product pom name HK2 Implementation Utilities High Product Manifest Bundle-Name HK2 Implementation Utilities Medium Product Manifest originally-created-by Apache Maven Low Product pom parent-groupid org.glassfish.hk2 Medium Product pom groupid glassfish.hk2 Highest Product jar package name utilities Highest Product Manifest service foo Low Product pom artifactid hk2-utils Highest Product jar package name hk2 Highest Product jar package name glassfish Highest Product pom parent-artifactid hk2-parent Medium Product Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Version pom version 2.4.0-b34 Highest
File Path: /root/.m2/repository/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar/META-INF/maven/org.jvnet/tiger-types/pom.xmlMD5: 51329dba505e7cc4a9bc2719cf195be0SHA1: 5855a7ee03b816073c2b448bce93319bd71f7029SHA256: 58794aca99cadb3aab687b56fd6d84871956590323dd0ea5d611db759e78c6b9Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid net.java Medium Vendor pom groupid jvnet Highest Vendor pom parent-artifactid jvnet-parent Low Vendor pom artifactid tiger-types Low Vendor pom name Type arithmetic library for Java5 High Product pom parent-groupid net.java Medium Product pom parent-artifactid jvnet-parent Medium Product pom groupid jvnet Highest Product pom artifactid tiger-types Highest Product pom name Type arithmetic library for Java5 High Version pom parent-version 1.4 Low Version pom version 1.4 Highest
Description:
A Free Java-PDF library License:
GNU Affero General Public License v3: http://www.fsf.org/licensing/licenses/agpl-3.0.html File Path: /root/.m2/repository/com/itextpdf/itextpdf/5.5.13.2/itextpdf-5.5.13.2.jar
MD5: 8c4c42565d2d39367e6283962b7cc479
SHA1: 132a841cf4b14fe64ff236b4156eb4842f9bbc09
SHA256: c355cddab40c481c842e17b603c01f44c0541bbb7bad2647dd3c9d69d76889e6
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name itextpdf High Vendor pom parent-artifactid itext-parent Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest Implementation-Vendor-Id com.itextpdf Medium Vendor pom name iText Core High Vendor Manifest implementation-build ${buildNumber} Low Vendor pom artifactid itextpdf Low Vendor jar package name itextpdf Highest Vendor Manifest implementation-url http://itextpdf.com Low Vendor pom groupid com.itextpdf Highest Vendor pom url http://itextpdf.com Highest Vendor jar package name pdf Highest Vendor Manifest bundle-symbolicname com.itextpdf Medium Vendor pom groupid itextpdf Highest Vendor pom parent-groupid com.itextpdf Medium Product file name itextpdf High Product pom url http://itextpdf.com Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest Bundle-Name iText Core Medium Product pom parent-artifactid itext-parent Medium Product jar package name version Highest Product pom artifactid itextpdf Highest Product pom name iText Core High Product Manifest Implementation-Title iText Core High Product Manifest implementation-build ${buildNumber} Low Product jar package name itextpdf Highest Product Manifest implementation-url http://itextpdf.com Low Product jar package name pdf Highest Product Manifest bundle-symbolicname com.itextpdf Medium Product pom groupid itextpdf Highest Product pom parent-groupid com.itextpdf Medium Version file version 5.5.13.2 High Version pom parent-version 5.5.13.2 Low Version pom version 5.5.13.2 Highest Version Manifest Bundle-Version 5.5.13.2 High Version Manifest Implementation-Version 5.5.13.2 High
Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
MD5: 5fa4ec4ec0c5aa70af8a7d4922df1931
SHA1: ba035118bc8bac37d7eff77700720999acd9986d
SHA256: 21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor pom groupid google.j2objc Highest Vendor jar package name j2objc Highest Vendor pom url google/j2objc/ Highest Vendor pom groupid com.google.j2objc Highest Vendor jar package name google Low Vendor pom name J2ObjC Annotations High Vendor jar package name j2objc Low Vendor file name j2objc-annotations High Vendor jar package name google Highest Vendor pom artifactid j2objc-annotations Low Product pom artifactid j2objc-annotations Highest Product pom url google/j2objc/ High Product jar package name annotations Highest Product jar package name annotations Low Product pom name J2ObjC Annotations High Product pom groupid google.j2objc Highest Product jar package name j2objc Low Product file name j2objc-annotations High Product jar package name google Highest Product jar package name j2objc Highest Version file version 1.3 High Version pom version 1.3 Highest
Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.2/jackson-core-2.12.2.jar
MD5: d9c1faa07f50abade5c796de00c4b23c
SHA1: 8df50138521d05561a308ec2799cc8dda20c06df
SHA256: 7883331763729b72735fdd8a117f32eb7d22695babfb37cc99df8392c196efc3
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor pom artifactid jackson-core Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom name Jackson-core High Vendor jar package name json Highest Vendor jar package name fasterxml Highest Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Vendor pom groupid fasterxml.jackson.core Highest Vendor Manifest implementation-build-date 2021-03-03 20:55:33+0000 Low Vendor file name jackson-core High Vendor jar package name jackson Highest Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor jar package name core Highest Vendor pom parent-artifactid jackson-base Low Vendor jar package name base Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest specification-vendor FasterXML Low Product jar package name json Highest Product jar package name version Highest Product pom groupid fasterxml.jackson.core Highest Product Manifest implementation-build-date 2021-03-03 20:55:33+0000 Low Product Manifest Implementation-Title Jackson-core High Product hint analyzer product modules Highest Product pom parent-artifactid jackson-base Medium Product Manifest specification-title Jackson-core Medium Product pom url FasterXML/jackson-core High Product pom artifactid jackson-core Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom name Jackson-core High Product jar package name fasterxml Highest Product jar package name filter Highest Product pom parent-groupid com.fasterxml.jackson Medium Product Manifest Bundle-Name Jackson-core Medium Product file name jackson-core High Product jar package name jackson Highest Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product jar package name core Highest Product jar package name base Highest Product hint analyzer product java8 Highest Version file version 2.12.2 High Version pom version 2.12.2 Highest Version Manifest Implementation-Version 2.12.2 High Version Manifest Bundle-Version 2.12.2 High
Related Dependencies jackson-annotations-2.12.2.jarFile Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.12.2/jackson-annotations-2.12.2.jar MD5: 000332535aef84b64b67a549a9d0d40d SHA1: 0a770cc4c0a1fb0bfd8a150a6a0004e42bc99fca SHA256: 558561786c071af202e849b6ae3d39c87ed417ecc83d45e398c12eb3bffa557b pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.12.2 Description:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.2/jackson-databind-2.12.2.jar
MD5: 8ce740ce76d0b2b0f6e4a13f4dc58c4f
SHA1: 5f9d79e09ebf5d54a46e9f4543924cf7ae7654e0
SHA256: c4002f861d8d33f3202bf8effabb53acc320c5276cc50c1bfaae73c36ce8db32
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor file name jackson-databind High Vendor jar package name fasterxml Highest Vendor jar package name databind Highest Vendor Manifest implementation-build-date 2021-03-03 21:21:04+0000 Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom groupid fasterxml.jackson.core Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom name jackson-databind High Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor pom artifactid jackson-databind Low Vendor jar package name jackson Highest Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom parent-artifactid jackson-base Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest specification-vendor FasterXML Low Vendor pom url http://github.com/FasterXML/jackson Highest Product Manifest Bundle-Name jackson-databind Medium Product file name jackson-databind High Product jar package name fasterxml Highest Product jar package name databind Highest Product Manifest implementation-build-date 2021-03-03 21:21:04+0000 Low Product Manifest Implementation-Title jackson-databind High Product pom parent-groupid com.fasterxml.jackson Medium Product pom groupid fasterxml.jackson.core Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom name jackson-databind High Product hint analyzer product modules Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest specification-title jackson-databind Medium Product jar package name jackson Highest Product pom parent-artifactid jackson-base Medium Product pom url http://github.com/FasterXML/jackson Medium Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest build-jdk-spec 1.8 Low Product pom artifactid jackson-databind Highest Product hint analyzer product java8 Highest Version file version 2.12.2 High Version pom version 2.12.2 Highest Version Manifest Implementation-Version 2.12.2 High Version Manifest Bundle-Version 2.12.2 High
Description:
Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring
data-binding.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.12.2/jackson-module-jaxb-annotations-2.12.2.jar
MD5: 27650ab7486832e408b0cfe894525c5b
SHA1: f226bd0766b4e81493822e8c81eaa6cab27e589f
SHA256: b6aca0666efc3b49a2715e78752e28d35ead80c671d898706091945e2ea1909f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.module Medium Vendor pom parent-artifactid jackson-modules-base Low Vendor pom name Jackson module: JAXB Annotations High Vendor pom groupid com.fasterxml.jackson.module Highest Vendor jar package name fasterxml Highest Vendor file name jackson-module-jaxb-annotations High Vendor jar package name module Highest Vendor pom parent-groupid com.fasterxml.jackson.module Medium Vendor Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Vendor pom groupid fasterxml.jackson.module Highest Vendor jar package name jaxb Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom url FasterXML/jackson-modules-base Highest Vendor pom artifactid jackson-module-jaxb-annotations Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-base Low Vendor Manifest multi-release true Low Vendor jar package name jackson Highest Vendor Manifest implementation-build-date 2021-03-03 21:46:48+0000 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest specification-vendor FasterXML Low Product pom name Jackson module: JAXB Annotations High Product jar package name fasterxml Highest Product file name jackson-module-jaxb-annotations High Product jar package name module Highest Product Manifest specification-title Jackson module: JAXB Annotations Medium Product pom parent-groupid com.fasterxml.jackson.module Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Product pom artifactid jackson-module-jaxb-annotations Highest Product pom groupid fasterxml.jackson.module Highest Product jar package name jaxb Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-artifactid jackson-modules-base Medium Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-base Low Product Manifest Bundle-Name Jackson module: JAXB Annotations Medium Product Manifest multi-release true Low Product jar package name jackson Highest Product Manifest implementation-build-date 2021-03-03 21:46:48+0000 Low Product Manifest build-jdk-spec 1.8 Low Product pom url FasterXML/jackson-modules-base High Product Manifest Implementation-Title Jackson module: JAXB Annotations High Version file version 2.12.2 High Version pom version 2.12.2 Highest Version Manifest Implementation-Version 2.12.2 High Version Manifest Bundle-Version 2.12.2 High
Description:
JavaServer Pages(TM) Standard Tag Library API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /root/.m2/repository/jakarta/servlet/jsp/jstl/jakarta.servlet.jsp.jstl-api/1.2.7/jakarta.servlet.jsp.jstl-api-1.2.7.jar
MD5: 0ed2dbbe77f2b7dc2ad86878009adab6
SHA1: 34a035507f0270f1c6b7722d728bd7b5a9bbac4c
SHA256: 42ed486c8d782c64a35d7c7bea50a74c7e4d80f3fdc4ff39fb4629135b8286a9
Referenced In Project/Scope: gotrack:runtime
Evidence Type Source Name Value Confidence Vendor pom url https://projects.eclipse.org/projects/ee4j.jstl Highest Vendor file name jakarta.servlet.jsp.jstl-api High Vendor Manifest specification-vendor Eclipse Foundation Low Vendor jar package name javax Highest Vendor Manifest bundle-symbolicname javax.servlet.jsp.jstl-api Medium Vendor pom artifactid jakarta.servlet.jsp.jstl-api Low Vendor pom parent-artifactid project Low Vendor Manifest extension-name javax.servlet.jsp.jstl Medium Vendor jar package name jsp Highest Vendor Manifest originally-created-by 1.8.0_181 (Oracle Corporation) Low Vendor jar package name jstl Highest Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor jar package name servlet Highest Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom groupid jakarta.servlet.jsp.jstl Highest Vendor pom name JavaServer Pages(TM) Standard Tag Library API High Vendor Manifest bundle-docurl https://www.eclipse.org Low Product file name jakarta.servlet.jsp.jstl-api High Product pom artifactid jakarta.servlet.jsp.jstl-api Highest Product jar package name javax Highest Product Manifest bundle-symbolicname javax.servlet.jsp.jstl-api Medium Product pom url https://projects.eclipse.org/projects/ee4j.jstl Medium Product Manifest extension-name javax.servlet.jsp.jstl Medium Product jar package name jsp Highest Product Manifest originally-created-by 1.8.0_181 (Oracle Corporation) Low Product pom parent-artifactid project Medium Product jar package name jstl Highest Product jar package name servlet Highest Product pom parent-groupid org.eclipse.ee4j Medium Product Manifest Bundle-Name JavaServer Pages(TM) Standard Tag Library API Medium Product pom groupid jakarta.servlet.jsp.jstl Highest Product pom name JavaServer Pages(TM) Standard Tag Library API High Product Manifest bundle-docurl https://www.eclipse.org Low Version file version 1.2.7 High Version pom parent-version 1.2.7 Low Version Manifest Implementation-Version 1.2.7 High Version Manifest Bundle-Version 1.2.7 High Version pom version 1.2.7 Highest
Description:
Jakarta RESTful Web Services License:
EPL-2.0: http://www.eclipse.org/legal/epl-2.0
GPL-2.0-with-classpath-exception: https://www.gnu.org/software/classpath/license.html File Path: /root/.m2/repository/jakarta/ws/rs/jakarta.ws.rs-api/3.0.0/jakarta.ws.rs-api-3.0.0.jar
MD5: dd98ad2f0edcec6c0f0875695b8647e9
SHA1: 5eea182d6651a7257bc8c3614507e1540c766fc2
SHA256: 0bcb2cf4522831ad83cc7e936b8db60e2afb2582d19d672eb17d01da2c777322
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jakarta.ws.rs Highest Vendor pom url eclipse-ee4j/jaxrs-api Highest Vendor hint analyzer vendor web services Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom name jakarta.ws.rs-api High Vendor pom artifactid jakarta.ws.rs-api Low Vendor Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Vendor pom parent-artifactid project Low Vendor Manifest bundle-symbolicname jakarta.ws.rs-api Medium Vendor jar package name jakarta Highest Vendor file name jakarta.ws.rs-api High Vendor jar package name rs Highest Vendor Manifest extension-name jakarta.ws.rs Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name ws Highest Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom organization name Eclipse Foundation High Vendor pom organization url https://www.eclipse.org/org/foundation/ Medium Product pom groupid jakarta.ws.rs Highest Product pom name jakarta.ws.rs-api High Product pom artifactid jakarta.ws.rs-api Highest Product Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Product pom organization url https://www.eclipse.org/org/foundation/ Low Product Manifest bundle-symbolicname jakarta.ws.rs-api Medium Product jar package name jakarta Highest Product pom parent-artifactid project Medium Product pom organization name Eclipse Foundation Low Product file name jakarta.ws.rs-api High Product jar package name rs Highest Product hint analyzer product web services Medium Product Manifest extension-name jakarta.ws.rs Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest Bundle-Name jakarta.ws.rs-api Medium Product jar package name ws Highest Product pom parent-groupid org.eclipse.ee4j Medium Product pom url eclipse-ee4j/jaxrs-api High Version pom parent-version 3.0.0 Low Version pom version 3.0.0 Highest Version file version 3.0.0 High Version Manifest Bundle-Version 3.0.0 High Version Manifest Implementation-Version 3.0.0 High
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /root/.m2/repository/org/javassist/javassist/3.18.1-GA/javassist-3.18.1-GA.jar
MD5: 5bb83868c87334320562af7eded65cc2
SHA1: d9a09f7732226af26bf99f19e2cffe0ae219db5b
SHA256: 3fb71231afd098bb0f93f5eb97aa8291c8d0556379125e596f92ec8f944c6162
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.javassist Highest Vendor Manifest bundle-symbolicname javassist Medium Vendor jar package name bytecode Highest Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor pom artifactid javassist Low Vendor pom groupid javassist Highest Vendor jar package name javassist Highest Vendor pom name Javassist High Vendor pom url http://www.javassist.org/ Highest Vendor file name javassist High Product Manifest specification-title Javassist Medium Product Manifest bundle-symbolicname javassist Medium Product jar package name bytecode Highest Product Manifest Bundle-Name Javassist Medium Product pom url http://www.javassist.org/ Medium Product pom artifactid javassist Highest Product pom groupid javassist Highest Product jar package name javassist Highest Product pom name Javassist High Product file name javassist High Version pom version 3.18.1-GA Highest
Description:
JavaBeans Activation Framework API jar License:
https://github.com/javaee/activation/blob/master/LICENSE.txt File Path: /root/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256: 43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name javax.activation-api High Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest originally-created-by 1.8.0_141 (Oracle Corporation) Low Vendor Manifest specification-vendor Oracle Low Vendor jar package name javax Highest Vendor pom parent-artifactid all Low Vendor pom groupid javax.activation Highest Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest bundle-symbolicname javax.activation-api Medium Vendor pom name JavaBeans Activation Framework API jar High Vendor Manifest extension-name javax.activation Medium Vendor pom parent-groupid com.sun.activation Medium Vendor pom artifactid javax.activation-api Low Vendor jar package name activation Highest Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest automatic-module-name java.activation Medium Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Product file name javax.activation-api High Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Implementation-Title javax.activation.javax.activation-api High Product Manifest Bundle-Name JavaBeans Activation Framework API jar Medium Product Manifest originally-created-by 1.8.0_141 (Oracle Corporation) Low Product jar package name javax Highest Product pom groupid javax.activation Highest Product Manifest bundle-symbolicname javax.activation-api Medium Product pom name JavaBeans Activation Framework API jar High Product pom artifactid javax.activation-api Highest Product Manifest specification-title javax.activation.javax.activation-api Medium Product pom parent-artifactid all Medium Product Manifest extension-name javax.activation Medium Product pom parent-groupid com.sun.activation Medium Product jar package name activation Highest Product Manifest automatic-module-name java.activation Medium Version pom version 1.2.0 Highest Version Manifest Bundle-Version 1.2.0 High Version Manifest Implementation-Version 1.2.0 High Version file version 1.2.0 High
Description:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256: 5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid javax.annotation-api Low Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom groupid javax.annotation Highest Vendor pom organization url https://glassfish.java.net Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor jar package name javax Highest Vendor pom organization name GlassFish Community High Vendor jar package name annotation Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom parent-groupid net.java Medium Vendor Manifest extension-name javax.annotation Medium Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor pom name ${extension.name} API High Vendor file name javax.annotation-api High Product pom artifactid javax.annotation-api Highest Product pom parent-artifactid jvnet-parent Medium Product pom groupid javax.annotation Highest Product jar package name javax Highest Product jar package name annotation Highest Product pom parent-groupid net.java Medium Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Product pom organization url https://glassfish.java.net Low Product Manifest extension-name javax.annotation Medium Product Manifest Bundle-Name javax.annotation API Medium Product Manifest bundle-symbolicname javax.annotation-api Medium Product Manifest bundle-docurl https://glassfish.java.net Low Product pom name ${extension.name} API High Product pom organization name GlassFish Community Low Product file name javax.annotation-api High Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom version 1.2 Highest Version pom parent-version 1.2 Low Version file version 1.2 High
Description:
This is the master POM file for Oracle's Implementation of the JSF 2.3 Specification.
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) plus GPL
: http://glassfish.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar
MD5: 963f70ee469f8034d3010cf3f6123cfc
SHA1: 3a95587c0c94f9d6d3a971ee6d2f3608e737f8de
SHA256: 02cb44439458455e7f3f86d1f2c755c51a9859c9e3d9048de50411cefa1fe06e
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.glassfish.javax.faces Medium Vendor Manifest Implementation-Vendor Oracle America, Inc. High Vendor jar (hint) package name oracle Highest Vendor file name javax.faces High Vendor Manifest originally-created-by 1.5.0_19-137 (Apple Inc.) Low Vendor pom organization name Oracle America, Inc High Vendor jar package name javax Highest Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor pom artifactid javax.faces Low Vendor Manifest extension-name javax.faces Medium Vendor jar package name sun Highest Vendor Manifest docname Mojarra Implementation Javadoc Medium Vendor pom url http://jsf.java.net/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name faces Highest Vendor pom groupid glassfish Highest Vendor pom organization url http://www.oracle.com/ Medium Vendor pom name
Oracle's implementation of the JSF 2.3 specification.
High Vendor pom groupid org.glassfish Highest Product Manifest bundle-symbolicname org.glassfish.javax.faces Medium Product file name javax.faces High Product Manifest originally-created-by 1.5.0_19-137 (Apple Inc.) Low Product Manifest Bundle-Name Mojarra JSF Implementation 2.3.3 (20171008-2230) 673408fa9199477d87f44521ff873d709128c88b Medium Product jar package name javax Highest Product Manifest Implementation-Title Mojarra High Product pom organization name Oracle America, Inc Low Product pom artifactid javax.faces Highest Product Manifest extension-name javax.faces Medium Product Manifest docname Mojarra Implementation Javadoc Medium Product pom url http://jsf.java.net/ Medium Product Manifest specification-title JavaServer Faces Medium Product pom organization url http://www.oracle.com/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name faces Highest Product pom groupid glassfish Highest Product pom name
Oracle's implementation of the JSF 2.3 specification.
High Version Manifest Implementation-Version 2.3.3 High Version Manifest Bundle-Version 2.3.3 High Version pom version 2.3.3 Highest Version file version 2.3.3 High
File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar/META-INF/resources/javax.faces/jsf-uncompressed.jsMD5: 071fa1c95f9cac7f876e4293854babb1SHA1: d85a0182b1957e7e6d461825ddab759bda1d57c2SHA256: 607f41972bc4c4d161a7e583e68305043b4e2862fce77304b2e8c966e5a6c60fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/glassfish/javax.faces/2.3.3/javax.faces-2.3.3.jar/META-INF/resources/javax.faces/jsf.jsMD5: 33458a9fe6cce1f8b4dac96058a8ad22SHA1: 380521f722b47f7d7c1a44f410e35428f4b3d61cSHA256: 336652121c49ce830d0d8e998442c5f77ce3f3456143a8666eb5f634cf30eea4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
Description:
Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/hk2/external/javax.inject/2.4.0-b34/javax.inject-2.4.0-b34.jar
MD5: 0299609004955f54207ab8562273b5af
SHA1: a6a3d4935af7b03e44126b5aac2c2a0ce98fe6e9
SHA256: fdbf80a01b854045bd4004b7c6b1fdc2da81db475bfbd08ed574eeffcf9a7b1a
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name inject Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor pom groupid org.glassfish.hk2.external Highest Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Vendor pom parent-artifactid external Low Vendor pom groupid glassfish.hk2.external Highest Vendor jar package name javax Highest Vendor file name javax.inject High Vendor pom artifactid javax.inject Low Vendor pom name javax.inject:${javax-inject.version} as OSGi bundle High Product jar package name inject Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name javax.inject:1 as OSGi bundle Medium Product pom parent-groupid org.glassfish.hk2 Medium Product pom artifactid javax.inject Highest Product pom parent-artifactid external Medium Product Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Product pom groupid glassfish.hk2.external Highest Product jar package name javax Highest Product file name javax.inject High Product pom name javax.inject:${javax-inject.version} as OSGi bundle High Version pom version 2.4.0-b34 Highest
Description:
Default provider for JSR 374:Java API for Processing JSON License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /root/.m2/repository/org/glassfish/javax.json/1.1/javax.json-1.1.jar
MD5: 318c3ce1746e2106d826301c6074a547
SHA1: 6f8ce9246049c7af84926758aeea7bc24f5dd160
SHA256: 4b1f21bc50b728aaae5f44ff550383182b58b67647362959e31004e4522ee24f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest extension-name javax.json Medium Vendor jar package name api Highest Vendor jar package name json Highest Vendor pom artifactid javax.json Low Vendor pom url https://javaee.github.io/jsonp Highest Vendor jar package name javax Highest Vendor file name javax.json High Vendor pom name JSR 374 (JSON Processing) Default Provider High Vendor pom parent-artifactid json Low Vendor pom parent-groupid org.glassfish Medium Vendor jar package name glassfish Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid glassfish Highest Vendor Manifest bundle-symbolicname org.glassfish.javax.json Medium Vendor pom groupid org.glassfish Highest Product jar package name api Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest extension-name javax.json Medium Product jar package name json Highest Product pom artifactid javax.json Highest Product jar package name javax Highest Product pom parent-artifactid json Medium Product pom url https://javaee.github.io/jsonp Medium Product Manifest Bundle-Name JSR 374 (JSON Processing) Default Provider Medium Product file name javax.json High Product pom name JSR 374 (JSON Processing) Default Provider High Product pom parent-groupid org.glassfish Medium Product jar package name glassfish Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom groupid glassfish Highest Product Manifest bundle-symbolicname org.glassfish.javax.json Medium Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version Manifest Bundle-Version 1.1 High Version file version 1.1 High
Description:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: gotrack:provided
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor file name javax.servlet-api High Vendor Manifest Implementation-Vendor GlassFish Community High Vendor jar package name javax Highest Vendor pom organization name GlassFish Community High Vendor pom groupid javax.servlet Highest Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest extension-name javax.servlet Medium Vendor pom organization url https://glassfish.dev.java.net Medium Vendor pom parent-groupid net.java Medium Vendor pom artifactid javax.servlet-api Low Vendor pom url http://servlet-spec.java.net Highest Vendor jar package name servlet Highest Vendor pom parent-artifactid jvnet-parent Low Vendor pom name Java Servlet API High Product Manifest Bundle-Name Java Servlet API Medium Product pom parent-artifactid jvnet-parent Medium Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product file name javax.servlet-api High Product jar package name javax Highest Product pom artifactid javax.servlet-api Highest Product pom groupid javax.servlet Highest Product Manifest bundle-symbolicname javax.servlet-api Medium Product pom organization url https://glassfish.dev.java.net Low Product Manifest extension-name javax.servlet Medium Product pom parent-groupid net.java Medium Product jar package name servlet Highest Product pom name Java Servlet API High Product pom organization name GlassFish Community Low Product pom url http://servlet-spec.java.net Medium Version file version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High Version pom version 3.1.0 Highest Version Manifest Implementation-Version 3.1.0 High Version pom parent-version 3.1.0 Low
Description:
Project GlassFish Java Transaction API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/javax/transaction/javax.transaction-api/1.2/javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e
SHA256: 9528449583c34d9d63aa1d8d15069790f925ae1f27b33784773b8099eff4c9ff
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom url http://jta-spec.java.net Highest Vendor file name javax.transaction-api High Vendor pom organization url https://glassfish.java.net Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor jar package name javax Highest Vendor pom organization name GlassFish Community High Vendor jar package name transaction Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom parent-groupid net.java Medium Vendor pom artifactid javax.transaction-api Low Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest bundle-symbolicname javax.transaction-api Medium Vendor Manifest extension-name javax.transaction Medium Vendor pom groupid javax.transaction Highest Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor pom name ${extension.name} API High Product pom parent-artifactid jvnet-parent Medium Product file name javax.transaction-api High Product jar package name javax Highest Product Manifest Bundle-Name javax.transaction API Medium Product jar package name transaction Highest Product pom parent-groupid net.java Medium Product pom url http://jta-spec.java.net Medium Product pom organization url https://glassfish.java.net Low Product Manifest bundle-symbolicname javax.transaction-api Medium Product Manifest extension-name javax.transaction Medium Product Manifest bundle-docurl https://glassfish.java.net Low Product pom groupid javax.transaction Highest Product pom name ${extension.name} API High Product pom artifactid javax.transaction-api Highest Product pom organization name GlassFish Community Low Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom version 1.2 Highest Version pom parent-version 1.2 Low Version file version 1.2 High
Description:
Java API for RESTful Web Services (JAX-RS) License:
CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256: 38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor hint analyzer vendor web services Medium Vendor jar package name javax Highest Vendor Manifest extension-name javax.ws.rs Medium Vendor pom name javax.ws.rs-api High Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest bundle-symbolicname javax.ws.rs-api Medium Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jax-rs-spec.java.net Highest Vendor pom organization name Oracle Corporation High Vendor jar package name rs Highest Vendor pom parent-artifactid jvnet-parent Low Vendor pom artifactid javax.ws.rs-api Low Vendor pom groupid javax.ws.rs Highest Vendor file name javax.ws.rs-api High Vendor jar package name ws Highest Vendor pom organization url http://www.oracle.com/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom parent-artifactid jvnet-parent Medium Product pom url http://jax-rs-spec.java.net Medium Product Manifest Bundle-Name javax.ws.rs-api Medium Product jar package name javax Highest Product Manifest extension-name javax.ws.rs Medium Product pom artifactid javax.ws.rs-api Highest Product pom name javax.ws.rs-api High Product Manifest bundle-symbolicname javax.ws.rs-api Medium Product Manifest bundle-docurl http://www.oracle.com/ Low Product pom parent-groupid net.java Medium Product jar package name rs Highest Product pom organization name Oracle Corporation Low Product hint analyzer product web services Medium Product file name javax.ws.rs-api High Product pom groupid javax.ws.rs Highest Product pom organization url http://www.oracle.com/ Low Product jar package name ws Highest Version Manifest Bundle-Version 2.0.1 High Version Manifest Implementation-Version 2.0.1 High Version file version 2.0.1 High Version pom parent-version 2.0.1 Low Version pom version 2.0.1 Highest
Description:
JAXB (JSR 222) API License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /root/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256: 88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor jar package name javax Highest Vendor jar package name xml Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jaxb-api Low Vendor file name jaxb-api High Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))" Low Vendor pom parent-artifactid jaxb-api-parent Low Vendor jar package name jaxb Highest Vendor Manifest bundle-symbolicname jaxb-api Medium Vendor Manifest multi-release true Low Vendor jar package name bind Highest Vendor pom groupid javax.xml.bind Highest Vendor Manifest extension-name javax.xml.bind Medium Product Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Product Manifest specification-title jaxb-api Medium Product pom parent-artifactid jaxb-api-parent Medium Product jar package name javax Highest Product jar package name xml Highest Product file name jaxb-api High Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))" Low Product jar package name jaxb Highest Product Manifest bundle-symbolicname jaxb-api Medium Product Manifest multi-release true Low Product Manifest Bundle-Name jaxb-api Medium Product pom artifactid jaxb-api Highest Product jar package name bind Highest Product Manifest extension-name javax.xml.bind Medium Product pom groupid javax.xml.bind Highest Version Manifest Bundle-Version 2.3.1 High Version file version 2.3.1 High Version pom version 2.3.1 Highest
Description:
Jaxen is a universal Java XPath engine. License:
http://jaxen.codehaus.org/license.html File Path: /root/.m2/repository/jaxen/jaxen/1.1.6/jaxen-1.1.6.jar
MD5: a140517286b56eea981e188dcc3a13f6
SHA1: 3f8c36d9a0578e8e98f030c662b69888b1430ac0
SHA256: 5ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3eb
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom organization url http://codehaus.org Medium Vendor pom url http://jaxen.codehaus.org/ Highest Vendor pom groupid jaxen Highest Vendor file name jaxen High Vendor jar package name jaxen Highest Vendor Manifest bundle-docurl http://codehaus.org Low Vendor pom artifactid jaxen Low Vendor jar package name xpath Highest Vendor pom name jaxen High Vendor Manifest bundle-symbolicname jaxen Medium Vendor pom organization name Codehaus High Product pom organization url http://codehaus.org Low Product jar package name jaxen Highest Product Manifest bundle-docurl http://codehaus.org Low Product jar package name xpath Highest Product pom name jaxen High Product Manifest Bundle-Name jaxen Medium Product pom organization name Codehaus Low Product file name jaxen High Product pom groupid jaxen Highest Product pom url http://jaxen.codehaus.org/ Medium Product pom artifactid jaxen Highest Product Manifest bundle-symbolicname jaxen Medium Version file version 1.1.6 High Version pom version 1.1.6 Highest Version Manifest Bundle-Version 1.1.6 High
Description:
OpenBSD-style Blowfish password hashing for Java License:
ISC: https://opensource.org/licenses/isc-license File Path: /root/.m2/repository/org/mindrot/jbcrypt/0.4/jbcrypt-0.4.jar
MD5: d2b39d874e0d512f85386a72b0083682
SHA1: af7e61017f73abb18ac4e036954f9f28c6366c07
SHA256: e183f6f59404fc1e12073cfea4ace7ea103c900463cd21fb609a7c617ecdf624
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name mindrot Highest Vendor jar package name jbcrypt Highest Vendor pom url djmdjm/jBCrypt Highest Vendor pom groupid mindrot Highest Vendor pom artifactid jbcrypt Low Vendor jar package name jbcrypt Low Vendor pom groupid org.mindrot Highest Vendor file name jbcrypt High Vendor jar package name mindrot Low Vendor pom name jBCrypt High Product jar package name mindrot Highest Product jar package name jbcrypt Highest Product pom artifactid jbcrypt Highest Product pom groupid mindrot Highest Product jar package name jbcrypt Low Product file name jbcrypt High Product pom url djmdjm/jBCrypt High Product pom name jBCrypt High Product jar package name bcrypt Low Version pom version 0.4 Highest Version file version 0.4 High
Description:
JCL 1.2 implemented over SLF4J License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.30/jcl-over-slf4j-1.7.30.jar
MD5: 69ad224b2feb6f86554fe8997b9c3d4b
SHA1: cd92524ea19d27e5b94ecd251e1af729cffdfe15
SHA256: 71e9ee37b9e4eb7802a2acc5f41728a4cf3915e7483d798db3b4ff2ec8847c50
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name JCL 1.2 implemented over SLF4J High Vendor file name jcl-over-slf4j High Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname jcl.over.slf4j Medium Vendor pom parent-artifactid slf4j-parent Low Vendor jar package name logging Highest Vendor Manifest automatic-module-name org.apache.commons.logging Medium Vendor jar package name commons Highest Vendor pom groupid slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor pom artifactid jcl-over-slf4j Low Vendor jar package name apache Highest Vendor pom url http://www.slf4j.org Highest Vendor pom groupid org.slf4j Highest Product Manifest Implementation-Title jcl-over-slf4j High Product pom name JCL 1.2 implemented over SLF4J High Product file name jcl-over-slf4j High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname jcl.over.slf4j Medium Product Manifest Bundle-Name jcl-over-slf4j Medium Product jar package name logging Highest Product Manifest automatic-module-name org.apache.commons.logging Medium Product jar package name commons Highest Product pom groupid slf4j Highest Product pom parent-artifactid slf4j-parent Medium Product pom parent-groupid org.slf4j Medium Product jar package name apache Highest Product pom artifactid jcl-over-slf4j Highest Product pom url http://www.slf4j.org Medium Version Manifest Bundle-Version 1.7.30 High Version pom version 1.7.30 Highest Version Manifest Implementation-Version 1.7.30 High Version file version 1.7.30 High
Description:
Jersey extension module providing support for Entity Data Filtering.
License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php, https://opensource.org/licenses/BSD-2-Clause, http://www.apache.org/licenses/LICENSE-2.0.html, https://creativecommons.org/publicdomain/zero/1.0/, http://asm.objectweb.org/license.html, jquery.org/license, http://www.opensource.org/licenses/mit-license.php, https://www.w3.org/Consortium/Legal/copyright-documents-19990405 File Path: /root/.m2/repository/org/glassfish/jersey/ext/jersey-entity-filtering/3.0.2/jersey-entity-filtering-3.0.2.jar
MD5: 40177a00a82cd53d340c2a837019d26a
SHA1: 28e2c40153c9aa3ab35744f7f753ee2570584556
SHA256: e8acdb7843632a1c4442d8c98b524cab24c346e3084b3460500f348a881afd2d
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.glassfish.jersey.ext Medium Vendor Manifest bundle-symbolicname org.glassfish.jersey.ext.jersey-entity-filtering Medium Vendor pom artifactid jersey-entity-filtering Low Vendor pom groupid org.glassfish.jersey.ext Highest Vendor Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Vendor pom name jersey-ext-entity-filtering High Vendor pom parent-artifactid project Low Vendor jar package name jersey Highest Vendor file name jersey-entity-filtering High Vendor pom groupid glassfish.jersey.ext Highest Vendor jar package name glassfish Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name filtering Highest Product pom parent-groupid org.glassfish.jersey.ext Medium Product Manifest bundle-symbolicname org.glassfish.jersey.ext.jersey-entity-filtering Medium Product Manifest Bundle-Name jersey-ext-entity-filtering Medium Product Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Product pom name jersey-ext-entity-filtering High Product jar package name jersey Highest Product pom parent-artifactid project Medium Product file name jersey-entity-filtering High Product pom groupid glassfish.jersey.ext Highest Product jar package name glassfish Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jersey-entity-filtering Highest Product jar package name filtering Highest Version file version 3.0.2 High Version pom version 3.0.2 Highest Version Manifest Bundle-Version 3.0.2 High
Related Dependencies jersey-media-json-jackson-3.0.2.jarFile Path: /root/.m2/repository/org/glassfish/jersey/media/jersey-media-json-jackson/3.0.2/jersey-media-json-jackson-3.0.2.jar MD5: f8bebad27f8ee6e29fe825e34909ab3c SHA1: 7c470d108f61295d2d91a6b0e8666249fc01da67 SHA256: 0f0ed02c0ed8c1a558c382e36058ee9fe5e335ebf0ce981653f4383a5b22fd14 pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@3.0.2 Description:
Jersey CDI for GlassFish integration License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/jersey/containers/glassfish/jersey-gf-cdi/2.14/jersey-gf-cdi-2.14.jar
MD5: 1e9b6f7618413ebd57d70517d58aa26c
SHA1: 8bf02124ff290fc01ac4f507bf3bf03fa9a106a9
SHA256: ab5c8a12611e70b2d932abbfc36e352b5958ce7ae9268bf103a8ebcf36e1828e
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name jersey-gf-cdi High Vendor Manifest bundle-symbolicname org.glassfish.jersey.containers.glassfish.jersey-gf-cdi Medium Vendor pom parent-groupid org.glassfish.jersey.containers.glassfish Medium Vendor pom parent-artifactid project Low Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor jar package name jersey Highest Vendor pom artifactid jersey-gf-cdi Low Vendor pom groupid glassfish.jersey.containers.glassfish Highest Vendor pom groupid org.glassfish.jersey.containers.glassfish Highest Vendor jar package name glassfish Highest Vendor jar package name gf Highest Vendor pom name jersey-gf-cdi High Vendor jar package name cdi Highest Product file name jersey-gf-cdi High Product Manifest bundle-symbolicname org.glassfish.jersey.containers.glassfish.jersey-gf-cdi Medium Product pom parent-groupid org.glassfish.jersey.containers.glassfish Medium Product Manifest bundle-docurl http://www.oracle.com/ Low Product pom artifactid jersey-gf-cdi Highest Product jar package name jersey Highest Product pom parent-artifactid project Medium Product pom groupid glassfish.jersey.containers.glassfish Highest Product jar package name glassfish Highest Product jar package name gf Highest Product Manifest Bundle-Name jersey-gf-cdi Medium Product pom name jersey-gf-cdi High Product jar package name cdi Highest Version file version 2.14 High Version pom version 2.14 Highest
Description:
Jersey core server implementation License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-server/2.22.2/jersey-server-2.22.2.jar
MD5: 62d36194c28af7a49966554af421488f
SHA1: 5ede3e5f98f8b14d31d1d0fffe9908df2bd41c0f
SHA256: 8f8649b568d068f053362fa3def56206166dfceb3baa74e9f19eff6f8f8d9f1f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name jersey-server High Vendor pom groupid org.glassfish.jersey.core Highest Vendor jar package name server Highest Vendor pom parent-artifactid project Low Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor jar package name jersey Highest Vendor pom artifactid jersey-server Low Vendor pom groupid glassfish.jersey.core Highest Vendor jar package name org Highest Vendor jar package name glassfish Highest Vendor pom parent-groupid org.glassfish.jersey Medium Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Vendor pom name jersey-core-server High Product Manifest Bundle-Name jersey-core-server Medium Product file name jersey-server High Product jar package name server Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product jar package name jersey Highest Product pom parent-artifactid project Medium Product pom artifactid jersey-server Highest Product pom groupid glassfish.jersey.core Highest Product jar package name org Highest Product jar package name glassfish Highest Product pom parent-groupid org.glassfish.jersey Medium Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Product pom name jersey-core-server High Version Manifest Bundle-Version 2.22.2 High Version pom version 2.22.2 Highest Version file version 2.22.2 High
Related Dependencies jersey-container-servlet-core-2.22.2.jar jersey-guava-2.22.2.jar jersey-client-2.22.2.jarFile Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-client/2.22.2/jersey-client-2.22.2.jar MD5: 2954068011b278e9eeb81333325114b3 SHA1: 1712fff037ce5a59e3d67f90fff29222989799ee SHA256: c2229f74968db3d0e676f680a58c1148278def927499f6f2eb1e932aba41fbd5 pkg:maven/org.glassfish.jersey.core/jersey-client@2.22.2 jersey-media-jaxb-2.22.2.jarFile Path: /root/.m2/repository/org/glassfish/jersey/media/jersey-media-jaxb/2.22.2/jersey-media-jaxb-2.22.2.jar MD5: 8c868cadfd83b1c7c27a3d7455733293 SHA1: 7a9adf97790a92d09a1f2c027dbd34af15ffee04 SHA256: 0a99789dd4f2f24451f7cf423d5682dbef39a34609555f455b73546967b9c225 pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.22.2 jersey-common-2.22.2.jarFile Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-common/2.22.2/jersey-common-2.22.2.jar MD5: d855b5f16119a933768c13690c099375 SHA1: 1209b89878b60ce7d49afadeff7522d2fde0e217 SHA256: 33c51bda7fe94c27056af05c6b6bb1a0c2968b5bcf09b4c098ccbe953231186d pkg:maven/org.glassfish.jersey.core/jersey-common@2.22.2 jersey-container-servlet-2.22.2.jar File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/jquery-ui.min.jsMD5: 3edcb0072067447a6214eb62123a9c69SHA1: b4d3edf48e252a8a948e1e0373e0779cf4d050b6SHA256: 9a20b4a966bc22f2aaff8e71cb73453bdb6acc5ca1eede917f238c3d1b618a0aReferenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
Description:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There is a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
The license includes this restriction: "The software shall be used for good,
not evil." If your conscience cannot live with that, then choose a different
package.
The package compiles on Java 1.2 thru Java 1.4.
License:
The JSON License: http://json.org/license.html File Path: /root/.m2/repository/org/json/json/20140107/json-20140107.jar
MD5: 8ca2437d3dbbaa2e76195adedfd901f4
SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3
SHA256: 8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid json Low Vendor pom groupid json Highest Vendor jar package name json Highest Vendor pom url douglascrockford/JSON-java Highest Vendor jar package name json Low Vendor jar package name http Highest Vendor pom groupid org.json Highest Vendor jar package name xml Highest Vendor pom name JSON in Java High Vendor jar package name cdl Highest Vendor file name json-20140107 High Product pom groupid json Highest Product jar package name json Highest Product pom artifactid json Highest Product jar package name http Highest Product pom url douglascrockford/JSON-java High Product jar package name xml Highest Product pom name JSON in Java High Product jar package name cdl Highest Product file name json-20140107 High Version file version 20140107 Medium Version pom version 20140107 Highest
Description:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor file name jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Vendor pom groupid google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Product Manifest bundle-symbolicname org.jsr-305 Medium Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product pom artifactid jsr305 Highest Product pom groupid google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version pom version 3.0.2 Highest Version Manifest Bundle-Version 3.0.2 High
Description:
JUL to SLF4J bridge File Path: /root/.m2/repository/org/slf4j/jul-to-slf4j/1.6.6/jul-to-slf4j-1.6.6.jarMD5: 8c086f7494b96d9633ed858fb1738c36SHA1: e25c3dab7c510a04f807a8f8f07fbc98cc7f309dSHA256: 7253dbe2a5ffdbb1bdbb0eb79d43c5fa9085f209f0858e808db122a58f9cee7bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name slf4j Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor pom parent-artifactid slf4j-parent Low Vendor pom groupid slf4j Highest Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor pom parent-groupid org.slf4j Medium Vendor file name jul-to-slf4j High Vendor pom artifactid jul-to-slf4j Low Vendor jar package name bridge Highest Vendor pom url http://www.slf4j.org Highest Vendor pom groupid org.slf4j Highest Vendor pom name JUL to SLF4J bridge High Product jar package name slf4j Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product Manifest Bundle-Name jul-to-slf4j Medium Product pom groupid slf4j Highest Product Manifest bundle-symbolicname jul.to.slf4j Medium Product pom parent-artifactid slf4j-parent Medium Product pom parent-groupid org.slf4j Medium Product file name jul-to-slf4j High Product jar package name bridge Highest Product pom name JUL to SLF4J bridge High Product pom artifactid jul-to-slf4j Highest Product pom url http://www.slf4j.org Medium Version file version 1.6.6 High Version pom version 1.6.6 Highest Version Manifest Bundle-Version 1.6.6 High Version Manifest Implementation-Version 1.6.6 High
Description:
An empty artifact that Guava depends on to signal that it is providing
ListenableFuture -- but is also available in a second "version" that
contains com.google.common.util.concurrent.ListenableFuture class, without
any other Guava classes. The idea is:
- If users want only ListenableFuture, they depend on listenablefuture-1.0.
- If users want all of Guava, they depend on guava, which, as of Guava
27.0, depends on
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
version number is enough for some build systems (notably, Gradle) to select
that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
conflict with the copy of ListenableFuture in guava itself. If users are
using an older version of Guava or a build system other than Gradle, they
may see class conflicts. If so, they can solve them by manually excluding
the listenablefuture artifact or manually forcing their build systems to
use 9999.0-....
File Path: /root/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarMD5: d094c22570d65e132c19cea5d352e381SHA1: b421526c5f297295adef1c886e5246c39d4ac629SHA256: b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name Guava ListenableFuture only High Vendor pom parent-groupid com.google.guava Medium Vendor pom parent-artifactid guava-parent Low Vendor pom artifactid listenablefuture Low Vendor pom groupid com.google.guava Highest Vendor file name listenablefuture High Vendor pom groupid google.guava Highest Product pom name Guava ListenableFuture only High Product pom parent-groupid com.google.guava Medium Product pom artifactid listenablefuture Highest Product pom parent-artifactid guava-parent Medium Product file name listenablefuture High Product pom groupid google.guava Highest Version pom version 9999.0-empty-to-avoid-conflict-with-guava Highest Version pom parent-version 9999.0-empty-to-avoid-conflict-with-guava Low
Description:
Log4j License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/log4j/log4j/1.2.14/log4j-1.2.14.jar
MD5: 599b8ba07d1d04f0ea34414e861d7ad1
SHA1: 03b254c872b95141751f414e353a25c2ac261b51
SHA256: e3bff9ab64a09b1ac2800f3b5fb1e3d99728064acb6dd3924938507638a404fb
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom organization url http://www.apache.org Medium Vendor manifest: org/apache/log4j/ Implementation-Vendor "Apache Software Foundation" Medium Vendor pom organization name Apache Software Foundation High Vendor jar package name apache Highest Vendor pom artifactid log4j Low Vendor pom groupid log4j Highest Vendor file name log4j High Vendor pom url http://logging.apache.org/log4j/docs/ Highest Vendor jar package name log4j Highest Vendor pom name Log4j High Product pom organization name Apache Software Foundation Low Product manifest: org/apache/log4j/ Implementation-Title log4j Medium Product pom artifactid log4j Highest Product jar package name apache Highest Product file name log4j High Product pom groupid log4j Highest Product pom url http://logging.apache.org/log4j/docs/ Medium Product jar package name log4j Highest Product pom organization url http://www.apache.org Low Product pom name Log4j High Version manifest: org/apache/log4j/ Implementation-Version 1.2.14 Medium Version pom version 1.2.14 Highest Version file version 1.2.14 High
Published Vulnerabilities CVE-2019-17571 suppress
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-9488 suppress
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! License:
The MIT License: https://projectlombok.org/LICENSE File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar
MD5: 006c258e47684d5e8955f315d717049a
SHA1: ac76d9b956045631d1561a09289cbf472e077c01
SHA256: c5178b18caaa1a15e17b99ba5e4023d2de2ebc18b58cde0f5a04ca4b31c10e6d
Referenced In Project/Scope: gotrack:provided
Evidence Type Source Name Value Confidence Vendor pom url https://projectlombok.org Highest Vendor pom artifactid lombok Low Vendor file name lombok High Vendor jar package name lombok Highest Vendor jar package name tostring Highest Vendor Manifest can-redefine-classes true Low Vendor pom name Project Lombok High Vendor pom groupid org.projectlombok Highest Vendor jar package name java Highest Vendor pom groupid projectlombok Highest Product file name lombok High Product jar package name lombok Highest Product jar package name tostring Highest Product Manifest can-redefine-classes true Low Product pom name Project Lombok High Product jar package name java Highest Product pom artifactid lombok Highest Product pom groupid projectlombok Highest Product pom url https://projectlombok.org Medium Version pom version 1.16.20 Highest Version Manifest lombok-version 1.16.20 Medium Version file version 1.16.20 High
File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar/lombok/installer/WindowsDriveInfo-i386.dllMD5: c4d7064e400a22cc9a59d2d97382b5b8SHA1: 63ac163436b8400dcc25f7d13e7a86313fd28a98SHA256: f210056ba0dfd996646b91e92f4665399b33bf4da651dea26b4888f87215ec29Referenced In Project/Scope: gotrack:provided
Evidence Type Source Name Value Confidence Vendor file name WindowsDriveInfo-i386 High Product file name WindowsDriveInfo-i386 High Version file version 386 Medium Version file name WindowsDriveInfo-i386 Medium
File Path: /root/.m2/repository/org/projectlombok/lombok/1.16.20/lombok-1.16.20.jar/lombok/installer/WindowsDriveInfo-x86_64.dllMD5: cdf042a66f9681f362c365131e3c38ddSHA1: a4598a189d82ae291faead4c0eec6abf22b256beSHA256: 4897fff1914b3534f61fbba4ef7e26892b1f32b525e06f1e264bf1eaf08ce4feReferenced In Project/Scope: gotrack:provided
Evidence Type Source Name Value Confidence Vendor file name WindowsDriveInfo-x86_64 High Product file name WindowsDriveInfo-x86_64 High
Description:
Mock objects library for java License:
The MIT License: http://github.com/mockito/mockito/blob/master/LICENSE File Path: /root/.m2/repository/org/mockito/mockito-all/1.10.19/mockito-all-1.10.19.jar
MD5: 979ec16f27b6b541278e0ecd10efd771
SHA1: 539df70269cc254a58cccc5d8e43286b4a73bf30
SHA256: d1a7a7ef14b3db5c0fc3e0a63a81b374b510afe85add9f7984b97911f4c70605
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.mockito Highest Vendor pom artifactid mockito-all Low Vendor file name mockito-all High Vendor Manifest bundle-symbolicname org.mockito.mockito-all Medium Vendor jar package name mock Highest Vendor pom groupid mockito Highest Vendor pom name Mockito High Vendor jar package name mockito Highest Vendor pom url http://www.mockito.org Highest Product Manifest bundle-symbolicname org.mockito.mockito-all Medium Product pom artifactid mockito-all Highest Product jar package name mock Highest Product pom groupid mockito Highest Product jar package name hamcrest Highest Product file name mockito-all High Product Manifest Bundle-Name Mockito Mock Library for Java. Hamcrest-core & Objenesis included in the bundle. Medium Product pom url http://www.mockito.org Medium Product pom name Mockito High Product jar package name objenesis Highest Product jar package name mockito Highest Product jar package name core Highest Version file version 1.10.19 High Version pom version 1.10.19 Highest Version Manifest Bundle-Version 1.10.19 High
Description:
JDBC Type 4 driver for MySQL License:
The GNU General Public License, v2 with FOSS exception File Path: /root/.m2/repository/mysql/mysql-connector-java/8.0.25/mysql-connector-java-8.0.25.jar
MD5: fdf55dcef04b09f2eaf42b75e61ccc9a
SHA1: f8b9123acd13058c941aff25f308c9ed8000bb73
SHA256: a0a1be0389e541dad8841b326e79c51d39abbe1ca52267304d76d1cf4801ce96
Referenced In Project/Scope: gotrack:runtime
Evidence Type Source Name Value Confidence Vendor file name mysql-connector-java High Vendor hint analyzer vendor oracle Highest Vendor hint analyzer (hint) vendor sun Highest Vendor pom name MySQL Connector/J High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom url http://dev.mysql.com/doc/connector-j/en/ Highest Vendor jar package name cj Highest Vendor Manifest Implementation-Vendor-Id com.mysql Medium Vendor pom groupid mysql Highest Vendor pom organization name Oracle Corporation High Vendor pom artifactid mysql-connector-java Low Vendor pom organization url http://www.oracle.com Medium Vendor jar package name jdbc Highest Vendor jar package name driver Highest Vendor Manifest Implementation-Vendor Oracle High Vendor jar package name mysql Highest Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest bundle-symbolicname com.mysql.cj Medium Vendor jar package name type Highest Product hint analyzer product mysql_connectors Highest Product hint analyzer product mysql_connector_j Highest Product file name mysql-connector-java High Product pom url http://dev.mysql.com/doc/connector-j/en/ Medium Product pom artifactid mysql-connector-java Highest Product Manifest specification-title JDBC Medium Product pom name MySQL Connector/J High Product Manifest Bundle-Name Oracle Corporation's JDBC and XDevAPI Driver for MySQL Medium Product jar package name cj Highest Product Manifest Implementation-Title MySQL Connector/J High Product pom groupid mysql Highest Product pom organization name Oracle Corporation Low Product jar package name jdbc Highest Product jar package name driver Highest Product hint analyzer product mysql_connector/j Highest Product jar package name mysql Highest Product pom organization url http://www.oracle.com Low Product Manifest bundle-symbolicname com.mysql.cj Medium Product jar package name xdevapi Highest Product jar package name type Highest Version pom version 8.0.25 Highest Version file version 8.0.25 High Version Manifest Bundle-Version 8.0.25 High Version Manifest Implementation-Version 8.0.25 High
Description:
JSF 2.2+ utility library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar
MD5: 993acf6b529f85c8ee450973a4be8fa7
SHA1: 23422c1484c2fe9eded4d00ec1911e268254c3c7
SHA256: 882520f34ea645da9490232af4e932172a2478564db0b27fd7246643018e7d42
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest url http://omnifaces.org Low Vendor pom groupid org.omnifaces Highest Vendor pom organization url http://omnifaces.org Medium Vendor pom name OmniFaces High Vendor Manifest Implementation-Vendor-Id org.omnifaces Medium Vendor pom groupid omnifaces Highest Vendor Manifest specification-vendor OmniFaces Low Vendor Manifest extension-name omnifaces Medium Vendor Manifest Implementation-Vendor OmniFaces High Vendor jar package name omnifaces Highest Vendor pom organization name OmniFaces High Vendor pom url http://omnifaces.org Highest Vendor file name omnifaces High Vendor pom artifactid omnifaces Low Vendor Manifest implementation-url http://omnifaces.org Low Product Manifest url http://omnifaces.org Low Product Manifest specification-title OmniFaces Medium Product pom organization name OmniFaces Low Product pom name OmniFaces High Product pom groupid omnifaces Highest Product Manifest extension-name omnifaces Medium Product jar package name omnifaces Highest Product pom artifactid omnifaces Highest Product pom url http://omnifaces.org Medium Product Manifest Implementation-Title OmniFaces High Product pom organization url http://omnifaces.org Low Product file name omnifaces High Product Manifest implementation-url http://omnifaces.org Low Version file version 3.0 High Version Manifest Implementation-Version 3.0 High Version pom version 3.0 Highest
File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/fixviewstate.jsMD5: 24c2badf2e50107af44e7fd28c9836d0SHA1: 8f678cad084fe0ddb1cb590af25b97de5f3a58dcSHA256: e878fba7561765a61e8f13409bfb2d260ba430f4eed14b6d81ecce70f004a604Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/omnifaces.jsMD5: 3e6d3650c9686efc2cec9f171afe96cdSHA1: 8d9689b3e96643ea439fad9ca26621d93bfc9e6aSHA256: d64be3f545aacbffbcb7b06bf47ee85fe7ef61f3edfc88d92435c4ce09292387Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/omnifaces/omnifaces/3.0/omnifaces-3.0.jar/META-INF/resources/omnifaces/unload.jsMD5: 9b18e661eef08f977d0726118afc545dSHA1: 4ed89c14cfa22d1a8fd3c818814fec53095537e9SHA256: fb7742a9cf53fbc1040167a6576113751dea76dbac77f803180802deae698bc8Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
Description:
See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information License:
https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /root/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar
MD5: 51e70ad8fc9d1e9fb19debeb55555b75
SHA1: 4ed2b2d4738aed5786cfa64cba5a332779c4c708
SHA256: 775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor pom artifactid osgi-resource-locator Low Vendor file name osgi-resource-locator High Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Vendor pom groupid glassfish.hk2 Highest Vendor pom groupid org.glassfish.hk2 Highest Vendor pom parent-groupid org.glassfish Medium Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor pom parent-artifactid pom Low Product pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product file name osgi-resource-locator High Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Product pom groupid glassfish.hk2 Highest Product Manifest Bundle-Name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. Medium Product pom parent-groupid org.glassfish Medium Product jar package name glassfish Highest Product jar package name hk2 Highest Product pom parent-artifactid pom Medium Product pom artifactid osgi-resource-locator Highest Version file version 1.0.1 High Version pom version 1.0.1 Highest Version Manifest Bundle-Version 1.0.1 High Version pom parent-version 1.0.1 Low
File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/plotting.jsMD5: 4040bfdf03dbc750bb0f2c3b3622b585SHA1: 4dce360f428ae9637a2c0e10950c33edebe297caSHA256: 219f9b50bcbd66ab11629b2809e79c33c70f044273f82352f7b93c0357a3ced6Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
Description:
Apache POI - Java API To Access Microsoft Format Files License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/apache/poi/poi/5.0.0/poi-5.0.0.jar
MD5: 26fdce3977eccadf590c4cd6e796802a
SHA1: 68039007ca335269576dd526e16671c579045dfc
SHA256: 34794d5678a1b9d0b41e20eea310415f2b9b8414078c6bfcbbaeada1b92df6aa
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor jar package name poi Highest Vendor pom groupid org.apache.poi Highest Vendor pom artifactid poi Low Vendor pom organization url http://www.apache.org/ Medium Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium Vendor pom groupid apache.poi Highest Vendor pom organization name Apache Software Foundation High Vendor file name poi High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Apache POI High Vendor jar package name format Highest Vendor Manifest automatic-module-name org.apache.poi.poi Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url https://poi.apache.org/ Highest Vendor Manifest multi-release true Low Vendor jar package name apache Highest Product jar package name poi Highest Product pom organization name Apache Software Foundation Low Product pom artifactid poi Highest Product pom url https://poi.apache.org/ Medium Product pom groupid apache.poi Highest Product Manifest specification-title Apache POI Medium Product file name poi High Product pom name Apache POI High Product jar package name format Highest Product Manifest Implementation-Title Apache POI High Product Manifest automatic-module-name org.apache.poi.poi Medium Product Manifest multi-release true Low Product pom organization url http://www.apache.org/ Low Product jar package name apache Highest Version pom version 5.0.0 Highest Version Manifest Implementation-Version 5.0.0 High Version file version 5.0.0 High
Description:
PrimeFaces is one of the most popular UI libraries in Java EE Ecosystem and widely used by software companies, world renowned brands, banks, financial institutions, insurance companies, universities and more.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar
MD5: c672b0d6ea104e35b278d0db0535e656
SHA1: 784f963a01788b4c57cd12b5bb21529adf287649
SHA256: 007bdea064f20cecad6773442a08062149b197d8a57329d070d945c06274f0cf
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name primefaces High Vendor pom url http://www.primefaces.org Highest Vendor Manifest implementation-url http://www.primefaces.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest bundle-symbolicname org.primefaces Medium Vendor jar package name primefaces Highest Vendor file name primefaces High Vendor pom groupid primefaces Highest Vendor Manifest Implementation-Vendor-Id org.primefaces Medium Vendor hint analyzer vendor primetek Highest Vendor pom groupid org.primefaces Highest Vendor pom artifactid primefaces Low Product pom name primefaces High Product Manifest implementation-url http://www.primefaces.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title primefaces Medium Product jar package name filter Highest Product pom artifactid primefaces Highest Product Manifest bundle-symbolicname org.primefaces Medium Product Manifest Bundle-Name primefaces Medium Product jar package name primefaces Highest Product pom url http://www.primefaces.org Medium Product file name primefaces High Product pom groupid primefaces Highest Product Manifest Implementation-Title primefaces High Version pom version 6.2 Highest Version Manifest Implementation-Version 6.2 High Version file version 6.2 High
Published Vulnerabilities CVE-2019-11358 (OSSINDEX)suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.primefaces:primefaces:6.2:*:*:*:*:*:*:* File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/validation/beanvalidation.jsMD5: 07f5d5dd6d5f55ab616d5cca7eedb19aSHA1: 8c679a6b27b493302cf670da9bd57a1d7c63f6edSHA256: b161e729b507f2a53fca68bfca4cae4d9303b4449ccd48e197d1e070ba42f0b4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/captcha/captcha.jsMD5: f77d77357f9a20996fda56b4dc5d647bSHA1: 356bf9da5ccd514fe41d74e3608e715256940010SHA256: e2a4df82d43a6ae66032387bb34babebe1ceb18cff2dcf5f996a3877c9de54e7Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/charts/charts.jsMD5: 5c58187edf60cc3540af95c96db5d99dSHA1: b74cd760c0a5965c16ecc583382638b0d2eeec68SHA256: 6a531314987b1138d46868b666bf7215bace6478bb8e0a404e213a94bbd7639eReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/clock/clock.jsMD5: 1b7272c33be646463a4350afa8e32584SHA1: 8735a522f56ddf4ef49d3eb1223e128373331761SHA256: 9df987a3fc1cdc8d57e9f87bc2be1056b5630669c2df72e30e08222006e81755Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/colorpicker/colorpicker.jsMD5: 011022af86017bf9c5e6956dd604dd57SHA1: 7f2105aca3da9b3efa181a2a58cf5e3378cc9716SHA256: bd6175707ded8c6503665e4d6586d1d7b89360277a2aebdc8225f3f63da71f54Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/components-mobile.jsMD5: 86d32f163464cf4fe09b9a03fd593ee4SHA1: 63f96d871450cde492a44bc89b70875eee533207SHA256: d4a3cae429d1d7f16de0d31d27a4157af00075dc9573392ebc61235481b59962Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/components.jsMD5: 9afc68c928760934a66f9b24fb588d64SHA1: 20c299c0e2f9102d5ec18103cb1db71b878b629dSHA256: b1bae460fb4e8c2fbf08da925bc45343d97b338ba4b6d3e2f656cf405abb9a11Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/contentflow/contentflow.jsMD5: c8d9cdf5711a39be71dd5ae2747f8fc9SHA1: 89baf86d5e387eb7b5ad7dbc067e954db322482bSHA256: cb3bac6685e19416a5d16d65c75320e74fb49c6d31f21b388a975982183cc52fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/core.jsMD5: 9149e1c020cc9ea2dc90fb9e6406e1d5SHA1: 5c56be02171ed77ef5f3a8df70519e6c4a219df3SHA256: acbbbe04cf5e39536a556402dfe5ac8df6c0f8da7ee38ed2b3b5d04a03a04613Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/mobile/widgets/datepicker.jsMD5: b23740c8959ce614b37962e373731a2cSHA1: a752ab0bbd3ff4800cebfa7880ea04831c425ae1SHA256: c1c1737219ab9f78fc3ca1a198c64fcf136c0d9c929e0e982fc979d72b03a79dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/diagram/diagram.jsMD5: 47559949ff1d19b79a4949752e755263SHA1: 6c40d71e01f403ae6b961604f442a3a2d0ff9398SHA256: bb45c7370b3e7cba8592fa2f9bc8316717e748a969eaee42b758eb2554012009Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/dock/dock.jsMD5: 776ff3f68aeee7d70c0a7b6ca4cbfc14SHA1: d080536c1c00cd46b4ba72749e1cca89d9b5fec8SHA256: cefaeb57f1055c2e8a28d870691aca4ab83a52a8e9fba531667bb7f6e03c4356Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/editor/editor.jsMD5: 03327b0eec98503c7d6df63eaf99334bSHA1: ae61199bcc34f65caa9d3c558ac938121e6c2393SHA256: b075210f7b5f5c12148e3c44e022462c0097bd9c7fd62b783e76e85063fd5863Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/fileupload/fileupload.jsMD5: 5b467c8663e184340c87fa218a718eeaSHA1: 42414b666cf36eee1ab32e4e8f1e11fb7e0af4f0SHA256: baadc9125a777bb9323521565bdb59c8f1ff35eb4dcce037aee8fad41277858cReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/galleria/galleria.jsMD5: 5844c2920cd79afca014cd80f189c955SHA1: bcbf2fc5bae139bc80d56a5f93e250e466e0deedSHA256: 53ca1fe107263952bc5064ed5d8fac5ddd839f7b93369c2c5665aa966c604756Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/gmap/gmap.jsMD5: a2250153e2588160e7f35a66d49c96f4SHA1: 36e232ddb88865e8b91bf3887edcd4d8b782a2a4SHA256: 57c8e3d1b4e2ef0bf9e86f18ffd95c801b1756baab0da2d7a5e29e3aa5576d3fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/hotkey/hotkey.jsMD5: 3ec16aa44d720657743fb21b8843a42aSHA1: 63585295acaccefa397927146cdf66dd4e61b2d1SHA256: aa45349925767e946b92475663269f3388b684612caf430e23e5080c60d617dfReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/idlemonitor/idlemonitor.jsMD5: 6990d5c536f250a2e9614a7f9f843874SHA1: e7f1256e8315365d22e788681049b749b021ad56SHA256: 68d1e5bee841da9e6d273da8f39ce1d8fb61ff0eabf1ad6d609000e28e68b521Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/imagecompare/imagecompare.jsMD5: cad71f0b2a19194a75c72a12d87e2ad1SHA1: 0278150105abcae6653b5b4c826456df75b17072SHA256: b9764d322c7df4da3bc5f3a68c8b865d32e3e3971d5501e398473221154302feReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/imagecropper/imagecropper.jsMD5: 8bc69ab8d05ce5498d0fcb32f2bc3e84SHA1: 89842195cab5f49b1de5122ee241d5b4eed0cc68SHA256: 9e2c3860a9fcfa55a1330d8dd1d2953d4f3a4245f9dac13b0f7df0856b01504fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/imageswitch/imageswitch.jsMD5: f853e3f43ea19e3660feeb60e9616929SHA1: 017dbed88eb59a51ea3fd2af193cee2a20b80d1dSHA256: 0d080b090caa17e01316a274428b6f623a46d6e1a1eb9e2a2c0f3fbfe45a8006Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/inputnumber/inputnumber.jsMD5: ff5601218bffc58152497abda481c9f6SHA1: ff59f78cfeca8bcd0172c897372a71434992cddfSHA256: 295d453085c94830f6b7e876ba60bb169ae752e4ccd13d9e4ad5b948368ac4d2Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/inputswitch/inputswitch.jsMD5: 511b6df4857fb89ec7b0d724a204ce32SHA1: e6c6682cd876734fe59e6a1dc35c2e8d534c38e6SHA256: a26b49801df712146cf8de4e4283791a788c6591aff6c955b8326347602c20c5Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/mobile/jquery-mobile.jsMD5: 921db2a30e54bf30c12f4b1c386c005cSHA1: 49bf05e9778420797f3178788db20ff7b65e0c6bSHA256: c9a84439e488680eaaeb1890ee2adad0460655bea7c4611d8201f1be7763d39dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/jquery/jquery-plugins.jsMD5: eb45bf294d57dda1e69abfda476970e3SHA1: 9b633a3fe5e4228fdbe638bfbe691c9a3068b9edSHA256: 54e9fc788d0725a66cab8bc860c28cbc5c033657fccb04bbf4e087338a5fa4acReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/jquery/jquery.jsMD5: 4e6fa574d2e2a3243da0b6fdf069a823SHA1: b86cfcacbb15dd5671b3dc95c7396a32b80f265aSHA256: 90d7c57f39e9c93fd77f5a92d07a6967eedd61fba40c0f3de80bd5105d96a5c8Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 3.2.1 High
Published Vulnerabilities CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/mousewheel/jquery.mousewheel.min.jsMD5: a19660331d2924f8cabf797593582e42SHA1: 854d8ef9e717c513c29e87b422149fa253b636c0SHA256: d32437988bc7da1a0ee7856876ac50943cb639b20505fad3a0d4f00c25329cc4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/keyboard/keyboard.jsMD5: 27c89455e4d9ffa0e68b1341235ca820SHA1: b699059062a6ae84f57415f2847c6e77e7a438fcSHA256: df4464fcd5c843ab69ac901e7b6b3e345d8b91307ab3da3f3b80ea867a80a792Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/keyfilter/keyfilter.jsMD5: 85b24c28db15874e9ade5d6e04a5de71SHA1: 91b0472294804ae3dff5bf165c78f1e2b3bda879SHA256: 413b0c794363eefdee1efd14378c7bfc7e12e9ba28d04442446f9e36b5a395c9Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/knob/knob.jsMD5: 9010c465516faee5e2275661631a4ff2SHA1: e55b606ee2dc6558c424b74b7a8a6a4e0dfdc2f7SHA256: 2e6ad3fe4e308b929957203c3625f1477a3abf68c04b39234d96433c196b4900Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/layout/layout.jsMD5: 9e7cf88365a336e00254a53beb785bd3SHA1: 358266619a3627b66e8ca49870417ae2ce37e303SHA256: af8a56b1751e44582383fdc6891a3d4dd2b457e12cf23d84ee379f01e9140fe5Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/lifecycle/lifecycle.jsMD5: 9627c1e2d672df7f7f2c26498278b606SHA1: c382df2afdd378164416b829074e7c2bb8780da8SHA256: 553b35162fcdc9aafce567ee18a8c501daa5b5c2f1a6634d6cb7618e6aef7572Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/log/log.jsMD5: 1190223bc485e58c760a0fb104d451acSHA1: 3dc24dd0f24ede52341bf8e6fdc3aad7ec7b2865SHA256: b8c8953932f206b0e573e38b4a40fda53ef404ed4f6eeb07d6fca596810bac9aReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/mindmap/mindmap.jsMD5: 7797c61ce56e0b8a3e9e758aee33b43dSHA1: c456efcfb7831d92c1e200997e1a46acf60fdbcdSHA256: 669d96ab02e0d088fde1cb30d04ff19ee6c8ca9f97f34e169757d16dbcf07962Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/moment/moment.jsMD5: 98984a809a8cc5ea49dc7f424e3b2d5eSHA1: 74a4a8f99ed9fcc7f1e01b10fb5b52cf13ae11fcSHA256: cccb9a921f3c7b9b4446a960977ccccd83cd256e7bc7686631119f7ef1d245a2Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/organigram/organigram.jsMD5: f85152039ae4d2f1a8a95a8c7967aa5bSHA1: 6a7ecadced3add71bdf0043edfa55e9e63fa1b36SHA256: 283e72007ec7f6ccaae943a358b088b7348a2a7be9b872c08e11db44ff5441a8Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/photocam/photocam.jsMD5: e2a8a452b85b84ad08f765196ab390d8SHA1: 514201313bc0fe3d146630709aec3ce68bc17aaaSHA256: 7ba5d89cfd09cd085153d510c539a03d5227999208efe0dae9e7bd0d98672e70Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/printer/printer.jsMD5: 801ede269c4e55613a8bfc3651a88234SHA1: f2960f324c61050523c094d94061fdaddcede496SHA256: 06ade631079e3aa711cb7cb56f8f8cdb81f77efcb75b10b311f21c6f8d1ab01bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/raphael/raphael.jsMD5: f6d76d75ffb57b71e2b49ee1e613990bSHA1: e87839ecb03847547c1f7d174e3019b2e8cac88fSHA256: 912889c2c44c303f7d08918816a5390a255788f1f7fa827bc91c9eedf255369dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/ribbon/ribbon.jsMD5: e20363c3eba3abe543419b99105c1492SHA1: e28da8b53ccaeafe210b16b28060c8b40396c966SHA256: 1ced20e3352796edde12c56f8c4ce12d6b7e58bec2e5716e5c199bd224a5431fReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/ring/ring.jsMD5: f8bea47761887836c0d8a0f1641cc862SHA1: 1f9daaf9e1b3c8191536a85ff587f2eafb1200a6SHA256: b0edd1950427161e18c1a2a83197b645d3b1174f093774f01a92db592c6f0142Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/schedule/schedule.jsMD5: ad3c0f0cc8637280850a217895ce9fa1SHA1: 0c8440ce8bd69b0807c667180df4b3ea78b11bb8SHA256: f2d3fb82f70f38a08631b279acf2b09eee5f4d731fde5ff125c856341b60f948Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/scrollpanel/scrollpanel.jsMD5: b4b7ba9c7337af83694d569ad1557199SHA1: f0f0e09848a02db156c6bd7f60adc69eb30f3bb9SHA256: f1ca242c6c2209c3e007cf27299a2b23063e67433df1bfe6d7e5f296261f346dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/signature/signature.jsMD5: 7917d45e90a0b02423b7b1581e53dc9fSHA1: 1388a8e2f3cdba67893ee8ad34696d9054f6582cSHA256: 21658393ab97642720735b897d1e854815fec822f48d21ebe602265055cd2650Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/socket/socket.jsMD5: fc4bc332d47bf389c6dbe6485934c8e0SHA1: a5eab2ef8dd5b6e77923fc1e43b6ee2318270856SHA256: 7910ddc8920f98cec43047e13b183cbed9d9111f0b6d7f7533ca5b133bb53200Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/stack/stack.jsMD5: a54aad057e55ae776353ac26fefdb52fSHA1: 7b2f9b0f672585f8171bb22c8df5eb509ff9cecdSHA256: 81908db529ecbf178975923066c65fb71ae6861c87de16b8a2b3e9cfee08b1fdReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/terminal/terminal.jsMD5: 2cd34e4de873ce3234ef0aa24c9ba832SHA1: e84d128de5691195eceab1094776a7fb80fc4c34SHA256: fd8ecf8ac619c03b0fc99c9d2f1a19f533c3ecdae975e7b65e7d639ec4f156e7Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/texteditor/texteditor.jsMD5: fd1bac8c6bdc43d5bdf8408702450f00SHA1: b29b5549bfad1b16e9bc8c04b3bfdfc02aa5ea4fSHA256: e0627404969b63378b68b6c445d9737a61dca4cfef42da06097cd6367cc84425Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/timeline/timeline.jsMD5: 0f7f26ce5705de7c19486d38e3a3475aSHA1: abb46b8deda2f622f3253c0c6c3fe7e0591a5f14SHA256: 9402f9a6eb79831a27e0f45901065361aec42d6d4b149f2184fcc8f07174bf8cReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/touch/touchswipe.jsMD5: 6f38c3f2a756c8b947eb00dc86826944SHA1: fd78cf40dcc11ca868195fc891027c22256746e1SHA256: aa248a002e1a43c44ed11fbe0652d54c3fe07f06e6a668f27d759467130ac70eReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/validation/validation.jsMD5: 46a598b742aa14102b1419f95b2c6aa1SHA1: 659108409bf370703a47ecf8a7138d1bf975b1bcSHA256: c017958f38ca1e1dd84015df013b0ac04b428ff7d9cfc61d0ebc944adcc7dc55Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/primefaces/6.2/primefaces-6.2.jar/META-INF/resources/primefaces/watermark/watermark.jsMD5: e8f78b7aeb9de00cffbc206ed609d55cSHA1: f07a5bfbcaa94dc7a6ddae96b0d01f7cf8365efdSHA256: e5a6c207a3153f5650a788e557e1d67626f2f6035f602503b1d54d6a8151e95aReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
Description:
PrimeFaces Extensions Project for Maven.
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jarMD5: a5143052720a1cf3434a528ac679e656SHA1: 57df8d4d1d63a9ae3c3ca5734fbd47273975ce28SHA256: 2fbc4044b92f59da3dd88924627c72aa4aac892217e4927ca373b997450ae1f7Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest implementation-url https://github.com/primefaces-extensions/primefaces-extensions Low Vendor pom groupid primefaces.extensions Highest Vendor Manifest Implementation-Vendor-Id org.primefaces.extensions Medium Vendor pom groupid org.primefaces.extensions Highest Vendor jar package name primefaces Highest Vendor Manifest x-compile-source 1.7 Low Vendor jar package name extensions Highest Vendor Manifest x-compile-target 1.7 Low Vendor pom parent-artifactid master-pom Low Vendor Manifest bundle-symbolicname org.primefaces.extensions Medium Vendor pom parent-groupid org.primefaces.extensions Medium Vendor pom artifactid primefaces-extensions Low Vendor file name primefaces-extensions High Vendor pom name PrimeFaces Extensions High Product Manifest implementation-url https://github.com/primefaces-extensions/primefaces-extensions Low Product pom parent-artifactid master-pom Medium Product pom groupid primefaces.extensions Highest Product Manifest Implementation-Title PrimeFaces Extensions High Product jar package name primefaces Highest Product Manifest x-compile-source 1.7 Low Product jar package name extensions Highest Product Manifest x-compile-target 1.7 Low Product jar package name github Highest Product pom artifactid primefaces-extensions Highest Product Manifest bundle-symbolicname org.primefaces.extensions Medium Product pom parent-groupid org.primefaces.extensions Medium Product Manifest specification-title PrimeFaces Extensions Medium Product Manifest Bundle-Name primefaces.extensions Medium Product file name primefaces-extensions High Product pom name PrimeFaces Extensions High Version file version 6.2.10 High Version Manifest Implementation-Version 6.2.10 High Version pom version 6.2.10 Highest
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/documentviewer/GruntFile.jsMD5: d1e0ac7464ee012c6f74cbc014deada8SHA1: b95b3313079fbf31d659019b477a2fad0458381eSHA256: f362360d9cfb148bfc2e55380145ba7fe89beb60ae267414b7a048dc362a71b2Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/blockui/blockui.jsMD5: 2883cb5031386cb6ed5129453d4b9fb9SHA1: d7d6ed84814c8c815c003ca866b5bf42a5354172SHA256: 5b11dfcfccb812c51c1a2c6e1d3164302e28c2fc2c973da89e054d2ba22435eaReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/calculator/calculator.jsMD5: edc2e32ef4b0ed81d1b220e2cce56f23SHA1: da3e7ad69722e8ebd6d0094dca3eb18f428ad71aSHA256: 97948d66632e3e20f94fb060182206f40a8e2cbd0a49dbf5c05634799ebf038cReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/clipboard/clipboard.jsMD5: 61b444422936c0a7f3391ce88b1f506bSHA1: e3f60d7beabd4aad28bd1019a9eb79537e6c8260SHA256: a02367bd28c7442009496d039a48915fed45debfc7c016bb0f512f76bc254730Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/codemirror/codemirror.jsMD5: 31c99f73e305c9405c38fd9fc61e941eSHA1: d1ca70640de90993e586fd2b53aba74f3c3bf356SHA256: 66878e98c7b8fd4bc3f834d5ea22100708f06b428c6beddeac9a36bfce20ee47Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/fluidgrid/fluidgrid.jsMD5: 04a212ac632ee10bc6cc3f7c6b5a7192SHA1: df95ae751fc458de7b1f2266185ecd165e53116aSHA256: 925e3464040cb7eaec317d4aceddbdb0e6c7db66456c41474189917e5f859825Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/github/github.jsMD5: c499002fa45b04dff82037f76dc00f92SHA1: 7e3b5d7c80aeebc93a0ae1425bd33f1e1b90bee3SHA256: 9de0a28a78a9f909d1e84b9485332cc3e6a14f5a25d99be57b45c11196bbcfbcReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/imageareaselect/imageareaselect.jsMD5: fd8279d6589c631dcfd9a5af7470607bSHA1: 998eca64025f56ceedc4172c431e8513896aa4a5SHA256: 4d656ad551bd8ff24af2ae83abc5751a40e7187bf2ae13ab10964ebfc0d5c193Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/layout/layout.jsMD5: 913272913702a69a0d1c245cf6c97575SHA1: efa035ab56a32581a78656c9c41cf83c9dc0126bSHA256: 271ce15ccf6964a2da3766d222dfc106403b6e4ef6ef98cca375720b8f43c526Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/orgchart/orgchart.jsMD5: 1a791601e34835fca61319f26f5dc64fSHA1: 302915e423e2c8238a36b27cd30912f9629eb031SHA256: 32d3fccfcceaf04387b2514c9793f47f2aa53f94f188f08001b3276b69910aa6Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/documentviewer/package.jsonMD5: cc47c26fa9282c0fda67533f7e1bed46SHA1: a99958a91092f693167e55a16fedc92967e5988eSHA256: bbeb4aaba28cedec582c85efd3ec3f0174a6ae646580f1c1dbb4e2fc0073dd3aReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/documentviewer/pdf.viewer.jsMD5: ca5ce40684715d2e8cf88a07bc16aa2bSHA1: 34217e366b2171dbcf913f1a5643f447ce54d8cbSHA256: 77941e2354498ec2c49ce4072901fe9cab0643246238fd0f1a3bb753af1a5fe8Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/documentviewer/pdf.worker.jsMD5: 6a30ef89c4449fc63d2c8badfb32b9a9SHA1: 9ca77dc6aacc3d78ff4876b15cbd288f0e465116SHA256: efd9cf99d27c0775845f3edc1eb09f729f2f154c785d189e1a452cbb8c071f36Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/primefaces-extensions.jsMD5: bf8978ecb1b18c798d010199ab2c5e5fSHA1: 8e981a646fac35f850f121e59791363e0ad815e3SHA256: 966fe0c23887d4883e1bd6ccd032a0a697ca0e499b482c4e8a13d6656a4f02d4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/qrcode/qrcode.jsMD5: fc772f18430f0095dfd4e1ed7934b040SHA1: 7ef4e627836d6f8b7fbe7d098b4fb0955107ee8aSHA256: e84e71b003b0dd7f788d1be5ad2ae2568fad9153f6719be721c80f5f3909fb67Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/sheet/sheet.jsMD5: 0f0b88c8862361c05cff93997a2bc9c0SHA1: d6c304bb47cf97e67ce867ab905037b5bba450daSHA256: 7f2713f4ea47aadf5414c56c83196987c7ce71e02d8ec6b80a210a09eccfcb81Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/slideout/slideout.jsMD5: 3a51a2c6e14944ab28992b515d913b8fSHA1: d81ec39567b79f54a5c33fd590555e14aa323315SHA256: 1d8cc37bb10a7c36da915335ded2410db025330b99495dc5c9ebc8004dc83ba4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/social/social.jsMD5: 57517a9d56686f33959873b65a18ebc3SHA1: d534f9b35f96683c07ac95622f0e64a71172a39bSHA256: 6a91309aa9c5f08bb1aaede91b8321821108c64e5904dc89bc5b1d566a68ce8cReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/speedtest/speedtest.jsMD5: abf0ea3eaffb28faaa7c593a9e3e00dcSHA1: 6d4acac6e37952ce93e0253861d2e591aca1f92dSHA256: 5f0f623618e23f57898142e1bb1e880cacb7b54e575627271f29f475b4587fa2Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/timepicker/timepicker.jsMD5: 70c99b95d8253aecc8e64dfe68fa87f1SHA1: d1913daaa13111a47aa145acca5bf4392cf55568SHA256: 86f3687dd7fa201f5fe118c095ea97baa2fd994d99fe0af340d54319be818425Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/timer/timer.jsMD5: 652be256543e803423cb5df80c6aff47SHA1: 3feb086821cfb410affce39ba5bbef87298f3200SHA256: 49f6d8c587dccf6fc98ab7eba74e6bd779aee1f27e4f9f580981b913323ff661Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/tooltip/tooltip.jsMD5: 9de3163363508cc6838ece08a1b61c3eSHA1: 8b8813a47a2b42bf56a8bc67cb6103a288c3ddd3SHA256: 2028dd9f72f0b6b66b2c73bca4b1180086cb775e5501b30305f8521b3649ec74Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
File Path: /root/.m2/repository/org/primefaces/extensions/primefaces-extensions/6.2.10/primefaces-extensions-6.2.10.jar/META-INF/resources/primefaces-extensions/waypoint/waypoint.jsMD5: 5229c01a17d799c8fdea9e94a7ca9d92SHA1: 1a187acf2b9f04716a2748e0e871bf249b13839fSHA256: d37c0fdf8ee335edac6712038fd7187c6f495fd8e217d17eaffa4cac4a4bcae4Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence
Description:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
License:
https://opensource.org/licenses/BSD-3-Clause File Path: /root/.m2/repository/com/google/protobuf/protobuf-java/3.11.4/protobuf-java-3.11.4.jar
MD5: c4ceefed77d79affded2a1302e74606d
SHA1: 7ec0925cc3aef0335bbc7d57edfd42b0f86f8267
SHA256: 42e98f58f53d1a49fd734c2dd193880f2dfec3436a2993a00d06b8800a22a3f2
Referenced In Project/Scope: gotrack:runtime
Evidence Type Source Name Value Confidence Vendor pom groupid com.google.protobuf Highest Vendor jar package name protobuf Highest Vendor pom parent-artifactid protobuf-parent Low Vendor Manifest automatic-module-name com.google.protobuf Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom groupid google.protobuf Highest Vendor pom name Protocol Buffers [Core] High Vendor Manifest bundle-symbolicname com.google.protobuf Medium Vendor pom parent-groupid com.google.protobuf Medium Vendor pom artifactid protobuf-java Low Vendor file name protobuf-java High Vendor jar package name google Highest Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Product jar package name protobuf Highest Product Manifest Bundle-Name Protocol Buffers [Core] Medium Product pom artifactid protobuf-java Highest Product pom parent-artifactid protobuf-parent Medium Product Manifest automatic-module-name com.google.protobuf Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom groupid google.protobuf Highest Product pom name Protocol Buffers [Core] High Product Manifest bundle-symbolicname com.google.protobuf Medium Product pom parent-groupid com.google.protobuf Medium Product file name protobuf-java High Product jar package name google Highest Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Version file version 3.11.4 High Version pom version 3.11.4 Highest Version Manifest Bundle-Version 3.11.4 High
Description:
The slf4j API File Path: /root/.m2/repository/org/slf4j/slf4j-api/1.6.6/slf4j-api-1.6.6.jarMD5: 17ba6715f5defd50b2e781201f57b408SHA1: ce53b0a0e2cfbb27e8a59d38f79a18a5c6a8d2b0SHA256: 43456b2ee31529a9c512d581e53e285c65feddec204a2c146945e032b07810baReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid slf4j Highest Vendor pom artifactid slf4j-api Low Vendor pom name SLF4J API Module High Vendor pom parent-groupid org.slf4j Medium Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Vendor pom groupid org.slf4j Highest Product Manifest Implementation-Title slf4j-api High Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product Manifest Bundle-Name slf4j-api Medium Product pom groupid slf4j Highest Product pom name SLF4J API Module High Product pom artifactid slf4j-api Highest Product pom parent-artifactid slf4j-parent Medium Product pom parent-groupid org.slf4j Medium Product Manifest bundle-symbolicname slf4j.api Medium Product pom url http://www.slf4j.org Medium Version file version 1.6.6 High Version pom version 1.6.6 Highest Version Manifest Bundle-Version 1.6.6 High Version Manifest Implementation-Version 1.6.6 High
Description:
SLF4J LOG4J-12 Binding File Path: /root/.m2/repository/org/slf4j/slf4j-log4j12/1.6.6/slf4j-log4j12-1.6.6.jarMD5: 00e5efbc17122d31a1c02c179e6d6e0bSHA1: 5cd9b4fbc3ff6a97beaade3206137d76f65df805SHA256: 1e44890f21765cb92aeeda2e62b72ae37be230193880e9a8b7b768fde1a10b2cReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor file name slf4j-log4j12 High Vendor jar package name slf4j Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor pom artifactid slf4j-log4j12 Low Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J LOG4J-12 Binding High Vendor Manifest bundle-symbolicname slf4j.log4j12 Medium Product Manifest Bundle-Name slf4j-log4j12 Medium Product file name slf4j-log4j12 High Product jar package name slf4j Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product Manifest Implementation-Title slf4j-log4j12 High Product pom groupid slf4j Highest Product pom parent-artifactid slf4j-parent Medium Product pom parent-groupid org.slf4j Medium Product pom name SLF4J LOG4J-12 Binding High Product Manifest bundle-symbolicname slf4j.log4j12 Medium Product pom artifactid slf4j-log4j12 Highest Product pom url http://www.slf4j.org Medium Version file version 1.6.6 High Version pom version 1.6.6 Highest Version Manifest Bundle-Version 1.6.6 High Version Manifest Implementation-Version 1.6.6 High
File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/term.jsMD5: 14ad2e406311c5618e73131498efcd97SHA1: 774fedc9720b93a38d2b728523277fb603fb49d6SHA256: 8c2f65cf6f797433160acd272c1438e6991aee3fa9883562c50a50d671cee807Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/trends.jsMD5: cbd272f095dbeebc9672469aa91fb598SHA1: a09f229f4c26ae679b9e4402247b6b06c12c10c6SHA256: dbd7bff5f5062bff751b00d59704331928e3a69a31df6c0ec9bb451cd1b0d57aReferenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
Description:
The Trove library provides high speed regular and primitive
collections for Java.
License:
GNU Lesser General Public License 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt File Path: /root/.m2/repository/net/sf/trove4j/trove4j/3.0.3/trove4j-3.0.3.jar
MD5: 8fc4d4e0129244f9fd39650c5f30feb2
SHA1: 42ccaf4761f0dfdfa805c9e340d99a755907e2dd
SHA256: 3c8616203d61a12a7e3487e8b34f3c198c2b5ba9e90da0c7ea32d99cd4958012
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom url http://trove4j.sf.net Highest Vendor pom artifactid trove4j Low Vendor file name trove4j High Vendor pom groupid net.sf.trove4j Highest Vendor Manifest implementation-url http://trove4j.sourceforge.net/ Low Vendor pom name GNU Trove High Vendor jar package name trove Highest Vendor jar package name gnu Highest Product pom url http://trove4j.sf.net Medium Product pom artifactid trove4j Highest Product file name trove4j High Product pom groupid net.sf.trove4j Highest Product jar package name trove Highest Product Manifest implementation-url http://trove4j.sourceforge.net/ Low Product pom name GNU Trove High Product jar package name gnu Highest Product Manifest Implementation-Title Trove High Version file version 3.0.3 High Version Manifest Implementation-Version 3.0.3 High Version pom version 3.0.3 Highest
File Path: /space/scratch/vavilov/sonar/gotrack/gotrack/src/main/webapp/resources/js/utility.jsMD5: 35fd1ed10e1e7e84f93d73b1d901e055SHA1: 5fca54fd9a39fb246385a3ecf66b295dfbf1495bSHA256: 7e900c2cb048f23dc57bdc71c34b5040e2b2c3f46ff74d42798dea2795968ff1Referenced In Project/Scope: gotrack
Evidence Type Source Name Value Confidence
Description:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid validation-api Low Vendor jar package name validation Highest Vendor file name validation-api High Vendor pom url http://beanvalidation.org Highest Vendor jar package name javax Highest Vendor pom name Bean Validation API High Vendor pom groupid javax.validation Highest Vendor Manifest bundle-symbolicname javax.validation.api Medium Product jar package name validation Highest Product Manifest Bundle-Name Bean Validation API Medium Product file name validation-api High Product pom url http://beanvalidation.org Medium Product pom artifactid validation-api Highest Product jar package name javax Highest Product pom name Bean Validation API High Product pom groupid javax.validation Highest Product Manifest bundle-symbolicname javax.validation.api Medium Version Manifest Bundle-Version 1.1.0.Final High Version pom version 1.1.0.Final Highest
Description:
This jar bundles all the bits of Weld and CDI required for running in a Servlet container. License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar
MD5: 658b6bd2068e969455f22b5df8858d22
SHA1: bacd758ab16bf9019d736f02adf147893ecf1a21
SHA256: 91633c1c2c884718eaab48c90f464d7e959706543b7b32a9d042f3742c8b7747
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor jar package name jboss Highest Vendor pom artifactid weld-servlet-shaded Low Vendor file name weld-servlet-shaded High Vendor pom parent-artifactid weld-servlet-parent Low Vendor pom groupid org.jboss.weld.servlet Highest Vendor jar package name container Highest Vendor pom parent-groupid org.jboss.weld.servlet Medium Vendor pom groupid jboss.weld.servlet Highest Vendor jar package name weld Highest Vendor Manifest build-time 2021-04-14 09:41 Low Vendor Manifest multi-release true Low Vendor jar package name servlet Highest Vendor jar package name org Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom name Weld Servlet (Uber Jar) High Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest scm 17845156fd81a921bf0be03c7f0497d2f52bf244 Low Vendor pom url http://weld.cdi-spec.org Highest Product Manifest specification-title JSR-365 Contexts and Dependency Injection for Java Medium Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product jar package name jboss Highest Product pom url http://weld.cdi-spec.org Medium Product jar package name contexts Highest Product file name weld-servlet-shaded High Product jar package name container Highest Product Manifest Implementation-Title Weld Servlet (Uber Jar) High Product pom parent-artifactid weld-servlet-parent Medium Product jar package name 11 Highest Product pom parent-groupid org.jboss.weld.servlet Medium Product jar package name weld Highest Product pom groupid jboss.weld.servlet Highest Product Manifest build-time 2021-04-14 09:41 Low Product jar package name servlet Highest Product Manifest multi-release true Low Product jar package name org Highest Product jar package name injection Highest Product Manifest build-jdk-spec 11 Low Product pom name Weld Servlet (Uber Jar) High Product pom artifactid weld-servlet-shaded Highest Product Manifest scm 17845156fd81a921bf0be03c7f0497d2f52bf244 Low Version pom version 3.1.7.SP1 Highest Version Manifest Implementation-Version 3.1.7.SP1 High
Description:
APIs for CDI (Contexts and Dependency Injection for Java) License:
Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/jakarta.enterprise/jakarta.enterprise.cdi-api/pom.xml
MD5: 5f487e3d6c6b2b44a1255f7028d1abc3
SHA1: 5a1c494ec0b0a395028b127328c3bc17e79f796d
SHA256: d49d9e9e1f24b3f0675d4d769204d0bfc916bd119c556f9cedead8252623e2db
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name CDI APIs High Vendor pom organization url https://jboss.org Medium Vendor pom groupid jakarta.enterprise Highest Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom organization name JBoss by Red Hat, Inc. High Vendor pom artifactid jakarta.enterprise.cdi-api Low Vendor pom parent-artifactid project Low Vendor pom url http://cdi-spec.org Highest Product pom parent-artifactid project Medium Product pom name CDI APIs High Product pom url http://cdi-spec.org Medium Product pom artifactid jakarta.enterprise.cdi-api Highest Product pom organization url https://jboss.org Low Product pom groupid jakarta.enterprise Highest Product pom organization name JBoss by Red Hat, Inc. Low Product pom parent-groupid org.eclipse.ee4j Medium Version pom parent-version 2.0.2 Low Version pom version 2.0.2 Highest
Description:
Jakarta Dependency Injection License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/jakarta.inject/jakarta.inject-api/pom.xml
MD5: 8862afd594b94c89ea22d767fa4e6015
SHA1: 909685ee06ffe998a06b8912ef18beb50ee7ff49
SHA256: aa049034c07272af8358b1f698f04ac22bc88b37e3e7260dbbc2e9246985df9d
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jakarta.inject Highest Vendor pom url eclipse-ee4j/injection-api Highest Vendor pom artifactid jakarta.inject-api Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom name Jakarta Dependency Injection High Vendor pom parent-artifactid project Low Product pom parent-artifactid project Medium Product pom groupid jakarta.inject Highest Product pom artifactid jakarta.inject-api Highest Product pom url eclipse-ee4j/injection-api High Product pom parent-groupid org.eclipse.ee4j Medium Product pom name Jakarta Dependency Injection High Version pom version 1.0.3 Highest Version pom parent-version 1.0.3 Low
Description:
A bytecode writer that creates .class files at runtime License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.classfilewriter/jboss-classfilewriter/pom.xml
MD5: d32e5fbd576480eefcce4f4a76109879
SHA1: 338b63ee5ffd67b2cb6042d94df726ce23531c71
SHA256: f874dbd47c8784ada850202da0a40478d677ad0934d8da4c4f392b8b5304fd3e
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jboss-classfilewriter Low Vendor pom name classfilewriter High Vendor pom url jbossas/jboss-classfilewriter Highest Vendor pom parent-groupid org.jboss Medium Vendor pom groupid jboss.classfilewriter Highest Vendor pom parent-artifactid jboss-parent Low Product pom name classfilewriter High Product pom url jbossas/jboss-classfilewriter High Product pom parent-groupid org.jboss Medium Product pom groupid jboss.classfilewriter Highest Product pom artifactid jboss-classfilewriter Highest Product pom parent-artifactid jboss-parent Medium Version pom version 1.2.4.Final Highest Version pom parent-version 1.2.4.Final Low
Description:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.logging/jboss-logging/pom.xml
MD5: 771557c931d56ef3da2cefc948ef2165
SHA1: 9d82f8eea1b5ed484775517d7588e320f9f7797a
SHA256: f711f40e16ac3ea4807a33456122c9bb112d27845e7dcc688558d34831ca92b9
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.logging Highest Vendor pom parent-groupid org.jboss Medium Vendor pom artifactid jboss-logging Low Vendor pom url http://www.jboss.org Highest Vendor pom parent-artifactid jboss-parent Low Vendor pom name JBoss Logging 3 High Product pom artifactid jboss-logging Highest Product pom groupid jboss.logging Highest Product pom parent-groupid org.jboss Medium Product pom url http://www.jboss.org Medium Product pom parent-artifactid jboss-parent Medium Product pom name JBoss Logging 3 High Version pom version 3.4.1.Final Highest Version pom parent-version 3.4.1.Final Low
Description:
JBoss Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.spec.javax.annotation/jboss-annotations-api_1.3_spec/pom.xml
MD5: b4915304c9b8edff33a6c79079454ca1
SHA1: 26265acdd5a8d0618fb2fdb648cfa9bfed9d0f0f
SHA256: d0fd157fe64eef603e1ec36fcc88c9e9175beae4c164e018c95d2cc8da8cd813
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jboss-annotations-api_1.3_spec Low Vendor pom groupid jboss.spec.javax.annotation Highest Vendor pom parent-groupid org.jboss Medium Vendor pom name JBoss Jakarta Annotations API High Vendor pom parent-artifactid jboss-parent Low Vendor pom url jboss/jboss-jakarta-annotations-api_spec Highest Product pom artifactid jboss-annotations-api_1.3_spec Highest Product pom groupid jboss.spec.javax.annotation Highest Product pom url jboss/jboss-jakarta-annotations-api_spec High Product pom parent-groupid org.jboss Medium Product pom name JBoss Jakarta Annotations API High Product pom parent-artifactid jboss-parent Medium Version pom parent-version 2.0.1.Final Low Version pom version 2.0.1.Final Highest
Description:
Jakarta Interceptors defines a means of interposing on business method invocations
and specific events—such as lifecycle events and timeout events—that occur on instances
of Jakarta EE components and other managed classes.
License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.spec.javax.interceptor/jboss-interceptors-api_1.2_spec/pom.xml
MD5: 3a9441795fcdd9d0aca1501e270f01b9
SHA1: 550217e25c282dae326219badfbb099867fda274
SHA256: 3da79260fe7cc814f58178e9819b993128900ac6aa933eb7b16fdf15a1876382
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom url jboss/jboss-jakarta-interceptors-api_spec Highest Vendor pom parent-groupid org.jboss Medium Vendor pom artifactid jboss-interceptors-api_1.2_spec Low Vendor pom groupid jboss.spec.javax.interceptor Highest Vendor pom name Jboss Jakarta Interceptors API High Vendor pom parent-artifactid jboss-parent Low Product pom parent-groupid org.jboss Medium Product pom groupid jboss.spec.javax.interceptor Highest Product pom artifactid jboss-interceptors-api_1.2_spec Highest Product pom url jboss/jboss-jakarta-interceptors-api_spec High Product pom parent-artifactid jboss-parent Medium Product pom name Jboss Jakarta Interceptors API High Version pom parent-version 2.0.0.Final Low Version pom version 2.0.0.Final Highest
License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.spec.javax.servlet/jboss-servlet-api_4.0_spec/pom.xml
MD5: 535eaf4bfb0f1000f86ceda5131c76d6
SHA1: 885720d203c4b65e0e471b172fa9bbc7b24dbe18
SHA256: b1aa90efe39e3eb8a6e618ac856a80a9e3d0780ed2765d09d9ebfe3897ed30c6
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.spec.javax.servlet Highest Vendor pom artifactid jboss-servlet-api_4.0_spec Low Vendor pom parent-groupid org.jboss Medium Vendor pom name JBoss Jakarta Servlet High Vendor pom parent-artifactid jboss-parent Low Vendor pom url https://projects.eclipse.org/projects/ee4j.servlet Highest Product pom groupid jboss.spec.javax.servlet Highest Product pom parent-groupid org.jboss Medium Product pom name JBoss Jakarta Servlet High Product pom url https://projects.eclipse.org/projects/ee4j.servlet Medium Product pom parent-artifactid jboss-parent Medium Product pom artifactid jboss-servlet-api_4.0_spec Highest Version pom parent-version 2.0.0.Final Low Version pom version 2.0.0.Final Highest
Description:
Common tools for non-standard Weld environments (SE, Servlet containers) License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.weld.environment/weld-environment-common/pom.xml
MD5: 9add11e2ba9a4504de37227c7b9b9074
SHA1: d16b05e7c1692e304e1f2c900c2a6d7c2b1afb96
SHA256: c5bac31cc918fb9b44897a97cc09bd2a07143c05f85e896fcd38aac88d525d40
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name Weld Environment Common High Vendor pom groupid jboss.weld.environment Highest Vendor pom parent-groupid org.jboss.weld Medium Vendor pom parent-artifactid weld-core-parent Low Vendor pom artifactid weld-environment-common Low Vendor pom url http://weld.cdi-spec.org Highest Product pom artifactid weld-environment-common Highest Product pom name Weld Environment Common High Product pom groupid jboss.weld.environment Highest Product pom url http://weld.cdi-spec.org Medium Product pom parent-groupid org.jboss.weld Medium Product pom parent-artifactid weld-core-parent Medium Version pom version 3.1.7.SP1 Highest
Description:
Weld JSF support License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.weld.module/weld-jsf/pom.xml
MD5: 5171c78c50d0d615d3cdac858f2a4851
SHA1: aa6634be7adee2cfc5787ee73b11893f6ece5fb3
SHA256: 3c07b72561aabf95274c795868b9d764b063aff1f5cd85e3d91a8eb61a4625ef
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.weld.module Highest Vendor pom parent-groupid org.jboss.weld Medium Vendor pom artifactid weld-jsf Low Vendor pom parent-artifactid weld-core-parent Low Vendor pom name Weld JSF High Vendor pom url http://weld.cdi-spec.org Highest Product pom groupid jboss.weld.module Highest Product pom url http://weld.cdi-spec.org Medium Product pom parent-groupid org.jboss.weld Medium Product pom name Weld JSF High Product pom parent-artifactid weld-core-parent Medium Product pom artifactid weld-jsf Highest Version pom version 3.1.7.SP1 Highest
Description:
Weld Web module License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.weld.module/weld-web/pom.xml
MD5: 9dbf92c8d115586709331be979cc85be
SHA1: 67cfd39a42b2f238ddb5b32084534a982d813165
SHA256: 87b182eee8f920665e7e55438f845726235f9e274eb25505a6ed5fd0fdb1b067
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.weld.module Highest Vendor pom artifactid weld-web Low Vendor pom parent-groupid org.jboss.weld Medium Vendor pom parent-artifactid weld-core-parent Low Vendor pom name Weld Web High Vendor pom url http://weld.cdi-spec.org Highest Product pom groupid jboss.weld.module Highest Product pom url http://weld.cdi-spec.org Medium Product pom parent-groupid org.jboss.weld Medium Product pom parent-artifactid weld-core-parent Medium Product pom artifactid weld-web Highest Product pom name Weld Web High Version pom version 3.1.7.SP1 Highest
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.weld.probe/weld-probe-core/pom.xmlMD5: 6d750408febdb30dbb8dd61fe09ad089SHA1: 536878db3d293f924a76ffec127f11c9731a4a32SHA256: 9c11d23f6cdada58bc09ed94c6f6fb130df32baa7a5de3f132d796d215f5403dReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom name Weld Probe Core High Vendor pom artifactid weld-probe-core Low Vendor pom groupid jboss.weld.probe Highest Vendor pom parent-artifactid weld-probe-parent Low Vendor pom parent-groupid org.jboss.weld.probe Medium Product pom name Weld Probe Core High Product pom artifactid weld-probe-core Highest Product pom parent-artifactid weld-probe-parent Medium Product pom groupid jboss.weld.probe Highest Product pom parent-groupid org.jboss.weld.probe Medium Version pom version 3.1.7.SP1 Highest
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.weld.servlet/weld-servlet-core/pom.xml
MD5: f7826625159634deb9a93c24c68c94d9
SHA1: c6cc6459f0b7feff01be67cb05b1f4fb4e516549
SHA256: eae77a9299acd0e3ba76f0c7820440491ed8353246cfdcdae91f9dcada5797b7
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid weld-servlet-core Low Vendor pom parent-groupid org.jboss.weld.servlet Medium Vendor pom groupid jboss.weld.servlet Highest Vendor pom name Weld Servlet Core High Vendor pom parent-artifactid weld-servlet-parent Low Vendor pom url http://weld.cdi-spec.org Highest Product pom parent-groupid org.jboss.weld.servlet Medium Product pom groupid jboss.weld.servlet Highest Product pom url http://weld.cdi-spec.org Medium Product pom artifactid weld-servlet-core Highest Product pom name Weld Servlet Core High Product pom parent-artifactid weld-servlet-parent Medium Version pom version 3.1.7.SP1 Highest
Description:
Weld specifc extensions to the CDI API License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.weld/weld-api/pom.xml
MD5: 651c3106a09fd97dd67a7a495c0eea58
SHA1: 660a6aeeb586ff56517e6054493c0d3b0e7a5566
SHA256: 4d4c2eb655fb38c085a6ead9a2a1b92a6ad0650db155d6e036d51886405f2ea9
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.weld Highest Vendor pom parent-groupid org.jboss.weld Medium Vendor pom artifactid weld-api Low Vendor pom parent-artifactid weld-api-parent Low Vendor pom name Weld APIs High Vendor pom url http://weld.cdi-spec.org Highest Product pom url http://weld.cdi-spec.org Medium Product pom groupid jboss.weld Highest Product pom parent-groupid org.jboss.weld Medium Product pom parent-artifactid weld-api-parent Medium Product pom artifactid weld-api Highest Product pom name Weld APIs High Version pom version 3.1.SP4 Highest
Description:
Weld's implementation of CDI License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.weld/weld-core-impl/pom.xml
MD5: 148c64567711dee1d0127cd957323789
SHA1: a3a57894cdfdcc548d9292e705904ff9c5ece2ff
SHA256: 11b7b2df8cfb77ec733214b8acd1d25a190a785e11acea708088bca31565c17c
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.weld Highest Vendor pom parent-groupid org.jboss.weld Medium Vendor pom artifactid weld-core-impl Low Vendor pom parent-artifactid weld-core-parent Low Vendor pom name Weld Implementation (Core) High Vendor pom url http://weld.cdi-spec.org Highest Product pom url http://weld.cdi-spec.org Medium Product pom groupid jboss.weld Highest Product pom parent-groupid org.jboss.weld Medium Product pom parent-artifactid weld-core-parent Medium Product pom artifactid weld-core-impl Highest Product pom name Weld Implementation (Core) High Version pom version 3.1.7.SP1 Highest
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/maven/org.jboss.weld/weld-spi/pom.xml
MD5: 61987150120e93900a6438c89eac7cee
SHA1: e82fe2d24eef82b544e68f404decce5b92d8a437
SHA256: efdc932385bccedcd5a2babc8e1c9e2fae525513f8cfaee5bd5411067021e11a
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid weld-spi Low Vendor pom name Weld SPIs for container integration High Vendor pom groupid jboss.weld Highest Vendor pom parent-groupid org.jboss.weld Medium Vendor pom parent-artifactid weld-api-parent Low Vendor pom url http://weld.cdi-spec.org Highest Product pom url http://weld.cdi-spec.org Medium Product pom name Weld SPIs for container integration High Product pom groupid jboss.weld Highest Product pom parent-groupid org.jboss.weld Medium Product pom parent-artifactid weld-api-parent Medium Product pom artifactid weld-spi Highest Version pom version 3.1.SP4 Highest
File Path: /root/.m2/repository/org/jboss/weld/servlet/weld-servlet-shaded/3.1.7.SP1/weld-servlet-shaded-3.1.7.SP1.jar/META-INF/client/probe.jsMD5: 5c1cce0e82e969138c6c2b371a360f61SHA1: 192af923ab718cb0f1b71e168209d811b204050bSHA256: bb6b4ed0993e560dcb3404b74f1aaafb86dc7fd571cafc99d1c25d1a8020421bReferenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor file name bootstrap High Vendor file name jquery High Vendor file name moment.js High Product file name bootstrap High Product file name jquery High Product file name moment.js High Version file version 2.8.4 High Version file version 3.3.1 High Version file version 2.1.1 High
Published Vulnerabilities CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* CVE-2018-14040 suppress
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* CVE-2018-14041 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* CVE-2018-14042 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* CVE-2019-8331 suppress
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* reDOS - regular expression denial of service (RETIREJS)suppress
reDOS - regular expression denial of service Unscored:
References:
Description:
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar
MD5: 458715c0f7646a56b1c6ad3138098beb
SHA1: 3136ca936f64c9d68529f048c2618bd356bf85c9
SHA256: 8232f3482c346d843e5e3fb361055771c1acc105b6d8a189eb9018c55948cf9f
Referenced In Project/Scope: gotrack:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid xml-apis Low Vendor pom organization url http://www.apache.org/ Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom organization name Apache Software Foundation High Vendor jar package name xml Highest Vendor jar package name dom Highest Vendor jar package name w3c Highest Vendor pom url http://xml.apache.org/commons/#external Highest Vendor manifest: javax/xml/parsers/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor jar package name version Highest Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor jar package name sax Highest Vendor file name xml-apis High Vendor manifest: javax/xml/transform/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor pom groupid xml-apis Highest Vendor pom name XML Commons External Components XML APIs High Vendor jar package name apache Highest Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium Product pom organization name Apache Software Foundation Low Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product pom url http://xml.apache.org/commons/#external Medium Product jar package name w3c Highest Product jar package name version Highest Product jar package name sax Highest Product file name xml-apis High Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 2 Core Medium Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium Product pom groupid xml-apis Highest Product pom name XML Commons External Components XML APIs High Product jar package name apache Highest Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product pom artifactid xml-apis Highest Product jar package name document Highest Product jar package name javax Highest Product jar package name xml Highest Product jar package name dom Highest Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product jar package name xmlcommons Highest Product jar package name transform Highest Product pom organization url http://www.apache.org/ Low Version pom version 1.0.b2 Highest Version manifest: org/apache/xmlcommons/Version Implementation-Version 1.0.b2 Medium Version file version 1.0.b2 High