Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 9.1.0Report Generated On : Thu, 16 May 2024 13:29:31 -0700Dependencies Scanned : 528 (468 unique)Vulnerable Dependencies : 31 Vulnerabilities Found : 172Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2024-05-16T10:23:23-07NVD API Last Modified : 2024-05-16T17:16:02ZSummary Display:
Showing Vulnerable Dependencies (click to show all) * indicates the dependency has a known exploited vulnerability
AjaxLogin.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/security/AjaxLogin.jsMD5: 7103c06f778f208a528f1c42e8a7e89eSHA1: 57cd818c568971024c7151e1b404727a786b73f6SHA256: 5ee8b4a1983fe551122fb43c98f8f62b22f55cf699919830343eb7489d0438b6Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
AjaxRegister.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/security/AjaxRegister.jsMD5: 5a45af101828623fa0af8ed5dc7dfc54SHA1: c00d6ece399f6d3d3d7e98e48c2006d6ef881bf5SHA256: ad380c66e2c4064494a0092ebbf3040fb46dc3d12008aabbf0405dc34715ef5dReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
AnalysesSearchUtils.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysesSearchUtils.jsMD5: f613de4312936dbda0abaac5cffe0c50SHA1: 390800b5aa10fdebd433e73c4033d8a4cb061183SHA256: 006478fe178c685875871ebff65302d5126b3eb20385a46f12d844b716dc0402Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
AnalysisResultsSearchExamples.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysisResultsSearchExamples.jsMD5: fc443f1f1f00d7c2edfa6e961127f861SHA1: bea8d21ddc6736fa3d3afdc46dd4fdd27df05a38SHA256: 103c6e9fe2e62cb0bdd30168e5300562b6b3f21556c07bb586dd9fa50152df75Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
AnalysisResultsSearchForm.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysisResultsSearchForm.jsMD5: c5bc25e808a1fe388b350c0d71e65d00SHA1: bbf94185b699045038880f161e12f1ccb5ab8cceSHA256: f322676d009abc1ade51c9300b073735c707109211e71c8ef5800f052036c4c1Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
AnalysisResultsSearchMethods.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysisResultsSearchMethods.jsMD5: fa6ec5e68777ed4be09dce6bf3d416aaSHA1: e5eecd86ea8d9eec5d8ccc9e8b60408e5b7405faSHA256: 2b78c0d875665390bfafa79a6c45bcac5b95e1b529926655f0032e87caf627baReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
AnnotationGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/AnnotationGrid.jsMD5: 8b2e3f48627d6b7209222875f9a79076SHA1: 1a4f8020e016ad6c15e97bd140c99f446b8cc156SHA256: 5579d1194a4e8ef19ed5a57f1d5d39e6c103c7317949c0ce3441419ce3bdf0aeReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
AnnotationToolBar.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/AnnotationToolBar.jsMD5: ebe3310d7c11a2541fad6834d91ac276SHA1: 68499946d6aa5904d967e060e6324299e6e0ac6aSHA256: 0c22b01a572537331818467395639aaad3934c5b651f85bb5b0e6c3d2e03ade6Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ArrayDesignCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/platform/ArrayDesignCombo.jsMD5: 6fd04c6213799121c3bc21b71751e1f5SHA1: 935e02fbf3e805585e6543489a7fbdcf797b1bd4SHA256: 61cdd5c0a872cfcc5984006769b03fc29653ab0597d3f4f03d5f681680ef5628Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ArrayDesignsNonPagingGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/platform/ArrayDesignsNonPagingGrid.jsMD5: 8c81a4fe88ea3b560af735920e4ac745SHA1: 980d88a6c231af781a892778fec14e58dff254a9SHA256: da705106afa88ed9fff6cd3fbd044051a3c68811ef884d3a24b501303b6cc124Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
AuditTrailGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/AuditTrailGrid.jsMD5: 79f986a0fb74a73bdb6bdf0bfd118b2fSHA1: c66f6c6f738f6581d4f53e2c861a82fc1cee8ab2SHA256: 44e3b418e02fad3a3a437d630faa6691a4fd385cf68d6c3f9df95487d8a8e517Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
BioAssayGridPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/BioAssayGridPanel.jsMD5: cf26c9f402f817a857e5f659b2a2d5b3SHA1: 919461bfe6503eab69eb02b82c91e19dc1bf8974SHA256: d6a045c53f5287b49ca79435dc8678deeada4d0a2daf6a176b0d35a0e3c3ce75Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
BioMaterialEditor.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/BioMaterialEditor.jsMD5: 2a03c5aca60dea84a1d7afc45eeb99faSHA1: acb8766f6646762e5631f0a9340e1c339803c495SHA256: ec5f8f7ad76b8f0493b086986a8b0a1ec2294a96217a23d3132cc67314eb85fdReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
BrowseButton.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/BrowseButton.jsMD5: 0c099e87c8821aac56d041024fe67212SHA1: 7f75251871682666866a999111d710327cd686e1SHA256: 43a0938ff2476cef665514e34c6a3567fbd8bddc0be5c864c0056f2d59ccb4e5Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CategoryCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/CategoryCombo.jsMD5: a515a8ad78f3b8af37daf0e6d4bdd80cSHA1: a85285245b1fa8141bdf5501bb5a47e33a54ace3SHA256: 27be0299782a43f6db1f4b90c724fa5f1880aafa772db7bf05959564dcab1925Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CellToolTips.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/CellToolTips.jsMD5: 5dc0ca61230395db950cbf4947fc981aSHA1: f6db3cadc5150e0d35f52fffeb13fd1fdd34a7f1SHA256: e9e5490634a58a390f2277a8373bf906caccf167d47ade85c10ab9146f61f897Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CenterLayout.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/CenterLayout.jsMD5: 50636e02f0eacb1f586a01f5779168f8SHA1: c2ace99fc4a4d9f37deec27723096add9df4f620SHA256: 1fe42ac1a290b17bfdf937179aeee11ed274a5bd8607eb3a3e36065e546e8ff4Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CharacteristicBrowser.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/CharacteristicBrowser.jsMD5: 0b74c4207591fd3511bc6cc31622905fSHA1: 6ac90ae65fc99368973f3e7017e1f448110dc89fSHA256: 998994d763ca1b5b60b2a09419bf341006b97d06e7844ff89aec4020acaf35a3Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CharacteristicCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/CharacteristicCombo.jsMD5: 3a10d07a90c20f616dc89efd19367b2cSHA1: 311ce182d574dee2a7d65ce2171c84d5d969daf7SHA256: e22c8b4d7d4587707f4bd4166bf7a4ba31f3b42b43a18b1fe13527db877a7082Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CheckColumn.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/CheckColumn.jsMD5: a06a32551766823ef2940a3e24fec5acSHA1: 2ffc8c56d6539a58ec40d782d093623ae3fe4cccSHA256: 755294f88a0e24e6afc9af60e538673672e77629a65ac11aa8bd777e1c594cc7Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CoexGraphData.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CoexGraphData.jsMD5: 67859ccf17d7fad41aa491bcf6d6cdf3SHA1: 84fde9149f855e602b88c2a43489f3f7e1df3259SHA256: f692b78e4d0f0923161d2b62f32187a4753b5ff5223a3ae4412efcdd329aa599Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CoexVOUtil.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/coexpression/CoexVOUtil.jsMD5: fccaecae5fa7c7fbfa249eb831f9ad0fSHA1: 39d9dad25c04dd189395d4d0b325c698ebc10f6fSHA256: 3d3cb540ccd373821174d62de942f5d6d1bc4d769a87dc11d00d8f12a9570608Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CoexpressionDisplaySettings.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionDisplaySettings.jsMD5: a2932a4461451c48e3203e226eead96eSHA1: 22a70a654612879f12b8c02eece95dec72d11af8SHA256: b045fe4eb6045623447b50e16ced15423a4cf1c24c36baa57862420ecb5294e5Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CoexpressionDownloadWindow.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionDownloadWindow.jsMD5: f54d6926e2b07a580fc1b08d4abd71e3SHA1: 823c898056c12322302fcd632d45f5c0f8b5e766SHA256: 6672122e74ace3aa7ed3e2a0427497be4dddaaae4c160c6094f70fb6acf35b97Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CoexpressionGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionGrid.jsMD5: 22faf34499b68b2f207f3a1777953837SHA1: c3a15acef352ff643b557321edc6cde51529f39eSHA256: 5be0915c73b6a89745543dcc2311b20ce177cdd597059ea2b073e9af5d96e3cbReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CoexpressionGridLight.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionGridLight.jsMD5: 3b8b3e419bc7ed6a2ffbd93cc0e50dc7SHA1: bb4b28fe7760d771d467eaf713efad25f6e97bf8SHA256: 9ff09bc5829d4e381a0b60406321d3b0f48c2603d6dd7833ec405685d9c034a0Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CoexpressionGridRecord.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionGridRecord.jsMD5: c0d5dc29a142d75aa00cb004045e18b1SHA1: ece356d3f6fd19beb81f2934a383e5de36bedcd2SHA256: 75448f4e53b606ad72acd3da66fe2a6352a0cc76c598a263db7097864aa97e85Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CoexpressionJSONUtils.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CoexpressionJSONUtils.jsMD5: 13834b46c25da9e1e97c54099f158046SHA1: 993bf9d48829c0b35885f80bc80899af5f223093SHA256: 0860e5376e715051e8236b4534b1efc4c0aa8887ae26b7b40983913487e3daa0Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CoexpressionSearchData.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionSearchData.jsMD5: 8e9a9c6d8e53d7e87336ae101a4ed323SHA1: 2aee607a440b54b2fb6a4b547a1834554eb15c76SHA256: 971b718a43422d2ef8b242a23f5bdc64fa121b3ebff5df19fae2c058c199ee09Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CollapsedPanelTitlePlugin.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/ext/CollapsedPanelTitlePlugin.jsMD5: dfe5f380e817ff658c4cb96ce0de7c28SHA1: ba26621556df39b8a29b05f08bed7a95a6da1fd4SHA256: e2414fdf811c5c0d32e94aedc2925e7d1f500475bd233cdac40ff7a18c04512eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ContainerMask.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/ContainerMask.jsMD5: 5d51f5ab173aa74d93a51ed98d94ea13SHA1: d55cfab417d68fa456278d8819d466d1aaae8984SHA256: 81e28b0e6a972ec5b9ac697cdc70c0fb667e6b7346ba7d4d0a710f65125e4595Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CreateSetDetailsWindow.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/CreateSetDetailsWindow.jsMD5: 53dcc25f87b5a5d045b88608c27a7616SHA1: 9f2293074ed9624a731d25da2241f49129d6d588SHA256: 66b78888a2892df12ebcc9b5449ec9b83565465e6f10e52f8414c4d82db89eb0Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CurationTools.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/CurationTools.jsMD5: 253fe0c021ffee20e373e07770bebb29SHA1: 68e19496b1c7447d140211f4c96ed4e7310a7a8cSHA256: d71198cd761265c01d3cd8613aabf3199c14d3306a8d46abfbae20b07e23e488Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CytoscapeControlBar.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeControlBar.jsMD5: 43b9140bd7cf009faf161ce315630a8bSHA1: a172f07f120bd46d813e585aea3dae52dfc9a6d4SHA256: a40052c21aa0c196054e27a8517e6c05585c725f4ca727068b251970a75a460eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CytoscapeDownloadPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeDownloadPanel.jsMD5: 0cbf8d1a2105e92aa0279e6656498c3fSHA1: 019247333e80c2bf8d5a7c2e8473fe77c7c6a37cSHA256: 852310a75233817e2b45e9b7153b1336f3bc3f675623d9311f6aadf1b4df7186Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CytoscapeJSCoexGraphInitializer.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeJSCoexGraphInitializer.jsMD5: cd8baa0e81b10a472dcfcc4879e77336SHA1: 9a4633e73a290204ea96265c1c38a3d0b509569dSHA256: 064d62250504501e2a610e55c9fc96f7c44207daf25f066641de2c1f2bbc7994Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CytoscapeJSDisplay.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeJSDisplay.jsMD5: 0e45041d9c967dc6ebcac6c20c3d0726SHA1: a26be17b48a82e779e001daf49ed7650df5aa389SHA256: b63d9080f1d33df5e3b84a6f5d84e67675ce77cf545f39bf7886a51b2f7b37cdReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CytoscapeJSPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeJSPanel.jsMD5: fc51d38ab5c41da211094b2ae9ea7c02SHA1: 4c5f86778a5722b432fd4cb555a6f062f1d3e4e6SHA256: 1b278217cd4ff361d36c25067be0565e7e6e6f362dbea909a1b68b8a3cce8723Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CytoscapePanelUtil.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapePanelUtil.jsMD5: 90321e21b5f187cec2566614b950e8dcSHA1: 4c0da31d682d97bde90b65da17b5d2c783cb6bc7SHA256: 2e021bbbf8353ece5fce840a4d372ebaac376337eab049b99b7e1ffb1a9dbda2Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
CytoscapeSettings.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeSettings.jsMD5: bc57a89876dfb0499f1e997d9593e64aSHA1: 56ee9001f1450723d7c464451e3d4d05694cfa20SHA256: f794bcd36d84d584f4630663e41cbad428e3afc10192b94cb8ce98db42b7cdb3Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DataFilterCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/DataFilterCombo.jsMD5: 34cf0d4935e8c120d4b764d4f51bd913SHA1: 51a9dd547e46831caf4add32310e34dcf392ba1fSHA256: f769338c0b890e700436f60edb8d7816c0a6758bc72f13161e394daf06ab0a91Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DatasetGroupCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupCombo.jsMD5: d008f93620af35382fffab6ed9bafe55SHA1: 6bef3947f97643051279c9a6cf242ee0e3d46314SHA256: f4034eb971d20fc7b964ff15581ff34c7b0f9945f1146c20fb9624318963a98dReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DatasetGroupComboPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupComboPanel.jsMD5: 088f61b869594b9fd822c5c90e1ca309SHA1: cce02040ded312245fe189f4f39d5af3724bf355SHA256: c76bd063f1c17649fe01d77c9adfaba6c8362845bb66af9a260beff72ec78329Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DatasetGroupEditor.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupEditor.jsMD5: a8dd58a2c21a4f84b1d875003ada7cfcSHA1: ddcc76157ab847b30a8e61c052ba667dc1b082bcSHA256: d0dff2d6582f3a77192c78e196aff36e64fcaffaaa612f5b15253d12b2c72ccdReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DatasetGroupPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupPanel.jsMD5: 03e367e8037a0a2e0c694cecfb144fd6SHA1: 054906cc9bc96b4fade3181d0a569f1b04c129f7SHA256: 050304f2860eb444fff875fe9fb9a45ffc21aa17a331998e20d22b2d52d3bbb6Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DatasetGroupStore.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupStore.jsMD5: caf82b22b3bbb6ac6b83ae3a13bd5358SHA1: 1720a7d794c049b1ae4c35809a3d71da966abca4SHA256: 80406bd8075b28bf997bfca0879d054fd3e80db480c69c3f7b7b61c13b781b0eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DatasetSearchField.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetSearchField.jsMD5: 827856a3cf6d8887ca0e51b939cffc78SHA1: 280112865ccf06dff30bc2fa2976f588a8f2b352SHA256: d0f4021bca2ca524f8a3ca7bf5255c5a718bebae7360cc5d0f5082d1ccf3f5e3Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DatasetSearchToolbar.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetSearchToolbar.jsMD5: 4304e454d68fc4e95c20735bdf78cd55SHA1: 7361f3829a6e8faf6b730b7d5e993ba0e1813145SHA256: bd4664cd8a6410c9b7c66b205c5751b52780524af267bc751fedfebf0de8cd23Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DiffExSearchAndVisualize.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/DiffExSearchAndVisualize.jsMD5: 1c55f0dba3fe67e24c7ff2f0d0967b82SHA1: 7a6b6caeefe60be19e98793901a473602ffb9db4SHA256: 19eaa4000d4ebaac5e62060ed8f4dc90fd1889890a48e3ce5e0d6d617756d04aReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DifferentialExpressionAnalysesSummaryTree.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/analysis/differentialExpression/DifferentialExpressionAnalysesSummaryTree.jsMD5: bff751997abf71ff574927c16a4f6cdcSHA1: a275824de27df8dbeaa4ea747de59d7919473bb5SHA256: b4ce931e9cfcec38378becd0f6dc9a70e320c4577cdce4f68f773ed68545895eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DownloadWindow.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/DownloadWindow.jsMD5: e625013b8cc8fe116d9eeac35d35e768SHA1: 3086449b3d0af6d8a4030538c51707f04d381614SHA256: 2653521e967bc0941e895ad7bc0c08316e2f03b9eca37c195f38cb531844e510Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DwrProxy.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/ext/data/DwrProxy.jsMD5: 9c0dab945118e24ac98de65aef0e5c1eSHA1: 5be1729bf9416ddc4a452e520794fc493623b908SHA256: 6d2e57d5acc093942fb895ed5c4105f5df8ea6326401df8e602bc918f824c739Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
DwrTreeLoader.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/ext/DwrTreeLoader.jsMD5: 647dba6601c42e88dcf48121f224d1e5SHA1: e55c9db6818b74e387066f8579893d4462597498SHA256: 8b5c1e247e2e6efceb1bee4d34b030dc24da4d76a6da76b67905c39bf90e28d0Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
EEDetailsVisualizationWidget.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/EEDetailsVisualizationWidget.jsMD5: 51f56861338342fc88cf4735fbc8ccc5SHA1: 1574c8296fbb19182606b151b145c0bed88a64ebSHA256: 46c735150381e1133b54af47f13cc587110567f85d8c3aaebeb25ed1fb46d19fReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
EEManager.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/EEManager.jsMD5: c70a3faed328e2d6aea525fe2400c4a5SHA1: 444ed74bb248db01382f7bdab6dfc3ac149e6898SHA256: ce4056188f249f454d5ba6b664a3e76f2e08a7b2ad6af05fc5c1860132ee6f1cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
Error.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/Error.jsMD5: cdc7bc660c6910458b72c7e326e02729SHA1: 6bd337107c9b8f65ce5973adf20a33f2ce8de2dcSHA256: 00251c782a7fae8bdf0bf34b9c87a9d9982c1fee3b2c495670ba517c818f7b71Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ErrorPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ErrorPanel.jsMD5: b7aa2d9b00d0f21a140aa96b98b7344bSHA1: 3ce9db91b39b6e4367e6bc7871a5a58d548f0f9dSHA256: d0eaf8bbde64722d8869e2af356e82e4876e3da361f7cd08ee039701ea6cebc2Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
Eventbus.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/Eventbus.jsMD5: fe3b40e6851e4f4154baecbb4245029fSHA1: 7ec45952b2453ead930dd8c2e0fa6f4847819d31SHA256: 3b98c9ff4120e73ae469790a1b7161b32fa20d4e60a77c7946f1291cd9f712ccReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
Evidence.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/Evidence.jsMD5: 198811b2ca1abddd51b92b90f6938f63SHA1: 0c48c2cdb24515509d999b306d955222427a1bcfSHA256: bfa1459c18e9a0d5c55e6ea440e86a2c3a7105bdd51af632786c92af0e5db9b0Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
EvidenceCodeCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/EvidenceCodeCombo.jsMD5: cf29bdf11dac914927b29fecbebd12efSHA1: bcc28a9a6c21f2c2648e79c655f3bd7b306fa5b6SHA256: 316805940686559889318bc7165e3448b07c7bbc508837489bb8fc9e08553c55Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
EvidenceTypeComboBox.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/EvidenceTypeComboBox.jsMD5: 6709520b8166b5e820a7005d47e45c98SHA1: a2535d33e2525ece795a11048a037d542eccf548SHA256: b437a82af287ee79823d859ae4d82b3ec5c43b976abc93767c43f735b34e46cfReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentAndExperimentGroupCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExperimentAndExperimentGroupCombo.jsMD5: fb2f91c6ce47a9f3f60ce9ed0ffeda57SHA1: 153ff457107c305f34451fc8cf35a493fed1ea3bSHA256: f71266ca2b47962efdb3573c7091008a584ce4610c941e6d9664390c7df07d06Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentSearchAndPreview.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExperimentSearchAndPreview.jsMD5: 33388c61450d32ca006a4afb18569f25SHA1: 887e497777810947965d75a9acfdfac82c33910dSHA256: 02931ea8de25853c485b3650e0d2c3b25497975c71485ac0e01135b85932f4d3Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentSetPreview.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExperimentSetPreview.jsMD5: 08632af57a46b7e32dabf7d0d41b4e65SHA1: a4aae417b7bacad9c6789fa19c7974b195ca1c38SHA256: 0f31fc473a8d9aea9d00eefe9c62606045415ca4ce0afea0920c7146586dfaa1Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentTagCategoryComboBox.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentTagCategoryComboBox.jsMD5: 722b96e4a0b9ae84cc3ddd776d4935f7SHA1: 54d92136923ee4edd794ed9c92c87f5f1cc5014aSHA256: 2b0965b73142d8819eabcb50c0180c4219dbc9f7f969210db798e651b371243cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentTagValueComboBox.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentTagValueComboBox.jsMD5: 1486ee0c18b820e91d982cb033fb6609SHA1: 44d6278b2aca2134248715bf7be9e9a05a1c8308SHA256: d6ecfa4a4d48a5fc5bb8d0c1e3d4748b7b3442869680954dabdf4cda43448945Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentTagsPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentTagsPanel.jsMD5: 0704927454541a88f1c42c42e697cb44SHA1: 053d6aa487d9f9d0b20f3499e891a7c1824f894cSHA256: 4709952e60fb34746797acefe80f8331d1937550f6a605411051dfcaacca7531Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentalDesign.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/ExperimentalDesign.jsMD5: 6ac59387a5c98a33f4583dc1a0e61a7dSHA1: 427acbbc41544f4247a01e85c987e4d24da7a5b1SHA256: 0eba3e45304b1171f0b7b8aaba9f794f5be1bbfae47f839ea9078656db57af35Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentalFactorCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/ExperimentalFactorCombo.jsMD5: 14a21cd98f2258b77a677f4b0476c361SHA1: c729fbc78b21879a9875f0306beab0ba01cf64f0SHA256: 072bbc5c33d003f184a88cd82ed92c01b5ccbbdcb54903444e99fd6bd91b2d95Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentalFactorEditor.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/ExperimentalFactorEditor.jsMD5: 857d892aa0660387358e1a85c8f927c4SHA1: e04509afb042a0b2eeeba59ece5742d27543060cSHA256: 3757ee03b3ab80db8cd0265fc4026b94e2c6742beff0e3cac30259d345e88ff7Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExperimentalPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentalPanel.jsMD5: cafecf000d04628b431b0a13498cdb4eSHA1: 78548c6e6a8f1d45f8041d1b0895af60c07bc045SHA256: bfb20632a65286088cafd9c94d083b2136e2de55720e48634d50737f49ce334dReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentDetails.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentDetails.jsMD5: b4676d072fed1990e4f0ceea08468d7dSHA1: 7f08286bb310ebea5520bffec71c34aac6eaf318SHA256: 67e7f219e562255471b943b84e9d3b53a635d8ffa2f0ece65c0f7220cf14afcfReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentExperimentalFactorGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentExperimentalFactorGrid.jsMD5: f1ec776e3afdedc0bdbee4771812b96fSHA1: d1097870bf105ef8ad369a84807825eab89e6fe3SHA256: e7146817900c66798994e6b989f809cf4e676db377340b3e38ae92c394a22ff2Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentGrid.jsMD5: 992b6ad8a4f1c68d14e64a51b6a941cbSHA1: 7d8d3e7851518148246003a5b2c4df54ab09558fSHA256: 8a352bcccfc8722219eed5d61f0f748cc101485b2d9632fa033cf88d90f4c4b7Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentManage.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentManage.jsMD5: d045b8127369937e5c8ed8ababaea174SHA1: a6d32b35a20ba97ff1f40a43d6d7b3cd32e23279SHA256: 3788d8cc057e00b76290d4d9ebb4bc90c034b7204dbe546f14aa3dd86243a150Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentMembersGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentMembersGrid.jsMD5: 1f5465bba36549d8c2c78072f74c8a4aSHA1: 50ddf1b5052cf62bbd3e027e36418b392b95b711SHA256: e25e1d285692e10862f6b22135d4a353330b5398b375ae8cb16468ab902bf4afReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentPage.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentPage.jsMD5: 3220c952b33377e1f0f2e31d94130e41SHA1: 1e74e0b389c5f5384b347a922ed366e5e9d8b5e2SHA256: ef69d078bec1929516a485fca1fb821423a45e1b168d57bdf60b175ee5faf608Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentPagingGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentPagingGrid.jsMD5: 1ae77655955bdfdeaf9f1226ef3bda7bSHA1: 70a00c13309db333abdf9f1a2b094b7a49442986SHA256: 50c56af2c39a177ede0b42b795b3f806508af3672e002c6289e6ea6bce612e54Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentQuantitationTypeGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentQuantitationTypeGrid.jsMD5: 09248ead301bb704280a49e10cbbc43fSHA1: ad4fe0910d995d6c0d21a3c69487a5d6b3285568SHA256: d5cec9082a072264b4969830f1d12e2a5abe2fbebcc4e69748003a34c1c6f782Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentSetPage.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentSetPage.jsMD5: bc8ed60776be06a0fc6b1016867ca691SHA1: 68ffae9e137f7e11baf529d264615b1d1c33cf07SHA256: b96b886a029651bc345055a90817ecf006ce5b219bd6460f3bdb6203c8204854Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentSetSummary.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentSetSummary.jsMD5: efc3dd2b702320cb9944ed361eba5361SHA1: f30e2aac01ff1ee68a9cd543e5d6d9a588856bcfSHA256: aadd10e21213c914764feac32251b58cc211301e837a8d58be340c73d618aedeReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentTools.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentTools.jsMD5: 2bddd675c14e2d7551719ff108925268SHA1: 40fe6400f194e6d75289e3c9af14f34908278215SHA256: 5e120da29a0f4f1065dcf391c869310223443b9c11d449800a2ca39bba68c709Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExpressionExperimentsSummaryPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentsSummaryPanel.jsMD5: 31ac7aa8dedf78b8bdaec6846ba9253cSHA1: 19f5c940a5ede64ce5fcd7d21b18bdce4389168aSHA256: 37b0cf6b00627a6c30148f46f958fde22344f49fefd3bc971aad2b22cab678c7Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
Ext.ux.tot2ivn.AccordionVboxLayout.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/Ext.ux.tot2ivn.AccordionVboxLayout.jsMD5: 150c316153afdba92f76d65fa1bab4feSHA1: b591059c2181cb468f115a14dce53e26fafdd3b7SHA256: bb56ca1fc693598e238d74bb903dae9e7a50d66757b9947b8eb4d9a2cd9783bcReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ExternalDatabaseGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/ExternalDatabaseGrid.jsMD5: 0415b53babece871297be885d127f227SHA1: de25543027bf28990a88298e9e027cdd7bc19509SHA256: 255eee314ce3db6e28b0eaa0b8450ad92eba558fc9b3fd31d03da2d53794f100Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
FactorValueCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/FactorValueCombo.jsMD5: 6e8115379158b098018b39f91b6aba8bSHA1: baa594aa6fd5b36879978a5dcd2b20d71eab9f80SHA256: 534dcc18a6c94b8c8087cfaa4a4c9e37ffa20c6801746d6db31bddfa947d6569Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
FactorValueEditor.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/FactorValueEditor.jsMD5: 7cb5e8083a22da635cd19dfd2b0aff9fSHA1: c453d8fb080fcc823687f8d4ef8cb738f3af484dSHA256: 03aee6b35b708191c6ba02b8073ddf18507cd401767e227dd9b6a4d0e6c15463Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
FileUploadField.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/FileUploadField.jsMD5: 69a510fd47c4fdd85a4dfb083f61502bSHA1: 7e6b23f40f5b22885cde2d9041ff65ae9a3a8abbSHA256: 15a77019c830bb470e3d471de53f497f85e69ae8f4ca3d0132eedc92da251f40Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
FileUploadForm.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/FileUploadForm.jsMD5: a454a8b506142ec2d1f2c71d11621903SHA1: d1898c5c0026b99ad5ad090f357634af5a04dbe4SHA256: a8033d36dc71f8a927cb7af9c93b2b646cfaf9bf7d0f4a6ec70ba6cde7a826b3Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GemmaGridPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/GemmaGridPanel.jsMD5: aea15f55d2b9272bebaa87a02cc36e2eSHA1: 34a022786db0c21752699703d46fbbe50814df2aSHA256: 6c149332072c714ec572fce0ddee003501b5e224d29daa3817c971806a857704Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GemmaLinkRoots.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/GemmaLinkRoots.jsMD5: 71c3b0e19b835e13763f8b86ab6e3548SHA1: a5420f221399fdcc882cced7d6b0203679e1a205SHA256: 255a5825c1b0e8d44fcc70d1387760c45a2322832e310ca94c234565a93a8781Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GemmaNavigationHeader.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/GemmaNavigationHeader.jsMD5: 511b189c304139894790be5f1691dcb7SHA1: 1d50dfceece76f2e05e6f638e1a33c050c4f0193SHA256: f481fd1419e6261e32789f74599ecf8cffd430ffde3956a1b079b177c0eb43a2Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GemmaStatUtils.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/GemmaStatUtils.jsMD5: dd75ebe7815bbe911219d59b120cd7ffSHA1: 54066b58675952cf74d62c9293d2cb9130dbc54fSHA256: a918d33f4b23c6c667c6399246600bed74da7c23646bab7a88d4afb8358f05dcReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GemmaTemplates.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/GemmaTemplates.jsMD5: 642d09e9aed4443ef028bdb26e65587cSHA1: 2e1e8fac10ff07994c80652ee2ad4e64fcec1346SHA256: 0ff89d56a2eb35b04aeaf038b39541862bd58202cb02abf3a72335569e00a57eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GemmaViewPort.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/GemmaViewPort.jsMD5: 05299715194621e30d3d20619992077cSHA1: 96d13dbf3441bf5d74d97744501c2efabccb8782SHA256: a9371c294b918719f8e0421fd35de202ade0635457e3b02dcd0b4167d17f9504Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneAllenBrainAtlasImagesTab.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneAllenBrainAtlasImagesTab.jsMD5: 162e6929af0f01bb413a7a3c40422814SHA1: 00d56ace77a5cd1b9b28455bb3ee131a3b80d224SHA256: 586a27bbf20025d630096e7d24f6ab44212507509c60044f7f5b89b9b89c6951Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneAndGeneGroupCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneAndGeneGroupCombo.jsMD5: 528947e5abfaa5b8a8606fcc5d777566SHA1: f79c329e7b739f277ae7dfdf152e2c6449cc4dd8SHA256: 96351c4dfa59c389069fe0666a5ba55d866dd85f91e7ba75c00b506e6f34fab8Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneChooserPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneChooserPanel.jsMD5: 772b308a955bdb297e8ab6f2e7d20684SHA1: 17609d65f6a107dc4c64892723994d2d910dd29fSHA256: 68a46f7a5b7a59c44faba72751039a10ed59a9f00b3913dbd6431101a4630a25Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneCombo.jsMD5: fe0333395ebf3b570458742e1a1616efSHA1: 31f889981bb7913bf1bcb4229a60d4bf5bd71269SHA256: ef20324a8a1e7d5362d08db14639fa3ce5d16b5525c49734da7b1967b7721a16Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneDetailsTab.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneDetailsTab.jsMD5: 2f57afdef6a376d79dd6be732c0cfe8eSHA1: 3d463de55cf7e664019e77603fa9dcce1707e65aSHA256: 229c433ab5a76f2ebbcc91dce75b2a8d4d634d6f79dadb65cf14e70a209ddf46Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneElementsPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneElementsPanel.jsMD5: 77385a0ad1857b3a64c3d2e02b950ea4SHA1: d805af155da800c3b2a441cc1dc0fa6299afbc57SHA256: 3e6d066e832822762e92264c950e56d3f9c8fae3ed1d7e611bb09effce44b2f0Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneGoGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGoGrid.jsMD5: ed64e3c3f4a73ea17580834ee78c047eSHA1: 8818cb9f625dc87b4ce9c1140f4f7d0daca1ca2bSHA256: b290d277531863936a9773b5e731bdb89738b3f07c921feea31834079fe3424fReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneGroupCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupCombo.jsMD5: 6340e10a959ff0173b84728e45562701SHA1: 3752e1929ddac24499e89bb38a15d43711e74955SHA256: 752e55e9ef5b65c0c7ef0109834647e76367090d309dbd11b7a3fb222d04e843Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneGroupEditToolbar.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupEditToolbar.jsMD5: d9c79135e1d9ac6e00874267b310834fSHA1: 3223fad5c48bd66011980213730e659d4368be8bSHA256: e790248525245e8196ae8fb0f4cf1403e670961415d337ff5bb4f3cbcd30ef53Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneGroupGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupGrid.jsMD5: 1149d312ff12e016397b3d0699a11d44SHA1: 5110fdb3b7323f27f8a36b55d50903286f241ed2SHA256: fca401171f8091755938773e970d89f63de6916e040344709fe45b6fd0879f2aReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneGroupManager.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupManager.jsMD5: 40fb54f4f5209e4e89ebba565d5e4cffSHA1: 63d09bada4bd27ef6a079ff6ede68a922ac68d57SHA256: 7c0e61b72fd9b190065882a9e37ae980841a1f968772d5a4f69372e3ff6d661fReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneMembersGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneMembersGrid.jsMD5: 783bf2aff3d2d6cc58e63460fb70ae86SHA1: 4fd61a6558f2aa579b396e6afa085c6121428d08SHA256: b44fb6425dab7171d2f987c2d7b4728cae57dc833ff9f525022472883129a4e7Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GenePage.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GenePage.jsMD5: a0875d0a1e4f77cc7fa1fd66707bfff2SHA1: c6183080f257dc51fb607fe7b9ac02097907ed11SHA256: a886819651b0e9ebe67c5ec7c3dba052682b99a2498bdbd70e66eff9cbdaea86Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneSearchAndPreview.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSearchAndPreview.jsMD5: 785d7d63754326350ba53c40325e0000SHA1: 301f1770f0d836ac7578e2f914fbcb898beed3c9SHA256: 10d322ad1e5e66394e4c593d21503d539930788460ce64d528442ff6e8770311Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneSearchComboBox.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/GeneSearchComboBox.jsMD5: 749b3f894e3cc94ccb39eaab58ca2cdfSHA1: 40e87e2e89731076a6856d728cbb59a8e0a044c9SHA256: 4ea86d862b2045d490ca3376026c78e0dfc9f5dab4526c36feea6cbc7f9274f5Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneSetOverlayPicker.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/GeneSetOverlayPicker.jsMD5: 99e7cdf7dec26678630116bc16449db3SHA1: 12f6372ab45d940f21418af8acf15709453d766bSHA256: 77cf94e09037cb80895c3a737aa71c9431701159671bd9cfdb76d32e9c02da5fReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneSetPage.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSetPage.jsMD5: 1f6e9f2c2e167a02d2f0e0dd1fad3ae4SHA1: 843b7e4a21ba650733a969ef2a8850893c8c53c6SHA256: 96ef013efc6a7963992b0a79d14f0424ecf84c378eb1d14dd378dda00d8d6114Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneSetPreview.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSetPreview.jsMD5: 833620a2195c403c8d357a2a1fcff572SHA1: 66b7d76a2f1393726df39da09a0fb3fb71b03ae6SHA256: 329b4c7da34e5a4e86f9d4e3a7b7bd1aef00475a4a8e5fd69156f8f30e125ac7Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GeneSetSummary.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSetSummary.jsMD5: a7d5c5d61b0d41562f32059209c5632bSHA1: b47d2cff2e08ed67ab8c673acfb405f42126582eSHA256: ba6092ad4903fa4db5012f9eebb4cce66f8709a70123b638d1fa123b56ae3d32Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
GenomeAlignmentsGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/platform/GenomeAlignmentsGrid.jsMD5: 6397cc9c40c8b56c12d241f79524e2a2SHA1: d39fdb11aa9d8efbbf8ec3e974b143b935c584afSHA256: 8848669b353aaa16a4beb5d9b62a54dd088bbacddb40e7fc4e0165f0f6858182Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
HdrHistogram-2.2.1.jarDescription:
HdrHistogram supports the recording and analyzing sampled data value
counts across a configurable integer value range with configurable value
precision within the range. Value precision is expressed as the number of
significant digits in the value recording, and provides control over value
quantization behavior across the value range and the subsequent value
resolution at any given level.
License:
Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
BSD-2-Clause: https://opensource.org/licenses/BSD-2-Clause File Path: /home/jenkins/.m2/repository/org/hdrhistogram/HdrHistogram/2.2.1/HdrHistogram-2.2.1.jar
MD5: da024c845b9456beec00d8890fd8ef51
SHA1: 0eb1feb351f64176c377772a30174e582c0274d5
SHA256: df6afd38afcf79fc5c8e67087ea953c1b83b040176d5f573db4ce91a260fc07c
Referenced In Projects/Scopes: Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma:runtime Gemma Web:runtime Gemma REST:runtime HdrHistogram-2.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 Evidence Type Source Name Value Confidence Vendor file name HdrHistogram High Vendor jar package name hdrhistogram Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.hdrhistogram.HdrHistogram Medium Vendor Manifest multi-release true Low Vendor pom artifactid HdrHistogram Highest Vendor pom artifactid HdrHistogram Low Vendor pom developer id giltene Medium Vendor pom developer name Gil Tene Medium Vendor pom groupid org.hdrhistogram Highest Vendor pom name HdrHistogram High Vendor pom url http://hdrhistogram.github.io/HdrHistogram/ Highest Product file name HdrHistogram High Product jar package name hdrhistogram Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name HdrHistogram Medium Product Manifest bundle-symbolicname org.hdrhistogram.HdrHistogram Medium Product Manifest Implementation-Title HdrHistogram High Product Manifest multi-release true Low Product Manifest specification-title HdrHistogram Medium Product pom artifactid HdrHistogram Highest Product pom developer id giltene Low Product pom developer name Gil Tene Low Product pom groupid org.hdrhistogram Highest Product pom name HdrHistogram High Product pom url http://hdrhistogram.github.io/HdrHistogram/ Medium Version file version 2.2.1 High Version Manifest Bundle-Version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High Version pom version 2.2.1 Highest
Heatmap.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/Heatmap.jsMD5: 04a534c9c353d8e88e9ce2ea46b984ddSHA1: 1e41f28b24d681a6f110914fdb3b002deda2638dSHA256: ff7203853afde1b50b569847b588d5be395aec698af3968fac7c25cc9de07683Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
HikariCP-4.0.3.jarDescription:
Ultimate JDBC Connection Pool License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/zaxxer/HikariCP/4.0.3/HikariCP-4.0.3.jar
MD5: e725642926105cd1bbf4ad7fdff5d5a9
SHA1: 107cbdf0db6780a065f895ae9d8fbf3bb0e1c21f
SHA256: 7c024aeff1c1063576d74453513f9de6447d8e624d17f8e27f30a2e97688c6c9
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile HikariCP-4.0.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name HikariCP High Vendor jar package name pool Highest Vendor jar package name zaxxer Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://github.com/brettwooldridge Low Vendor Manifest bundle-symbolicname com.zaxxer.HikariCP Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid HikariCP Highest Vendor pom artifactid HikariCP Low Vendor pom developer email brett.wooldridge@gmail.com Low Vendor pom developer name Brett Wooldridge Medium Vendor pom groupid com.zaxxer Highest Vendor pom name HikariCP High Vendor pom organization name Zaxxer.com High Vendor pom organization url brettwooldridge Medium Vendor pom url brettwooldridge/HikariCP Highest Product file name HikariCP High Product jar package name 11 Highest Product jar package name pool Highest Product jar package name zaxxer Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://github.com/brettwooldridge Low Product Manifest Bundle-Name HikariCP Medium Product Manifest bundle-symbolicname com.zaxxer.HikariCP Medium Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid HikariCP Highest Product pom developer email brett.wooldridge@gmail.com Low Product pom developer name Brett Wooldridge Low Product pom groupid com.zaxxer Highest Product pom name HikariCP High Product pom organization name Zaxxer.com Low Product pom url brettwooldridge High Product pom url brettwooldridge/HikariCP High Version file version 4.0.3 High Version Manifest Bundle-Version 4.0.3 High Version pom version 4.0.3 Highest
HomePageAnalysisSearch.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/HomePageAnalysisSearch.jsMD5: cd4b01b2edbf680fc141898d32e5bc65SHA1: e0db6428bd99f72e11e8b209246835c5ffb1c579SHA256: 490834d5cbc67f004041695a20673ae5a02dade853cdf893148d719f6a233fa7Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
InitialTextGridView.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/InitialTextGridView.jsMD5: f2bb0a0fca5485004d1ab21ffc65bc72SHA1: 540da50ac3b64c8c902797e0f3c059fa80f310a9SHA256: e0bc76d52b74a14ef3eeb3bd5235a5a7acfe08ea7061d0322c6669ff12c20d11Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
InlineHelpFormLayout.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/InlineHelpFormLayout.jsMD5: a2a8e1fa4c6ec3ca193698b5ed5fae74SHA1: 056272e3684a6129d6afbf134af14fb9cd5e97beSHA256: 80a8834398c0039963ad45c4c9a493f71fcbcc9607afdb25f6c1ca6e6560dd9eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
InlineHelpIcon.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/InlineHelpIcon.jsMD5: 6d1ac2989698f1653e4fcb4edb644c69SHA1: 80aa83615203515fb9de2ae0c45d553abddfb359SHA256: b003a9c96de8c44b9ee3b61e9f37943e23264da0e471d058a0784f3a6c2f085cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
JRI-0.5-0.jarFile Path: /home/jenkins/.m2/repository/RoSuDA/JRI/0.5-0/JRI-0.5-0.jarMD5: da1c711f9748c288afc2f8574165405fSHA1: 2d9612a95065c291b2ae41fcac28446aa47a8410SHA256: bcc4b8bd8edc28aa2fbaec6b441fe44e4ed51fb11a310477928460748cf69a04Referenced In Projects/Scopes:
Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma:runtime Gemma Web:runtime Gemma REST:runtime JRI-0.5-0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name JRI High Vendor jar package name jri Highest Vendor jar package name jri Low Vendor jar package name rosuda Highest Vendor jar package name rosuda Low Vendor pom artifactid JRI Highest Vendor pom artifactid JRI Low Vendor pom groupid RoSuDA Highest Product file name JRI High Product jar package name jri Highest Product jar package name jri Low Product jar package name rosuda Highest Product pom artifactid JRI Highest Product pom groupid RoSuDA Highest Version pom version 0.5-0 Highest
JRIEngine-0.5-0.jarFile Path: /home/jenkins/.m2/repository/RoSuDA/JRIEngine/0.5-0/JRIEngine-0.5-0.jarMD5: b0cb089fab38efdc95b200ab931b2efbSHA1: 9751022a2938a4207e178f8c8142d098e4c549d7SHA256: dd26c4bc37222635388ea5898fc78740f486a384bebcb5ea2fa7e2f4ad453750Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile JRIEngine-0.5-0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name JRIEngine High Vendor jar package name jri Low Vendor jar package name jriengine Highest Vendor jar package name rengine Low Vendor jar package name rosuda Highest Vendor jar package name rosuda Low Vendor pom artifactid JRIEngine Highest Vendor pom artifactid JRIEngine Low Vendor pom groupid RoSuDA Highest Product file name JRIEngine High Product jar package name jri Low Product jar package name jriengine Highest Product jar package name rengine Low Product jar package name rosuda Highest Product pom artifactid JRIEngine Highest Product pom groupid RoSuDA Highest Version pom version 0.5-0 Highest
CVE-2022-1813 suppress
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2021-39491 suppress
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:2.3/RC:R/MAV:A References:
Vulnerable Software & Versions:
JavaEWAH-0.7.9.jarDescription:
The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme. License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/googlecode/javaewah/JavaEWAH/0.7.9/JavaEWAH-0.7.9.jar
MD5: 3186322b6558b126cef0e00bdbd2466c
SHA1: eceaf316a8faf0e794296ebe158ae110c7d72a5a
SHA256: fc499deb9153610f735f75817f1c177978d27a95a18e03d7d3849cfcb35abfc4
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile JavaEWAH-0.7.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name JavaEWAH High Vendor jar package name googlecode Highest Vendor jar package name javaewah Highest Vendor Manifest bundle-symbolicname com.googlecode.javaewah.JavaEWAH Medium Vendor pom artifactid JavaEWAH Highest Vendor pom artifactid JavaEWAH Low Vendor pom developer email lemire@gmail.com Low Vendor pom developer id lemire Medium Vendor pom developer name Daniel Lemire Medium Vendor pom developer org LICEF Research Center Medium Vendor pom developer org URL http://licef.ca Medium Vendor pom groupid com.googlecode.javaewah Highest Vendor pom name JavaEWAH High Vendor pom url http://code.google.com/p/javaewah/ Highest Product file name JavaEWAH High Product jar package name googlecode Highest Product jar package name javaewah Highest Product Manifest Bundle-Name JavaEWAH Medium Product Manifest bundle-symbolicname com.googlecode.javaewah.JavaEWAH Medium Product pom artifactid JavaEWAH Highest Product pom developer email lemire@gmail.com Low Product pom developer id lemire Low Product pom developer name Daniel Lemire Low Product pom developer org LICEF Research Center Low Product pom developer org URL http://licef.ca Low Product pom groupid com.googlecode.javaewah Highest Product pom name JavaEWAH High Product pom url http://code.google.com/p/javaewah/ Medium Version file version 0.7.9 High Version Manifest Bundle-Version 0.7.9 High Version pom version 0.7.9 Highest
LatencyUtils-2.0.3.jarDescription:
LatencyUtils is a package that provides latency recording and reporting utilities.
License:
Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/ File Path: /home/jenkins/.m2/repository/org/latencyutils/LatencyUtils/2.0.3/LatencyUtils-2.0.3.jar
MD5: 2ad12e1ef7614cecfb0483fa9ac6da73
SHA1: 769c0b82cb2421c8256300e907298a9410a2a3d3
SHA256: a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec
Referenced In Projects/Scopes: Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma:runtime Gemma Web:runtime Gemma REST:runtime LatencyUtils-2.0.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 Evidence Type Source Name Value Confidence Vendor file name LatencyUtils High Vendor jar package name latencyutils Highest Vendor jar package name latencyutils Low Vendor pom artifactid LatencyUtils Highest Vendor pom artifactid LatencyUtils Low Vendor pom developer id giltene Medium Vendor pom developer name Gil Tene Medium Vendor pom groupid org.latencyutils Highest Vendor pom name LatencyUtils High Vendor pom url http://latencyutils.github.io/LatencyUtils/ Highest Product file name LatencyUtils High Product jar package name latencyutils Highest Product pom artifactid LatencyUtils Highest Product pom developer id giltene Low Product pom developer name Gil Tene Low Product pom groupid org.latencyutils Highest Product pom name LatencyUtils High Product pom url http://latencyutils.github.io/LatencyUtils/ Medium Version file version 2.0.3 High Version pom version 2.0.3 Highest
LinePlot.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/LinePlot.jsMD5: 3efe8bfa0eafc26cfb028afd993b8398SHA1: fb768ac5aaf61502f947bd60fae2657b44e9256dSHA256: 330678162e8452335794bd73ddf294f83fa075a8103ec887f64aa89976186de5Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ListRangeReader.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/ext/data/ListRangeReader.jsMD5: 5388a4b59918367ba24681b2d2d8d045SHA1: eeda9182b9bc7c4ac912daff9950fea495ea1f70SHA256: da084f91aa1fe4fa69dcdd081882c5386dc5f5d4456e646fcf1438897f78760eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
LiteraturePanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/LiteraturePanel.jsMD5: ca26107ee51329499c0b202e611df6c7SHA1: 35c55dfb646d60c18fc274cb7b3359ceb218ec74SHA256: f18190ad20cf058cc63a07dbc8d2cffc4ed3fbc12a74be8793d51b728d79b236Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
LockingGridView.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/LockingGridView.jsMD5: 2558e43459ee04e39d3b4cc183be89c4SHA1: 7e5c119f99bad26b4385955052d0e6400d1ed567SHA256: 5f18f78486fb9e08e95386805b3ecc253cdbdee9ee1832efb113e7e1e8a4784dReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaAnalysisEvidenceWindow.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisEvidenceWindow.jsMD5: 36b188f6def11c58d8636e9a03cc798bSHA1: 82d700c3163cd866b2d53b74a48a9b87a2ea6c8dSHA256: 0b77cc7df50c4ab9445347ac14b1aa1336e673126454a48581c8502728189024Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaAnalysisManagerGridPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisManagerGridPanel.jsMD5: 7d517fdcca07ad5dc4838ea6abeba428SHA1: e028e29d95669f888ef66154c74a414e87a1ddfeSHA256: 34dccf93e91ddbfd9e64ba99f660f61287124849173608d9c8844a07e0d1f7c5Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaAnalysisResultPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisResultPanel.jsMD5: 7ee515ddf2db9fc49f355f3be50654caSHA1: 2122253513f0397681585bbbab43acfa08b61d12SHA256: f10d6c587f6070c2780c48d56d4b94421dc13c7c0f9e40b63c15f46648619d6eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaAnalysisSaveResultWindow.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisSaveResultWindow.jsMD5: f0f07b9fc46d56d87dec19cbbebc7fbbSHA1: 32c6e99a56862da101a5c9c84ab449149fd2d807SHA256: 8badb55941352f6389135db7f6837d04bf9f8672816a0b680459005cbf604965Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaAnalysisSelectExperimentPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisSelectExperimentPanel.jsMD5: 5cf0fbf918bc7bcbefbe21ecf3960358SHA1: 14271dac8811ef2ea79a133f6591c8018847ac6fSHA256: 5fea470bf783a0d03455c8f92982b1ae8a395aa2d5b3df86d84d10f70f76fc4cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaAnalysisSelectFactorPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisSelectFactorPanel.jsMD5: e21a6b1c5cd0b1d0329db392c459a680SHA1: fd42a6ca512b65c2367482560eede559a251db55SHA256: 6057b37e790ec846d1937b2a843d95b0f23bbc52d3813a2e07dff3f3b717608fReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaAnalysisShowResultPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisShowResultPanel.jsMD5: 4a7d8cd77e4f4f0769218d01ddd94cdcSHA1: 0f6bc1d2e5b8a2d771f67b45902da7d0d62e5431SHA256: ee6ab4b7f4b692ccd886a060aca2e267024cff6199e4868e4e6e7ee8bb9477d6Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaAnalysisUtilities.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisUtilities.jsMD5: 02a5c155fad5d83d39e7bc42247548c0SHA1: 198f6d772cca49cdabdb764c60b230df20ef8f93SHA256: 982bad49e49301bd683f1264cf3ce11895a8eb1324cb783deb8f85b0e543bf5dReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaAnalysisWindow.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisWindow.jsMD5: a2e7f04d8499651c10427ebaa427d6a4SHA1: 8646aa489f1c451f21683f42c42d6dfced97f667SHA256: 03c2d4de633569e32acf9891a42c7138c6716f8f34b940dfc14a4ee233902ad5Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapApplication.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapApplication.jsMD5: 6747eda433c45b5283219d2b971267abSHA1: e68189d20a8ce6613089ec69e871485aaf63e32fSHA256: abc0cd4f5ff9f54fb51646104e03575a6f188e64ed7a7d780f84d2448289f488Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapColorLegend.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapColorLegend.jsMD5: 04abd9d9c78de6446be03da414a66482SHA1: 6ea52b80c871cd7b534ade02aaa294584b5b8c8aSHA256: 225a8ed4b1190a2be86c5547350ff3a6987b484cfffe5161144a9685410df3ddReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapConfiguration.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapConfiguration.jsMD5: 63ca9cb23c7e10ddc47c47f96dfc1df4SHA1: 89743d1195dc6ce7d84b109e212d33eb449e3dbeSHA256: b4d3ceec65d3337f01cbf685fb37d77c1753446b22ddb712d32393e9214144ceReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapControlPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapControlPanel.jsMD5: 3010b73e17340e5927eb388ea1e7c900SHA1: 3c26357c00df72fdc5121bb00540e2c1bf13ec27SHA256: 4b6d0b2bb440b5e0988f9c80b1a4bc4ddcb9e26aba51161ca7dfe77fe742b980Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapDetailsPopups.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapDetailsPopups.jsMD5: 449f6aa574bd69482b745c5d77f266bbSHA1: d3eaaf64e5b17443eb05fb8ec695be72fca9ad6fSHA256: 3a521720c2d889fbceeb9d5bbf2ccab7bb568823081af2a262aefabc677d3988Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapDownload.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapDownload.jsMD5: 9b1aa8fa2ed99baffac20d0bf3f62d03SHA1: 8c2332f09f41929a35de4934b8b95c1193208951SHA256: 25efbbb28f7376ca5ed2226e00edb364b27b1dfd215c71b50e79c0982e01d04bReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapFactorTree.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapFactorTree.jsMD5: 2c8c4eb3e3e1e61572de2d065e518f3bSHA1: 5da7d514d0bb31f9b03326a403901eeda882f8bcSHA256: 46f646077ea6388d8c725cab25503d3b89ef94511591e94a7beff314dcae79b5Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapFilter.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapFilter.jsMD5: b717b385fdb4730b1ef67d76371bdce2SHA1: 6a1dfe19538fa217181dd64e3d45e753a63a0a12SHA256: 1e67870972aeb5351a1988fe0f9f52463f9161db2f5312f923720dfef3f9794fReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapHoverWindow.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapHoverWindow.jsMD5: b02d4641d4a9048c009ac2e58f1561c1SHA1: 34164a9a3f870aab31b3ca4a179bb0ee76fcbfb7SHA256: 9c98f0974070ccb398731ff6850245559d3a4277d875e3eebc39306d2e1b890eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapLabelPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapLabelPanel.jsMD5: c36f57829eb7eaa5a90599aa5b265ee7SHA1: 98a17e6ad4e4e12a68234e2352130eec1e786208SHA256: 2b4f3952a75bb0c56a3dff3230bef9b20aa40a0db91d5a2b17f34ee19308b928Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapMainArea.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapMainArea.jsMD5: 8508cd76c70718f9edd755464da13c1cSHA1: 2b4d344c6cd9fd4c0d221127ed4795e9cae27644SHA256: 67999cb72a44fff234bf1bb7f427c94d3eb2468797427212b25c769d2f2e5e25Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapSortFilter.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapSortFilter.jsMD5: e84a85efc71763be0609620943edc8aaSHA1: 07c5dbb7a9384d9e39ce1e5a5da27461d378d1e6SHA256: 3e856679aab95aee27052d616d40603f689cb74718a39573edd0af62006a6c3bReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapUtils.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapUtils.jsMD5: d51b314a5e287e014125cc31e941c571SHA1: db3711eb299146e9579af828ed6a25dd8a48e317SHA256: b1381b7ffb234d3d7a246a05800af1c31fe6d117ad352bf69b8f1feffcf93fdbReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
MetaheatmapVisualizationPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapVisualizationPanel.jsMD5: 826bd06f0dc68bd90eede58c3c3cd79aSHA1: a8763b06a96c1c07d4d1337705a0186db2d66a06SHA256: e7ff271d1eca5184438fa7163a7f2dba8f851f3a0cab8990e33ba4b9af732818Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
NeurocartaStatistics.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/NeurocartaStatistics.jsMD5: 54c5750dd2a28c54805e32949f2a6b54SHA1: 74a521c7411dd9aa5d8fc8c69cb0b7e0a9bdb26cSHA256: 7429f84794af484445b9e3156af842975f014397e093701bad777af1daf42976Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ObservableSubmittedTask.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/ObservableSubmittedTask.jsMD5: 5b7811f1393d3747409ac2c6f04460d9SHA1: 90acf702f687f03601498ccd627e0fcbf139b4afSHA256: 565f87e6cf11ccc18f911005e45271cf7860adc884bc26b7e4b9da0c5c094d57Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
Overrides.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/Overrides.jsMD5: 042b6f2c2bfa47bd2b87713b73bd87e9SHA1: 069f7d64084bd5b31613d162544650b10fc78227SHA256: 0e9ce3ae855cb0361af9440878483e75416d53ac3f454e1b47087d8a6dbd4b40Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PageSizePlugin.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/PageSizePlugin.jsMD5: fb5d0d28c282bbbd1e18cd420ca8aad8SHA1: 84b234cf6fc892400e47858ba5a0b6ea6cc84ad5SHA256: e86bb33fb28684ff2aff940659c27a860de218c70221b12979a22cfda68a1d58Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PagingDataStore.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/PagingDataStore.jsMD5: a98c5801c3aefd8c52658f3745c56759SHA1: 80dd6e486f68fbefd0647c3f29bd861576a04b0eSHA256: a2f8a3dbd90e26f9c825121cf3a15e92b1399aad8e0087ff0068182e85b15ef3Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PagingMemoryProxy.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/ext/data/PagingMemoryProxy.jsMD5: 0f62943ac81f1ae7349d116abe926f7dSHA1: 1321c4b28adc85f3d6c7e46599cef0bb1d482d1dSHA256: 3c6da8369736f6dd15acd518d10ae453517b3c79725284ddf570e987d33992a1Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypeAssociationFormWindow.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/PhenotypeAssociationFormWindow.jsMD5: b971c63c3e060b43d78b802fc459d28bSHA1: ce984048521290cc3d1815bd404a911e5175a78aSHA256: cb1e2c4d77eaa553f2c814f7792b39707a84af1c65bc7af56fd187c4f2632a29Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypeEvidenceGridPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeEvidenceGridPanel.jsMD5: 7091f13ece161667598440790126b943SHA1: fdb73676d4d194aba3bd137745ee45e4d991e551SHA256: 25de42ac2f2e57f0260e12ca2425fed5d82c28a4b053a727d10b8e5caf862145Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypeEvidenceManagerGridPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeEvidenceManagerGridPanel.jsMD5: a9e5fec6384f90b285d551546550cb04SHA1: ca33b583449e7709fcdba6b91587cb89e462f7c7SHA256: 895b6ceca9c02fa454d3396fb52aeac5f502937891b924a7c3336cc99d6d1630Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypeGeneGridPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeGeneGridPanel.jsMD5: 88cb0837f7e21ed4404bffb9577c0246SHA1: 7c49c0c802fb262a5b6a794984c47641e90cae25SHA256: be607b189696573afc620b0b70becd40197d199da7fdad1454fc7b3c705a7403Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypeGridPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeGridPanel.jsMD5: 66c55b370b66b5fe08a4d440a6bea474SHA1: 76c609be715beadbdafa8da89ca47884dd17771cSHA256: 23d468c68ff1e82f0aefbf70fcb4500e98bfdc7c71bc65c57dfc98bf74e936b2Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypeGridPanelCommonConfig.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeGridPanelCommonConfig.jsMD5: 79109ecd81847745392c93b62cd1e149SHA1: f21214e57b0544aacd49a510107a69c387624668SHA256: 6e449ccab19b8e1b49b18a95ea446caf244cf555cd970b3f4968a31904142ce7Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypePanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypePanel.jsMD5: 8e100b55c2fde24845b654f0021ce4c0SHA1: 0dbc5bf2e216c0a04e33897f1ea49a3d8482ebf6SHA256: 070dea07e097609d86f73ee54e6b6f6cf3e58efccbd78559d899ae26fa9a913cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypePanelToolbar.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypePanelToolbar.jsMD5: 3d574fcb7a563bcde5c1a9d449949819SHA1: 3b2207680a72093ee4d5c32c587bb8b1263ac883SHA256: 6b12be2a6311eec33e97ce1b5dfd69e4740b0f23ceb96c1ceb09cb068b3f5d05Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypeSearchComboBox.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/PhenotypeSearchComboBox.jsMD5: 079e85fe329cb168fc10342cce5f1c10SHA1: f874e1e375e9565f4a12529409ff33c8f10daaf2SHA256: 03e3d55b4203145fa277f996072e1c79b9fa12bb53db245f52823ceff8c58d93Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypeTabPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeTabPanel.jsMD5: 4a4f111118ffe6101e016ece1ebaa9adSHA1: 8a2f6f9814891bb397b7cfc19177f990cbc14fd9SHA256: 8e78b52abb8b980478ef11a4d7e86cca5707f6cd31d4f52fbf3c8a1c4aeb00b1Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypeTreeGridPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeTreeGridPanel.jsMD5: 68bab485ca4252f15adfaea431851858SHA1: e35bd1830bbeb7fe527d25d642c1929f335499e1SHA256: fcd39f305190e48c496f70bda9b5e03d88dd3482c89f44f84516a37c239986d8Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PhenotypesSearchPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/PhenotypesSearchPanel.jsMD5: 0dd20cd844e854c7e90da6fd192a2acfSHA1: 93ec685338169f0d4bae6e122b0aa18a3779c844SHA256: 44185e83cf7b4c9229af9fb8b2e7e7ce7d69bb3778c8a591e233833dc7e707a2Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PlatformDetailsTab.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/platform/PlatformDetailsTab.jsMD5: e7522f6ee4964ad1559e1c0a06fd20ceSHA1: 870fc67e2790d5563b0e27a9882a1d14b3ec66fdSHA256: 077ab488a3b1a9753676c00e1ca3a770c76f91b0d9ebcdc052c43d7e4acb917dReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PlatformElementGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/platform/PlatformElementGrid.jsMD5: f39284067e8bede8fa751fe172f54dfbSHA1: dca7fed6e0cd58f6eec7ceecad625fffb799cd7fSHA256: 9bf6afeb7f892478a6542953b92baafdab945998e69f7a1b9af3bbd9c9885173Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PlatformElementsPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/platform/PlatformElementsPanel.jsMD5: 8f8318b5961f2ce27a1ab82b869ab0d8SHA1: 2e839f0c9ddc08650337be5573a7b53ff5e4f53bSHA256: 1fc2b9bcfedc44711af4cd5e6e4a2147ea5c992852c0b732c96577a7aa796a43Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
PlatformPage.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/platform/PlatformPage.jsMD5: 345025bb49cb8d5c0100f80cdf420214SHA1: 9f978107c54b33f1e4560bd6ea16fb8f96b768e4SHA256: 39c36f112af300f2e2229d8ae5b0db7683dca1edb1e6872efc74d8ed06c26a01Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ProbeLevelDiffExGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/diff/ProbeLevelDiffExGrid.jsMD5: 93e22679eb53462f769750a6b34e016dSHA1: 65ad2d18fdd0fea96133a7de39f2c41900496a97SHA256: a234547577adc7506d31ad9108b0c2dc6d155397cf478de30e98aa1dac5dce98Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ProgressWidget.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/ProgressWidget.jsMD5: 09880c7238b585ae6003c98e4bbf802eSHA1: 6664795ba897a48115953cb1ebcf2093d6ab5c16SHA256: 36247feea821d8c5ff37f45ae0e713d11565dd19aa89b2cbf6448119e322102eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
QuantitationTypePanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/experiment/QuantitationTypePanel.jsMD5: bd22f262687c9a6f2375841ac79651a1SHA1: 50435249b831cd8514b01ddd98925635aaec6c05SHA256: 2a5d76557af9d71347124947fc4868b2178c611eb0ebad4ed6ebc09bbdeca7e6Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
REngine-2.1.0.jarDescription:
REngine API to access R from Java in a backend-independent way. License:
LGPL v2.1: https://www.gnu.org/licenses/lgpl-2.1.txt File Path: /home/jenkins/.m2/repository/org/rosuda/REngine/REngine/2.1.0/REngine-2.1.0.jar
MD5: 9377ddb81ad3e37d94926367b410c9fc
SHA1: 73c31209d4ac42d669ccf731e8a1d845f601adac
SHA256: a268b4d1e0aa0c5ab3a79153764beca2d90087904c7d087b33110fa188fe5c04
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile REngine-2.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name REngine High Vendor jar package name rengine Highest Vendor jar package name rengine Low Vendor jar package name rosuda Highest Vendor jar package name rosuda Low Vendor pom artifactid REngine Highest Vendor pom artifactid REngine Low Vendor pom developer email simon.urbanek@R-project.org Low Vendor pom developer name Simon Urbanek Medium Vendor pom groupid org.rosuda.REngine Highest Vendor pom name REngine Java interface to R High Vendor pom url http://github.com/s-u/REngine Highest Product file name REngine High Product jar package name rengine Highest Product jar package name rengine Low Product jar package name rosuda Highest Product pom artifactid REngine Highest Product pom developer email simon.urbanek@R-project.org Low Product pom developer name Simon Urbanek Low Product pom groupid org.rosuda.REngine Highest Product pom name REngine Java interface to R High Product pom url http://github.com/s-u/REngine Medium Version file version 2.1.0 High Version pom version 2.1.0 Highest
RadioFieldSet.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/RadioFieldSet.jsMD5: 355640cc02121fa73805f43ad1e2abf8SHA1: 064023a56cdc6dc79d77cf768b2e213daa0800acSHA256: ec218ecb86db3fe97e9c4a5493f3615398864f2c30672c7702535f0711acf337Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
RelationCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/annotation/RelationCombo.jsMD5: 2c009d6972b75b4a60d1e246b75d9f28SHA1: f12f18dbb2abc52a7bfdb301a639c17e9d7f0ff5SHA256: d4a85d50e7a441d78760c1592145e6595220b53e1888be39b9f093cd0e205470Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
Renderers.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/Renderers.jsMD5: a88dab506bd6c340d82711e2a7fd6680SHA1: 1cc946ce4a7048edf85a3041fc52866053964cd6SHA256: 736d40648ebf504e82becf7454da63854ef2a6be07a8ad3c0db98b4b01f77002Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
RowActions.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/RowActions.jsMD5: d504180c7f78439725e2dfec52ef82e5SHA1: 005a4768ebd3e26b7a02c20f26da29a30e3741a2SHA256: 80fdfe4c8b9343255aebfb21b66def6054f1238165f46076e8b7a065bffce7a9Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
RowExpander.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/RowExpander.jsMD5: 95aef6ba8076867670a89d1f3eeaf6aaSHA1: 03f1c7163c26b8be443930b250c3a57626b70c33SHA256: 6ccba7f20891cf1e1b66bf5f10ec1380a71fc6ea51a8fd3e02b864387bc44b3eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
SearchField.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/SearchField.jsMD5: fc417876b52ebed5ad9032de9d083fe7SHA1: c7de05a82e52468aba9d70c34731872745b08fa4SHA256: 05180c72e18c2304ef09c9075c8999ce674e532358066f1d2113f19d2d03d1aeReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
SecurityManager.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/security/SecurityManager.jsMD5: f58879834bca54c03619d4ec5154e825SHA1: 6da96c39a1f8ce9342e4c3094d3c3d6e359adbd3SHA256: 6d11fad880e2055b7cd4af74f4c20676870542a3ff7c582791c01faa59f10798Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
SequenceDetailsPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/platform/SequenceDetailsPanel.jsMD5: 1e9d55a4750bb62363e03d2209152b12SHA1: 4b7ee80884055172d08b030e678d67b834738b4aSHA256: 5f6e919be27d96fbbce55757c4108eceacf81b0c22fffebe5b98e99cb7f0af2bReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
SessionBoundSetRegistrationUtils.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/analysisSearch/SessionBoundSetRegistrationUtils.jsMD5: e755889ca1ce24a52ed81a77ea96f85fSHA1: 71548b44b082f289b93cb815e34972a6576c9b65SHA256: d1b9b9ede8221ae6464056a4311a7784e1bf91625e31072d8e9019f7a30f485bReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
SetPreview.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/SetPreview.jsMD5: ad317ecad88fef6bc7b2e4267502a662SHA1: 60480875367da6c67e7948f3fa9c07d5e1e94409SHA256: dac678edd625fccf1b4f1da5762405237d5f0e1105e424eaa271453bb1a065f8Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
SparseBitSet-1.3.jarDescription:
An efficient sparse bitset implementation for Java License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/zaxxer/SparseBitSet/1.3/SparseBitSet-1.3.jar
MD5: fbe27bb4c05e8719b7fff5aa71a57364
SHA1: 533eac055afe3d5f614ea95e333afd6c2bde8f26
SHA256: f76b85adb0c00721ae267b7cfde4da7f71d3121cc2160c9fc00c0c89f8c53c8a
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile SparseBitSet-1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name SparseBitSet High Vendor jar package name sparsebitset Highest Vendor jar package name zaxxer Highest Vendor Manifest automatic-module-name com.zaxxer.sparsebitset Medium Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid SparseBitSet Highest Vendor pom artifactid SparseBitSet Low Vendor pom developer email brett.wooldridge@gmail.com Low Vendor pom developer name Brett Wooldridge Medium Vendor pom groupid com.zaxxer Highest Vendor pom name SparseBitSet High Vendor pom organization name Zaxxer.com High Vendor pom organization url brettwooldridge/SparseBitSet Medium Vendor pom url brettwooldridge/SparseBitSet Highest Product file name SparseBitSet High Product jar package name sparsebitset Highest Product jar package name zaxxer Highest Product Manifest automatic-module-name com.zaxxer.sparsebitset Medium Product Manifest build-jdk-spec 11 Low Product pom artifactid SparseBitSet Highest Product pom developer email brett.wooldridge@gmail.com Low Product pom developer name Brett Wooldridge Low Product pom groupid com.zaxxer Highest Product pom name SparseBitSet High Product pom organization name Zaxxer.com Low Product pom url brettwooldridge/SparseBitSet High Version file version 1.3 High Version pom version 1.3 Highest
Spinner.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/Spinner.jsMD5: 5c098879cac2ac5017384d04c0d54244SHA1: 9c3271bcec8dcd2b1021fd3cfe8e10e5adde001cSHA256: a8387b3d2c6e8c536b42a409517e09f65193c5423378e8180bdc7c743a2b6bf3Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
SpinnerField.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/SpinnerField.jsMD5: 0580f6b45db64bf9e6b623baec246671SHA1: 934f845b823ef4170190c371c57fc0f864478529SHA256: e90a11e23abc9122648c07ce4cdc4c306c58d7de791c690aa224e7c24021c113Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
StatefulRemoteCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/StatefulRemoteCombo.jsMD5: 05c93f5bacb846dcfd30992a6d7aa0efSHA1: 9fed1d65bb6075d7e84fa71e08f41a49f9101012SHA256: b99a7744abd81a1477e63aae1fec080dc6b91429a7425bcad8c3242833ce436bReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
StatusBar.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/StatusBar.jsMD5: 70719cb2ed60b4ec1f9928e7e47aa4e4SHA1: abfcbc9109c4f093b6a1a7f30240f32300942103SHA256: f35ad4b989ec8fa9b3ae321f765e79005102a03f57779d79e3b91c3edc105fc3Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
TaxonCombo.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/TaxonCombo.jsMD5: 15a3cf9d2aab9fa551ef490b5f75b288SHA1: 7b20bed043fa2cfdd43f6ce227dbdfa057aabf25SHA256: 32e99103bad6f8261f16fe3c2080be6ee4ad32058df7bd55ce58e6ca4b606911Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
TreeGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/TreeGrid.jsMD5: 46d0204bbbe3c50656a3214151d3c5a7SHA1: 9530b6170dbe1e0c4ec15087905154bfa6e81497SHA256: 4dca3112c80d4c13c3622bd9ad4b5077a56065da8d15257a221e407c1e9b0f3eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
TutorialQtips.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/TutorialQtips.jsMD5: 55831bb63854deafba123b3cd14897e4SHA1: c1f10836de76537ce060073771ba104ec1afbe04SHA256: e1ce14641e8eb619d7cd3c5fd77e1cdb6c1e79219fc9098cbd3df1dd524fa53dReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
UserExpressionDataUpload.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/UserExpressionDataUpload.jsMD5: 11a7cbe9cecf943659b5218c7119a16aSHA1: e139ea814f918c392d1fcab6b8dcad1c00367742SHA256: fd57b0be1cff16fd05c4f0ad3252f40aa37c47dba1a0164307e0510d8d722f9aReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
VisualizationWidget.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/visualization/VisualizationWidget.jsMD5: c09132609e6c522edaf9f226c6b7469cSHA1: 60e7cb69f5ad7b6e0cf163b9779c887f577b320cSHA256: 15439bd700867c2f9b53443e0ad49cf07e7409ce1330403edecf76eaa4978d86Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
WizardTabPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/WizardTabPanel.jsMD5: 3d724e3ed37bad46960aeeac1687822fSHA1: 5e764ee0511ab022fe3368343a5414f45dbde5b0SHA256: ba9f259f7baeb75c2aafd5b4a989c620af4d7b1b1e839b488bf50e8949d7af00Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
WizardTabPanelItemPanel.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/util/WizardTabPanelItemPanel.jsMD5: 755b9a0695869fafde4057aeffab4500SHA1: de68841c691ca6cf3bddf63c928bf979707711d9SHA256: 16cb4704568fa0317b610be4877a343d6b2de2dc2978c047150586f7ecf7f362Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
activation-1.1.jarDescription:
JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
License:
Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html File Path: /home/jenkins/.m2/repository/javax/activation/activation/1.1/activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
SHA256: 2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3
Referenced In Projects/Scopes: Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma Web:runtime Gemma REST:runtime activation-1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/com.sun.mail/javax.mail@1.6.2 pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name activation High Vendor jar package name activation Highest Vendor jar package name javax Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest extension-name javax.activation Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid activation Highest Vendor pom artifactid activation Low Vendor pom groupid javax.activation Highest Vendor pom name JavaBeans Activation Framework (JAF) High Vendor pom url http://java.sun.com/products/javabeans/jaf/index.jsp Highest Product file name activation High Product jar package name activation Highest Product jar package name javax Highest Product Manifest extension-name javax.activation Medium Product Manifest specification-title JavaBeans(TM) Activation Framework Specification Medium Product pom artifactid activation Highest Product pom groupid javax.activation Highest Product pom name JavaBeans Activation Framework (JAF) High Product pom url http://java.sun.com/products/javabeans/jaf/index.jsp Medium Version file version 1.1 High Version Manifest Implementation-Version 1.1 High Version pom version 1.1 Highest
all-1.1.2.pomFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pomMD5: b60dd3450b3a8d030f4799dcb273f846SHA1: f235011206ac009adad2d6607f222649aba5ca9eSHA256: cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67all-1.1.2.pom is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23
Evidence Type Source Name Value Confidence Vendor file name all High Vendor pom artifactid all Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid parent Low Product file name all High Product pom artifactid all Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid parent Medium Version file version 1.1.2 High Version pom parent-version 1.1.2 Low Version pom version 1.1.2 Highest
all-1.1.2.pomFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pomMD5: b60dd3450b3a8d030f4799dcb273f846SHA1: f235011206ac009adad2d6607f222649aba5ca9eSHA256: cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67all-1.1.2.pom is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23
Evidence Type Source Name Value Confidence Vendor file name all High Vendor pom artifactid all Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid parent Low Product file name all High Product pom artifactid all Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid parent Medium Version file version 1.1.2 High Version pom parent-version 1.1.2 Low Version pom version 1.1.2 Highest
all-1.1.2.pomFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pomMD5: b60dd3450b3a8d030f4799dcb273f846SHA1: f235011206ac009adad2d6607f222649aba5ca9eSHA256: cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67all-1.1.2.pom is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23
Evidence Type Source Name Value Confidence Vendor file name all High Vendor pom artifactid all Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid parent Low Product file name all High Product pom artifactid all Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid parent Medium Version file version 1.1.2 High Version pom parent-version 1.1.2 Low Version pom version 1.1.2 Highest
all-1.1.2.pomFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pomMD5: b60dd3450b3a8d030f4799dcb273f846SHA1: f235011206ac009adad2d6607f222649aba5ca9eSHA256: cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67all-1.1.2.pom is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23
Evidence Type Source Name Value Confidence Vendor file name all High Vendor pom artifactid all Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid parent Low Product file name all High Product pom artifactid all Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid parent Medium Version file version 1.1.2 High Version pom parent-version 1.1.2 Low Version pom version 1.1.2 Highest
all-1.1.2.pomFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pomMD5: b60dd3450b3a8d030f4799dcb273f846SHA1: f235011206ac009adad2d6607f222649aba5ca9eSHA256: cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67all-1.1.2.pom is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23
Evidence Type Source Name Value Confidence Vendor file name all High Vendor pom artifactid all Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid parent Low Product file name all High Product pom artifactid all Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid parent Medium Version file version 1.1.2 High Version pom parent-version 1.1.2 Low Version pom version 1.1.2 Highest
annotations-13.0.jarDescription:
A set of annotations used for code inspection support and code documentation. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/jetbrains/annotations/13.0/annotations-13.0.jar
MD5: f4fb462172517b46b6cd90003508515a
SHA1: 919f0dfe192fb4e063e7dacadee7f8bb9a2672a9
SHA256: ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478
Referenced In Project/Scope: Gemma Web:compile
annotations-13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
Evidence Type Source Name Value Confidence Vendor file name annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name intellij Highest Vendor jar package name intellij Low Vendor jar package name jetbrains Highest Vendor jar package name lang Low Vendor pom artifactid annotations Highest Vendor pom artifactid annotations Low Vendor pom developer id JetBrains Medium Vendor pom developer name JetBrains Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL http://www.jetbrains.com Medium Vendor pom groupid org.jetbrains Highest Vendor pom name IntelliJ IDEA Annotations High Vendor pom url http://www.jetbrains.org Highest Product file name annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name intellij Highest Product jar package name jetbrains Highest Product jar package name lang Low Product pom artifactid annotations Highest Product pom developer id JetBrains Low Product pom developer name JetBrains Team Low Product pom developer org JetBrains Low Product pom developer org URL http://www.jetbrains.com Low Product pom groupid org.jetbrains Highest Product pom name IntelliJ IDEA Annotations High Product pom url http://www.jetbrains.org Medium Version file version 13.0 High Version pom version 13.0 Highest
ant-1.10.14.jarFile Path: /home/jenkins/.m2/repository/org/apache/ant/ant/1.10.14/ant-1.10.14.jarMD5: 263e00d844d0e4efa54440ec5ed6362aSHA1: 1edce9bbfa60dfd51f010879c78f4421dafae7a7SHA256: 4cbbd9243de4c1042d61d9a15db4c43c90ff93b16d78b39481da1c956c8e9671Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile ant-1.10.14.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name ant High Vendor jar package name ant Highest Vendor jar package name apache Highest Vendor manifest: org/apache/tools/ant/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid ant Highest Vendor pom artifactid ant Low Vendor pom groupid org.apache.ant Highest Vendor pom name Apache Ant Core High Vendor pom parent-artifactid ant-parent Low Vendor pom url https://ant.apache.org/ Highest Product file name ant High Product jar package name ant Highest Product jar package name apache Highest Product jar package name tools Highest Product manifest: org/apache/tools/ant/ Implementation-Title org.apache.tools.ant Medium Product manifest: org/apache/tools/ant/ Specification-Title Apache Ant Medium Product pom artifactid ant Highest Product pom groupid org.apache.ant Highest Product pom name Apache Ant Core High Product pom parent-artifactid ant-parent Medium Product pom url https://ant.apache.org/ Medium Version file version 1.10.14 High Version manifest: org/apache/tools/ant/ Implementation-Version 1.10.14 Medium Version pom version 1.10.14 Highest
Related Dependencies ant-antlr-1.10.14.jarFile Path: /home/jenkins/.m2/repository/org/apache/ant/ant-antlr/1.10.14/ant-antlr-1.10.14.jar MD5: 2eb88aea917a2057c3878a18427a90e8 SHA1: 1f19602f622fa9fa04f9aa8807f935b571ca05ca SHA256: d737deb5b0992f691bffe94076695a77523e1e3b5d524b465f90d93e2d8ed7a2 pkg:maven/org.apache.ant/ant-antlr@1.10.14 ant-junit-1.10.14.jarFile Path: /home/jenkins/.m2/repository/org/apache/ant/ant-junit/1.10.14/ant-junit-1.10.14.jar MD5: 25cadd1acaf0d61ca1fd1215ab32a4f9 SHA1: e5f7b5a367cb03a73879018331c7065a2a479954 SHA256: a3b535d3d549f1850a8917a7c2bfdf364fffb79d527267db30a129475ca2faf8 pkg:maven/org.apache.ant/ant-junit@1.10.14 ant-launcher-1.10.14.jarFile Path: /home/jenkins/.m2/repository/org/apache/ant/ant-launcher/1.10.14/ant-launcher-1.10.14.jar MD5: 0e6c71b2f05383e1fb891e99f5267663 SHA1: 8d2268288496b0541a2640f2ee07fe3de1a02301 SHA256: f0909725a7a24e393888f3fbb558347abf506ce2f7ebc581ff26331b94d951a5 pkg:maven/org.apache.ant/ant-launcher@1.10.14 antlr-2.7.7.jarDescription:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html File Path: /home/jenkins/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256: 88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile antlr-2.7.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final Evidence Type Source Name Value Confidence Vendor file name antlr High Vendor jar package name actions Highest Vendor jar package name antlr Highest Vendor jar package name antlr Low Vendor jar package name java Highest Vendor jar package name parser Highest Vendor jar package name python Highest Vendor pom artifactid antlr Highest Vendor pom artifactid antlr Low Vendor pom groupid antlr Highest Vendor pom name AntLR Parser Generator High Vendor pom url http://www.antlr.org/ Highest Product file name antlr High Product jar package name actions Highest Product jar package name antlr Highest Product jar package name java Highest Product jar package name parser Highest Product jar package name python Highest Product pom artifactid antlr Highest Product pom groupid antlr Highest Product pom name AntLR Parser Generator High Product pom url http://www.antlr.org/ Medium Version file version 2.7.7 High Version pom version 2.7.7 Highest
antlr4-runtime-4.9.3.jarDescription:
The ANTLR 4 Runtime License:
http://www.antlr.org/license.html File Path: /home/jenkins/.m2/repository/org/antlr/antlr4-runtime/4.9.3/antlr4-runtime-4.9.3.jar
MD5: 718f199bafa6574ffa1111fa3e10276a
SHA1: 81befc16ebedb8b8aea3e4c0835dd5ca7e8523a8
SHA256: 131a6594969bc4f321d652ea2a33bc0e378ca312685ef87791b2c60b29d01ea5
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile antlr4-runtime-4.9.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name antlr4-runtime High Vendor jar package name antlr Highest Vendor jar package name runtime Highest Vendor Manifest automatic-module-name org.antlr.antlr4.runtime Medium Vendor Manifest bundle-docurl http://www.antlr.org Low Vendor Manifest bundle-symbolicname org.antlr.antlr4-runtime Medium Vendor Manifest implementation-url http://www.antlr.org/runtime/antlr4-runtime Low Vendor Manifest Implementation-Vendor ANTLR High Vendor Manifest Implementation-Vendor-Id org.antlr Medium Vendor pom artifactid antlr4-runtime Highest Vendor pom artifactid antlr4-runtime Low Vendor pom groupid org.antlr Highest Vendor pom name ANTLR 4 Runtime High Vendor pom parent-artifactid antlr4-master Low Product file name antlr4-runtime High Product jar package name antlr Highest Product jar package name runtime Highest Product Manifest automatic-module-name org.antlr.antlr4.runtime Medium Product Manifest bundle-docurl http://www.antlr.org Low Product Manifest Bundle-Name ANTLR 4 Runtime Medium Product Manifest bundle-symbolicname org.antlr.antlr4-runtime Medium Product Manifest Implementation-Title ANTLR 4 Runtime High Product Manifest implementation-url http://www.antlr.org/runtime/antlr4-runtime Low Product pom artifactid antlr4-runtime Highest Product pom groupid org.antlr Highest Product pom name ANTLR 4 Runtime High Product pom parent-artifactid antlr4-master Medium Version file version 4.9.3 High Version Manifest Bundle-Version 4.9.3 High Version Manifest Implementation-Version 4.9.3 High Version pom version 4.9.3 Highest
aopalliance-1.0.jarDescription:
AOP Alliance License:
Public Domain File Path: /home/jenkins/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256: 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile aopalliance-1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.security/spring-security-web@3.2.10.RELEASE pkg:maven/org.springframework.security/spring-security-web@3.2.10.RELEASE pkg:maven/org.springframework.security/spring-security-web@3.2.10.RELEASE pkg:maven/pavlab/gemma-gsec@0.0.16 pkg:maven/pavlab/gemma-gsec@0.0.16 pkg:maven/pavlab/gemma-gsec@0.0.16 Evidence Type Source Name Value Confidence Vendor file name aopalliance High Vendor jar package name aop Highest Vendor jar package name aopalliance Highest Vendor jar package name aopalliance Low Vendor jar package name intercept Low Vendor pom artifactid aopalliance Highest Vendor pom artifactid aopalliance Low Vendor pom groupid aopalliance Highest Vendor pom name AOP alliance High Vendor pom url http://aopalliance.sourceforge.net Highest Product file name aopalliance High Product jar package name aop Highest Product jar package name aopalliance Highest Product jar package name intercept Low Product pom artifactid aopalliance Highest Product pom groupid aopalliance Highest Product pom name AOP alliance High Product pom url http://aopalliance.sourceforge.net Medium Version file version 1.0 High Version pom version 1.0 Highest
aopalliance-repackaged-2.5.0-b32.jarDescription:
Dependency Injection Kernel License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.5.0-b32/aopalliance-repackaged-2.5.0-b32.jar
MD5: 99809f55109881865ce8b47f03522fb6
SHA1: 6af37c3f8ec6f9e9653ec837eb508da28ce443cd
SHA256: 32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile aopalliance-repackaged-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 Evidence Type Source Name Value Confidence Vendor file name aopalliance-repackaged High Vendor jar package name aopalliance Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Vendor pom artifactid aopalliance-repackaged Highest Vendor pom artifactid aopalliance-repackaged Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom name aopalliance version repackaged as a module High Vendor pom name aopalliance version ${aopalliance.version} repackaged as a module High Vendor pom parent-artifactid external Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name aopalliance-repackaged High Product jar package name aopalliance Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name aopalliance version 1.0 repackaged as a module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Product pom artifactid aopalliance-repackaged Highest Product pom groupid org.glassfish.hk2.external Highest Product pom name aopalliance version repackaged as a module High Product pom name aopalliance version ${aopalliance.version} repackaged as a module High Product pom parent-artifactid external Medium Product pom parent-groupid org.glassfish.hk2 Medium Version pom version 2.5.0-b32 Highest
arbor.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/scriptsnonjawr/arbor.jsMD5: cbc3d8f56ca5f506253729e079d41814SHA1: 55105233417b8dbe5834c4dbb9b7cf441c4fc78dSHA256: 73dec7a9cf90ba345b5d7eaf5977cac5d840f75ecc96fa25bf1b3717a55daf5eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
arpack_combined_all-0.1.jarDescription:
Java APIs for the BLAS, LAPACK, and ARPACK Fortran libraries as translated through F2J. License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /home/jenkins/.m2/repository/net/sourceforge/f2j/arpack_combined_all/0.1/arpack_combined_all-0.1.jar
MD5: 83d82dd480da2aeba6429e746453ec0b
SHA1: 225619a060b42605b4d9fd4af11815664abf26eb
SHA256: 9964fb948ef213548a79b23dd480af9d72f1450824fa006bbfea211ac1ffa6dc
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile arpack_combined_all-0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name arpack_combined_all High Vendor jar package name arpack Highest Vendor jar package name blas Highest Vendor jar package name lapack Highest Vendor jar package name lapack Low Vendor jar package name netlib Low Vendor pom artifactid arpack_combined_all Highest Vendor pom artifactid arpack_combined_all Low Vendor pom developer name Dave Doolin Medium Vendor pom developer name Jack Dongarra Medium Vendor pom developer name Keith Seymour Medium Vendor pom groupid net.sourceforge.f2j Highest Vendor pom name Fortran to Java ARPACK High Vendor pom url http://f2j.sourceforge.net Highest Product file name arpack_combined_all High Product jar package name arpack Highest Product jar package name blas Highest Product jar package name lapack Highest Product jar package name lapack Low Product pom artifactid arpack_combined_all Highest Product pom developer name Dave Doolin Low Product pom developer name Jack Dongarra Low Product pom developer name Keith Seymour Low Product pom groupid net.sourceforge.f2j Highest Product pom name Fortran to Java ARPACK High Product pom url http://f2j.sourceforge.net Medium Version file version 0.1 High Version pom version 0.1 Highest
CVE-2021-4048 suppress
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. CWE-125 Out-of-bounds Read
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
arrayDesign.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/platform/arrayDesign.jsMD5: fe07fa83e948c48058c2c8e7cdc6f9e2SHA1: 82d014c7acd27de5012aadf5add09236a4926157SHA256: 6ee84b0b12f90c3630722add4b16d83f391f59949b57c972ec993f231e5087e0Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
asm-9.7.jarDescription:
ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm/9.7/asm-9.7.jar
MD5: 3957b18bf02a62edcb6726d074b90b08
SHA1: 073d7b3086e14beb604ced229c302feff6449723
SHA256: adf46d5e34940bdf148ecdd26a9ee8eea94496a72034ff7141066b3eea5c4e9d
Referenced In Project/Scope: Gemma Groovy Support:compile
asm-9.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name asm High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Vendor pom artifactid asm Highest Vendor pom artifactid asm Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm High Product jar package name asm Highest Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm Medium Product Manifest Implementation-Title ASM, a very small and fast Java bytecode manipulation framework High Product pom artifactid asm Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 9.7 High Version Manifest Bundle-Version 9.7 High Version Manifest Implementation-Version 9.7 High Version pom parent-version 9.7 Low Version pom version 9.7 Highest
asm-all-repackaged-2.5.0-b32.jarDescription:
org.objectweb.asm.all version repackaged as a module File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/external/asm-all-repackaged/2.5.0-b32/asm-all-repackaged-2.5.0-b32.jarMD5: b7710f0109a9aca153b48fa5474b8a9dSHA1: dc705f1d54cd5a96cbc5a473525e75ef1cb59a9eSHA256: 83bd18063fefc7a6352539fde4e3fc7a0ec13734e17f8b787dc1bff5d426820cReferenced In Projects/Scopes:
Gemma REST:compile Gemma Web:compile asm-all-repackaged-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name asm-all-repackaged High Vendor jar package name external Highest Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor jar package name org Highest Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.asm-all-repackaged Medium Vendor pom artifactid asm-all-repackaged Highest Vendor pom artifactid asm-all-repackaged Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom name ASM library repackaged as OSGi bundle High Vendor pom parent-artifactid external Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name asm-all-repackaged High Product jar package name external Highest Product jar package name glassfish Highest Product jar package name hk2 Highest Product jar package name org Highest Product Manifest bundle-symbolicname org.glassfish.hk2.external.asm-all-repackaged Medium Product pom artifactid asm-all-repackaged Highest Product pom groupid org.glassfish.hk2.external Highest Product pom name ASM library repackaged as OSGi bundle High Product pom parent-artifactid external Medium Product pom parent-groupid org.glassfish.hk2 Medium Version pom version 2.5.0-b32 Highest
asm-analysis-9.7.jarDescription:
Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-analysis/9.7/asm-analysis-9.7.jar
MD5: 910ac9c691023f1a9ff33c413ae9fbf6
SHA1: e4a258b7eb96107106c0599f0061cfc1832fe07a
SHA256: 7bc6bcbc21379948a0c8c467fb0f864206e5b818f6bc0b546872f5c9f941556f
Referenced In Project/Scope: Gemma Groovy Support:compile
asm-analysis-9.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name asm-analysis High Vendor jar package name analysis Highest Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor jar package name tree Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.tree.analysis Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true Low Vendor pom artifactid asm-analysis Highest Vendor pom artifactid asm-analysis Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-analysis High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm-analysis High Product jar package name analysis Highest Product jar package name asm Highest Product jar package name objectweb Highest Product jar package name tree Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.tree.analysis Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.tree.analysis Medium Product Manifest Implementation-Title Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true Low Product pom artifactid asm-analysis Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm-analysis High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 9.7 High Version Manifest Bundle-Version 9.7 High Version Manifest Implementation-Version 9.7 High Version pom parent-version 9.7 Low Version pom version 9.7 Highest
asm-tree-9.7.jarDescription:
Tree API of ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-tree/9.7/asm-tree-9.7.jar
MD5: ea5cad3e0cbd2520688e4b0b5c4218e7
SHA1: e446a17b175bfb733b87c5c2560ccb4e57d69f1a
SHA256: 62f4b3bc436045c1acb5c3ba2d8ec556ec3369093d7f5d06c747eb04b56d52b1
Referenced In Project/Scope: Gemma Groovy Support:compile
asm-tree-9.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name asm-tree High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor jar package name tree Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.tree Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true Low Vendor pom artifactid asm-tree Highest Vendor pom artifactid asm-tree Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-tree High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm-tree High Product jar package name asm Highest Product jar package name objectweb Highest Product jar package name tree Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.tree Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.tree Medium Product Manifest Implementation-Title Tree API of ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true Low Product pom artifactid asm-tree Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm-tree High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 9.7 High Version Manifest Bundle-Version 9.7 High Version Manifest Implementation-Version 9.7 High Version pom parent-version 9.7 Low Version pom version 9.7 Highest
asm-util-9.7.jarDescription:
Utilities for ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-util/9.7/asm-util-9.7.jar
MD5: e7d6e20888e6fd99605f4c5fe1dfa8b0
SHA1: c0655519f24d92af2202cb681cd7c1569df6ead6
SHA256: 37a6414d36641973f1af104937c95d6d921b2ddb4d612c66c5a9f2b13fc14211
Referenced In Project/Scope: Gemma Groovy Support:compile
asm-util-9.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name asm-util High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor jar package name util Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.util Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Vendor pom artifactid asm-util Highest Vendor pom artifactid asm-util Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-util High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm-util High Product jar package name asm Highest Product jar package name objectweb Highest Product jar package name util Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.util Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.util Medium Product Manifest Implementation-Title Utilities for ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Product pom artifactid asm-util Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm-util High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 9.7 High Version Manifest Bundle-Version 9.7 High Version Manifest Implementation-Version 9.7 High Version pom parent-version 9.7 Low Version pom version 9.7 Highest
aspectjweaver-1.9.22.1.jarDescription:
The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
weaving (LTW) during class-loading and also contains the AspectJ runtime classes. License:
Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt File Path: /home/jenkins/.m2/repository/org/aspectj/aspectjweaver/1.9.22.1/aspectjweaver-1.9.22.1.jar
MD5: f2edbc088126174a11b68279bd26c6eb
SHA1: bca243d0af0db4758fbae45c5f4995cb5dabb612
SHA256: cd2dd01ec2424c05669df4d557f6c6cd7ed87b05257ee3c866b4c5b116b18a78
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile aspectjweaver-1.9.22.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name aspectjweaver High Vendor jar package name agent Highest Vendor jar package name and Highest Vendor jar package name aspectj Highest Vendor jar package name aspects Highest Vendor jar package name ltw Highest Vendor jar package name org Highest Vendor jar package name runtime Highest Vendor jar package name weaver Highest Vendor Manifest automatic-module-name org.aspectj.weaver Medium Vendor Manifest can-redefine-classes true Low Vendor manifest: org/aspectj/weaver/ Implementation-Vendor https://www.eclipse.org/aspectj/ Medium Vendor pom artifactid aspectjweaver Highest Vendor pom artifactid aspectjweaver Low Vendor pom developer email aclement@vmware.com Low Vendor pom developer email kriegaex@aspectj.dev Low Vendor pom developer id aclement Medium Vendor pom developer id kriegaex Medium Vendor pom developer name Alexander Kriegisch Medium Vendor pom developer name Andy Clement Medium Vendor pom groupid org.aspectj Highest Vendor pom name AspectJ Weaver High Vendor pom url https://www.eclipse.org/aspectj/ Highest Product file name aspectjweaver High Product jar package name agent Highest Product jar package name and Highest Product jar package name aspectj Highest Product jar package name aspects Highest Product jar package name ltw Highest Product jar package name org Highest Product jar package name runtime Highest Product jar package name weaver Highest Product Manifest automatic-module-name org.aspectj.weaver Medium Product Manifest can-redefine-classes true Low Product manifest: org/aspectj/weaver/ Implementation-Title org.aspectj.weaver Medium Product manifest: org/aspectj/weaver/ Specification-Title AspectJ Weaver Classes Medium Product pom artifactid aspectjweaver Highest Product pom developer email aclement@vmware.com Low Product pom developer email kriegaex@aspectj.dev Low Product pom developer id aclement Low Product pom developer id kriegaex Low Product pom developer name Alexander Kriegisch Low Product pom developer name Andy Clement Low Product pom groupid org.aspectj Highest Product pom name AspectJ Weaver High Product pom url https://www.eclipse.org/aspectj/ Medium Version file version 1.9.22.1 High Version manifest: org/aspectj/weaver/ Implementation-Version 1.9.22.1 Medium Version pom version 1.9.22.1 Highest
baseCode-1.1.23.jarDescription:
Data structures, math and statistics tools, and utilities that are often needed across projects.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/baseCode/baseCode/1.1.23/baseCode-1.1.23.jar
MD5: 209fa8b43a8f35843c2dd2657508a350
SHA1: 3d762955f197c680df14a7189201e979bbfa1a59
SHA256: 26ac5054f781f5666e96c056f88ccd1e227e90f163bc36b04b48d32ba9ff9fbd
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile baseCode-1.1.23.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name baseCode High Vendor jar package name basecode Highest Vendor jar package name math Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid baseCode Highest Vendor pom artifactid baseCode Low Vendor pom developer email paul@msl.ubc.ca Low Vendor pom developer email poirigui@msl.ubc.ca Low Vendor pom developer id pavlidis Medium Vendor pom developer id poirigui Medium Vendor pom developer name Guillaume Poirier-Morency Medium Vendor pom developer name Paul Pavlidis Medium Vendor pom developer org University of British Columbia Medium Vendor pom groupid baseCode Highest Vendor pom name baseCode High Vendor pom organization name Pavlidis Lab High Vendor pom organization url https://pavlab.msl.ubc.ca/ Medium Vendor pom url PavlidisLab/baseCode Highest Product file name baseCode High Product jar package name basecode Highest Product jar package name math Highest Product Manifest build-jdk-spec 11 Low Product pom artifactid baseCode Highest Product pom developer email paul@msl.ubc.ca Low Product pom developer email poirigui@msl.ubc.ca Low Product pom developer id pavlidis Low Product pom developer id poirigui Low Product pom developer name Guillaume Poirier-Morency Low Product pom developer name Paul Pavlidis Low Product pom developer org University of British Columbia Low Product pom groupid baseCode Highest Product pom name baseCode High Product pom organization name Pavlidis Lab Low Product pom organization url https://pavlab.msl.ubc.ca/ Low Product pom url PavlidisLab/baseCode High Version file version 1.1.23 High Version pom version 1.1.23 Highest
bibliographicReferenceDetails.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/bibliographicReference/bibliographicReferenceDetails.jsMD5: 8170842459ec2d31e47fd177aa983e7aSHA1: 1cb1069da98a21aa72703a830e6d5368bf332665SHA256: 3054ab3cba005e2d115cda673b8b4913c5ea32874aeba358699713b4e5b48f8fReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
bibliographicReferencePage.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/bibliographicReference/bibliographicReferencePage.jsMD5: b92177c654c884bca5c42ad3def2363dSHA1: 38b0c3eea902636211af0912cc080e75f64ee376SHA256: 6b01397b7f133c4058b82a4215cae79fd5294912119c50888e1a1241d3e56b59Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
bibliographicReferenceSearchResultGrid.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/entities/bibliographicReference/bibliographicReferenceSearchResultGrid.jsMD5: b3704aa48edc51aeaf215b649a730f7fSHA1: 3073d94dd357346d9ff8e022437583619c83b4c7SHA256: fba7e3cccfe3a88cbf660a786470efc601a2a530ad37c29707cbbf90324a5d8aReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
bioassay.draganddrop.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/bioassay.draganddrop.jsMD5: 0f60a5190f59b190d6eea7e03278632dSHA1: d23f7f3368551a445c298b279947e57e218c5e5bSHA256: 96ccd83378344ff9eda3967a2bdb48b070e74fc43b9decc42b8df61843336697Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
bmFactorValues.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/bmFactorValues.jsMD5: 3b728d8224779b431f68f32747bcda5fSHA1: 5e878b49f8b6ecfb3b42b1ae96a0209513f5ff8dSHA256: b3b097d6d7cfab6d8c7d9dbb8a85464fa5434c9e504fdf5d4798532c5c38e982Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
canvas-text-functions.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/canvas-text-functions.jsMD5: 738b5a052e08234da0b2fa9c7fccc4cfSHA1: 71523d809469959159995fd2ca4c5c932a82da2dSHA256: 53260576f16056b66dbe1a9984d21df431cd9003a8eb8c40a1c54595d4b3bc8cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
class-model-2.5.0-b32.jarDescription:
Dependency Injection Kernel License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/class-model/2.5.0-b32/class-model-2.5.0-b32.jar
MD5: b995e20985e420e7bce29be5a35d7aeb
SHA1: 017f054f3e91898c0c0fc52163ad904b13c24e8b
SHA256: 9a4d6e54e48bf71f7669cae5e10277b3dbc438d29c48730c778725a121df8d64
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile class-model-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name class-model High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.class-model Medium Vendor pom artifactid class-model Highest Vendor pom artifactid class-model Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name Class Model for Hk2 High Vendor pom parent-artifactid hk2-parent Low Product file name class-model High Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name Class Model for Hk2 Medium Product Manifest bundle-symbolicname org.glassfish.hk2.class-model Medium Product pom artifactid class-model Highest Product pom groupid org.glassfish.hk2 Highest Product pom name Class Model for Hk2 High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
classgraph-4.8.165.jarDescription:
The uber-fast, ultra-lightweight classpath and module scanner for JVM languages. License:
The MIT License (MIT): http://opensource.org/licenses/MIT File Path: /home/jenkins/.m2/repository/io/github/classgraph/classgraph/4.8.165/classgraph-4.8.165.jar
MD5: 184a77ae08192b53063aa42e540d2d4a
SHA1: d7237a1fc235030b7b548eb3d671f714da01e50b
SHA256: 5258d9218fc6413f4d14218a5a6e784528e349f60f48883b77de74bb478ebafd
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile classgraph-4.8.165.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.swagger.core.v3/swagger-jaxrs2@2.2.22 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name classgraph High Vendor jar package name classgraph Highest Vendor jar package name github Highest Vendor jar package name io Highest Vendor jar package name scanner Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-category Utilities Low Vendor Manifest bundle-symbolicname io.github.classgraph.classgraph Medium Vendor Manifest multi-release true Low Vendor pom artifactid classgraph Highest Vendor pom artifactid classgraph Low Vendor pom developer email luke.hutch@gmail.com Low Vendor pom developer name Luke Hutchison Medium Vendor pom developer org ClassGraph Medium Vendor pom developer org URL https://github.com/classgraph Medium Vendor pom groupid io.github.classgraph Highest Vendor pom name ClassGraph High Vendor pom url classgraph/classgraph Highest Product file name classgraph High Product jar package name classgraph Highest Product jar package name github Highest Product jar package name io Highest Product jar package name scanner Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-category Utilities Low Product Manifest Bundle-Name ClassGraph Medium Product Manifest bundle-symbolicname io.github.classgraph.classgraph Medium Product Manifest Implementation-Title ClassGraph High Product Manifest multi-release true Low Product Manifest specification-title ClassGraph Medium Product pom artifactid classgraph Highest Product pom developer email luke.hutch@gmail.com Low Product pom developer name Luke Hutchison Low Product pom developer org ClassGraph Low Product pom developer org URL https://github.com/classgraph Low Product pom groupid io.github.classgraph Highest Product pom name ClassGraph High Product pom url classgraph/classgraph High Version file version 4.8.165 High Version Manifest Bundle-Version 4.8.165 High Version Manifest Implementation-Version 4.8.165 High Version pom version 4.8.165 Highest
color.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/color.jsMD5: 8053f2b455f4e152c7beb931ed277c0aSHA1: d549d71752f82f5d019ba9c36d34ee31d89cb567SHA256: f8d34601628fca74fbc9d14f14dd61d80a792e1e40b0abe318ebcd86b16fc96aReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
colt-1.2.0.jarFile Path: /home/jenkins/.m2/repository/colt/colt/1.2.0/colt-1.2.0.jarMD5: f6be558e44de25df08b9f515b2a7ffeeSHA1: 0abc984f3adc760684d49e0f11ddf167ba516d4fSHA256: e1fcbfbdd0d0caedadfb59febace5a62812db3b9425f3a03ef4c4cbba3ed0ee3Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile colt-1.2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name colt High Vendor jar package name cern Low Vendor jar package name colt Highest Vendor jar package name colt Low Vendor pom artifactid colt Highest Vendor pom artifactid colt Low Vendor pom groupid colt Highest Product file name colt High Product jar package name colt Highest Product jar package name colt Low Product pom artifactid colt Highest Product pom groupid colt Highest Version file version 1.2.0 High Version pom version 1.2.0 Highest
commons-cli-1.7.0.jarDescription:
Apache Commons CLI provides a simple API for presenting, processing and validating a Command Line Interface.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/commons-cli/commons-cli/1.7.0/commons-cli-1.7.0.jar
MD5: a7843398103e8e4f9e5c037862b0a5c1
SHA1: 6504b3f17e8bc5adc6b6c8deecc90144d0154075
SHA256: ef990c7522ed6caa06265e24317f29ce839f7702938e1aebe8187a0bac19c0d7
Referenced In Project/Scope: Gemma CLI:compile
commons-cli-1.7.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name commons-cli High Vendor jar package name apache Highest Vendor jar package name cli Highest Vendor jar package name commons Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-cli/ Low Vendor Manifest bundle-symbolicname org.apache.commons.cli Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-cli Highest Vendor pom artifactid commons-cli Low Vendor pom developer email bob@werken.com Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email ebourg@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jbjk@mac.com Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email roxspring@imapmail.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id bob Medium Vendor pom developer id chtompki Medium Vendor pom developer id ebourg Medium Vendor pom developer id ggregory Medium Vendor pom developer id jkeyes Medium Vendor pom developer id jstrachan Medium Vendor pom developer id roxspring Medium Vendor pom developer id tn Medium Vendor pom developer name Bob McWhirter Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name James Strachan Medium Vendor pom developer name John Keyes Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Ariane Software Medium Vendor pom developer org Indigo Stone Medium Vendor pom developer org integral Source Medium Vendor pom developer org SpiritSoft, Inc. Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org Werken Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-cli Highest Vendor pom name Apache Commons CLI High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-cli/ Highest Product file name commons-cli High Product jar package name apache Highest Product jar package name cli Highest Product jar package name commons Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-cli/ Low Product Manifest Bundle-Name Apache Commons CLI Medium Product Manifest bundle-symbolicname org.apache.commons.cli Medium Product Manifest Implementation-Title Apache Commons CLI High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons CLI Medium Product pom artifactid commons-cli Highest Product pom developer email bob@werken.com Low Product pom developer email chtompki@apache.org Low Product pom developer email ebourg@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email jbjk@mac.com Low Product pom developer email jstrachan@apache.org Low Product pom developer email roxspring@imapmail.org Low Product pom developer email tn@apache.org Low Product pom developer id bob Low Product pom developer id chtompki Low Product pom developer id ebourg Low Product pom developer id ggregory Low Product pom developer id jkeyes Low Product pom developer id jstrachan Low Product pom developer id roxspring Low Product pom developer id tn Low Product pom developer name Bob McWhirter Low Product pom developer name Emmanuel Bourg Low Product pom developer name Gary Gregory Low Product pom developer name James Strachan Low Product pom developer name John Keyes Low Product pom developer name Rob Oxspring Low Product pom developer name Rob Tompkins Low Product pom developer name Thomas Neidhart Low Product pom developer org Ariane Software Low Product pom developer org Indigo Stone Low Product pom developer org integral Source Low Product pom developer org SpiritSoft, Inc. Low Product pom developer org The Apache Software Foundation Low Product pom developer org Werken Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-cli Highest Product pom name Apache Commons CLI High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-cli/ Medium Version file version 1.7.0 High Version Manifest Bundle-Version 1.7.0 High Version Manifest Implementation-Version 1.7.0 High Version pom parent-version 1.7.0 Low Version pom version 1.7.0 Highest
commons-codec-1.16.0.jarDescription:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/commons-codec/commons-codec/1.16.0/commons-codec-1.16.0.jar
MD5: 6e26920fa7228891980890cce06b718c
SHA1: 4e3eb3d79888d76b54e28b350915b5dc3919c9de
SHA256: 56595fb20b0b85bc91d0d503dad50bb7f1b9afc0eed5dffa6cbb25929000484d
Referenced In Project/Scope: Gemma:compile
commons-codec-1.16.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23
Evidence Type Source Name Value Confidence Vendor file name commons-codec High Vendor jar package name apache Highest Vendor jar package name codec Highest Vendor jar package name commons Highest Vendor jar package name encoder Highest Vendor Manifest automatic-module-name org.apache.commons.codec Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-codec Highest Vendor pom artifactid commons-codec Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jon@collab.net Low Vendor pom developer email julius@apache.org Low Vendor pom developer email mattsicker@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email tn@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id chtompki Medium Vendor pom developer id dgraham Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jon Medium Vendor pom developer id julius Medium Vendor pom developer id mattsicker Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name David Graham Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jon S. Stevens Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Matt Sicker Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL http://juliusdavies.ca/ Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-codec Highest Vendor pom name Apache Commons Codec High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-codec/ Highest Product file name commons-codec High Product jar package name apache Highest Product jar package name codec Highest Product jar package name commons Highest Product jar package name encoder Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Product Manifest Implementation-Title Apache Commons Codec High Product Manifest specification-title Apache Commons Codec Medium Product pom artifactid commons-codec Highest Product pom developer email bayard@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jon@collab.net Low Product pom developer email julius@apache.org Low Product pom developer email mattsicker@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email tn@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id bayard Low Product pom developer id chtompki Low Product pom developer id dgraham Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jon Low Product pom developer id julius Low Product pom developer id mattsicker Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Daniel Rall Low Product pom developer name David Graham Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jon S. Stevens Low Product pom developer name Julius Davies Low Product pom developer name Matt Sicker Low Product pom developer name Rob Tompkins Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim OBrien Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL http://juliusdavies.ca/ Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-codec Highest Product pom name Apache Commons Codec High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-codec/ Medium Version file version 1.16.0 High Version Manifest Bundle-Version 1.16.0 High Version Manifest Implementation-Version 1.16.0 High Version pom parent-version 1.16.0 Low Version pom version 1.16.0 Highest
commons-codec-1.16.1.jarDescription:
The Apache Commons Codec component contains encoder and decoders for
various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256: ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-codec-1.16.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.apache.commons/commons-csv@1.11.0 pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-codec High Vendor jar package name apache Highest Vendor jar package name codec Highest Vendor jar package name commons Highest Vendor jar package name digest Highest Vendor jar package name encoder Highest Vendor Manifest automatic-module-name org.apache.commons.codec Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-codec Highest Vendor pom artifactid commons-codec Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jon@collab.net Low Vendor pom developer email julius@apache.org Low Vendor pom developer email mattsicker@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email tn@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id chtompki Medium Vendor pom developer id dgraham Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jon Medium Vendor pom developer id julius Medium Vendor pom developer id mattsicker Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name David Graham Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jon S. Stevens Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Matt Sicker Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL http://juliusdavies.ca/ Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-codec Highest Vendor pom name Apache Commons Codec High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-codec/ Highest Product file name commons-codec High Product jar package name apache Highest Product jar package name codec Highest Product jar package name commons Highest Product jar package name digest Highest Product jar package name encoder Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Product Manifest Implementation-Title Apache Commons Codec High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Codec Medium Product pom artifactid commons-codec Highest Product pom developer email bayard@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jon@collab.net Low Product pom developer email julius@apache.org Low Product pom developer email mattsicker@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email tn@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id bayard Low Product pom developer id chtompki Low Product pom developer id dgraham Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jon Low Product pom developer id julius Low Product pom developer id mattsicker Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Daniel Rall Low Product pom developer name David Graham Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jon S. Stevens Low Product pom developer name Julius Davies Low Product pom developer name Matt Sicker Low Product pom developer name Rob Tompkins Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim OBrien Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL http://juliusdavies.ca/ Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-codec Highest Product pom name Apache Commons Codec High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-codec/ Medium Version file version 1.16.1 High Version Manifest Bundle-Version 1.16.1 High Version Manifest Implementation-Version 1.16.1 High Version pom parent-version 1.16.1 Low Version pom version 1.16.1 Highest
commons-collections4-4.4.jarDescription:
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256: 1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-collections4-4.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-collections4 High Vendor jar package name apache Highest Vendor jar package name collections4 Highest Vendor jar package name commons Highest Vendor Manifest automatic-module-name org.apache.commons.collections4 Medium Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-collections4 Medium Vendor Manifest implementation-url https://commons.apache.org/proper/commons-collections/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-collections4 Highest Vendor pom artifactid commons-collections4 Low Vendor pom developer id adriannistor Medium Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id chtompki Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dlaha Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id luc Medium Vendor pom developer id matth Medium Vendor pom developer id mbenson Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer id tn Medium Vendor pom developer name Adrian Nistor Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dipanjan Laha Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Luc Maisonobe Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-collections/ Highest Product file name commons-collections4 High Product jar package name apache Highest Product jar package name collections4 Highest Product jar package name commons Highest Product Manifest automatic-module-name org.apache.commons.collections4 Medium Product Manifest bundle-docurl https://commons.apache.org/proper/commons-collections/ Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.commons-collections4 Medium Product Manifest Implementation-Title Apache Commons Collections High Product Manifest implementation-url https://commons.apache.org/proper/commons-collections/ Low Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections4 Highest Product pom developer id adriannistor Low Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id chtompki Low Product pom developer id craigmcc Low Product pom developer id dlaha Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id luc Low Product pom developer id matth Low Product pom developer id mbenson Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer id tn Low Product pom developer name Adrian Nistor Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Dipanjan Laha Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Luc Maisonobe Low Product pom developer name Matt Benson Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom developer name Thomas Neidhart Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-collections/ Medium Version file version 4.4 High Version Manifest Implementation-Version 4.4 High Version pom parent-version 4.4 Low Version pom version 4.4 Highest
commons-configuration2-2.8.0.jarDescription:
Tools to assist in the reading of configuration/preferences files in
various formats
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-configuration2/2.8.0/commons-configuration2-2.8.0.jar
MD5: 4bb1f1ad26727cf5966554cb6b9eb073
SHA1: 6a76acbe14d2c01d4758a57171f3f6a150dbd462
SHA256: e5c46e4b0b1acddbc96651838c19d3df70da92dfb5107a6e4c42cb92d3a300bd
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-configuration2-2.8.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-configuration2 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name configuration Highest Vendor jar package name configuration2 Highest Vendor Manifest automatic-module-name org.apache.commons.configuration2 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-configuration/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-configuration2 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-configuration2 Highest Vendor pom artifactid commons-configuration2 Low Vendor pom developer email bdunbar@dunbarconsulting.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email claude@apache.org Low Vendor pom developer email dion@multitask.com.au Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ebourg@apache.org Low Vendor pom developer email epugh@upstate.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email hps@intermeta.de Low Vendor pom developer email jason@zenplex.com Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email mpoeschl@marmot.at Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email rgoers@apache.org Low Vendor pom developer id bdunbar Medium Vendor pom developer id chtompki Medium Vendor pom developer id claudenw Medium Vendor pom developer id dion Medium Vendor pom developer id dlr Medium Vendor pom developer id ebourg Medium Vendor pom developer id epugh Medium Vendor pom developer id ggregory Medium Vendor pom developer id henning Medium Vendor pom developer id joehni Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id mpoeschl Medium Vendor pom developer id oheger Medium Vendor pom developer id rgoers Medium Vendor pom developer name Brian E. Dunbar Medium Vendor pom developer name Claude Warren Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Eric Pugh Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henning P. Schmiedehausen Medium Vendor pom developer name Jörg Schaible Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Martin Poeschl Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Ralph Goers Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer org Ariane Software Medium Vendor pom developer org Bosch Software Innovations Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org dunbarconsulting.org Medium Vendor pom developer org INTERMETA - Gesellschaft fuer Mehrwertdienste mbH Medium Vendor pom developer org Intuit Medium Vendor pom developer org Multitask Consulting Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org tucana.at Medium Vendor pom developer org upstate.com Medium Vendor pom developer org Zenplex Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Configuration High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-configuration/ Highest Product file name commons-configuration2 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name configuration Highest Product jar package name configuration2 Highest Product Manifest automatic-module-name org.apache.commons.configuration2 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-configuration/ Low Product Manifest Bundle-Name Apache Commons Configuration Medium Product Manifest bundle-symbolicname org.apache.commons.commons-configuration2 Medium Product Manifest Implementation-Title Apache Commons Configuration High Product Manifest specification-title Apache Commons Configuration Medium Product pom artifactid commons-configuration2 Highest Product pom developer email bdunbar@dunbarconsulting.org Low Product pom developer email chtompki@apache.org Low Product pom developer email claude@apache.org Low Product pom developer email dion@multitask.com.au Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ebourg@apache.org Low Product pom developer email epugh@upstate.com Low Product pom developer email ggregory at apache.org Low Product pom developer email hps@intermeta.de Low Product pom developer email jason@zenplex.com Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email mpoeschl@marmot.at Low Product pom developer email oheger@apache.org Low Product pom developer email rgoers@apache.org Low Product pom developer id bdunbar Low Product pom developer id chtompki Low Product pom developer id claudenw Low Product pom developer id dion Low Product pom developer id dlr Low Product pom developer id ebourg Low Product pom developer id epugh Low Product pom developer id ggregory Low Product pom developer id henning Low Product pom developer id joehni Low Product pom developer id jvanzyl Low Product pom developer id mpoeschl Low Product pom developer id oheger Low Product pom developer id rgoers Low Product pom developer name Brian E. Dunbar Low Product pom developer name Claude Warren Low Product pom developer name Daniel Rall Low Product pom developer name dIon Gillard Low Product pom developer name Emmanuel Bourg Low Product pom developer name Eric Pugh Low Product pom developer name Gary Gregory Low Product pom developer name Henning P. Schmiedehausen Low Product pom developer name Jörg Schaible Low Product pom developer name Jason van Zyl Low Product pom developer name Martin Poeschl Low Product pom developer name Oliver Heger Low Product pom developer name Ralph Goers Low Product pom developer name Rob Tompkins Low Product pom developer org Ariane Software Low Product pom developer org Bosch Software Innovations Low Product pom developer org CollabNet, Inc. Low Product pom developer org dunbarconsulting.org Low Product pom developer org INTERMETA - Gesellschaft fuer Mehrwertdienste mbH Low Product pom developer org Intuit Low Product pom developer org Multitask Consulting Low Product pom developer org The Apache Software Foundation Low Product pom developer org tucana.at Low Product pom developer org upstate.com Low Product pom developer org Zenplex Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Configuration High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-configuration/ Medium Version file version 2.8.0 High Version Manifest Bundle-Version 2.8.0 High Version Manifest Implementation-Version 2.8.0 High Version pom parent-version 2.8.0 Low Version pom version 2.8.0 Highest
CVE-2024-29131 (OSSINDEX) suppress
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29131 for details CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.commons:commons-configuration2:2.8.0:*:*:*:*:*:*:* CVE-2024-29133 (OSSINDEX) suppress
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29133 for details CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (4.400000095367432) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.commons:commons-configuration2:2.8.0:*:*:*:*:*:*:* commons-csv-1.11.0.jarDescription:
The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-csv/1.11.0/commons-csv-1.11.0.jar
MD5: 670327702ca6f22103531d20d140bc9e
SHA1: 8f2dc805097da534612128b7cdf491a5a76752bf
SHA256: b697fe3f94cfc4f7e2a87bddf78d15cd10d8c86cbe56ae9196a62d6edbf6b76d
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-csv-1.11.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-csv High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name csv Highest Vendor Manifest automatic-module-name org.apache.commons.csv Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-csv/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-csv Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-csv Highest Vendor pom artifactid commons-csv Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email ebourg@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email mvdb@apache.org Low Vendor pom developer email yonik@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id ebourg Medium Vendor pom developer id ggregory Medium Vendor pom developer id mvdb Medium Vendor pom developer id yonik Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Martin van den Bemt Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Yonik Seeley Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons CSV High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-csv/ Highest Product file name commons-csv High Product jar package name 9 Highest Product jar package name apache Highest Product jar package name commons Highest Product jar package name csv Highest Product Manifest automatic-module-name org.apache.commons.csv Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-csv/ Low Product Manifest Bundle-Name Apache Commons CSV Medium Product Manifest bundle-symbolicname org.apache.commons.commons-csv Medium Product Manifest Implementation-Title Apache Commons CSV High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product Manifest specification-title Apache Commons CSV Medium Product pom artifactid commons-csv Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email ebourg@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email mvdb@apache.org Low Product pom developer email yonik@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id ebourg Low Product pom developer id ggregory Low Product pom developer id mvdb Low Product pom developer id yonik Low Product pom developer name Benedikt Ritter Low Product pom developer name Emmanuel Bourg Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Martin van den Bemt Low Product pom developer name Rob Tompkins Low Product pom developer name Yonik Seeley Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons CSV High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-csv/ Medium Version file version 1.11.0 High Version Manifest Bundle-Version 1.11.0 High Version Manifest Implementation-Version 1.11.0 High Version pom parent-version 1.11.0 Low Version pom version 1.11.0 Highest
commons-fileupload-1.5.jarDescription:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.5/commons-fileupload-1.5.jar
MD5: e57ac8a1a6412886a133a2fa08b89735
SHA1: ad4ad2ab2961b4e1891472bd1a33fabefb0385f3
SHA256: 51f7b3dcb4e50c7662994da2f47231519ff99707a5c7fb7b05f4c4d3a1728c14
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-fileupload-1.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-fileupload High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name fileupload Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Vendor Manifest implementation-build UNKNOWN@r${buildNumber}; 2023-02-01 12:39:33+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-fileupload Highest Vendor pom artifactid commons-fileupload Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jason@zenplex.com Low Vendor pom developer email jmcnally@collab.net Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sean |at| seansullivan |dot| com Low Vendor pom developer email simonetripodi@apache.org Low Vendor pom developer id chtompki Medium Vendor pom developer id dion Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jmcnally Medium Vendor pom developer id jochen Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id martinc Medium Vendor pom developer id rdonkin Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id sullis Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name John McNally Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Sean C. Sullivan Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer org Adobe Medium Vendor pom developer org CollabNet Medium Vendor pom developer org Multitask Consulting Medium Vendor pom developer org Yahoo! Medium Vendor pom developer org Zenplex Medium Vendor pom groupid commons-fileupload Highest Vendor pom name Apache Commons FileUpload High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-fileupload/ Highest Product file name commons-fileupload High Product jar package name apache Highest Product jar package name commons Highest Product jar package name fileupload Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-fileupload/ Low Product Manifest Bundle-Name Apache Commons FileUpload Medium Product Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Product Manifest implementation-build UNKNOWN@r${buildNumber}; 2023-02-01 12:39:33+0000 Low Product Manifest Implementation-Title Apache Commons FileUpload High Product Manifest specification-title Apache Commons FileUpload Medium Product pom artifactid commons-fileupload Highest Product pom developer email chtompki@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jason@zenplex.com Low Product pom developer email jmcnally@collab.net Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email martinc@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sean |at| seansullivan |dot| com Low Product pom developer email simonetripodi@apache.org Low Product pom developer id chtompki Low Product pom developer id dion Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jmcnally Low Product pom developer id jochen Low Product pom developer id jvanzyl Low Product pom developer id martinc Low Product pom developer id rdonkin Low Product pom developer id simonetripodi Low Product pom developer id sullis Low Product pom developer name Daniel Rall Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Jason van Zyl Low Product pom developer name Jochen Wiedmann Low Product pom developer name John McNally Low Product pom developer name Martin Cooper Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Sean C. Sullivan Low Product pom developer name Simone Tripodi Low Product pom developer org Adobe Low Product pom developer org CollabNet Low Product pom developer org Multitask Consulting Low Product pom developer org Yahoo! Low Product pom developer org Zenplex Low Product pom groupid commons-fileupload Highest Product pom name Apache Commons FileUpload High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-fileupload/ Medium Version file version 1.5 High Version Manifest Implementation-Version 1.5 High Version pom parent-version 1.5 Low Version pom version 1.5 Highest
commons-httpclient-3.0.1.jarDescription:
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.m2/repository/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1.jar
MD5: 456245a3b1b49eb51c57d037acebfefc
SHA1: d6364bcc1b2b2aa69d008602d36a700453648560
SHA256: 310c8ad76748ee7af743465304533406dc2e70464ce04c7cd410caddd2747bf9
Referenced In Project/Scope: Gemma Web:compile
commons-httpclient-3.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/rome/rome-fetcher@1.0
Evidence Type Source Name Value Confidence Vendor file name commons-httpclient High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name httpclient Highest Vendor jar package name methods Highest Vendor Manifest extension-name commons-httpclient Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid commons-httpclient Highest Vendor pom artifactid commons-httpclient Low Vendor pom developer email adrian.sutton -at- ephox.com Low Vendor pom developer email dion -at- apache.org Low Vendor pom developer email jericho -at- apache.org Low Vendor pom developer email jsdever -at- apache.org Low Vendor pom developer email mbecke -at- apache.org Low Vendor pom developer email oglueck -at- apache.org Low Vendor pom developer email olegk -at- apache.org Low Vendor pom developer email rwaldhoff -at- apache Low Vendor pom developer email sullis -at- apache.org Low Vendor pom developer id adrian Medium Vendor pom developer id dion Medium Vendor pom developer id jericho Medium Vendor pom developer id jsdever Medium Vendor pom developer id mbecke Medium Vendor pom developer id oglueck Medium Vendor pom developer id olegk Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sullis Medium Vendor pom developer name Adrian Sutton Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Jeff Dever Medium Vendor pom developer name Michael Becke Medium Vendor pom developer name Oleg Kalnichevski Medium Vendor pom developer name Ortwin Glueck Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sean C. Sullivan Medium Vendor pom developer name Sung-Gu Medium Vendor pom developer org Britannica Medium Vendor pom developer org Independent consultant Medium Vendor pom developer org Intencha Medium Vendor pom developer org Multitask Consulting Medium Vendor pom groupid commons-httpclient Highest Vendor pom name HttpClient High Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://jakarta.apache.org/ Medium Vendor pom url http://jakarta.apache.org/commons/httpclient/ Highest Product file name commons-httpclient High Product jar package name apache Highest Product jar package name commons Highest Product jar package name httpclient Highest Product jar package name methods Highest Product Manifest extension-name commons-httpclient Medium Product Manifest Implementation-Title org.apache.commons.httpclient High Product Manifest specification-title Jakarta Commons HttpClient Medium Product pom artifactid commons-httpclient Highest Product pom developer email adrian.sutton -at- ephox.com Low Product pom developer email dion -at- apache.org Low Product pom developer email jericho -at- apache.org Low Product pom developer email jsdever -at- apache.org Low Product pom developer email mbecke -at- apache.org Low Product pom developer email oglueck -at- apache.org Low Product pom developer email olegk -at- apache.org Low Product pom developer email rwaldhoff -at- apache Low Product pom developer email sullis -at- apache.org Low Product pom developer id adrian Low Product pom developer id dion Low Product pom developer id jericho Low Product pom developer id jsdever Low Product pom developer id mbecke Low Product pom developer id oglueck Low Product pom developer id olegk Low Product pom developer id rwaldhoff Low Product pom developer id sullis Low Product pom developer name Adrian Sutton Low Product pom developer name dIon Gillard Low Product pom developer name Jeff Dever Low Product pom developer name Michael Becke Low Product pom developer name Oleg Kalnichevski Low Product pom developer name Ortwin Glueck Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sean C. Sullivan Low Product pom developer name Sung-Gu Low Product pom developer org Britannica Low Product pom developer org Independent consultant Low Product pom developer org Intencha Low Product pom developer org Multitask Consulting Low Product pom groupid commons-httpclient Highest Product pom name HttpClient High Product pom organization name Apache Software Foundation Low Product pom organization url http://jakarta.apache.org/ Low Product pom url http://jakarta.apache.org/commons/httpclient/ Medium Version file version 3.0.1 High Version Manifest Implementation-Version 3.0.1 High Version pom version 3.0.1 Highest
CVE-2012-5783 (OSSINDEX) suppress
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.800000190734863) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:commons-httpclient:commons-httpclient:3.0.1:*:*:*:*:*:*:* CVE-2020-13956 suppress
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
commons-io-2.16.1.jarDescription:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.16.1/commons-io-2.16.1.jar
MD5: ed8191a5a217940140001b0acfed18d9
SHA1: 377d592e740dc77124e0901291dbfaa6810a200e
SHA256: f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-io-2.16.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-io High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name file Highest Vendor jar package name io Highest Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-io Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-io Highest Vendor pom artifactid commons-io Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jeremias@apache.org Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email krosenvold@apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email matth@apache.org Low Vendor pom developer email nicolaken@apache.org Low Vendor pom developer email roxspring@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dion Medium Vendor pom developer id ggregory Medium Vendor pom developer id jeremias Medium Vendor pom developer id jochen Medium Vendor pom developer id jukka Medium Vendor pom developer id krosenvold Medium Vendor pom developer id martinc Medium Vendor pom developer id matth Medium Vendor pom developer id niallp Medium Vendor pom developer id nicolaken Medium Vendor pom developer id roxspring Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jeremias Maerki Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name Jukka Zitting Medium Vendor pom developer name Kristian Rosenvold Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nicola Ken Barozzi Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-io Highest Vendor pom name Apache Commons IO High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-io/ Highest Product file name commons-io High Product jar package name apache Highest Product jar package name commons Highest Product jar package name file Highest Product jar package name io Highest Product Manifest automatic-module-name org.apache.commons.io Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest bundle-symbolicname org.apache.commons.commons-io Medium Product Manifest Implementation-Title Apache Commons IO High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons IO Medium Product pom artifactid commons-io Highest Product pom developer email bayard@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email jeremias@apache.org Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email krosenvold@apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email matth@apache.org Low Product pom developer email nicolaken@apache.org Low Product pom developer email roxspring@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer id bayard Low Product pom developer id dion Low Product pom developer id ggregory Low Product pom developer id jeremias Low Product pom developer id jochen Low Product pom developer id jukka Low Product pom developer id krosenvold Low Product pom developer id martinc Low Product pom developer id matth Low Product pom developer id niallp Low Product pom developer id nicolaken Low Product pom developer id roxspring Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jeremias Maerki Low Product pom developer name Jochen Wiedmann Low Product pom developer name Jukka Zitting Low Product pom developer name Kristian Rosenvold Low Product pom developer name Martin Cooper Low Product pom developer name Matthew Hawthorne Low Product pom developer name Niall Pemberton Low Product pom developer name Nicola Ken Barozzi Low Product pom developer name Rob Oxspring Low Product pom developer name Scott Sanders Low Product pom developer name Stephen Colebourne Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-io Highest Product pom name Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-io/ Medium Version file version 2.16.1 High Version Manifest Bundle-Version 2.16.1 High Version Manifest Implementation-Version 2.16.1 High Version pom parent-version 2.16.1 Low Version pom version 2.16.1 Highest
commons-lang-2.6.jarDescription:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256: 50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-lang-2.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/com.jayway.jsonpath/json-path@0.8.1 pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-lang High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang Highest Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang Highest Vendor pom artifactid commons-lang Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@seagullsw.com Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email phil@steitz.com Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org Seagull Software Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom groupid commons-lang Highest Vendor pom name Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/lang/ Highest Product file name commons-lang High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang Highest Product Manifest bundle-docurl http://commons.apache.org/lang/ Low Product Manifest Bundle-Name Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang Medium Product Manifest Implementation-Title Commons Lang High Product Manifest specification-title Commons Lang Medium Product pom artifactid commons-lang Highest Product pom developer email bayard@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@seagullsw.com Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email phil@steitz.com Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Daniel Rall Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary D. Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org Seagull Software Low Product pom developer org SITA ATS Ltd Low Product pom groupid commons-lang Highest Product pom name Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/lang/ Medium Version file version 2.6 High Version Manifest Bundle-Version 2.6 High Version Manifest Implementation-Version 2.6 High Version pom parent-version 2.6 Low Version pom version 2.6 Highest
commons-lang3-3.14.0.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar
MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f
SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae
SHA256: 7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-lang3-3.14.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-lang3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang3 Highest Vendor pom artifactid commons-lang3 Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email lguibert@apache.org Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id lguibert Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Loic Guibert Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Product file name commons-lang3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang3 Highest Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Lang Medium Product pom artifactid commons-lang3 Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email lguibert@apache.org Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id lguibert Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Benedikt Ritter Low Product pom developer name Daniel Rall Low Product pom developer name Duncan Jones Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Loic Guibert Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org SITA ATS Ltd Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.14.0 High Version Manifest Bundle-Version 3.14.0 High Version Manifest Implementation-Version 3.14.0 High Version pom parent-version 3.14.0 Low Version pom version 3.14.0 Highest
commons-logging-1.3.2.jarDescription:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well-known logging systems. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging/1.3.2/commons-logging-1.3.2.jar
MD5: 4b970f3b14a5e53d8e8edff1cf2ecd91
SHA1: 3dc966156ef19d23c839715165435e582fafa753
SHA256: 6b858424f518015f32bfcd1183a373f4a827d72d026b6031da0c91cf0e8f3489
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-logging-1.3.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-logging High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest automatic-module-name org.apache.commons.logging Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-logging/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-logging Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Highest Vendor pom artifactid commons-logging Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rsitze@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id ggregory Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer id tn Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-logging Highest Vendor pom name Apache Commons Logging High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-logging/ Highest Product file name commons-logging High Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest automatic-module-name org.apache.commons.logging Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-logging/ Low Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-symbolicname org.apache.commons.commons-logging Medium Product Manifest Implementation-Title Apache Commons Logging High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Logging Medium Product pom artifactid commons-logging Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rsitze@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email tn@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id ggregory Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer id tn Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Gary Gregory Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Thomas Neidhart Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-logging Highest Product pom name Apache Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-logging/ Medium Version file version 1.3.2 High Version Manifest Bundle-Version 1.3.2 High Version Manifest Implementation-Version 1.3.2 High Version pom parent-version 1.3.2 Low Version pom version 1.3.2 Highest
commons-logging-api-1.1.jarDescription:
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
The Apache Software License, Version 2.0: /LICENSE.txt File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar
MD5: 4374238076ab08e60e0d296234480837
SHA1: 7d4cf5231d46c8524f9b9ed75bb2d1c69ab93322
SHA256: 33a4dd47bb4764e4eb3692d86386d17a0d9827f4f4bb0f70121efab6bc03ba35
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-logging-api-1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-logging-api High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest extension-name org.apache.commons.logging Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid commons-logging-api Highest Vendor pom artifactid commons-logging-api Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin at apache dot org Low Vendor pom developer email craigmcc at apache org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp at apache dot org Low Vendor pom developer email morgand at apache dot org Low Vendor pom developer email rdonkin at apache dot org Low Vendor pom developer email rsitze at apache dot org Low Vendor pom developer email rwaldhoff at apache org Low Vendor pom developer email sanders at apache dot org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer org Apache Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom groupid commons-logging Highest Vendor pom name Logging High Vendor pom organization name The Apache Software Foundation High Vendor pom organization url http://jakarta.apache.org Medium Vendor pom url http://jakarta.apache.org/commons/logging/ Highest Product file name commons-logging-api High Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest extension-name org.apache.commons.logging Medium Product Manifest Implementation-Title Jakarta Commons Logging High Product Manifest specification-title Jakarta Commons Logging Medium Product pom artifactid commons-logging-api Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin at apache dot org Low Product pom developer email craigmcc at apache org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp at apache dot org Low Product pom developer email morgand at apache dot org Low Product pom developer email rdonkin at apache dot org Low Product pom developer email rsitze at apache dot org Low Product pom developer email rwaldhoff at apache org Low Product pom developer email sanders at apache dot org Low Product pom developer email skitching@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer org Apache Low Product pom developer org Apache Software Foundation Low Product pom groupid commons-logging Highest Product pom name Logging High Product pom organization name The Apache Software Foundation Low Product pom organization url http://jakarta.apache.org Low Product pom url http://jakarta.apache.org/commons/logging/ Medium Version file version 1.1 High Version Manifest Implementation-Version 1.1 High Version pom version 1.1 Highest
commons-math3-3.6.1.jarDescription:
The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256: 1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-math3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name math3 Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-math/ Low Vendor Manifest bundle-symbolicname org.apache.commons.math3 Medium Vendor Manifest implementation-build 16abfe5de688cc52fb0396e0609cb33044b15653; 2016-03-17 13:30:43-0400 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-math/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-math3 Highest Vendor pom artifactid commons-math3 Low Vendor pom developer email achou at apache dot org Low Vendor pom developer email billbarker at apache dot org Low Vendor pom developer email brentworden at apache dot org Low Vendor pom developer email celestin at apache dot org Low Vendor pom developer email dimpbx at apache dot org Low Vendor pom developer email erans at apache dot org Low Vendor pom developer email evanward at apache dot org Low Vendor pom developer email gregs at apache dot org Low Vendor pom developer email j3322ptm at yahoo dot de Low Vendor pom developer email luc at apache dot org Low Vendor pom developer email mdiggory at apache dot org Low Vendor pom developer email mikl at apache dot org Low Vendor pom developer email oertl at apache dot org Low Vendor pom developer email rdonkin at apache dot org Low Vendor pom developer email tn at apache dot org Low Vendor pom developer email tobrien at apache dot org Low Vendor pom developer id achou Medium Vendor pom developer id billbarker Medium Vendor pom developer id brentworden Medium Vendor pom developer id celestin Medium Vendor pom developer id dimpbx Medium Vendor pom developer id erans Medium Vendor pom developer id evanward Medium Vendor pom developer id gregs Medium Vendor pom developer id luc Medium Vendor pom developer id mdiggory Medium Vendor pom developer id mikl Medium Vendor pom developer id oertl Medium Vendor pom developer id pietsch Medium Vendor pom developer id rdonkin Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Albert Davidson Chou Medium Vendor pom developer name Bill Barker Medium Vendor pom developer name Brent Worden Medium Vendor pom developer name Dimitri Pourbaix Medium Vendor pom developer name Evan Ward Medium Vendor pom developer name Gilles Sadowski Medium Vendor pom developer name Greg Sterijevski Medium Vendor pom developer name J. Pietschmann Medium Vendor pom developer name Luc Maisonobe Medium Vendor pom developer name Mark Diggory Medium Vendor pom developer name Mikkel Meyer Andersen Medium Vendor pom developer name Otmar Ertl Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Sébastien Brisard Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim O'Brien Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Math High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-math/ Highest Product file name commons-math3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name math3 Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-math/ Low Product Manifest Bundle-Name Apache Commons Math Medium Product Manifest bundle-symbolicname org.apache.commons.math3 Medium Product Manifest implementation-build 16abfe5de688cc52fb0396e0609cb33044b15653; 2016-03-17 13:30:43-0400 Low Product Manifest Implementation-Title Apache Commons Math High Product Manifest implementation-url http://commons.apache.org/proper/commons-math/ Low Product Manifest specification-title Apache Commons Math Medium Product pom artifactid commons-math3 Highest Product pom developer email achou at apache dot org Low Product pom developer email billbarker at apache dot org Low Product pom developer email brentworden at apache dot org Low Product pom developer email celestin at apache dot org Low Product pom developer email dimpbx at apache dot org Low Product pom developer email erans at apache dot org Low Product pom developer email evanward at apache dot org Low Product pom developer email gregs at apache dot org Low Product pom developer email j3322ptm at yahoo dot de Low Product pom developer email luc at apache dot org Low Product pom developer email mdiggory at apache dot org Low Product pom developer email mikl at apache dot org Low Product pom developer email oertl at apache dot org Low Product pom developer email rdonkin at apache dot org Low Product pom developer email tn at apache dot org Low Product pom developer email tobrien at apache dot org Low Product pom developer id achou Low Product pom developer id billbarker Low Product pom developer id brentworden Low Product pom developer id celestin Low Product pom developer id dimpbx Low Product pom developer id erans Low Product pom developer id evanward Low Product pom developer id gregs Low Product pom developer id luc Low Product pom developer id mdiggory Low Product pom developer id mikl Low Product pom developer id oertl Low Product pom developer id pietsch Low Product pom developer id rdonkin Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Albert Davidson Chou Low Product pom developer name Bill Barker Low Product pom developer name Brent Worden Low Product pom developer name Dimitri Pourbaix Low Product pom developer name Evan Ward Low Product pom developer name Gilles Sadowski Low Product pom developer name Greg Sterijevski Low Product pom developer name J. Pietschmann Low Product pom developer name Luc Maisonobe Low Product pom developer name Mark Diggory Low Product pom developer name Mikkel Meyer Andersen Low Product pom developer name Otmar Ertl Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Sébastien Brisard Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim O'Brien Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Math High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-math/ Medium Version file version 3.6.1 High Version Manifest Bundle-Version 3.6.1 High Version Manifest Implementation-Version 3.6.1 High Version pom parent-version 3.6.1 Low Version pom version 3.6.1 Highest
commons-net-3.10.0.jarDescription:
Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/commons-net/commons-net/3.10.0/commons-net-3.10.0.jar
MD5: 84511bcbcbd37725fd1a53360e0c3fd6
SHA1: 86762ea0ac98fd41c91745a32d496a985e2bd5e7
SHA256: 2230eec44ef4b8112ea09cbeb6de826977abe792e627cee2770e35ca8c39dce1
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-net-3.10.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-net High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name echo Highest Vendor jar package name finger Highest Vendor jar package name ftp Highest Vendor jar package name net Highest Vendor jar package name nntp Highest Vendor jar package name pop3 Highest Vendor jar package name smtp Highest Vendor jar package name telnet Highest Vendor jar package name whois Highest Vendor Manifest automatic-module-name org.apache.commons.net Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-net/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-net Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-net Highest Vendor pom artifactid commons-net Low Vendor pom developer email bruno.davanzo@hp.com Low Vendor pom developer email dfs@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email Jeff.Brekke@qg.com Low Vendor pom developer email rwinston@apache.org Low Vendor pom developer email rwinston@checkfree.com Low Vendor pom developer email scohen@apache.org Low Vendor pom developer id brekke Medium Vendor pom developer id brudav Medium Vendor pom developer id dfs Medium Vendor pom developer id ggregory Medium Vendor pom developer id rwinston Medium Vendor pom developer id scohen Medium Vendor pom developer name Bruno D'Avanzo Medium Vendor pom developer name Daniel F. Savarese Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Jeffrey D. Brekke Medium Vendor pom developer name Rory Winston Medium Vendor pom developer name Steve Cohen Medium Vendor pom developer org
<a href="http://www.savarese.com/">Savarese Software Research</a> Medium Vendor pom developer org Hewlett-Packard Medium Vendor pom developer org javactivity.org Medium Vendor pom developer org Quad/Graphics, Inc. Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-net Highest Vendor pom name Apache Commons Net High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-net/ Highest Product file name commons-net High Product jar package name apache Highest Product jar package name commons Highest Product jar package name echo Highest Product jar package name finger Highest Product jar package name ftp Highest Product jar package name net Highest Product jar package name nntp Highest Product jar package name pop3 Highest Product jar package name smtp Highest Product jar package name telnet Highest Product jar package name whois Highest Product Manifest automatic-module-name org.apache.commons.net Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-net/ Low Product Manifest Bundle-Name Apache Commons Net Medium Product Manifest bundle-symbolicname org.apache.commons.commons-net Medium Product Manifest Implementation-Title Apache Commons Net High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Net Medium Product pom artifactid commons-net Highest Product pom developer email bruno.davanzo@hp.com Low Product pom developer email dfs@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email Jeff.Brekke@qg.com Low Product pom developer email rwinston@apache.org Low Product pom developer email rwinston@checkfree.com Low Product pom developer email scohen@apache.org Low Product pom developer id brekke Low Product pom developer id brudav Low Product pom developer id dfs Low Product pom developer id ggregory Low Product pom developer id rwinston Low Product pom developer id scohen Low Product pom developer name Bruno D'Avanzo Low Product pom developer name Daniel F. Savarese Low Product pom developer name Gary Gregory Low Product pom developer name Jeffrey D. Brekke Low Product pom developer name Rory Winston Low Product pom developer name Steve Cohen Low Product pom developer org
<a href="http://www.savarese.com/">Savarese Software Research</a> Low Product pom developer org Hewlett-Packard Low Product pom developer org javactivity.org Low Product pom developer org Quad/Graphics, Inc. Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-net Highest Product pom name Apache Commons Net High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-net/ Medium Version file version 3.10.0 High Version Manifest Bundle-Version 3.10.0 High Version Manifest Implementation-Version 3.10.0 High Version pom parent-version 3.10.0 Low Version pom version 3.10.0 Highest
commons-text-1.12.0.jarDescription:
Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
and manipulating text that should be of use in a Java environment.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar
MD5: 544add6fbc8d4b100b07c3692d08099e
SHA1: 66aa90dc099701c4d3b14bd256c328f592ccf0d6
SHA256: de023257ff166044a56bd1aa9124e843cd05dac5806cc705a9311f3556d5a15f
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile commons-text-1.12.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-text High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name text Highest Vendor Manifest automatic-module-name org.apache.commons.text Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Vendor Manifest bundle-symbolicname org.apache.commons.text Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-text Highest Vendor pom artifactid commons-text Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email kinow@apache.org Low Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id ggregory Medium Vendor pom developer id kinow Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Bruno P. Kinoshita Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Text High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-text Highest Product file name commons-text High Product jar package name apache Highest Product jar package name commons Highest Product jar package name text Highest Product Manifest automatic-module-name org.apache.commons.text Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Product Manifest Bundle-Name Apache Commons Text Medium Product Manifest bundle-symbolicname org.apache.commons.text Medium Product Manifest Implementation-Title Apache Commons Text High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Text Medium Product pom artifactid commons-text Highest Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email kinow@apache.org Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id ggregory Low Product pom developer id kinow Low Product pom developer name Benedikt Ritter Low Product pom developer name Bruno P. Kinoshita Low Product pom developer name Duncan Jones Low Product pom developer name Gary Gregory Low Product pom developer name Rob Tompkins Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Text High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-text Medium Version file version 1.12.0 High Version Manifest Bundle-Version 1.12.0 High Version Manifest Implementation-Version 1.12.0 High Version pom parent-version 1.12.0 Low Version pom version 1.12.0 Highest
concurrent-1.3.4.jarLicense:
Public domain, Sun Microsoystems: >http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html File Path: /home/jenkins/.m2/repository/concurrent/concurrent/1.3.4/concurrent-1.3.4.jar
MD5: f29b9d930d3426ebc56919eba10fbd4d
SHA1: 1cf394c2a388199db550cda311174a4c6a7d117c
SHA256: 12639def9a5b5ebf56040ab764bd42b7e662523d3b983e5d5da04bf37be152f9
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile concurrent-1.3.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/colt/colt@1.2.0 pkg:maven/colt/colt@1.2.0 pkg:maven/colt/colt@1.2.0 pkg:maven/colt/colt@1.2.0 pkg:maven/colt/colt@1.2.0 pkg:maven/colt/colt@1.2.0 Evidence Type Source Name Value Confidence Vendor file name concurrent High Vendor jar package name cs Low Vendor jar package name edu Low Vendor jar package name oswego Low Vendor pom artifactid concurrent Highest Vendor pom artifactid concurrent Low Vendor pom groupid concurrent Highest Vendor pom name Dough Lea's util.concurrent package High Vendor pom organization name Dough Lea High Vendor pom organization url http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html Medium Product file name concurrent High Product jar package name cs Low Product jar package name dl Low Product jar package name oswego Low Product pom artifactid concurrent Highest Product pom groupid concurrent Highest Product pom name Dough Lea's util.concurrent package High Product pom organization name Dough Lea Low Product pom organization url http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html Low Version file version 1.3.4 High Version pom version 1.3.4 Highest
config-types-2.5.0-b32.jarDescription:
Dependency Injection Kernel License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/config-types/2.5.0-b32/config-types-2.5.0-b32.jar
MD5: 6ad3a1e788c84830ffc2f3a4454ce5ee
SHA1: 686bbe7f80b1b879d64c06bc6606c97721a795f2
SHA256: 21b4c91cfe7f3a78802fe1c63fbe738a664e1ba21ee29177442ff2c75b798d7b
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile config-types-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1 Evidence Type Source Name Value Confidence Vendor file name config-types High Vendor jar package name config Highest Vendor jar package name hk2 Highest Vendor jar package name types Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.config-types Medium Vendor pom artifactid config-types Highest Vendor pom artifactid config-types Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 config types High Vendor pom parent-artifactid hk2-xml-dom Low Product file name config-types High Product jar package name config Highest Product jar package name hk2 Highest Product jar package name types Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 config types Medium Product Manifest bundle-symbolicname org.glassfish.hk2.config-types Medium Product pom artifactid config-types Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 config types High Product pom parent-artifactid hk2-xml-dom Medium Version pom version 2.5.0-b32 Highest
core-1.1.2.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/core/1.1.2/core-1.1.2.jarMD5: ab845840ad73fa2ec1a5025a7c48b97eSHA1: 574b480eca62f535fad6d259e144fee3ef24b66eSHA256: 5ffaddee0a3f8d09a56064aa05feb95837ddad9d42d9dcc37479c66e869aa139Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile core-1.1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name core High Vendor jar package name fommil Highest Vendor jar package name fommil Low Vendor jar package name github Highest Vendor jar package name github Low Vendor jar package name netlib Highest Vendor jar package name netlib Low Vendor pom artifactid core Highest Vendor pom artifactid core Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid parent Low Product file name core High Product jar package name fommil Highest Product jar package name fommil Low Product jar package name github Highest Product jar package name netlib Highest Product jar package name netlib Low Product pom artifactid core Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid parent Medium Version file version 1.1.2 High Version pom parent-version 1.1.2 Low Version pom version 1.1.2 Highest
cytoscape.js-qtip.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.js-qtip.jsMD5: 020c8099cabe2276d16f98e02e950f69SHA1: fd2c68f0447e0ad6e8ffb2c4d69bef8a97733dd6SHA256: 6325f06331b91faf6684b86bdf5f80031019b9cc67bc8907356ec8a24660083cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
cytoscape.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.jsMD5: 91cd56f9481880cee61b564197c71f31SHA1: 614f3c5faf3f0ad726a988cef5adc42e7aade5f6SHA256: cba2edf89c4649788887b53eebc048718b78a3eb5e96114dafbdb4c32627c96cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
datasetchooserapp.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/test/datasetchooserapp.jsMD5: a9b463b7604e3c906482d9ab5a3c3b21SHA1: 40fd0627fad6c5586a467e650948e10b07d7cdb5SHA256: b64466caa4b74ff03ec9a859e26202584be9ea647271664f494dfd011f1b3ee0Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
discrete-color-range.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/discrete-color-range.jsMD5: 98029aa9249e661ebf97cc2f8dd61a97SHA1: a0b7fe3ea6e14610ec7d8c35cdd1ef7c45730e2cSHA256: 37acc17a27274ced76055cf0ee078808d734778b0540a793b283f90338526938Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
dom4j-2.1.4.jarDescription:
flexible XML framework for Java License:
Plexus: https://github.com/dom4j/dom4j/blob/master/LICENSE File Path: /home/jenkins/.m2/repository/org/dom4j/dom4j/2.1.4/dom4j-2.1.4.jar
MD5: 8246840e53db2781ca941e4d3f9ad715
SHA1: 35c16721b88cf17b8279fcb134c0abb161cc0e9b
SHA256: 235a9167a8a199be04b5326d92927ca0adeb90d11f69fe2e821b34ce8433b591
Referenced In Projects/Scopes: Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma:runtime Gemma Web:runtime Gemma REST:runtime dom4j-2.1.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name dom4j High Vendor jar package name dom4j Highest Vendor Manifest automatic-module-name org.dom4j Medium Vendor pom artifactid dom4j Highest Vendor pom artifactid dom4j Low Vendor pom developer email filip@jirsak.org Low Vendor pom developer name Filip Jirsák Medium Vendor pom groupid org.dom4j Highest Vendor pom name dom4j High Vendor pom url http://dom4j.github.io/ Highest Product file name dom4j High Product jar package name dom4j Highest Product Manifest automatic-module-name org.dom4j Medium Product pom artifactid dom4j Highest Product pom developer email filip@jirsak.org Low Product pom developer name Filip Jirsák Low Product pom groupid org.dom4j Highest Product pom name dom4j High Product pom url http://dom4j.github.io/ Medium Version file version 2.1.4 High Version pom version 2.1.4 Highest
dwr-2.0.11-RELEASE.jarDescription:
DWR is easy Ajax for Java. It makes it simple to call Java code directly from Javascript.
It gets rid of almost all the boiler plate code between the web browser and your Java code.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar
MD5: 9c4f14c69b863e43632f8db41cbb71c3
SHA1: 4b8d5615d93c575909f5936098c5a7bd3c7b17bb
SHA256: 3edaf099cabe669b994d54fe2ade38028c60bbb87e88530ebbfccecc3acbd741
Referenced In Project/Scope: Gemma Web:compile
dwr-2.0.11-RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name dwr High Vendor jar package name call Highest Vendor jar package name directwebremoting Highest Vendor jar package name directwebremoting Low Vendor jar package name dwr Highest Vendor pom artifactid dwr Highest Vendor pom artifactid dwr Low Vendor pom developer id david_marginian Medium Vendor pom developer id mike_wilson Medium Vendor pom developer name David Marginian Medium Vendor pom developer name Mike Wison Medium Vendor pom groupid org.directwebremoting Highest Vendor pom name Direct Web Remoting High Vendor pom url http://directwebremoting.org/dwr/index.html Highest Product file name dwr High Product jar package name call Highest Product jar package name directwebremoting Highest Product jar package name dwr Highest Product pom artifactid dwr Highest Product pom developer id david_marginian Low Product pom developer id mike_wilson Low Product pom developer name David Marginian Low Product pom developer name Mike Wison Low Product pom groupid org.directwebremoting Highest Product pom name Direct Web Remoting High Product pom url http://directwebremoting.org/dwr/index.html Medium Version pom version 2.0.11-RELEASE Highest
dwr-2.0.11-RELEASE.jar: DWRActionUtil.jsFile Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar/org/directwebremoting/webwork/DWRActionUtil.jsMD5: aa24bc4053d338ca92b23d76161b9088SHA1: 1a376c4c0d20b1ecbdbeaeba716ca8c08abe74b6SHA256: d0515b81fa1aca04e1a76ac9fc02c7a67d8e92a49a99f86118097e633355036cReferenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
dwr-2.0.11-RELEASE.jar: auth.jsFile Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar/org/directwebremoting/auth.jsMD5: 52993c534d7435ec92621f01db5cb399SHA1: 5182c539e701da871bb0fc46b2efb551464128e4SHA256: 65baa91ec070a657258a3219f80fdedad9cc0171955284598ded11f95b54e039Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
dwr-2.0.11-RELEASE.jar: engine.jsFile Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar/org/directwebremoting/engine.jsMD5: 286f209923da62550cc001a39ab7a552SHA1: 5dfdc76e035f9b20a95bbf68ca4c56f88cb23544SHA256: c16856c39a8a36831b9a58f7d0bdb79e5ea295bf830f34c6c35479c3cf80671dReferenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
dwr-2.0.11-RELEASE.jar: util.jsFile Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar/org/directwebremoting/util.jsMD5: b0b04f1befb5f223620449d16ba76c70SHA1: 465a1d7f78f6698a80c1331ebd690d1b672d77fbSHA256: e0e62b9751e091e553320398c27d0d311da997cc35d16dddcfbebd8925fcf2eeReferenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
dwrServices.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/dwrServices.jsMD5: b60c638ea7b4e60d5fe2a76a74961fe7SHA1: 7bd76fe792d1cf3551b45115f718aa525bcab055SHA256: d5cf0e76ed46ceba2e0a1fb1f8a0fc558573a8cbd3b5e4160c4255a40717c48cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
editUser.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/editUser.jsMD5: 2a7304609a58dcc17cf6b5334ed555bfSHA1: 30023f3d49d21d980815e88c9a848798b9c05f84SHA256: ef52ebeaf242022df29b3357b7551077d3bf0ce68167cac7917d9e9b09725112Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
eeDataFetch.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/eeDataFetch.jsMD5: 0b934b860d52e2147f619f687d7461a0SHA1: bdaa1780ace60bbc2c9ff3c411106cfaeb65e387SHA256: b9aeee41e23739c52ce3a5177dc6a811ffc3e7c78736dd28396a88a5b474314eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
eeDesignMatrix.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/eeDesignMatrix.jsMD5: a2ce64392117742ef610051ba961f212SHA1: 2cad43a8714c169985fd1e9351ce2aafacb70281SHA256: 8076fb91554d39ce3554a687055065cc925c1b90015cbe14af63dccfe8ee3072Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ehcache-core-2.4.3.jarDescription:
This is the ehcache core module. Pair it with other modules for added
functionality.
License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt File Path: /home/jenkins/.m2/repository/net/sf/ehcache/ehcache-core/2.4.3/ehcache-core-2.4.3.jar
MD5: 9d4b1464a2fcbc16ae46740669a0dab8
SHA1: fd258ef6959f27fb678b04f90139ded4588e2d15
SHA256: 9b93a12cda08e7ad4d567d2027d292e67ee726da0cbb330f5de0e90aeb1d3fd1
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile ehcache-core-2.4.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name ehcache-core High Vendor jar package name ehcache Highest Vendor jar package name ehcache Low Vendor jar package name net Highest Vendor jar package name net Low Vendor jar package name sf Highest Vendor jar package name sf Low Vendor pom artifactid ehcache-core Highest Vendor pom artifactid ehcache-core Low Vendor pom groupid net.sf.ehcache Highest Vendor pom name Ehcache Core High Vendor pom parent-artifactid ehcache-parent Low Vendor pom url http://ehcache.org Highest Product file name ehcache-core High Product jar package name ehcache Highest Product jar package name ehcache Low Product jar package name net Highest Product jar package name sf Highest Product jar package name sf Low Product pom artifactid ehcache-core Highest Product pom groupid net.sf.ehcache Highest Product pom name Ehcache Core High Product pom parent-artifactid ehcache-parent Medium Product pom url http://ehcache.org Medium Version file version 2.4.3 High Version pom parent-version 2.4.3 Low Version pom version 2.4.3 Highest
excanvas-text.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/excanvas-text.jsMD5: 322c4e1d96cdcdec1a70f8d117439088SHA1: 65a17d57d609496ccf2bee484b86d0e1b61f5802SHA256: 209e91cd6ba1ca7416412a8245b2bf6e83ad8487e7773d19a7c2a78f696d09dbReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
excanvas.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/excanvas.jsMD5: c0cad58f958c967912d024bbd714323eSHA1: f0e4d90b4b7b5ce7a48c24f1252a06a35a3bcc84SHA256: eb83b648be468f90407bdd8e210aac8c167b9167a7770287ca771428a6986997Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ext-all-debug.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/ext-all-debug.jsMD5: 575d68d1e77ca456953580a96e584425SHA1: c75d8b52583202f475adab02d2e6f64c40e05bc0SHA256: 13e7254b94d22cae79ee9e983dd54fe1f5bbf6f8c5f8ddcb7a4c1704bb37f35aReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ext-jquery-adapter-debug.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/adapter/jquery/ext-jquery-adapter-debug.jsMD5: 8802c3ba57ae5052fb4569036fa7a442SHA1: 986cd840598f280bcc29db06b8dcd99662d3539aSHA256: 674448fccb4e5784d7da4e64fce0fe9515d46ae298c19e6c89d66bf0b76f6005Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence Vendor file name ExtJS High Product file name ExtJS High Version file version 3.4.1.1 High
CVE-2007-2285 suppress
Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent. NVD-CWE-Other
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:C/I:N/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jack_slocum:ext_js:1.0_alpha1:*:*:*:*:*:*:* CVE-2010-4207 suppress
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* version is NOT VULNERABLE cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:* version is NOT VULNERABLE cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:* CVE-2012-5881 suppress
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:* cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:* extjs_fontawesome.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/ext/extensions/extjs_fontawesome.jsMD5: 34272480b735be0e8021aa81c9fb76f4SHA1: 9f9f62ab8d753bf3a4c1e90095c0496e14cff05fSHA256: 2798f1dff23a461616c46bdfdc8b75bbf5a645dcc8c3938fa959da9c7c705d75Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
flotr2.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/flotr2.jsMD5: 506699edf51625bf90e639e766ad42a7SHA1: c0a3c0ff56745f907bf63300e93576ee9d359816SHA256: 149d4c691d28a3fdffd30aa5f19e2b23fde7f097f0a5cca629c8dd244d9c4016Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
gemma-gsec-0.0.16.jarLicense:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/pavlab/gemma-gsec/0.0.16/gemma-gsec-0.0.16.jar
MD5: f28b6a8bd682b7e4806493f9e2328f7c
SHA1: 40e5cd542c29de0474c151076c9f604c866a3a9f
SHA256: 4ff346e56a7de22605181eb5b05c2445840b62644b376d0ace3adc081f13e650
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile gemma-gsec-0.0.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name gemma-gsec High Vendor jar package name gemma Highest Vendor jar package name gsec Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid gemma-gsec Highest Vendor pom artifactid gemma-gsec Low Vendor pom developer email paul@msl.ubc.ca Low Vendor pom developer id pavlidis Medium Vendor pom developer name Paul Pavlidis Medium Vendor pom developer org University of British Columbia Medium Vendor pom groupid pavlab Highest Vendor pom name gsec High Vendor pom organization name UBC Michael Smith Laboratories High Vendor pom organization url https://www.msl.ubc.ca/ Medium Vendor pom parent-artifactid pavlab-starter-parent Low Vendor pom parent-groupid ubc.pavlab Medium Product file name gemma-gsec High Product jar package name gemma Highest Product jar package name gsec Highest Product Manifest build-jdk-spec 11 Low Product pom artifactid gemma-gsec Highest Product pom developer email paul@msl.ubc.ca Low Product pom developer id pavlidis Low Product pom developer name Paul Pavlidis Low Product pom developer org University of British Columbia Low Product pom groupid pavlab Highest Product pom name gsec High Product pom organization name UBC Michael Smith Laboratories Low Product pom organization url https://www.msl.ubc.ca/ Low Product pom parent-artifactid pavlab-starter-parent Medium Product pom parent-groupid ubc.pavlab Medium Version file version 0.0.16 High Version pom parent-version 0.0.16 Low Version pom version 0.0.16 Highest
gemma:gemma-core:1.31.6-SNAPSHOTDescription:
Module containing Gemma backend logic (everything but web-related) License:
The Apache Software License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-core/pom.xml
Referenced In Projects/Scopes: Gemma REST Gemma Groovy Support Gemma Web Gemma CLI gemma:gemma-core:1.31.6-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid gemma-core Low Vendor project groupid gemma Highest Product file name pom High Product project artifactid gemma-core Highest Product project groupid gemma Low
gemma:gemma-rest:1.31.6-SNAPSHOTDescription:
The Gemma Project for meta-analysis of genomics data License:
The Apache Software License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-rest/pom.xml
Referenced In Project/Scope: Gemma Web
gemma:gemma-rest:1.31.6-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid gemma-rest Low Vendor project groupid gemma Highest Product file name pom High Product project artifactid gemma-rest Highest Product project groupid gemma Low
generalSearchSimple.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/search/generalSearchSimple.jsMD5: 25d92b8ca101910037351de7f4c41ddeSHA1: e27974b75213c127c78737e26921eb679ee0ed4bSHA256: e3620666b6b20100fe047f6174bba810a139907c13461ddc0514abc4a5a1627bReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
geoBrowse.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/geoBrowse.jsMD5: cfb5b0b4a0f6273760523ab414e1c795SHA1: 2ab1496d80de85a7de7b039651e2560f48140618SHA256: 569af2564af541649853cbaad417ecc03c0e8b80c3ab24835e865b2cbe6b2d91Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
globals.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/globals.jsMD5: 237757ab545f9a30f9a1e4e96f28c55cSHA1: 6c8ddd4c1f0ef86a2f5eec5821ba9b3e57d25646SHA256: e15b89bcc7ab6a377a8bfb98e7564d510fc4c91ddb2c227c2c5bdcd94e825803Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
groovy-4.0.21.jarDescription:
Groovy: A powerful multi-faceted language for the JVM License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/groovy/groovy/4.0.21/groovy-4.0.21.jar
MD5: 56f1004f1c65355f884584967b7deb69
SHA1: 6ff3635d098b128f899c064dbc17cc1fe0db9bdc
SHA256: 6743c1fef504a404945821e33cf746a6456caf686c6c6e72931716ec81c6516c
Referenced In Project/Scope: Gemma Groovy Support:compile
groovy-4.0.21.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name groovy High Vendor jar package name apache Highest Vendor jar package name groovy Highest Vendor Manifest automatic-module-name org.apache.groovy Medium Vendor Manifest bundle-symbolicname groovy Medium Vendor Manifest eclipse-buddypolicy dependent Low Vendor Manifest eclipse-extensibleapi true Low Vendor Manifest extension-name groovy Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid groovy Highest Vendor pom artifactid groovy Low Vendor pom developer email aalmiray@users.sourceforge.net Low Vendor pom developer email b55r@sina.com Low Vendor pom developer email blackdrag@gmx.org Low Vendor pom developer email bob@werken.com Low Vendor pom developer email cedric.champeau@gmail.com Low Vendor pom developer email ckl@dacelo.nl Low Vendor pom developer email cpoirier@dreaming.org Low Vendor pom developer email goetze@dovetail.com Low Vendor pom developer email guillaume.alleon@gmail.com Low Vendor pom developer email hamletdrc@gmail.com Low Vendor pom developer email james@coredevelopers.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email jeremy.rayner@gmail.com Low Vendor pom developer email jim@pagesmiths.com Low Vendor pom developer email johnstump2@yahoo.com Low Vendor pom developer email mguillemot@yahoo.fr Low Vendor pom developer email paulk@asert.com.au Low Vendor pom developer email phkim@cluecom.co.kr Low Vendor pom developer email pniederw@gmail.com Low Vendor pom developer email russel@winder.org.uk Low Vendor pom developer email sam@sampullara.com Low Vendor pom developer email sormuras@gmx.de Low Vendor pom developer email tug@wilson.co.uk Low Vendor pom developer id aalmiray Medium Vendor pom developer id alextkachman Medium Vendor pom developer id andresteingress Medium Vendor pom developer id blackdrag Medium Vendor pom developer id bob Medium Vendor pom developer id bran Medium Vendor pom developer id ckl Medium Vendor pom developer id cpoirier Medium Vendor pom developer id cstein Medium Vendor pom developer id emilles Medium Vendor pom developer id galleon Medium Vendor pom developer id glaforge Medium Vendor pom developer id goetze Medium Vendor pom developer id grocher Medium Vendor pom developer id hamletdrc Medium Vendor pom developer id jamiemc Medium Vendor pom developer id jez Medium Vendor pom developer id jimwhite Medium Vendor pom developer id joe Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jstump Medium Vendor pom developer id jwill Medium Vendor pom developer id jwilson Medium Vendor pom developer id kasper Medium Vendor pom developer id mattf Medium Vendor pom developer id melix Medium Vendor pom developer id mguillem Medium Vendor pom developer id mittie Medium Vendor pom developer id pascalschumacher Medium Vendor pom developer id paulk Medium Vendor pom developer id phk Medium Vendor pom developer id pniederw Medium Vendor pom developer id roshandawrani Medium Vendor pom developer id rpopma Medium Vendor pom developer id russel Medium Vendor pom developer id shemnon Medium Vendor pom developer id skizz Medium Vendor pom developer id spullara Medium Vendor pom developer id sunlan Medium Vendor pom developer id timyates Medium Vendor pom developer id travis Medium Vendor pom developer id user57 Medium Vendor pom developer id zohar Medium Vendor pom developer name Alex Tkachman Medium Vendor pom developer name Andre Steingress Medium Vendor pom developer name Andres Almiray Medium Vendor pom developer name Bing Ran Medium Vendor pom developer name bob mcwhirter Medium Vendor pom developer name Cedric Champeau Medium Vendor pom developer name Chris Poirier Medium Vendor pom developer name Chris Stevenson Medium Vendor pom developer name Christiaan ten Klooster Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Daniel Sun Medium Vendor pom developer name Danno Ferrin Medium Vendor pom developer name Dierk Koenig Medium Vendor pom developer name Eric Milles Medium Vendor pom developer name Graeme Rocher Medium Vendor pom developer name Guillaume Alleon Medium Vendor pom developer name Guillaume Laforge Medium Vendor pom developer name Hamlet D'Arcy Medium Vendor pom developer name James Strachan Medium Vendor pom developer name James Williams Medium Vendor pom developer name Jamie McCrindle Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Jeremy Rayner Medium Vendor pom developer name Jim White Medium Vendor pom developer name Jochen Theodorou Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name John Stump Medium Vendor pom developer name John Wilson Medium Vendor pom developer name Kasper Nielsen Medium Vendor pom developer name Marc Guillemot Medium Vendor pom developer name Matt Foemmel Medium Vendor pom developer name Pascal Schumacher Medium Vendor pom developer name Paul King Medium Vendor pom developer name Peter Niederwieser Medium Vendor pom developer name Pilho Kim Medium Vendor pom developer name Remko Popma Medium Vendor pom developer name Roshan Dawrani Medium Vendor pom developer name Russel Winder Medium Vendor pom developer name Sam Pullara Medium Vendor pom developer name Steve Goetze Medium Vendor pom developer name Tim Yates Medium Vendor pom developer name Travis Kay Medium Vendor pom developer name Zohar Melamed Medium Vendor pom developer org Concertant LLP & It'z Interactive Ltd Medium Vendor pom developer org Core Developers Network Medium Vendor pom developer org CTSR.de Medium Vendor pom developer org Dacelo WebDevelopment Medium Vendor pom developer org Dovetailed Technologies, LLC Medium Vendor pom developer org Google Medium Vendor pom developer org IFCX.org Medium Vendor pom developer org javanicus Medium Vendor pom developer org Karakun AG Medium Vendor pom developer org Leadingcare Medium Vendor pom developer org OCI, Australia Medium Vendor pom developer org The Werken Company Medium Vendor pom developer org The Wilson Partnership Medium Vendor pom developer org Thomson Reuters Medium Vendor pom developer org ThoughtWorks Medium Vendor pom developer org Three Medium Vendor pom groupid org.apache.groovy Highest Vendor pom name Apache Groovy High Vendor pom organization name Apache Software Foundation High Vendor pom organization url https://apache.org Medium Vendor pom url https://groovy-lang.org Highest Product file name groovy High Product jar package name apache Highest Product jar package name groovy Highest Product jar package name runtime Highest Product Manifest automatic-module-name org.apache.groovy Medium Product Manifest Bundle-Name Groovy module: groovy Medium Product Manifest bundle-symbolicname groovy Medium Product Manifest eclipse-buddypolicy dependent Low Product Manifest eclipse-extensibleapi true Low Product Manifest extension-name groovy Medium Product Manifest Implementation-Title Groovy: a powerful, multi-faceted language for the JVM High Product Manifest specification-title Groovy: a powerful, multi-faceted language for the JVM Medium Product pom artifactid groovy Highest Product pom developer email aalmiray@users.sourceforge.net Low Product pom developer email b55r@sina.com Low Product pom developer email blackdrag@gmx.org Low Product pom developer email bob@werken.com Low Product pom developer email cedric.champeau@gmail.com Low Product pom developer email ckl@dacelo.nl Low Product pom developer email cpoirier@dreaming.org Low Product pom developer email goetze@dovetail.com Low Product pom developer email guillaume.alleon@gmail.com Low Product pom developer email hamletdrc@gmail.com Low Product pom developer email james@coredevelopers.com Low Product pom developer email jason@planet57.com Low Product pom developer email jeremy.rayner@gmail.com Low Product pom developer email jim@pagesmiths.com Low Product pom developer email johnstump2@yahoo.com Low Product pom developer email mguillemot@yahoo.fr Low Product pom developer email paulk@asert.com.au Low Product pom developer email phkim@cluecom.co.kr Low Product pom developer email pniederw@gmail.com Low Product pom developer email russel@winder.org.uk Low Product pom developer email sam@sampullara.com Low Product pom developer email sormuras@gmx.de Low Product pom developer email tug@wilson.co.uk Low Product pom developer id aalmiray Low Product pom developer id alextkachman Low Product pom developer id andresteingress Low Product pom developer id blackdrag Low Product pom developer id bob Low Product pom developer id bran Low Product pom developer id ckl Low Product pom developer id cpoirier Low Product pom developer id cstein Low Product pom developer id emilles Low Product pom developer id galleon Low Product pom developer id glaforge Low Product pom developer id goetze Low Product pom developer id grocher Low Product pom developer id hamletdrc Low Product pom developer id jamiemc Low Product pom developer id jez Low Product pom developer id jimwhite Low Product pom developer id joe Low Product pom developer id jstrachan Low Product pom developer id jstump Low Product pom developer id jwill Low Product pom developer id jwilson Low Product pom developer id kasper Low Product pom developer id mattf Low Product pom developer id melix Low Product pom developer id mguillem Low Product pom developer id mittie Low Product pom developer id pascalschumacher Low Product pom developer id paulk Low Product pom developer id phk Low Product pom developer id pniederw Low Product pom developer id roshandawrani Low Product pom developer id rpopma Low Product pom developer id russel Low Product pom developer id shemnon Low Product pom developer id skizz Low Product pom developer id spullara Low Product pom developer id sunlan Low Product pom developer id timyates Low Product pom developer id travis Low Product pom developer id user57 Low Product pom developer id zohar Low Product pom developer name Alex Tkachman Low Product pom developer name Andre Steingress Low Product pom developer name Andres Almiray Low Product pom developer name Bing Ran Low Product pom developer name bob mcwhirter Low Product pom developer name Cedric Champeau Low Product pom developer name Chris Poirier Low Product pom developer name Chris Stevenson Low Product pom developer name Christiaan ten Klooster Low Product pom developer name Christian Stein Low Product pom developer name Daniel Sun Low Product pom developer name Danno Ferrin Low Product pom developer name Dierk Koenig Low Product pom developer name Eric Milles Low Product pom developer name Graeme Rocher Low Product pom developer name Guillaume Alleon Low Product pom developer name Guillaume Laforge Low Product pom developer name Hamlet D'Arcy Low Product pom developer name James Strachan Low Product pom developer name James Williams Low Product pom developer name Jamie McCrindle Low Product pom developer name Jason Dillon Low Product pom developer name Jeremy Rayner Low Product pom developer name Jim White Low Product pom developer name Jochen Theodorou Low Product pom developer name Joe Walnes Low Product pom developer name John Stump Low Product pom developer name John Wilson Low Product pom developer name Kasper Nielsen Low Product pom developer name Marc Guillemot Low Product pom developer name Matt Foemmel Low Product pom developer name Pascal Schumacher Low Product pom developer name Paul King Low Product pom developer name Peter Niederwieser Low Product pom developer name Pilho Kim Low Product pom developer name Remko Popma Low Product pom developer name Roshan Dawrani Low Product pom developer name Russel Winder Low Product pom developer name Sam Pullara Low Product pom developer name Steve Goetze Low Product pom developer name Tim Yates Low Product pom developer name Travis Kay Low Product pom developer name Zohar Melamed Low Product pom developer org Concertant LLP & It'z Interactive Ltd Low Product pom developer org Core Developers Network Low Product pom developer org CTSR.de Low Product pom developer org Dacelo WebDevelopment Low Product pom developer org Dovetailed Technologies, LLC Low Product pom developer org Google Low Product pom developer org IFCX.org Low Product pom developer org javanicus Low Product pom developer org Karakun AG Low Product pom developer org Leadingcare Low Product pom developer org OCI, Australia Low Product pom developer org The Werken Company Low Product pom developer org The Wilson Partnership Low Product pom developer org Thomson Reuters Low Product pom developer org ThoughtWorks Low Product pom developer org Three Low Product pom groupid org.apache.groovy Highest Product pom name Apache Groovy High Product pom organization name Apache Software Foundation Low Product pom organization url https://apache.org Low Product pom url https://groovy-lang.org Medium Version file version 4.0.21 High Version Manifest Bundle-Version 4.0.21 High Version Manifest Implementation-Version 4.0.21 High Version pom version 4.0.21 Highest
Related Dependencies groovy-ant-4.0.21.jarDescription:
Groovy: A powerful multi-faceted language for the JVM License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/groovy/groovy-ant/4.0.21/groovy-ant-4.0.21.jar
MD5: 52e8c4e4b9a1e306a41dec68a7f3f728
SHA1: e8eec3250f433c7119719758fe00716fd701a5a2
SHA256: e5cffab2e89ae7f045b1dcf114e10b6f434a585a2ee638615773c432725df337
Referenced In Project/Scope: Gemma Groovy Support:compile
groovy-ant-4.0.21.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name groovy-ant High Vendor jar package name ant Highest Vendor jar package name groovy Highest Vendor Manifest automatic-module-name org.apache.groovy.ant Medium Vendor Manifest bundle-symbolicname groovy-ant Medium Vendor Manifest eclipse-buddypolicy dependent Low Vendor Manifest extension-name groovy Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid groovy-ant Highest Vendor pom artifactid groovy-ant Low Vendor pom developer email aalmiray@users.sourceforge.net Low Vendor pom developer email b55r@sina.com Low Vendor pom developer email blackdrag@gmx.org Low Vendor pom developer email bob@werken.com Low Vendor pom developer email cedric.champeau@gmail.com Low Vendor pom developer email ckl@dacelo.nl Low Vendor pom developer email cpoirier@dreaming.org Low Vendor pom developer email goetze@dovetail.com Low Vendor pom developer email guillaume.alleon@gmail.com Low Vendor pom developer email hamletdrc@gmail.com Low Vendor pom developer email james@coredevelopers.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email jeremy.rayner@gmail.com Low Vendor pom developer email jim@pagesmiths.com Low Vendor pom developer email johnstump2@yahoo.com Low Vendor pom developer email mguillemot@yahoo.fr Low Vendor pom developer email paulk@asert.com.au Low Vendor pom developer email phkim@cluecom.co.kr Low Vendor pom developer email pniederw@gmail.com Low Vendor pom developer email russel@winder.org.uk Low Vendor pom developer email sam@sampullara.com Low Vendor pom developer email sormuras@gmx.de Low Vendor pom developer email tug@wilson.co.uk Low Vendor pom developer id aalmiray Medium Vendor pom developer id alextkachman Medium Vendor pom developer id andresteingress Medium Vendor pom developer id blackdrag Medium Vendor pom developer id bob Medium Vendor pom developer id bran Medium Vendor pom developer id ckl Medium Vendor pom developer id cpoirier Medium Vendor pom developer id cstein Medium Vendor pom developer id emilles Medium Vendor pom developer id galleon Medium Vendor pom developer id glaforge Medium Vendor pom developer id goetze Medium Vendor pom developer id grocher Medium Vendor pom developer id hamletdrc Medium Vendor pom developer id jamiemc Medium Vendor pom developer id jez Medium Vendor pom developer id jimwhite Medium Vendor pom developer id joe Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jstump Medium Vendor pom developer id jwill Medium Vendor pom developer id jwilson Medium Vendor pom developer id kasper Medium Vendor pom developer id mattf Medium Vendor pom developer id melix Medium Vendor pom developer id mguillem Medium Vendor pom developer id mittie Medium Vendor pom developer id pascalschumacher Medium Vendor pom developer id paulk Medium Vendor pom developer id phk Medium Vendor pom developer id pniederw Medium Vendor pom developer id roshandawrani Medium Vendor pom developer id rpopma Medium Vendor pom developer id russel Medium Vendor pom developer id shemnon Medium Vendor pom developer id skizz Medium Vendor pom developer id spullara Medium Vendor pom developer id sunlan Medium Vendor pom developer id timyates Medium Vendor pom developer id travis Medium Vendor pom developer id user57 Medium Vendor pom developer id zohar Medium Vendor pom developer name Alex Tkachman Medium Vendor pom developer name Andre Steingress Medium Vendor pom developer name Andres Almiray Medium Vendor pom developer name Bing Ran Medium Vendor pom developer name bob mcwhirter Medium Vendor pom developer name Cedric Champeau Medium Vendor pom developer name Chris Poirier Medium Vendor pom developer name Chris Stevenson Medium Vendor pom developer name Christiaan ten Klooster Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Daniel Sun Medium Vendor pom developer name Danno Ferrin Medium Vendor pom developer name Dierk Koenig Medium Vendor pom developer name Eric Milles Medium Vendor pom developer name Graeme Rocher Medium Vendor pom developer name Guillaume Alleon Medium Vendor pom developer name Guillaume Laforge Medium Vendor pom developer name Hamlet D'Arcy Medium Vendor pom developer name James Strachan Medium Vendor pom developer name James Williams Medium Vendor pom developer name Jamie McCrindle Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Jeremy Rayner Medium Vendor pom developer name Jim White Medium Vendor pom developer name Jochen Theodorou Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name John Stump Medium Vendor pom developer name John Wilson Medium Vendor pom developer name Kasper Nielsen Medium Vendor pom developer name Marc Guillemot Medium Vendor pom developer name Matt Foemmel Medium Vendor pom developer name Pascal Schumacher Medium Vendor pom developer name Paul King Medium Vendor pom developer name Peter Niederwieser Medium Vendor pom developer name Pilho Kim Medium Vendor pom developer name Remko Popma Medium Vendor pom developer name Roshan Dawrani Medium Vendor pom developer name Russel Winder Medium Vendor pom developer name Sam Pullara Medium Vendor pom developer name Steve Goetze Medium Vendor pom developer name Tim Yates Medium Vendor pom developer name Travis Kay Medium Vendor pom developer name Zohar Melamed Medium Vendor pom developer org Concertant LLP & It'z Interactive Ltd Medium Vendor pom developer org Core Developers Network Medium Vendor pom developer org CTSR.de Medium Vendor pom developer org Dacelo WebDevelopment Medium Vendor pom developer org Dovetailed Technologies, LLC Medium Vendor pom developer org Google Medium Vendor pom developer org IFCX.org Medium Vendor pom developer org javanicus Medium Vendor pom developer org Karakun AG Medium Vendor pom developer org Leadingcare Medium Vendor pom developer org OCI, Australia Medium Vendor pom developer org The Werken Company Medium Vendor pom developer org The Wilson Partnership Medium Vendor pom developer org Thomson Reuters Medium Vendor pom developer org ThoughtWorks Medium Vendor pom developer org Three Medium Vendor pom groupid org.apache.groovy Highest Vendor pom name Apache Groovy High Vendor pom organization name Apache Software Foundation High Vendor pom organization url https://apache.org Medium Vendor pom url https://groovy-lang.org Highest Product file name groovy-ant High Product jar package name ant Highest Product jar package name groovy Highest Product Manifest automatic-module-name org.apache.groovy.ant Medium Product Manifest Bundle-Name Groovy module: groovy-ant Medium Product Manifest bundle-symbolicname groovy-ant Medium Product Manifest eclipse-buddypolicy dependent Low Product Manifest extension-name groovy Medium Product Manifest Implementation-Title Groovy: a powerful, multi-faceted language for the JVM High Product Manifest specification-title Groovy: a powerful, multi-faceted language for the JVM Medium Product pom artifactid groovy-ant Highest Product pom developer email aalmiray@users.sourceforge.net Low Product pom developer email b55r@sina.com Low Product pom developer email blackdrag@gmx.org Low Product pom developer email bob@werken.com Low Product pom developer email cedric.champeau@gmail.com Low Product pom developer email ckl@dacelo.nl Low Product pom developer email cpoirier@dreaming.org Low Product pom developer email goetze@dovetail.com Low Product pom developer email guillaume.alleon@gmail.com Low Product pom developer email hamletdrc@gmail.com Low Product pom developer email james@coredevelopers.com Low Product pom developer email jason@planet57.com Low Product pom developer email jeremy.rayner@gmail.com Low Product pom developer email jim@pagesmiths.com Low Product pom developer email johnstump2@yahoo.com Low Product pom developer email mguillemot@yahoo.fr Low Product pom developer email paulk@asert.com.au Low Product pom developer email phkim@cluecom.co.kr Low Product pom developer email pniederw@gmail.com Low Product pom developer email russel@winder.org.uk Low Product pom developer email sam@sampullara.com Low Product pom developer email sormuras@gmx.de Low Product pom developer email tug@wilson.co.uk Low Product pom developer id aalmiray Low Product pom developer id alextkachman Low Product pom developer id andresteingress Low Product pom developer id blackdrag Low Product pom developer id bob Low Product pom developer id bran Low Product pom developer id ckl Low Product pom developer id cpoirier Low Product pom developer id cstein Low Product pom developer id emilles Low Product pom developer id galleon Low Product pom developer id glaforge Low Product pom developer id goetze Low Product pom developer id grocher Low Product pom developer id hamletdrc Low Product pom developer id jamiemc Low Product pom developer id jez Low Product pom developer id jimwhite Low Product pom developer id joe Low Product pom developer id jstrachan Low Product pom developer id jstump Low Product pom developer id jwill Low Product pom developer id jwilson Low Product pom developer id kasper Low Product pom developer id mattf Low Product pom developer id melix Low Product pom developer id mguillem Low Product pom developer id mittie Low Product pom developer id pascalschumacher Low Product pom developer id paulk Low Product pom developer id phk Low Product pom developer id pniederw Low Product pom developer id roshandawrani Low Product pom developer id rpopma Low Product pom developer id russel Low Product pom developer id shemnon Low Product pom developer id skizz Low Product pom developer id spullara Low Product pom developer id sunlan Low Product pom developer id timyates Low Product pom developer id travis Low Product pom developer id user57 Low Product pom developer id zohar Low Product pom developer name Alex Tkachman Low Product pom developer name Andre Steingress Low Product pom developer name Andres Almiray Low Product pom developer name Bing Ran Low Product pom developer name bob mcwhirter Low Product pom developer name Cedric Champeau Low Product pom developer name Chris Poirier Low Product pom developer name Chris Stevenson Low Product pom developer name Christiaan ten Klooster Low Product pom developer name Christian Stein Low Product pom developer name Daniel Sun Low Product pom developer name Danno Ferrin Low Product pom developer name Dierk Koenig Low Product pom developer name Eric Milles Low Product pom developer name Graeme Rocher Low Product pom developer name Guillaume Alleon Low Product pom developer name Guillaume Laforge Low Product pom developer name Hamlet D'Arcy Low Product pom developer name James Strachan Low Product pom developer name James Williams Low Product pom developer name Jamie McCrindle Low Product pom developer name Jason Dillon Low Product pom developer name Jeremy Rayner Low Product pom developer name Jim White Low Product pom developer name Jochen Theodorou Low Product pom developer name Joe Walnes Low Product pom developer name John Stump Low Product pom developer name John Wilson Low Product pom developer name Kasper Nielsen Low Product pom developer name Marc Guillemot Low Product pom developer name Matt Foemmel Low Product pom developer name Pascal Schumacher Low Product pom developer name Paul King Low Product pom developer name Peter Niederwieser Low Product pom developer name Pilho Kim Low Product pom developer name Remko Popma Low Product pom developer name Roshan Dawrani Low Product pom developer name Russel Winder Low Product pom developer name Sam Pullara Low Product pom developer name Steve Goetze Low Product pom developer name Tim Yates Low Product pom developer name Travis Kay Low Product pom developer name Zohar Melamed Low Product pom developer org Concertant LLP & It'z Interactive Ltd Low Product pom developer org Core Developers Network Low Product pom developer org CTSR.de Low Product pom developer org Dacelo WebDevelopment Low Product pom developer org Dovetailed Technologies, LLC Low Product pom developer org Google Low Product pom developer org IFCX.org Low Product pom developer org javanicus Low Product pom developer org Karakun AG Low Product pom developer org Leadingcare Low Product pom developer org OCI, Australia Low Product pom developer org The Werken Company Low Product pom developer org The Wilson Partnership Low Product pom developer org Thomson Reuters Low Product pom developer org ThoughtWorks Low Product pom developer org Three Low Product pom groupid org.apache.groovy Highest Product pom name Apache Groovy High Product pom organization name Apache Software Foundation Low Product pom organization url https://apache.org Low Product pom url https://groovy-lang.org Medium Version file version 4.0.21 High Version Manifest Bundle-Version 4.0.21 High Version Manifest Implementation-Version 4.0.21 High Version pom version 4.0.21 Highest
groovy-sql-4.0.21.jarDescription:
Groovy: A powerful multi-faceted language for the JVM License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/groovy/groovy-sql/4.0.21/groovy-sql-4.0.21.jar
MD5: 4d97660191998e8674ce978440e1c867
SHA1: 6d4d122f036d3ce36a54d392cfb4b609310883c9
SHA256: 88557a5113d939cdec90e1414947b451ad77222fd1ff1ebfcb62200e5b00d77f
Referenced In Project/Scope: Gemma Groovy Support:compile
groovy-sql-4.0.21.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name groovy-sql High Vendor jar package name apache Highest Vendor jar package name groovy Highest Vendor jar package name sql Highest Vendor Manifest automatic-module-name org.apache.groovy.sql Medium Vendor Manifest bundle-symbolicname groovy-sql Medium Vendor Manifest eclipse-buddypolicy dependent Low Vendor Manifest extension-name groovy Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid groovy-sql Highest Vendor pom artifactid groovy-sql Low Vendor pom developer email aalmiray@users.sourceforge.net Low Vendor pom developer email b55r@sina.com Low Vendor pom developer email blackdrag@gmx.org Low Vendor pom developer email bob@werken.com Low Vendor pom developer email cedric.champeau@gmail.com Low Vendor pom developer email ckl@dacelo.nl Low Vendor pom developer email cpoirier@dreaming.org Low Vendor pom developer email goetze@dovetail.com Low Vendor pom developer email guillaume.alleon@gmail.com Low Vendor pom developer email hamletdrc@gmail.com Low Vendor pom developer email james@coredevelopers.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email jeremy.rayner@gmail.com Low Vendor pom developer email jim@pagesmiths.com Low Vendor pom developer email johnstump2@yahoo.com Low Vendor pom developer email mguillemot@yahoo.fr Low Vendor pom developer email paulk@asert.com.au Low Vendor pom developer email phkim@cluecom.co.kr Low Vendor pom developer email pniederw@gmail.com Low Vendor pom developer email russel@winder.org.uk Low Vendor pom developer email sam@sampullara.com Low Vendor pom developer email sormuras@gmx.de Low Vendor pom developer email tug@wilson.co.uk Low Vendor pom developer id aalmiray Medium Vendor pom developer id alextkachman Medium Vendor pom developer id andresteingress Medium Vendor pom developer id blackdrag Medium Vendor pom developer id bob Medium Vendor pom developer id bran Medium Vendor pom developer id ckl Medium Vendor pom developer id cpoirier Medium Vendor pom developer id cstein Medium Vendor pom developer id emilles Medium Vendor pom developer id galleon Medium Vendor pom developer id glaforge Medium Vendor pom developer id goetze Medium Vendor pom developer id grocher Medium Vendor pom developer id hamletdrc Medium Vendor pom developer id jamiemc Medium Vendor pom developer id jez Medium Vendor pom developer id jimwhite Medium Vendor pom developer id joe Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jstump Medium Vendor pom developer id jwill Medium Vendor pom developer id jwilson Medium Vendor pom developer id kasper Medium Vendor pom developer id mattf Medium Vendor pom developer id melix Medium Vendor pom developer id mguillem Medium Vendor pom developer id mittie Medium Vendor pom developer id pascalschumacher Medium Vendor pom developer id paulk Medium Vendor pom developer id phk Medium Vendor pom developer id pniederw Medium Vendor pom developer id roshandawrani Medium Vendor pom developer id rpopma Medium Vendor pom developer id russel Medium Vendor pom developer id shemnon Medium Vendor pom developer id skizz Medium Vendor pom developer id spullara Medium Vendor pom developer id sunlan Medium Vendor pom developer id timyates Medium Vendor pom developer id travis Medium Vendor pom developer id user57 Medium Vendor pom developer id zohar Medium Vendor pom developer name Alex Tkachman Medium Vendor pom developer name Andre Steingress Medium Vendor pom developer name Andres Almiray Medium Vendor pom developer name Bing Ran Medium Vendor pom developer name bob mcwhirter Medium Vendor pom developer name Cedric Champeau Medium Vendor pom developer name Chris Poirier Medium Vendor pom developer name Chris Stevenson Medium Vendor pom developer name Christiaan ten Klooster Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Daniel Sun Medium Vendor pom developer name Danno Ferrin Medium Vendor pom developer name Dierk Koenig Medium Vendor pom developer name Eric Milles Medium Vendor pom developer name Graeme Rocher Medium Vendor pom developer name Guillaume Alleon Medium Vendor pom developer name Guillaume Laforge Medium Vendor pom developer name Hamlet D'Arcy Medium Vendor pom developer name James Strachan Medium Vendor pom developer name James Williams Medium Vendor pom developer name Jamie McCrindle Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Jeremy Rayner Medium Vendor pom developer name Jim White Medium Vendor pom developer name Jochen Theodorou Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name John Stump Medium Vendor pom developer name John Wilson Medium Vendor pom developer name Kasper Nielsen Medium Vendor pom developer name Marc Guillemot Medium Vendor pom developer name Matt Foemmel Medium Vendor pom developer name Pascal Schumacher Medium Vendor pom developer name Paul King Medium Vendor pom developer name Peter Niederwieser Medium Vendor pom developer name Pilho Kim Medium Vendor pom developer name Remko Popma Medium Vendor pom developer name Roshan Dawrani Medium Vendor pom developer name Russel Winder Medium Vendor pom developer name Sam Pullara Medium Vendor pom developer name Steve Goetze Medium Vendor pom developer name Tim Yates Medium Vendor pom developer name Travis Kay Medium Vendor pom developer name Zohar Melamed Medium Vendor pom developer org Concertant LLP & It'z Interactive Ltd Medium Vendor pom developer org Core Developers Network Medium Vendor pom developer org CTSR.de Medium Vendor pom developer org Dacelo WebDevelopment Medium Vendor pom developer org Dovetailed Technologies, LLC Medium Vendor pom developer org Google Medium Vendor pom developer org IFCX.org Medium Vendor pom developer org javanicus Medium Vendor pom developer org Karakun AG Medium Vendor pom developer org Leadingcare Medium Vendor pom developer org OCI, Australia Medium Vendor pom developer org The Werken Company Medium Vendor pom developer org The Wilson Partnership Medium Vendor pom developer org Thomson Reuters Medium Vendor pom developer org ThoughtWorks Medium Vendor pom developer org Three Medium Vendor pom groupid org.apache.groovy Highest Vendor pom name Apache Groovy High Vendor pom organization name Apache Software Foundation High Vendor pom organization url https://apache.org Medium Vendor pom url https://groovy-lang.org Highest Product file name groovy-sql High Product jar package name apache Highest Product jar package name groovy Highest Product jar package name sql Highest Product Manifest automatic-module-name org.apache.groovy.sql Medium Product Manifest Bundle-Name Groovy module: groovy-sql Medium Product Manifest bundle-symbolicname groovy-sql Medium Product Manifest eclipse-buddypolicy dependent Low Product Manifest extension-name groovy Medium Product Manifest Implementation-Title Groovy: a powerful, multi-faceted language for the JVM High Product Manifest specification-title Groovy: a powerful, multi-faceted language for the JVM Medium Product pom artifactid groovy-sql Highest Product pom developer email aalmiray@users.sourceforge.net Low Product pom developer email b55r@sina.com Low Product pom developer email blackdrag@gmx.org Low Product pom developer email bob@werken.com Low Product pom developer email cedric.champeau@gmail.com Low Product pom developer email ckl@dacelo.nl Low Product pom developer email cpoirier@dreaming.org Low Product pom developer email goetze@dovetail.com Low Product pom developer email guillaume.alleon@gmail.com Low Product pom developer email hamletdrc@gmail.com Low Product pom developer email james@coredevelopers.com Low Product pom developer email jason@planet57.com Low Product pom developer email jeremy.rayner@gmail.com Low Product pom developer email jim@pagesmiths.com Low Product pom developer email johnstump2@yahoo.com Low Product pom developer email mguillemot@yahoo.fr Low Product pom developer email paulk@asert.com.au Low Product pom developer email phkim@cluecom.co.kr Low Product pom developer email pniederw@gmail.com Low Product pom developer email russel@winder.org.uk Low Product pom developer email sam@sampullara.com Low Product pom developer email sormuras@gmx.de Low Product pom developer email tug@wilson.co.uk Low Product pom developer id aalmiray Low Product pom developer id alextkachman Low Product pom developer id andresteingress Low Product pom developer id blackdrag Low Product pom developer id bob Low Product pom developer id bran Low Product pom developer id ckl Low Product pom developer id cpoirier Low Product pom developer id cstein Low Product pom developer id emilles Low Product pom developer id galleon Low Product pom developer id glaforge Low Product pom developer id goetze Low Product pom developer id grocher Low Product pom developer id hamletdrc Low Product pom developer id jamiemc Low Product pom developer id jez Low Product pom developer id jimwhite Low Product pom developer id joe Low Product pom developer id jstrachan Low Product pom developer id jstump Low Product pom developer id jwill Low Product pom developer id jwilson Low Product pom developer id kasper Low Product pom developer id mattf Low Product pom developer id melix Low Product pom developer id mguillem Low Product pom developer id mittie Low Product pom developer id pascalschumacher Low Product pom developer id paulk Low Product pom developer id phk Low Product pom developer id pniederw Low Product pom developer id roshandawrani Low Product pom developer id rpopma Low Product pom developer id russel Low Product pom developer id shemnon Low Product pom developer id skizz Low Product pom developer id spullara Low Product pom developer id sunlan Low Product pom developer id timyates Low Product pom developer id travis Low Product pom developer id user57 Low Product pom developer id zohar Low Product pom developer name Alex Tkachman Low Product pom developer name Andre Steingress Low Product pom developer name Andres Almiray Low Product pom developer name Bing Ran Low Product pom developer name bob mcwhirter Low Product pom developer name Cedric Champeau Low Product pom developer name Chris Poirier Low Product pom developer name Chris Stevenson Low Product pom developer name Christiaan ten Klooster Low Product pom developer name Christian Stein Low Product pom developer name Daniel Sun Low Product pom developer name Danno Ferrin Low Product pom developer name Dierk Koenig Low Product pom developer name Eric Milles Low Product pom developer name Graeme Rocher Low Product pom developer name Guillaume Alleon Low Product pom developer name Guillaume Laforge Low Product pom developer name Hamlet D'Arcy Low Product pom developer name James Strachan Low Product pom developer name James Williams Low Product pom developer name Jamie McCrindle Low Product pom developer name Jason Dillon Low Product pom developer name Jeremy Rayner Low Product pom developer name Jim White Low Product pom developer name Jochen Theodorou Low Product pom developer name Joe Walnes Low Product pom developer name John Stump Low Product pom developer name John Wilson Low Product pom developer name Kasper Nielsen Low Product pom developer name Marc Guillemot Low Product pom developer name Matt Foemmel Low Product pom developer name Pascal Schumacher Low Product pom developer name Paul King Low Product pom developer name Peter Niederwieser Low Product pom developer name Pilho Kim Low Product pom developer name Remko Popma Low Product pom developer name Roshan Dawrani Low Product pom developer name Russel Winder Low Product pom developer name Sam Pullara Low Product pom developer name Steve Goetze Low Product pom developer name Tim Yates Low Product pom developer name Travis Kay Low Product pom developer name Zohar Melamed Low Product pom developer org Concertant LLP & It'z Interactive Ltd Low Product pom developer org Core Developers Network Low Product pom developer org CTSR.de Low Product pom developer org Dacelo WebDevelopment Low Product pom developer org Dovetailed Technologies, LLC Low Product pom developer org Google Low Product pom developer org IFCX.org Low Product pom developer org javanicus Low Product pom developer org Karakun AG Low Product pom developer org Leadingcare Low Product pom developer org OCI, Australia Low Product pom developer org The Werken Company Low Product pom developer org The Wilson Partnership Low Product pom developer org Thomson Reuters Low Product pom developer org ThoughtWorks Low Product pom developer org Three Low Product pom groupid org.apache.groovy Highest Product pom name Apache Groovy High Product pom organization name Apache Software Foundation Low Product pom organization url https://apache.org Low Product pom url https://groovy-lang.org Medium Version file version 4.0.21 High Version Manifest Bundle-Version 4.0.21 High Version Manifest Implementation-Version 4.0.21 High Version pom version 4.0.21 Highest
Related Dependencies groovy-servlet-4.0.21.jarFile Path: /home/jenkins/.m2/repository/org/apache/groovy/groovy-servlet/4.0.21/groovy-servlet-4.0.21.jar MD5: e70c1a0861f742fbd2aad2deaffd9cc0 SHA1: 1be0fca02409480b5902853ffe250c1c548f8ad0 SHA256: 5e2e26696bdf40f936d45cc996a48ef041fbcd8fcf3f655cea307351822da388 pkg:maven/org.apache.groovy/groovy-servlet@4.0.21 groovy-test-junit5-4.0.21.jarFile Path: /home/jenkins/.m2/repository/org/apache/groovy/groovy-test-junit5/4.0.21/groovy-test-junit5-4.0.21.jar MD5: 97a07da1408b3f1eab8cc287e57e8dc7 SHA1: 770c5a1e8a3b38721e524561213e219214bae892 SHA256: d191411b0fa78e6364596ba3643178404b47e834972b9bf9f34e7c9df358057f pkg:maven/org.apache.groovy/groovy-test-junit5@4.0.21 gson-2.10.1.jarDescription:
Gson JSON library License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar
MD5: df6097815738cb31fc56391553210843
SHA1: b3add478d4382b78ea20b1671390a858002feb6c
SHA256: 4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
Referenced In Project/Scope: Gemma Web:compile
gson-2.10.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
Evidence Type Source Name Value Confidence Vendor file name gson High Vendor jar package name google Highest Vendor jar package name gson Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-contactaddress https://github.com/google/gson Low Vendor Manifest bundle-developers google;organization=Google;organizationUrl="https://www.google.com" Low Vendor Manifest bundle-docurl https://github.com/google/gson/gson Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Vendor Manifest bundle-symbolicname com.google.gson Medium Vendor Manifest multi-release true Low Vendor pom artifactid gson Highest Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product file name gson High Product jar package name google Highest Product jar package name gson Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-contactaddress https://github.com/google/gson Low Product Manifest bundle-developers google;organization=Google;organizationUrl="https://www.google.com" Low Product Manifest bundle-docurl https://github.com/google/gson/gson Low Product Manifest Bundle-Name Gson Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Product Manifest bundle-symbolicname com.google.gson Medium Product Manifest multi-release true Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version file version 2.10.1 High Version Manifest Bundle-Version 2.10.1 High Version pom version 2.10.1 Highest
helvetiker-normal-normal.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/faces/helvetiker-normal-normal.jsMD5: 40013a32b6b084c2e5c477d4c6ad26bfSHA1: 265615d33fb3f2ef7a7920e7fc7e647be865161aSHA256: 0020f8eb7a35548916af97759ead2ba529c59fb0daec4706376d539f4a6e3031Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
hibernate-commons-annotations-4.0.2.Final.jarDescription:
Common reflection code used in support of annotation processing License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl-2.1.html File Path: /home/jenkins/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.2.Final/hibernate-commons-annotations-4.0.2.Final.jar
MD5: 916d4ddfb26db16da75ee8f973fd08ad
SHA1: 0094edcc5572efb02e123cc9ef7ad7d0fa5f76cf
SHA256: ae6b6708a03a144265ac7bf1def64b18def3b6576a8a52d7a6787d9cf00aa0ec
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile hibernate-commons-annotations-4.0.2.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final Evidence Type Source Name Value Confidence Vendor file name hibernate-commons-annotations High Vendor hint analyzer vendor redhat Highest Vendor jar package name annotations Highest Vendor jar package name common Highest Vendor jar package name hibernate Highest Vendor jar package name reflection Highest Vendor Manifest bundle-docurl http://hibernate.org Low Vendor Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium Vendor Manifest implementation-url http://hibernate.org Low Vendor Manifest Implementation-Vendor hibernate.org High Vendor Manifest Implementation-Vendor-Id hibernate.org Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid hibernate-commons-annotations Highest Vendor pom artifactid hibernate-commons-annotations Low Vendor pom developer email emmanuel@hibernate.org Low Vendor pom developer id epbernard Medium Vendor pom developer name Emmanuel Bernard Medium Vendor pom developer org JBoss, a division of Red Hat Medium Vendor pom groupid org.hibernate.common Highest Vendor pom name Hibernate Commons Annotations High Vendor pom organization name Hibernate.org High Vendor pom organization url http://hibernate.org Medium Vendor pom url http://hibernate.org Highest Product file name hibernate-commons-annotations High Product jar package name annotations Highest Product jar package name common Highest Product jar package name hibernate Highest Product jar package name reflection Highest Product Manifest bundle-docurl http://hibernate.org Low Product Manifest Bundle-Name Hibernate Commons Annotations Medium Product Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium Product Manifest Implementation-Title Hibernate Commons Annotations High Product Manifest implementation-url http://hibernate.org Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid hibernate-commons-annotations Highest Product pom developer email emmanuel@hibernate.org Low Product pom developer id epbernard Low Product pom developer name Emmanuel Bernard Low Product pom developer org JBoss, a division of Red Hat Low Product pom groupid org.hibernate.common Highest Product pom name Hibernate Commons Annotations High Product pom organization name Hibernate.org Low Product pom organization url http://hibernate.org Low Product pom url http://hibernate.org Medium Version Manifest Bundle-Version 4.0.2.Final High Version Manifest Implementation-Version 4.0.2.Final High Version pom version 4.0.2.Final Highest
hibernate-core-4.2.21.Final.jarDescription:
A module of the Hibernate O/RM project License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-core/4.2.21.Final/hibernate-core-4.2.21.Final.jar
MD5: 492567c1f36fb3a5968ca2d3c452edaf
SHA1: bb587d00287c13d9e4324bc76c13abbd493efa81
SHA256: 7c33583de97e42b95c530e7e4752efbdbd46a566f7708ff0e8cf490203db74e3
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile hibernate-core-4.2.21.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name hibernate-core High Vendor hint analyzer vendor redhat Highest Vendor jar package name hibernate Highest Vendor Manifest bundle-symbolicname org.hibernate.core Medium Vendor Manifest implementation-url http://hibernate.org Low Vendor Manifest Implementation-Vendor Hibernate.org High Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Vendor pom artifactid hibernate-core Highest Vendor pom artifactid hibernate-core Low Vendor pom developer id hibernate-team Medium Vendor pom developer name The Hibernate Development Team Medium Vendor pom developer org org.apache.maven.model.Organization@304f3623 Medium Vendor pom developer org URL http://hibernate.org Medium Vendor pom groupid org.hibernate Highest Vendor pom name A Hibernate O/RM Module High Vendor pom organization name Hibernate.org High Vendor pom organization url http://hibernate.org Medium Vendor pom url http://hibernate.org Highest Product file name hibernate-core High Product hint analyzer product orm Highest Product jar package name hibernate Highest Product Manifest Bundle-Name hibernate-core Medium Product Manifest bundle-symbolicname org.hibernate.core Medium Product Manifest implementation-url http://hibernate.org Low Product pom artifactid hibernate-core Highest Product pom developer id hibernate-team Low Product pom developer name The Hibernate Development Team Low Product pom developer org org.apache.maven.model.Organization@304f3623 Low Product pom developer org URL http://hibernate.org Low Product pom groupid org.hibernate Highest Product pom name A Hibernate O/RM Module High Product pom organization name Hibernate.org Low Product pom organization url http://hibernate.org Low Product pom url http://hibernate.org Medium Version Manifest Bundle-Version 4.2.21.Final High Version Manifest Implementation-Version 4.2.21.Final High Version pom version 4.2.21.Final Highest
Related Dependencies hibernate-ehcache-4.2.21.Final.jarFile Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-ehcache/4.2.21.Final/hibernate-ehcache-4.2.21.Final.jar MD5: 08cc990d6986bafb645a3f8490063e84 SHA1: 89b276ca542a5c1ee28e0e9a14a2d8fe6114a54e SHA256: 6be892648d8c07ae7036a7461e3c1449c9c34a0a4187f6ac53acadf02e8c8a50 pkg:maven/org.hibernate/hibernate-ehcache@4.2.21.Final CVE-2020-25638 suppress
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-14900 suppress
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hibernate-jpa-2.0-api-1.0.1.Final.jarDescription:
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
License:
license.txt File Path: /home/jenkins/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar
MD5: d7e7d8f60fc44a127ba702d43e71abec
SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b
SHA256: bacfb6460317d421aa2906d9e63c293b69dc1a5dac480d0f6416df50796a4bb3
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile hibernate-jpa-2.0-api-1.0.1.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final Evidence Type Source Name Value Confidence Vendor file name hibernate-jpa-2.0-api-1.0.1.Final High Vendor hint analyzer vendor redhat Highest Vendor jar package name javax Highest Vendor jar package name persistence Highest Vendor Manifest Implementation-Vendor hibernate.org High Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid hibernate-jpa-2.0-api Highest Vendor pom artifactid hibernate-jpa-2.0-api Low Vendor pom developer email emmanuel@hibernate.org Low Vendor pom developer email hferents@redhat.com Low Vendor pom developer email steve@hibernate.org Low Vendor pom developer id epbernard Medium Vendor pom developer id hardy.ferentschik Medium Vendor pom developer name Emmanuel Bernard Medium Vendor pom developer name Hardy Ferentschik Medium Vendor pom developer name Steve Ebersole Medium Vendor pom developer org JBoss by Red Hat Medium Vendor pom groupid org.hibernate.javax.persistence Highest Vendor pom name JPA 2.0 API High Vendor pom organization name Hibernate.org High Vendor pom organization url http://hibernate.org Medium Vendor pom url http://hibernate.org Highest Product file name hibernate-jpa-2.0-api-1.0.1.Final High Product jar package name javax Highest Product jar package name persistence Highest Product jar package name version Highest Product Manifest Implementation-Title JPA API High Product Manifest specification-title Java Persistence API, Version 2.0 Medium Product pom artifactid hibernate-jpa-2.0-api Highest Product pom developer email emmanuel@hibernate.org Low Product pom developer email hferents@redhat.com Low Product pom developer email steve@hibernate.org Low Product pom developer id epbernard Low Product pom developer id hardy.ferentschik Low Product pom developer name Emmanuel Bernard Low Product pom developer name Hardy Ferentschik Low Product pom developer name Steve Ebersole Low Product pom developer org JBoss by Red Hat Low Product pom groupid org.hibernate.javax.persistence Highest Product pom name JPA 2.0 API High Product pom organization name Hibernate.org Low Product pom organization url http://hibernate.org Low Product pom url http://hibernate.org Medium Version Manifest Implementation-Version 1.0.1.Final High Version pom version 1.0.1.Final Highest
hibernate-search-engine-4.4.6.Final.jarDescription:
the core of the Object/Lucene mapper, query engine and index management File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-search-engine/4.4.6.Final/hibernate-search-engine-4.4.6.Final.jarMD5: 9e9d56601b801f8d22a95f93aa14b599SHA1: b3395324b7a3ff069ceae3f929805859b6f78cd4SHA256: c4b6df8b2045f512f65559ad0a0ad370f8dc2a41a1854142c0a826cd3f30d86cReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile hibernate-search-engine-4.4.6.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final Evidence Type Source Name Value Confidence Vendor file name hibernate-search-engine High Vendor hint analyzer vendor redhat Highest Vendor jar package name engine Highest Vendor jar package name hibernate Highest Vendor jar package name index Highest Vendor jar package name query Highest Vendor jar package name search Highest Vendor Manifest implementation-url http://search.hibernate.org Low Vendor Manifest Implementation-Vendor hibernate.org High Vendor Manifest Implementation-Vendor-Id hibernate.org Medium Vendor pom artifactid hibernate-search-engine Highest Vendor pom artifactid hibernate-search-engine Low Vendor pom groupid org.hibernate Highest Vendor pom name Hibernate Search Engine High Vendor pom parent-artifactid hibernate-search-parent Low Product file name hibernate-search-engine High Product hint analyzer product orm Highest Product jar package name engine Highest Product jar package name hibernate Highest Product jar package name index Highest Product jar package name query Highest Product jar package name search Highest Product Manifest Implementation-Title Hibernate Search Engine High Product Manifest implementation-url http://search.hibernate.org Low Product pom artifactid hibernate-search-engine Highest Product pom groupid org.hibernate Highest Product pom name Hibernate Search Engine High Product pom parent-artifactid hibernate-search-parent Medium Version Manifest Implementation-Version 4.4.6.Final High Version pom version 4.4.6.Final Highest
Related Dependencies hibernate-search-analyzers-4.4.6.Final.jarFile Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-search-analyzers/4.4.6.Final/hibernate-search-analyzers-4.4.6.Final.jar MD5: bf4c82ff03209662c21e88382c9a210b SHA1: 8fd935f39624b1b96f16901a494a91241283eab1 SHA256: e5f37bf4cb09c5238f411ac98513ac393abf748abb6b79510d4a78628d9c6d75 pkg:maven/org.hibernate/hibernate-search-analyzers@4.4.6.Final CVE-2020-25638 suppress
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-14900 suppress
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hibernate-search-orm-4.4.6.Final.jarDescription:
Hibernate Search integration with Hibernate Core File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-search-orm/4.4.6.Final/hibernate-search-orm-4.4.6.Final.jarMD5: 211a4877ef941c8f754e22f049076b27SHA1: 306bbf61e5c9d5e807cf178f20de09ce65bf088dSHA256: 62703d15aa0d11376b263e0d25abdbc25242975c62260f1795d0eae8ba6990b0Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile hibernate-search-orm-4.4.6.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name hibernate-search-orm High Vendor hint analyzer vendor redhat Highest Vendor jar package name hibernate Highest Vendor jar package name search Highest Vendor Manifest implementation-url http://search.hibernate.org Low Vendor Manifest Implementation-Vendor hibernate.org High Vendor Manifest Implementation-Vendor-Id hibernate.org Medium Vendor pom artifactid hibernate-search-orm Highest Vendor pom artifactid hibernate-search-orm Low Vendor pom groupid org.hibernate Highest Vendor pom name Hibernate Search ORM High Vendor pom parent-artifactid hibernate-search-parent Low Product file name hibernate-search-orm High Product hint analyzer product orm Highest Product jar package name hibernate Highest Product jar package name search Highest Product Manifest Implementation-Title Hibernate Search ORM High Product Manifest implementation-url http://search.hibernate.org Low Product pom artifactid hibernate-search-orm Highest Product pom groupid org.hibernate Highest Product pom name Hibernate Search ORM High Product pom parent-artifactid hibernate-search-parent Medium Version Manifest Implementation-Version 4.4.6.Final High Version pom version 4.4.6.Final Highest
CVE-2020-25638 suppress
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-14900 suppress
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hk2-2.5.0-b32.jarDescription:
This is so that other modules can depend on HK2 as an HK2 module. License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2/2.5.0-b32/hk2-2.5.0-b32.jar
MD5: 31e1db921be02e0d5af049306502e730
SHA1: 0c3accae585955e49c771d464899e906ecc9ffb4
SHA256: 544704ba09f01b7079b4280c9f45c73221693e37f3f3de77953d53cbe8c3b4dc
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile hk2-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name hk2 High Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.hk2 Medium Vendor pom artifactid hk2 Highest Vendor pom artifactid hk2 Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 module of HK2 itself High Vendor pom parent-artifactid hk2-parent Low Product file name hk2 High Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 module of HK2 itself Medium Product Manifest bundle-symbolicname org.glassfish.hk2.hk2 Medium Product pom artifactid hk2 Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 module of HK2 itself High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
hk2-api-2.5.0-b32.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-api/2.5.0-b32/hk2-api-2.5.0-b32.jar
MD5: 93322931c4ec277c5190c7cddf7ad155
SHA1: 6a576c9653832ce610b80a2f389374ef19d96171
SHA256: b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile hk2-api-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 Evidence Type Source Name Value Confidence Vendor file name hk2-api High Vendor jar package name api Highest Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.api Medium Vendor pom artifactid hk2-api Highest Vendor pom artifactid hk2-api Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 API module High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-api High Product jar package name api Highest Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 API module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.api Medium Product pom artifactid hk2-api Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 API module High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
hk2-config-2.5.0-b32.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-config/2.5.0-b32/hk2-config-2.5.0-b32.jar
MD5: 6ea901d4ede7a568fda9c3b91bebc648
SHA1: dce05ac4225dbc0c1c382ad02e3b5bee51f0168a
SHA256: 7aa82ea0bfbfe68959473414a5cb12b3a3a288795f18b1187043ae9b953e81c3
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile hk2-config-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1 Evidence Type Source Name Value Confidence Vendor file name hk2-config High Vendor jar package name config Highest Vendor jar package name dom Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.config Medium Vendor pom artifactid hk2-config Highest Vendor pom artifactid hk2-config Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 configuration module High Vendor pom parent-artifactid hk2-xml-dom Low Product file name hk2-config High Product jar package name config Highest Product jar package name dom Highest Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 configuration module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.config Medium Product pom artifactid hk2-config Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 configuration module High Product pom parent-artifactid hk2-xml-dom Medium Version pom version 2.5.0-b32 Highest
hk2-core-2.5.0-b32.jarDescription:
Dependency Injection Kernel License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-core/2.5.0-b32/hk2-core-2.5.0-b32.jar
MD5: 9b0ee99635dcb6e04100698d4f805c90
SHA1: 8cb6a8a9522ec523b7740d29f555bdbe9d936af2
SHA256: ad86f38c17d4c0d2d4b7972ef64ae92383beb5751f05ddf8fe98da574f8412e1
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile hk2-core-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name hk2-core High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor jar package name module Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.core Medium Vendor pom artifactid hk2-core Highest Vendor pom artifactid hk2-core Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 core module High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-core High Product jar package name glassfish Highest Product jar package name hk2 Highest Product jar package name module Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 core module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.core Medium Product pom artifactid hk2-core Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 core module High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
hk2-locator-2.5.0-b32.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-locator/2.5.0-b32/hk2-locator-2.5.0-b32.jar
MD5: 5baf0f144cf8552a9fe476b096fc18a7
SHA1: 195474f8ad0a8d130e9ea949a771bcf1215fc33b
SHA256: 27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile hk2-locator-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 Evidence Type Source Name Value Confidence Vendor file name hk2-locator High Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Vendor pom artifactid hk2-locator Highest Vendor pom artifactid hk2-locator Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name ServiceLocator Default Implementation High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-locator High Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name ServiceLocator Default Implementation Medium Product Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Product pom artifactid hk2-locator Highest Product pom groupid org.glassfish.hk2 Highest Product pom name ServiceLocator Default Implementation High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
Related Dependencies hk2-runlevel-2.5.0-b32.jarFile Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-runlevel/2.5.0-b32/hk2-runlevel-2.5.0-b32.jar MD5: d8e25934bd5f4cea8fcf7d1ae073dc51 SHA1: 60dc979763ea885e796cba4d3e322af8d500ba74 SHA256: f2dae0ea26034f19bdd912b04b266b430d5a3184c32749eb07eeaaeb651913a4 pkg:maven/org.glassfish.hk2/hk2-runlevel@2.5.0-b32 hk2-utils-2.5.0-b32.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-utils/2.5.0-b32/hk2-utils-2.5.0-b32.jar
MD5: acc873aece4f8e89814ac0300b549e3e
SHA1: 5108a926988c4ceda7f1e681dddfe3101454a002
SHA256: 3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile hk2-utils-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name hk2-utils High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor jar package name utilities Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Vendor Manifest originally-created-by Apache Maven Low Vendor Manifest service foo Low Vendor pom artifactid hk2-utils Highest Vendor pom artifactid hk2-utils Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 Implementation Utilities High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-utils High Product jar package name glassfish Highest Product jar package name hk2 Highest Product jar package name utilities Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 Implementation Utilities Medium Product Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Product Manifest originally-created-by Apache Maven Low Product Manifest service foo Low Product pom artifactid hk2-utils Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 Implementation Utilities High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
httpclient-4.5.14.jarDescription:
Apache HttpComponents Client
File Path: /home/jenkins/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jarMD5: 2cb357c4b763f47e58af6cad47df6ba3SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98SHA256: c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile httpclient-4.5.14.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name httpclient High Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name httpclient Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpclient Highest Vendor pom artifactid httpclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client-ga Highest Product file name httpclient High Product jar package name apache Highest Product jar package name client Highest Product jar package name http Highest Product jar package name httpclient Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Product Manifest Implementation-Title Apache HttpClient High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client-ga Low Product Manifest specification-title Apache HttpClient Medium Product pom artifactid httpclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client-ga Medium Version file version 4.5.14 High Version Manifest Implementation-Version 4.5.14 High Version pom version 4.5.14 Highest
httpcore-4.4.16.jarDescription:
Apache HttpComponents Core (blocking I/O)
File Path: /home/jenkins/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jarMD5: 28d2cd9bf8789fd2ec774fb88436ebd1SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850SHA256: 6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464fReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile httpcore-4.4.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name httpcore High Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2022-11-26 09:44:32+0000 Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom artifactid httpcore Highest Vendor pom artifactid httpcore Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore High Product jar package name apache Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2022-11-26 09:44:32+0000 Low Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title HttpComponents Apache HttpCore Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom artifactid httpcore Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.16 High Version Manifest Implementation-Version 4.4.16 High Version pom version 4.4.16 Highest
indexer.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/indexer.jsMD5: aa46495eb50f856ea75dd9dc9d6b5f06SHA1: 4d19636b27bb87f29566f89e7fae303aa16ed93aSHA256: a6fecbf5e9c99da2e5026de23a249419d5d63728e438c233e48936557b01c61aReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
ivy-2.5.2.jarFile Path: /home/jenkins/.m2/repository/org/apache/ivy/ivy/2.5.2/ivy-2.5.2.jarMD5: 48ac3b12020a3d41b3edf7977eb04a46SHA1: cdde632c88d66bee5b13379448d12ed8baa58464SHA256: 98428d545ea63cd9a0aaf255caf42cb8cb64fe430dbb5e709aed536d4daeed04Referenced In Project/Scope: Gemma Groovy Support:compileivy-2.5.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name ivy High Vendor jar package name apache Highest Vendor jar package name ivy Highest Vendor Manifest automatic-module-name org.apache.ivy Medium Vendor Manifest bundle-docurl https://ant.apache.org/ivy/ Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor Manifest bundle-symbolicname org.apache.ivy Medium Vendor Manifest extension-name org.apache.ivy Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid ivy Highest Vendor pom artifactid ivy Low Vendor pom groupid org.apache.ivy Highest Vendor pom name Apache Ivy High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://ant.apache.org/ivy/ Highest Product file name ivy High Product jar package name ant Highest Product jar package name apache Highest Product jar package name ivy Highest Product Manifest automatic-module-name org.apache.ivy Medium Product Manifest bundle-docurl https://ant.apache.org/ivy/ Low Product Manifest Bundle-Name Ivy Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product Manifest bundle-symbolicname org.apache.ivy Medium Product Manifest extension-name org.apache.ivy Medium Product Manifest Implementation-Title org.apache.ivy High Product Manifest specification-title Apache Ivy with Ant tasks Medium Product pom artifactid ivy Highest Product pom groupid org.apache.ivy Highest Product pom name Apache Ivy High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://ant.apache.org/ivy/ Medium Version file version 2.5.2 High Version Manifest build-version 2.5.2 Medium Version Manifest Implementation-Version 2.5.2 High Version pom parent-version 2.5.2 Low Version pom version 2.5.2 Highest
jackson-core-2.17.1.jarDescription:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.1/jackson-core-2.17.1.jar
MD5: 9363584821290882417f1c3ceab784df
SHA1: 5e52a11644cd59a28ef79f02bddc2cc3bab45edb
SHA256: ddb26c8a1f1a84535e8213c48b35b253370434e3287b3cf15777856fc4e58ce6
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jackson-core-2.17.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name com Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name com Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.17.1 High Version Manifest Bundle-Version 2.17.1 High Version Manifest Implementation-Version 2.17.1 High Version pom version 2.17.1 Highest
Related Dependencies jackson-annotations-2.17.1.jarFile Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.17.1/jackson-annotations-2.17.1.jar MD5: dbeffa5994a6234489a205fd7f33d9b9 SHA1: fca7ef6192c9ad05d07bc50da991bf937a84af3a SHA256: fccad82e13172c0e4384db71577219c9b8631c0820f4b18daaa57016fb661c76 pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.17.1 jackson-databind-2.17.1.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.1/jackson-databind-2.17.1.jar
MD5: f0a1c37dc7d937f14e183d84f15c0f83
SHA1: 0524dcbcccdde7d45a679dfc333e4763feb09079
SHA256: b6ca2f7d5b1ab245cec5495ec339773d2d90554c48592590673fb18f4400a948
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jackson-databind-2.17.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.17.1 High Version Manifest Bundle-Version 2.17.1 High Version Manifest Implementation-Version 2.17.1 High Version pom version 2.17.1 Highest
jackson-dataformat-yaml-2.16.2.jarDescription:
Support for reading and writing YAML-encoded data via Jackson abstractions.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.16.2/jackson-dataformat-yaml-2.16.2.jar
MD5: 195173d37b475172610d4830fb66e506
SHA1: 13088f6762211f264bc0ebf5467be96d8e9e3ebf
SHA256: df33f4dd29f975600d3ac2e7c891ef7a9bce33f0715680df479c63a44ddc8fa9
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile jackson-dataformat-yaml-2.16.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.swagger.core.v3/swagger-core@2.2.22 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jackson-dataformat-yaml High Vendor jar package name dataformat Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name yaml Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformats-text Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-yaml Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-dataformat-yaml Highest Vendor pom artifactid jackson-dataformat-yaml Low Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor pom name Jackson-dataformat-YAML High Vendor pom parent-artifactid jackson-dataformats-text Low Vendor pom url FasterXML/jackson-dataformats-text Highest Product file name jackson-dataformat-yaml High Product jar package name dataformat Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name yaml Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformats-text Low Product Manifest Bundle-Name Jackson-dataformat-YAML Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-yaml Medium Product Manifest Implementation-Title Jackson-dataformat-YAML High Product Manifest multi-release true Low Product Manifest specification-title Jackson-dataformat-YAML Medium Product pom artifactid jackson-dataformat-yaml Highest Product pom groupid com.fasterxml.jackson.dataformat Highest Product pom name Jackson-dataformat-YAML High Product pom parent-artifactid jackson-dataformats-text Medium Product pom url FasterXML/jackson-dataformats-text High Version file version 2.16.2 High Version Manifest Bundle-Version 2.16.2 High Version Manifest Implementation-Version 2.16.2 High Version pom version 2.16.2 Highest
jackson-dataformat-yaml-2.17.0.jarDescription:
Support for reading and writing YAML-encoded data via Jackson abstractions.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.17.0/jackson-dataformat-yaml-2.17.0.jar
MD5: 24f6f98e917bff8382dfc8890a0b634b
SHA1: 57a963c6258c49febc11390082d8503f71bb15a9
SHA256: 46b65ace036b01743710bcfc9e7f041eded2fc82ba0d3d83e19b32c818c18b4c
Referenced In Project/Scope: Gemma Groovy Support:compile
jackson-dataformat-yaml-2.17.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name jackson-dataformat-yaml High Vendor jar package name dataformat Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name yaml Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformats-text Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-yaml Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-dataformat-yaml Highest Vendor pom artifactid jackson-dataformat-yaml Low Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor pom name Jackson-dataformat-YAML High Vendor pom parent-artifactid jackson-dataformats-text Low Vendor pom url FasterXML/jackson-dataformats-text Highest Product file name jackson-dataformat-yaml High Product jar package name dataformat Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name yaml Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformats-text Low Product Manifest Bundle-Name Jackson-dataformat-YAML Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-yaml Medium Product Manifest Implementation-Title Jackson-dataformat-YAML High Product Manifest multi-release true Low Product Manifest specification-title Jackson-dataformat-YAML Medium Product pom artifactid jackson-dataformat-yaml Highest Product pom groupid com.fasterxml.jackson.dataformat Highest Product pom name Jackson-dataformat-YAML High Product pom parent-artifactid jackson-dataformats-text Medium Product pom url FasterXML/jackson-dataformats-text High Version file version 2.17.0 High Version Manifest Bundle-Version 2.17.0 High Version Manifest Implementation-Version 2.17.0 High Version pom version 2.17.0 Highest
jackson-datatype-jsr310-2.16.2.jarDescription:
Add-on module to support JSR-310 (Java 8 Date & Time API) data types. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.16.2/jackson-datatype-jsr310-2.16.2.jar
MD5: 17b881ce122838518321585edd2e8586
SHA1: 58e86108e4b1b1e893e7a69b1bbca880acfca143
SHA256: 9d03ad6d47b5f9951b75fb0cae0760156fa827794730cd5ef6cd79d3785cc9c0
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile jackson-datatype-jsr310-2.16.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/io.swagger.core.v3/swagger-core@2.2.22 Evidence Type Source Name Value Confidence Vendor file name jackson-datatype-jsr310 High Vendor jar package name datatype Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jsr310 Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.datatype Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-datatype-jsr310 Highest Vendor pom artifactid jackson-datatype-jsr310 Low Vendor pom developer email nicholas@nicholaswilliams.net Low Vendor pom developer id beamerblvd Medium Vendor pom developer name Nick Williams Medium Vendor pom groupid com.fasterxml.jackson.datatype Highest Vendor pom name Jackson datatype: JSR310 High Vendor pom parent-artifactid jackson-modules-java8 Low Vendor pom parent-groupid com.fasterxml.jackson.module Medium Product file name jackson-datatype-jsr310 High Product jar package name datatype Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jsr310 Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Product Manifest Bundle-Name Jackson datatype: JSR310 Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Product Manifest Implementation-Title Jackson datatype: JSR310 High Product Manifest multi-release true Low Product Manifest specification-title Jackson datatype: JSR310 Medium Product pom artifactid jackson-datatype-jsr310 Highest Product pom developer email nicholas@nicholaswilliams.net Low Product pom developer id beamerblvd Low Product pom developer name Nick Williams Low Product pom groupid com.fasterxml.jackson.datatype Highest Product pom name Jackson datatype: JSR310 High Product pom parent-artifactid jackson-modules-java8 Medium Product pom parent-groupid com.fasterxml.jackson.module Medium Version file version 2.16.2 High Version Manifest Bundle-Version 2.16.2 High Version Manifest Implementation-Version 2.16.2 High Version pom version 2.16.2 Highest
jackson-jaxrs-base-2.8.4.jarDescription:
Pile of code that is shared by all Jackson-based JAX-RS
providers.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.8.4/jackson-jaxrs-base-2.8.4.jar
MD5: a4f28b06972a3a1228f00d391a78c528
SHA1: 6c0ceb3c9fed2e225b0cc2a45533574df393f606
SHA256: f33eebc483f6f23a3afb160a5d0199aa9e932f0bd554a2f04ad0e26b3d80e2dc
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile jackson-jaxrs-base-2.8.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.25.1 Evidence Type Source Name Value Confidence Vendor file name jackson-jaxrs-base High Vendor jar package name base Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jaxrs Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Vendor Manifest implementation-build-date 2016-10-14 04:43:22+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-jaxrs-base Highest Vendor pom artifactid jackson-jaxrs-base Low Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor pom name Jackson-JAXRS-base High Vendor pom parent-artifactid jackson-jaxrs-providers Low Product file name jackson-jaxrs-base High Product jar package name base Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jaxrs Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base Low Product Manifest Bundle-Name Jackson-JAXRS-base Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Product Manifest implementation-build-date 2016-10-14 04:43:22+0000 Low Product Manifest Implementation-Title Jackson-JAXRS-base High Product Manifest specification-title Jackson-JAXRS-base Medium Product pom artifactid jackson-jaxrs-base Highest Product pom groupid com.fasterxml.jackson.jaxrs Highest Product pom name Jackson-JAXRS-base High Product pom parent-artifactid jackson-jaxrs-providers Medium Version file version 2.8.4 High Version Manifest Bundle-Version 2.8.4 High Version Manifest Implementation-Version 2.8.4 High Version pom version 2.8.4 Highest
jackson-jaxrs-json-provider-2.8.4.jarDescription:
Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.8.4/jackson-jaxrs-json-provider-2.8.4.jar
MD5: 1d6803bb4c746d7dc561805d31e831b1
SHA1: 839366ece31829a19cb15719b2b54a3f9f91148d
SHA256: 27e4110361836b62e3fdb8909e058518ef2f0e208ee744b4daf4ce2d644726c7
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile jackson-jaxrs-json-provider-2.8.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jackson-jaxrs-json-provider High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jaxrs Highest Vendor jar package name json Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Vendor Manifest implementation-build-date 2016-10-14 04:43:22+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-jaxrs-json-provider Highest Vendor pom artifactid jackson-jaxrs-json-provider Low Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor pom name Jackson-JAXRS-JSON High Vendor pom parent-artifactid jackson-jaxrs-providers Low Product file name jackson-jaxrs-json-provider High Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jaxrs Highest Product jar package name json Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider Low Product Manifest Bundle-Name Jackson-JAXRS-JSON Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Product Manifest implementation-build-date 2016-10-14 04:43:22+0000 Low Product Manifest Implementation-Title Jackson-JAXRS-JSON High Product Manifest specification-title Jackson-JAXRS-JSON Medium Product pom artifactid jackson-jaxrs-json-provider Highest Product pom groupid com.fasterxml.jackson.jaxrs Highest Product pom name Jackson-JAXRS-JSON High Product pom parent-artifactid jackson-jaxrs-providers Medium Version file version 2.8.4 High Version Manifest Bundle-Version 2.8.4 High Version Manifest Implementation-Version 2.8.4 High Version pom version 2.8.4 Highest
jackson-module-jaxb-annotations-2.8.4.jarDescription:
Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring data binding.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.8.4/jackson-module-jaxb-annotations-2.8.4.jar
MD5: 2f72f2cfedb7f9db842ca4b3cdd4a97a
SHA1: d2eec7cf6c4284f7d5f0b1a72dc7cfa9d6bb579d
SHA256: 07fa24560b69913166d584eb4806e09515e6dd5f2a6858defa1239119466c790
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile jackson-module-jaxb-annotations-2.8.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.25.1 Evidence Type Source Name Value Confidence Vendor file name jackson-module-jaxb-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jaxb Highest Vendor jar package name module Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson-module-jaxb-annotations Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Vendor Manifest implementation-build-date 2016-10-14 03:53:21+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.module Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-module-jaxb-annotations Highest Vendor pom artifactid jackson-module-jaxb-annotations Low Vendor pom groupid com.fasterxml.jackson.module Highest Vendor pom name Jackson module: JAXB-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://github.com/FasterXML/jackson-module-jaxb-annotations Highest Product file name jackson-module-jaxb-annotations High Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jaxb Highest Product jar package name module Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson-module-jaxb-annotations Low Product Manifest Bundle-Name Jackson module: JAXB-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Product Manifest implementation-build-date 2016-10-14 03:53:21+0000 Low Product Manifest Implementation-Title Jackson module: JAXB-annotations High Product Manifest specification-title Jackson module: JAXB-annotations Medium Product pom artifactid jackson-module-jaxb-annotations Highest Product pom groupid com.fasterxml.jackson.module Highest Product pom name Jackson module: JAXB-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://github.com/FasterXML/jackson-module-jaxb-annotations Medium Version file version 2.8.4 High Version Manifest Bundle-Version 2.8.4 High Version Manifest Implementation-Version 2.8.4 High Version pom parent-version 2.8.4 Low Version pom version 2.8.4 Highest
jakarta.activation-1.2.2.jarDescription:
Jakarta Activation License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/jenkins/.m2/repository/com/sun/activation/jakarta.activation/1.2.2/jakarta.activation-1.2.2.jar
MD5: 0b8bee3bf29b9a015f8b992035581a7c
SHA1: 74548703f9851017ce2f556066659438019e7eb5
SHA256: 02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a
Referenced In Project/Scope: Gemma Web:runtime
jakarta.activation-1.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3
Evidence Type Source Name Value Confidence Vendor file name jakarta.activation High Vendor jar package name activation Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname com.sun.activation.jakarta.activation Medium Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.activation Highest Vendor pom artifactid jakarta.activation Low Vendor pom groupid com.sun.activation Highest Vendor pom name Jakarta Activation High Vendor pom parent-artifactid all Low Product file name jakarta.activation High Product jar package name activation Highest Product jar package name javax Highest Product jar package name sun Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Activation Medium Product Manifest bundle-symbolicname com.sun.activation.jakarta.activation Medium Product Manifest extension-name jakarta.activation Medium Product Manifest Implementation-Title javax.activation High Product Manifest specification-title Jakarta Activation Specification Medium Product pom artifactid jakarta.activation Highest Product pom groupid com.sun.activation Highest Product pom name Jakarta Activation High Product pom parent-artifactid all Medium Version file version 1.2.2 High Version Manifest Bundle-Version 1.2.2 High Version Manifest Implementation-Version 1.2.2 High Version pom version 1.2.2 Highest
jakarta.xml.soap-api-1.4.2.jarDescription:
Provides the API for creating and building SOAP messages. License:
Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/jenkins/.m2/repository/jakarta/xml/soap/jakarta.xml.soap-api/1.4.2/jakarta.xml.soap-api-1.4.2.jar
MD5: d19eb8a4a5401296985db733868425e0
SHA1: 4f71fa8ca30be4d04ba658339df3c927fa21209a
SHA256: 0b2e9db574869c09b18e7fe87482be2e4e14b3f3cc8207646595806eede77706
Referenced In Project/Scope: Gemma Web:runtime
jakarta.xml.soap-api-1.4.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3
Evidence Type Source Name Value Confidence Vendor file name jakarta.xml.soap-api High Vendor jar package name soap Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.xml.soap-api Medium Vendor Manifest extension-name jakarta.xml.soap Medium Vendor Manifest implementation-build-id 1.4.2-RELEASE-27e9ccd Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.xml.soap-api Highest Vendor pom artifactid jakarta.xml.soap-api Low Vendor pom developer id lukasj Medium Vendor pom developer name Lukas Jungmann Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid jakarta.xml.soap Highest Vendor pom name Jakarta SOAP with Attachments API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url eclipse-ee4j/saaj-api Highest Product file name jakarta.xml.soap-api High Product jar package name soap Highest Product jar package name xml Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta SOAP with Attachments API Medium Product Manifest bundle-symbolicname jakarta.xml.soap-api Medium Product Manifest extension-name jakarta.xml.soap Medium Product Manifest implementation-build-id 1.4.2-RELEASE-27e9ccd Low Product pom artifactid jakarta.xml.soap-api Highest Product pom developer id lukasj Low Product pom developer name Lukas Jungmann Low Product pom developer org Oracle, Inc. Low Product pom groupid jakarta.xml.soap Highest Product pom name Jakarta SOAP with Attachments API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url eclipse-ee4j/saaj-api High Version file version 1.4.2 High Version Manifest Bundle-Version 1.4.2 High Version Manifest Implementation-Version 1.4.2 High Version pom parent-version 1.4.2 Low Version pom version 1.4.2 Highest
javaparser-core-3.25.10.jarDescription:
The core parser functionality. This may be all you need. License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-3.0.html
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/github/javaparser/javaparser-core/3.25.10/javaparser-core-3.25.10.jar
MD5: 0570ebdb35505af63dbd953106562690
SHA1: ed2d4a9c601507713cf2f6208df4c844fe6447b2
SHA256: 9e80a37f92dd777d715c413a9a227e27a369d4a389ddbf2292cd74faec7e77d0
Referenced In Project/Scope: Gemma Groovy Support:compile
javaparser-core-3.25.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name javaparser-core High Vendor jar package name github Highest Vendor jar package name javaparser Highest Vendor Manifest automatic-module-name com.github.javaparser.core Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-developers matozoid;email="hexagonaal@gmail.com";name="Danny van Bruggen","jgesser@gmail.com";email="jgesser@gmail.com";name="Júlio Vilmar Gesser",sebastiankirsch;email="sebastian.kirsch@immobilienscout24.de";name="Sebastian Kirsch",before;name="André Rouél",SmiddyPence;email="smiddypence@gmail.com";name="Nicholas Smith",ftomassetti;email="federico@tomassetti.me";name="Federico Tomassetti",ptitjes;email="ptitjes@free.fr";name="Didier Villevalois",MysterAitch;name="Roger Howell",MysterAitch;name="Roger Howell",jlerbsc;name="Jean Pierre Lerbscher",maartenc;name="Maarten Coene" Low Vendor Manifest bundle-docurl https://github.com/javaparser/javaparser-core Low Vendor Manifest bundle-symbolicname com.github.javaparser.javaparser-core Medium Vendor pom artifactid javaparser-core Highest Vendor pom artifactid javaparser-core Low Vendor pom groupid com.github.javaparser Highest Vendor pom parent-artifactid javaparser-parent Low Product file name javaparser-core High Product jar package name github Highest Product jar package name javaparser Highest Product Manifest automatic-module-name com.github.javaparser.core Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-developers matozoid;email="hexagonaal@gmail.com";name="Danny van Bruggen","jgesser@gmail.com";email="jgesser@gmail.com";name="Júlio Vilmar Gesser",sebastiankirsch;email="sebastian.kirsch@immobilienscout24.de";name="Sebastian Kirsch",before;name="André Rouél",SmiddyPence;email="smiddypence@gmail.com";name="Nicholas Smith",ftomassetti;email="federico@tomassetti.me";name="Federico Tomassetti",ptitjes;email="ptitjes@free.fr";name="Didier Villevalois",MysterAitch;name="Roger Howell",MysterAitch;name="Roger Howell",jlerbsc;name="Jean Pierre Lerbscher",maartenc;name="Maarten Coene" Low Product Manifest bundle-docurl https://github.com/javaparser/javaparser-core Low Product Manifest Bundle-Name javaparser-core Medium Product Manifest bundle-symbolicname com.github.javaparser.javaparser-core Medium Product pom artifactid javaparser-core Highest Product pom groupid com.github.javaparser Highest Product pom parent-artifactid javaparser-parent Medium Version file version 3.25.10 High Version Manifest Bundle-Version 3.25.10 High Version pom version 3.25.10 Highest
javassist-3.30.2-GA.jarDescription:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: https://www.mozilla.org/en-US/MPL/1.1/
LGPL 2.1: https://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.30.2-GA/javassist-3.30.2-GA.jar
MD5: f5b827b8ddec0629cc7a6d7dafc45999
SHA1: 284580b5e42dfa1b8267058566435d9e93fae7f7
SHA256: eba37290994b5e4868f3af98ff113f6244a6b099385d9ad46881307d3cb01aaf
Referenced In Projects/Scopes: Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma:runtime Gemma Web:runtime Gemma REST:runtime javassist-3.30.2-GA.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/io.swagger.core.v3/swagger-jaxrs2@2.2.22 pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final Evidence Type Source Name Value Confidence Vendor file name javassist High Vendor jar package name bytecode Highest Vendor jar package name javassist Highest Vendor Manifest automatic-module-name org.javassist Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-symbolicname javassist Medium Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor pom artifactid javassist Highest Vendor pom artifactid javassist Low Vendor pom developer email adinn@redhat.com Low Vendor pom developer email chiba@javassist.org Low Vendor pom developer email kabir.khan@jboss.com Low Vendor pom developer email smarlow@redhat.com Low Vendor pom developer id adinn Medium Vendor pom developer id chiba Medium Vendor pom developer id kabir.khan@jboss.com Medium Vendor pom developer id scottmarlow Medium Vendor pom developer name Andrew Dinn Medium Vendor pom developer name Kabir Khan Medium Vendor pom developer name Scott Marlow Medium Vendor pom developer name Shigeru Chiba Medium Vendor pom developer org JBoss Medium Vendor pom developer org The Javassist Project Medium Vendor pom developer org URL https://www.javassist.org/ Medium Vendor pom developer org URL https://www.jboss.org/ Medium Vendor pom groupid org.javassist Highest Vendor pom name Javassist High Vendor pom organization name Shigeru Chiba, www.javassist.org High Vendor pom url https://www.javassist.org/ Highest Product file name javassist High Product jar package name bytecode Highest Product jar package name javassist Highest Product Manifest automatic-module-name org.javassist Medium Product Manifest build-jdk-spec 21 Low Product Manifest Bundle-Name Javassist Medium Product Manifest bundle-symbolicname javassist Medium Product Manifest specification-title Javassist Medium Product pom artifactid javassist Highest Product pom developer email adinn@redhat.com Low Product pom developer email chiba@javassist.org Low Product pom developer email kabir.khan@jboss.com Low Product pom developer email smarlow@redhat.com Low Product pom developer id adinn Low Product pom developer id chiba Low Product pom developer id kabir.khan@jboss.com Low Product pom developer id scottmarlow Low Product pom developer name Andrew Dinn Low Product pom developer name Kabir Khan Low Product pom developer name Scott Marlow Low Product pom developer name Shigeru Chiba Low Product pom developer org JBoss Low Product pom developer org The Javassist Project Low Product pom developer org URL https://www.javassist.org/ Low Product pom developer org URL https://www.jboss.org/ Low Product pom groupid org.javassist Highest Product pom name Javassist High Product pom organization name Shigeru Chiba, www.javassist.org Low Product pom url https://www.javassist.org/ Medium Version pom version 3.30.2-GA Highest
javax.activation-api-1.2.0.jarDescription:
JavaBeans Activation Framework API jar License:
https://github.com/javaee/activation/blob/master/LICENSE.txt File Path: /home/jenkins/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256: 43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile javax.activation-api-1.2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/javax.xml.bind/jaxb-api@2.3.1 pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name javax.activation-api High Vendor jar package name activation Highest Vendor jar package name javax Highest Vendor Manifest automatic-module-name java.activation Medium Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname javax.activation-api Medium Vendor Manifest extension-name javax.activation Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest originally-created-by 1.8.0_141 (Oracle Corporation) Low Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid javax.activation-api Highest Vendor pom artifactid javax.activation-api Low Vendor pom groupid javax.activation Highest Vendor pom name JavaBeans Activation Framework API jar High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.activation Medium Product file name javax.activation-api High Product jar package name activation Highest Product jar package name javax Highest Product Manifest automatic-module-name java.activation Medium Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JavaBeans Activation Framework API jar Medium Product Manifest bundle-symbolicname javax.activation-api Medium Product Manifest extension-name javax.activation Medium Product Manifest Implementation-Title javax.activation.javax.activation-api High Product Manifest originally-created-by 1.8.0_141 (Oracle Corporation) Low Product Manifest specification-title javax.activation.javax.activation-api Medium Product pom artifactid javax.activation-api Highest Product pom groupid javax.activation Highest Product pom name JavaBeans Activation Framework API jar High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.activation Medium Version file version 1.2.0 High Version Manifest Bundle-Version 1.2.0 High Version Manifest Implementation-Version 1.2.0 High Version pom version 1.2.0 Highest
javax.annotation-api-1.2.jarDescription:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/jenkins/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256: 5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile javax.annotation-api-1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 Evidence Type Source Name Value Confidence Vendor file name javax.annotation-api High Vendor jar package name annotation Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor Manifest extension-name javax.annotation Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.annotation-api Highest Vendor pom artifactid javax.annotation-api Low Vendor pom developer id mode Medium Vendor pom developer name Rajiv Mordani Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid javax.annotation Highest Vendor pom name API High Vendor pom name ${extension.name} API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://glassfish.java.net Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Product file name javax.annotation-api High Product jar package name annotation Highest Product jar package name javax Highest Product Manifest bundle-docurl https://glassfish.java.net Low Product Manifest Bundle-Name javax.annotation API Medium Product Manifest bundle-symbolicname javax.annotation-api Medium Product Manifest extension-name javax.annotation Medium Product pom artifactid javax.annotation-api Highest Product pom developer id mode Low Product pom developer name Rajiv Mordani Low Product pom developer org Oracle, Inc. Low Product pom groupid javax.annotation Highest Product pom name API High Product pom name ${extension.name} API High Product pom organization name GlassFish Community Low Product pom organization url https://glassfish.java.net Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Version file version 1.2 High Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
javax.inject-2.5.0-b32.jarDescription:
Injection API (JSR 330) version repackaged as OSGi bundle License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/external/javax.inject/2.5.0-b32/javax.inject-2.5.0-b32.jar
MD5: b7e8633eb1e5aad9f44a37a3f3bfa8f5
SHA1: b2fa50c8186a38728c35fe6a9da57ce4cc806923
SHA256: 437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile javax.inject-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name javax.inject High Vendor jar package name inject Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Vendor pom artifactid javax.inject Highest Vendor pom artifactid javax.inject Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom name javax.inject: as OSGi bundle High Vendor pom name javax.inject:${javax-inject.version} as OSGi bundle High Vendor pom parent-artifactid external Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name javax.inject High Product jar package name inject Highest Product jar package name javax Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name javax.inject:1 as OSGi bundle Medium Product Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Product pom artifactid javax.inject Highest Product pom groupid org.glassfish.hk2.external Highest Product pom name javax.inject: as OSGi bundle High Product pom name javax.inject:${javax-inject.version} as OSGi bundle High Product pom parent-artifactid external Medium Product pom parent-groupid org.glassfish.hk2 Medium Version pom version 2.5.0-b32 Highest
javax.mail-1.6.2.jarDescription:
JavaMail API License:
https://javaee.github.io/javamail/LICENSE File Path: /home/jenkins/.m2/repository/com/sun/mail/javax.mail/1.6.2/javax.mail-1.6.2.jar
MD5: 0b81d022797740d72d21620781841374
SHA1: 935151eb71beff17a2ffac15dd80184a99a0514f
SHA256: 45b515e7104944c09e45b9c7bb1ce5dff640486374852dd2b2e80cc3752dfa11
Referenced In Projects/Scopes: Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma Web:runtime Gemma REST:runtime javax.mail-1.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name javax.mail High Vendor jar package name javax Highest Vendor jar package name mail Highest Vendor jar package name provider Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name java.mail Medium Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname com.sun.mail.javax.mail Medium Vendor Manifest extension-name javax.mail Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid javax.mail Highest Vendor pom artifactid javax.mail Low Vendor pom groupid com.sun.mail Highest Vendor pom name JavaMail API High Vendor pom parent-artifactid all Low Product file name javax.mail High Product jar package name javax Highest Product jar package name mail Highest Product jar package name provider Highest Product jar package name sun Highest Product Manifest automatic-module-name java.mail Medium Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JavaMail API Medium Product Manifest bundle-symbolicname com.sun.mail.javax.mail Medium Product Manifest extension-name javax.mail Medium Product Manifest Implementation-Title javax.mail High Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Product Manifest specification-title JavaMail(TM) API Design Specification Medium Product pom artifactid javax.mail Highest Product pom groupid com.sun.mail Highest Product pom name JavaMail API High Product pom parent-artifactid all Medium Version file version 1.6.2 High Version Manifest Bundle-Version 1.6.2 High Version Manifest Implementation-Version 1.6.2 High Version pom version 1.6.2 Highest
javax.resource-api-1.7.1.jarDescription:
Java EE Connector Architecture API License:
CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /home/jenkins/.m2/repository/javax/resource/javax.resource-api/1.7.1/javax.resource-api-1.7.1.jar
MD5: 41f26638ff807ef37845d6d89ef0e694
SHA1: f86b4d697ecd992ec6c4c6053736db16d41dc57f
SHA256: c75bd698263abd9c8c773e3b433a4da2c983fbc92a0a4ef5fc3286e62f41e411
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile javax.resource-api-1.7.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name javax.resource-api High Vendor jar package name connector Highest Vendor jar package name javax Highest Vendor jar package name resource Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname javax.resource-api Medium Vendor Manifest extension-name javax.resource Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.resource-api Highest Vendor pom artifactid javax.resource-api Low Vendor pom developer id sivakumart Medium Vendor pom developer name Sivakumar Thyagarajan Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid javax.resource Highest Vendor pom name API High Vendor pom name ${extension.name} API High Vendor pom organization name Oracle Corporation High Vendor pom organization url http://www.oracle.com/ Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url javaee/javax.resource Highest Product file name javax.resource-api High Product jar package name connector Highest Product jar package name javax Highest Product jar package name resource Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name javax.resource API Medium Product Manifest bundle-symbolicname javax.resource-api Medium Product Manifest extension-name javax.resource Medium Product pom artifactid javax.resource-api Highest Product pom developer id sivakumart Low Product pom developer name Sivakumar Thyagarajan Low Product pom developer org Oracle, Inc. Low Product pom groupid javax.resource Highest Product pom name API High Product pom name ${extension.name} API High Product pom organization name Oracle Corporation Low Product pom organization url http://www.oracle.com/ Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url javaee/javax.resource High Version file version 1.7.1 High Version Manifest Bundle-Version 1.7.1 High Version Manifest Implementation-Version 1.7.1 High Version pom parent-version 1.7.1 Low Version pom version 1.7.1 Highest
javax.servlet-api-3.1.0.jarDescription:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/jenkins/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: Gemma REST:provided
javax.servlet-api-3.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1
Evidence Type Source Name Value Confidence Vendor file name javax.servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor Manifest extension-name javax.servlet Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet-api Highest Vendor pom artifactid javax.servlet-api Low Vendor pom developer id mode Medium Vendor pom developer id swchan2 Medium Vendor pom developer name Rajiv Mordani Medium Vendor pom developer name Shing Wai Chan Medium Vendor pom developer org Oracle Medium Vendor pom groupid javax.servlet Highest Vendor pom name Java Servlet API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://glassfish.dev.java.net Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://servlet-spec.java.net Highest Vendor pom (hint) developer org sun Medium Product file name javax.servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product Manifest Bundle-Name Java Servlet API Medium Product Manifest bundle-symbolicname javax.servlet-api Medium Product Manifest extension-name javax.servlet Medium Product pom artifactid javax.servlet-api Highest Product pom developer id mode Low Product pom developer id swchan2 Low Product pom developer name Rajiv Mordani Low Product pom developer name Shing Wai Chan Low Product pom developer org Oracle Low Product pom groupid javax.servlet Highest Product pom name Java Servlet API High Product pom organization name GlassFish Community Low Product pom organization url https://glassfish.dev.java.net Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://servlet-spec.java.net Medium Version file version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom parent-version 3.1.0 Low Version pom version 3.1.0 Highest
javax.transaction-api-1.3.jarDescription:
Project GlassFish Java Transaction API License:
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.transaction/blob/master/LICENSE File Path: /home/jenkins/.m2/repository/javax/transaction/javax.transaction-api/1.3/javax.transaction-api-1.3.jar
MD5: 6e9cb1684621821248b6823143ae26c0
SHA1: e006adf5cf3cca2181d16bd640ecb80148ec0fce
SHA256: 603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile javax.transaction-api-1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/javax.resource/javax.resource-api@1.7.1 pkg:maven/javax.resource/javax.resource-api@1.7.1 pkg:maven/javax.resource/javax.resource-api@1.7.1 pkg:maven/javax.resource/javax.resource-api@1.7.1 pkg:maven/javax.resource/javax.resource-api@1.7.1 pkg:maven/javax.resource/javax.resource-api@1.7.1 Evidence Type Source Name Value Confidence Vendor file name javax.transaction-api High Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest automatic-module-name java.transaction Medium Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor Manifest bundle-symbolicname javax.transaction-api Medium Vendor Manifest extension-name javax.transaction Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.transaction-api Highest Vendor pom artifactid javax.transaction-api Low Vendor pom developer id stephen_felts Medium Vendor pom developer name Stephen Felts Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid javax.transaction Highest Vendor pom name API High Vendor pom name ${extension.name} API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://glassfish.java.net Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jta-spec.java.net Highest Product file name javax.transaction-api High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest automatic-module-name java.transaction Medium Product Manifest bundle-docurl https://glassfish.java.net Low Product Manifest Bundle-Name javax.transaction API Medium Product Manifest bundle-symbolicname javax.transaction-api Medium Product Manifest extension-name javax.transaction Medium Product pom artifactid javax.transaction-api Highest Product pom developer id stephen_felts Low Product pom developer name Stephen Felts Low Product pom developer org Oracle, Inc. Low Product pom groupid javax.transaction Highest Product pom name API High Product pom name ${extension.name} API High Product pom organization name GlassFish Community Low Product pom organization url https://glassfish.java.net Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jta-spec.java.net Medium Version file version 1.3 High Version Manifest Bundle-Version 1.3 High Version Manifest Implementation-Version 1.3 High Version pom parent-version 1.3 Low Version pom version 1.3 Highest
javax.ws.rs-api-2.0.1.jarDescription:
Java API for RESTful Web Services (JAX-RS) License:
CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256: 38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile javax.ws.rs-api-2.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name javax.ws.rs-api High Vendor hint analyzer vendor web services Medium Vendor jar package name javax Highest Vendor jar package name rs Highest Vendor jar package name ws Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname javax.ws.rs-api Medium Vendor Manifest extension-name javax.ws.rs Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.ws.rs-api Highest Vendor pom artifactid javax.ws.rs-api Low Vendor pom developer email m_potociar@java.net Low Vendor pom developer email spericas@java.net Low Vendor pom developer id Marek Medium Vendor pom developer id Santiago Medium Vendor pom developer name Marek Potociar Medium Vendor pom developer name Santiago Pericas-Geertsen Medium Vendor pom developer org Oracle Medium Vendor pom developer org URL http://jax-rs-spec.java.net Medium Vendor pom groupid javax.ws.rs Highest Vendor pom name javax.ws.rs-api High Vendor pom organization name Oracle Corporation High Vendor pom organization url http://www.oracle.com/ Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jax-rs-spec.java.net Highest Vendor pom (hint) developer org sun Medium Product file name javax.ws.rs-api High Product hint analyzer product web services Medium Product jar package name javax Highest Product jar package name rs Highest Product jar package name ws Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name javax.ws.rs-api Medium Product Manifest bundle-symbolicname javax.ws.rs-api Medium Product Manifest extension-name javax.ws.rs Medium Product pom artifactid javax.ws.rs-api Highest Product pom developer email m_potociar@java.net Low Product pom developer email spericas@java.net Low Product pom developer id Marek Low Product pom developer id Santiago Low Product pom developer name Marek Potociar Low Product pom developer name Santiago Pericas-Geertsen Low Product pom developer org Oracle Low Product pom developer org URL http://jax-rs-spec.java.net Low Product pom groupid javax.ws.rs Highest Product pom name javax.ws.rs-api High Product pom organization name Oracle Corporation Low Product pom organization url http://www.oracle.com/ Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jax-rs-spec.java.net Medium Version file version 2.0.1 High Version Manifest Bundle-Version 2.0.1 High Version Manifest Implementation-Version 2.0.1 High Version pom parent-version 2.0.1 Low Version pom version 2.0.1 Highest
jawr-core-3.9.jarDescription:
Javascript/CSS bundling and compressing tool for java web apps.
By using jawr resources are automatically bundled together and optionally minified and gzipped.
Jawr provides tag libraries to reference a generated bundle either by id or by using the name of any of its members. File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jarMD5: f7615f9921db47ae876992bc36dc9c08SHA1: ec6f341cf39fca76a16b4bfde3a0afe3ff434490SHA256: a81958004d12f4f2d68aa5594ba9a0415e808e3e2b85695eeddaacfdb03ff60aReferenced In Project/Scope: Gemma Web:compilejawr-core-3.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jawr-core High Vendor jar package name jawr Highest Vendor jar package name net Highest Vendor jar package name web Highest Vendor Manifest Implementation-Vendor-Id net.jawr Medium Vendor pom artifactid jawr-core Highest Vendor pom artifactid jawr-core Low Vendor pom groupid net.jawr Highest Vendor pom parent-artifactid jawr-core-parent Low Product file name jawr-core High Product jar package name jawr Highest Product jar package name net Highest Product jar package name web Highest Product Manifest Implementation-Title jawr-core High Product pom artifactid jawr-core Highest Product pom groupid net.jawr Highest Product pom parent-artifactid jawr-core-parent Medium Version file version 3.9 High Version Manifest Implementation-Version 3.9 High Version pom version 3.9 Highest
jawr-core-3.9.jar: ast.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/ast.jsMD5: 88a0db839d73b9b941253581b467b8caSHA1: 26479c7ce811d1a7c5c58fbd93e7f2d4db25dc62SHA256: 4504323b016635f562e5b3bde2a3f68afa399abee068495aadcd03e4be9af429Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: autoprefixer-6.4.0.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/css/autoprefixer/autoprefixer-6.4.0.jsMD5: 0cc2a262e1cc40313125f4c8cb36d974SHA1: df339e8414354ca23fdf96e145e6aaa3bfc75822SHA256: 0dc3a5016e6695eabd8a42a10bacd045b6d4b275d8962a1e9d536145ff05f4b3Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: coffee-script.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/generator/js/coffee/coffee-script.jsMD5: a34aca4e292396656e782c33f0cdde06SHA1: cee97110b12583c1c733a41d8e8a125871325848SHA256: 1e0f62cec3f92a31c6379bbbbef1981826da8e0db8386c83144a1395fe3fbff3Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: compress.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/compress.jsMD5: 67c908f5154e5c975b82e70fb0d52388SHA1: 97243ef8bf8b57b80fdbb2fe85d6950f7c9aaad0SHA256: b661216111b62743875829b5d55999ee3c360780d30ad864476fd91e030e5aafReferenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: debughandler.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/handler/debughandler.jsMD5: b6e5ad55e4f2c22dc74ed9b8fdac4a58SHA1: 5ebebf793220961828e1ad0a3d0e62c6423a2ef6SHA256: bc0ef32cd1d58c035da2f86074e3ef402f31d80d51ff029c0f2fa066e28349fdReferenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: handler.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/handler/handler.jsMD5: abf91a2a3ba2fb1198d74602a746a4dcSHA1: db273638c7bb320d9f966f61e4f6f4ca51653c74SHA256: d17757648046347523923287cacb2d24f38c15d0cf92956e790f8504620ef8d6Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: messages.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/message/messages.jsMD5: eca5658057e833a2f2c6eea369b7bcd6SHA1: 981ed765c1ba377b95620a5a5ad8eafde13f62b1SHA256: fb4367def7dcfe5649f1bff65a052599bff87c680ab94d1d7bfaa23970c7764fReferenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: mozilla-ast.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/mozilla-ast.jsMD5: dfbbf71fdb0f8028ad3b5772dcf27f06SHA1: de4c04e57f8247e749883b3e552883394492a2bbSHA256: 87d6adbee4254fbe8bab007867e32e7c6956543d8ae354b918e6c8cf130e6da5Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: output.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/output.jsMD5: 1962439b6a14d2e734222fe186af3153SHA1: 9bad75fa654713be92ac0f83a76d0bc254268361SHA256: b47ae1ceb6a5fbc4b7d07ba28c1e6bed5c3f6143458333b68f7e25404b60ab3dReferenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: parse.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/parse.jsMD5: 3c1660c79dc7d4ddc7dace93a8d450c3SHA1: 83766183c7f895c2c560fe70a5f6221918a174dbSHA256: f62e15220df14f77fa6413cda0686cffbdec072965608727d7b088fb2eb7f8b8Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: scope.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/scope.jsMD5: 642e3430fdd7fa75eea5da73a8032beaSHA1: 096c26739f772a453549e67db4cf9845b3336e07SHA256: bd18b62a782b82430c1a374e40aaac2801bdc34232addebe300d5351bf8b3f5eReferenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: skinSwitcher.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/skin/skinSwitcher.jsMD5: ee7e736b4e7b5f7162a014e8ec1b5bb1SHA1: a3b36057dc4fc880f6d9357c7906a3243bc42138SHA256: 3f9bf157100f1221f9cbbc2d9c10a4358072492811b60448453ddc63910d78e7Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: sourcemap.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/sourcemap.jsMD5: 4fd7a5887bea88c733a172bdb9137045SHA1: 8b22176a5d25d805314d14aaaf9aef3e7ebf10a5SHA256: 62ef638a1b7ceae6fd9143af2c22ed879315d1f1f03b80bd1ff23601871cb105Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: transform.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/transform.jsMD5: 3fd499cf194d134a67f59feb74e66fa8SHA1: 8aa30c863932ffb23b24d13e32dd2cabbae29229SHA256: 7b9219d4c07dd4d6146a943a73c53a8d076e088caeb1a6ddd62a7f574a2f89f5Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: uglify.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/uglify.jsMD5: 839fd49f036373f9678f5ef59b66fc0aSHA1: df0f9445af7ad49cd649b9a25bfba708a1dc698cSHA256: d49d49eccfaa0c005b5313c866e3701c3f75297746213c932cc35b0855232dffReferenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-core-3.9.jar: utils.jsFile Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/utils.jsMD5: fd34223fc69025f3d960f50977212fc3SHA1: 9ce312e98d7280eb308d9f4eaa622b1a87684f7bSHA256: 52cee710c8136e8c32eea2d4f3bae1c9febe8b35eccb592b6f738ccb77578330Referenced In Project/Scope: Gemma Web:compile
Evidence Type Source Name Value Confidence
jawr-dwr2.x-extension-3.9.jarDescription:
This module provides dwr2.x support in Jawr File Path: /home/jenkins/.m2/repository/net/jawr/extensions/jawr-dwr2.x-extension/3.9/jawr-dwr2.x-extension-3.9.jarMD5: dba4f13687996017c0b5b3ea081d1f73SHA1: 189505de6950cf9b6d7c6a9ab396e7b9539ea82eSHA256: 5b42e2ce185b283a2a3c8e7b97822e535c75e292af37f85fb83c6f88d8ddd0d3Referenced In Project/Scope: Gemma Web:runtimejawr-dwr2.x-extension-3.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jawr-dwr2.x-extension High Vendor jar package name jawr Highest Vendor jar package name net Highest Vendor Manifest Implementation-Vendor-Id net.jawr.extensions Medium Vendor pom artifactid jawr-dwr2.x-extension Highest Vendor pom artifactid jawr-dwr2.x-extension Low Vendor pom groupid net.jawr.extensions Highest Vendor pom parent-artifactid jawr-dwr2.x-parent Low Product file name jawr-dwr2.x-extension High Product jar package name jawr Highest Product jar package name net Highest Product Manifest Implementation-Title jawr-dwr2.x-extension High Product pom artifactid jawr-dwr2.x-extension Highest Product pom groupid net.jawr.extensions Highest Product pom parent-artifactid jawr-dwr2.x-parent Medium Version file version 3.9 High Version Manifest Implementation-Version 3.9 High Version pom version 3.9 Highest
jaxb-api-2.3.1.jarDescription:
JAXB (JSR 222) API License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /home/jenkins/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256: 88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jaxb-api-2.3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jaxb-api High Vendor jar package name bind Highest Vendor jar package name javax Highest Vendor jar package name jaxb Highest Vendor jar package name xml Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname jaxb-api Medium Vendor Manifest extension-name javax.xml.bind Medium Vendor Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jaxb-api Highest Vendor pom artifactid jaxb-api Low Vendor pom groupid javax.xml.bind Highest Vendor pom parent-artifactid jaxb-api-parent Low Product file name jaxb-api High Product jar package name bind Highest Product jar package name javax Highest Product jar package name jaxb Highest Product jar package name xml Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jaxb-api Medium Product Manifest bundle-symbolicname jaxb-api Medium Product Manifest extension-name javax.xml.bind Medium Product Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Product Manifest multi-release true Low Product Manifest specification-title jaxb-api Medium Product pom artifactid jaxb-api Highest Product pom groupid javax.xml.bind Highest Product pom parent-artifactid jaxb-api-parent Medium Version file version 2.3.1 High Version Manifest Bundle-Version 2.3.1 High Version pom version 2.3.1 Highest
jboss-ejb3x-4.2.2.GA.jarDescription:
POM was created from install:install-file File Path: /home/jenkins/.m2/repository/jboss/jboss-ejb3x/4.2.2.GA/jboss-ejb3x-4.2.2.GA.jarMD5: d16f3d4ae032297b792b42f54879eeb0SHA1: b11f499d19a6346b1446146307131ec901081bfdSHA256: 17a8db82cd60b9336adc3d13eacc5cf2aaf85f821338503cecad1875e0f6e64cReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jboss-ejb3x-4.2.2.GA.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jboss-ejb3x High Vendor hint analyzer vendor redhat High Vendor Manifest implementation-url http://www.jboss.org/ Low Vendor Manifest Implementation-Vendor JBoss Inc. High Vendor Manifest Implementation-Vendor-Id http://www.jboss.org/ Medium Vendor Manifest specification-vendor JBoss (http://www.jboss.org/) Low Vendor pom artifactid jboss-ejb3x Highest Vendor pom artifactid jboss-ejb3x Low Vendor pom groupid jboss Highest Product file name jboss-ejb3x High Product Manifest Implementation-Title JBoss [Trinity] High Product Manifest implementation-url http://www.jboss.org/ Low Product Manifest specification-title JBoss Medium Product pom artifactid jboss-ejb3x Highest Product pom groupid jboss Highest Version pom version 4.2.2.GA Highest
jboss-logging-3.1.0.GA.jarDescription:
The JBoss Logging Framework License:
GNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt File Path: /home/jenkins/.m2/repository/org/jboss/logging/jboss-logging/3.1.0.GA/jboss-logging-3.1.0.GA.jar
MD5: 735bcea3e47fd715900cfb95ec68b50f
SHA1: c71f2856e7b60efe485db39b37a31811e6c84365
SHA256: dea2fe7895033bdbbe2c1688ad08a0588d9d9b0f17d53349081cc20dda31353e
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jboss-logging-3.1.0.GA.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final Evidence Type Source Name Value Confidence Vendor file name jboss-logging High Vendor hint analyzer vendor redhat Highest Vendor jar package name jboss Highest Vendor jar package name logging Highest Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jboss-logging Highest Vendor pom artifactid jboss-logging Low Vendor pom groupid org.jboss.logging Highest Vendor pom name JBoss Logging 3 High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Vendor pom url http://www.jboss.org Highest Product file name jboss-logging High Product jar package name jboss Highest Product jar package name logging Highest Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest Implementation-Title JBoss Logging 3 High Product Manifest implementation-url http://www.jboss.org Low Product Manifest specification-title JBoss Logging 3 Medium Product pom artifactid jboss-logging Highest Product pom groupid org.jboss.logging Highest Product pom name JBoss Logging 3 High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Product pom url http://www.jboss.org Medium Version Manifest Bundle-Version 3.1.0.GA High Version Manifest Implementation-Version 3.1.0.GA High Version pom parent-version 3.1.0.GA Low Version pom version 3.1.0.GA Highest
jboss-transaction-api_1.1_spec-1.0.1.Final.jarDescription:
The Java Transaction 1.1 API classes License:
Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt File Path: /home/jenkins/.m2/repository/org/jboss/spec/javax/transaction/jboss-transaction-api_1.1_spec/1.0.1.Final/jboss-transaction-api_1.1_spec-1.0.1.Final.jar
MD5: 679cd909d6130e6bf467b291031e1e2d
SHA1: 18f0e1d42f010a8b53aa447bf274a706d5148852
SHA256: d9ccc72cdcf5450fcb8cc614b4930261d5cc5b40da6b3be783308cebcd100723
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jboss-transaction-api_1.1_spec-1.0.1.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final pkg:maven/org.hibernate/hibernate-core@4.2.21.Final Evidence Type Source Name Value Confidence Vendor file name jboss-transaction-api_1.1_spec-1.0.1.Final High Vendor hint analyzer vendor redhat Highest Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest build-timestamp Sat, 17 Mar 2012 11:49:45 -0500 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.spec.javax.transaction.jboss-transaction-api_1.1_spec Medium Vendor Manifest implementation-url http://www.jboss.org/jboss-transaction-api_1.1_spec Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.transaction Medium Vendor Manifest os-arch i386 Low Vendor Manifest os-name Linux Medium Vendor pom artifactid jboss-transaction-api_1.1_spec Highest Vendor pom artifactid jboss-transaction-api_1.1_spec Low Vendor pom groupid org.jboss.spec.javax.transaction Highest Vendor pom name Java Transaction API High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Product file name jboss-transaction-api_1.1_spec-1.0.1.Final High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest build-timestamp Sat, 17 Mar 2012 11:49:45 -0500 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name Java Transaction API Medium Product Manifest bundle-symbolicname org.jboss.spec.javax.transaction.jboss-transaction-api_1.1_spec Medium Product Manifest Implementation-Title Java Transaction API High Product Manifest implementation-url http://www.jboss.org/jboss-transaction-api_1.1_spec Low Product Manifest os-arch i386 Low Product Manifest os-name Linux Medium Product Manifest specification-title JSR 907: Java Transaction API (JTA) Medium Product pom artifactid jboss-transaction-api_1.1_spec Highest Product pom groupid org.jboss.spec.javax.transaction Highest Product pom name Java Transaction API High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Version Manifest Bundle-Version 1.0.1.Final High Version Manifest Implementation-Version 1.0.1.Final High Version pom parent-version 1.0.1.Final Low Version pom version 1.0.1.Final Highest
jdom-1.0.jarFile Path: /home/jenkins/.m2/repository/jdom/jdom/1.0/jdom-1.0.jarMD5: 0b8f97de82fc9529b1028a77125ce4f8SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cecSHA256: 3b23bc3979aec14a952a12aafc483010dc57579775f2ffcacef5256a90eeda02Referenced In Project/Scope: Gemma Web:compilejdom-1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/rome/rome@1.0
Evidence Type Source Name Value Confidence Vendor file name jdom High Vendor jar package name jdom Highest Vendor manifest: org/jdom/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/adapters/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/filter/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/input/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/output/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/transform/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/xpath/ Implementation-Vendor jdom.org Medium Vendor pom artifactid jdom Highest Vendor pom artifactid jdom Low Vendor pom groupid jdom Highest Product file name jdom High Product jar package name adapters Highest Product jar package name filter Highest Product jar package name input Highest Product jar package name jdom Highest Product jar package name output Highest Product jar package name transform Highest Product jar package name xpath Highest Product manifest: org/jdom/ Implementation-Title org.jdom Medium Product manifest: org/jdom/ Specification-Title JDOM Classes Medium Product manifest: org/jdom/adapters/ Implementation-Title org.jdom.adapters Medium Product manifest: org/jdom/adapters/ Specification-Title JDOM Adapter Classes Medium Product manifest: org/jdom/filter/ Implementation-Title org.jdom.filter Medium Product manifest: org/jdom/filter/ Specification-Title JDOM Filter Classes Medium Product manifest: org/jdom/input/ Implementation-Title org.jdom.input Medium Product manifest: org/jdom/input/ Specification-Title JDOM Input Classes Medium Product manifest: org/jdom/output/ Implementation-Title org.jdom.output Medium Product manifest: org/jdom/output/ Specification-Title JDOM Output Classes Medium Product manifest: org/jdom/transform/ Implementation-Title org.jdom.transform Medium Product manifest: org/jdom/transform/ Specification-Title JDOM Transformation Classes Medium Product manifest: org/jdom/xpath/ Implementation-Title org.jdom.xpath Medium Product manifest: org/jdom/xpath/ Specification-Title JDOM XPath Classes Medium Product pom artifactid jdom Highest Product pom groupid jdom Highest Version file version 1.0 High Version manifest: org/jdom/ Implementation-Version 1.0 Medium Version manifest: org/jdom/adapters/ Implementation-Version 1.0 Medium Version manifest: org/jdom/filter/ Implementation-Version 1.0 Medium Version manifest: org/jdom/input/ Implementation-Version 1.0 Medium Version manifest: org/jdom/output/ Implementation-Version 1.0 Medium Version manifest: org/jdom/transform/ Implementation-Version 1.0 Medium Version manifest: org/jdom/xpath/ Implementation-Version 1.0 Medium Version pom version 1.0 Highest
CVE-2021-33813 suppress
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
jena-core-2.13.0.jarDescription:
Jena is a Java framework for building Semantic Web applications. It provides a programmatic environment for RDF, RDFS and OWL, SPARQL and includes a rule-based inference engine. File Path: /home/jenkins/.m2/repository/org/apache/jena/jena-core/2.13.0/jena-core-2.13.0.jarMD5: 21d03d936cee3e62c22978cb73115a28SHA1: 74f2536cd41a23892acd1ef4c016bed29c81994cSHA256: 5423ddf5ca2541311aadad2301743522e52bf86645fbaacc47e3a992aa9bef59Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jena-core-2.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name jena-core High Vendor jar package name jena Highest Vendor jar package name rdf Highest Vendor jar package name sparql Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.jena Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid jena-core Highest Vendor pom artifactid jena-core Low Vendor pom groupid org.apache.jena Highest Vendor pom name Apache Jena - Core High Vendor pom parent-artifactid jena-parent Low Product file name jena-core High Product jar package name jena Highest Product jar package name rdf Highest Product jar package name sparql Highest Product Manifest Implementation-Title Apache Jena - Core High Product Manifest specification-title Apache Jena - Core Medium Product pom artifactid jena-core Highest Product pom groupid org.apache.jena Highest Product pom name Apache Jena - Core High Product pom parent-artifactid jena-parent Medium Version file version 2.13.0 High Version Manifest Implementation-Version 2.13.0 High Version pom parent-version 2.13.0 Low Version pom version 2.13.0 Highest
CVE-2021-39239 suppress
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
jena-iri-1.1.2.jarDescription:
The IRI module provides an implementation of the IRI and URI specifications (RFC 3987 and 3986) which are used across Jena in order to comply with relevant W3C specifications for RDF and SPARQL which require conformance to these specifications.
File Path: /home/jenkins/.m2/repository/org/apache/jena/jena-iri/1.1.2/jena-iri-1.1.2.jarMD5: eca2119771d9114c440014045cbe216bSHA1: 533fb3ae5e839c84227688e7c92c946131d6886eSHA256: 6ecb4f137f9495cedf6ac5ea799905106955092905996c5674989958c12d6d94Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jena-iri-1.1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name jena-iri High Vendor jar package name apache Highest Vendor jar package name iri Highest Vendor jar package name jena Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.jena Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid jena-iri Highest Vendor pom artifactid jena-iri Low Vendor pom groupid org.apache.jena Highest Vendor pom name Apache Jena - IRI High Vendor pom parent-artifactid jena-parent Low Product file name jena-iri High Product jar package name apache Highest Product jar package name iri Highest Product jar package name jena Highest Product Manifest Implementation-Title Apache Jena - IRI High Product Manifest specification-title Apache Jena - IRI Medium Product pom artifactid jena-iri Highest Product pom groupid org.apache.jena Highest Product pom name Apache Jena - IRI High Product pom parent-artifactid jena-parent Medium Version file version 1.1.2 High Version Manifest Implementation-Version 1.1.2 High Version pom parent-version 1.1.2 Low Version pom version 1.1.2 Highest
CVE-2021-39239 suppress
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
jersey-common-2.25.1.jarDescription:
Jersey core common packages License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/jersey/core/jersey-common/2.25.1/jersey-common-2.25.1.jar
MD5: d1f25f421cafb38efb49e2fef0799339
SHA1: 2438ce68d4907046095ab54aa83a6092951b4bbb
SHA256: 4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile jersey-common-2.25.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 Evidence Type Source Name Value Confidence Vendor file name jersey-common High Vendor jar package name glassfish Highest Vendor jar package name jersey Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-common Medium Vendor pom artifactid jersey-common Highest Vendor pom artifactid jersey-common Low Vendor pom groupid org.glassfish.jersey.core Highest Vendor pom name jersey-core-common High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.glassfish.jersey Medium Product file name jersey-common High Product jar package name glassfish Highest Product jar package name jersey Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jersey-core-common Medium Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-common Medium Product pom artifactid jersey-common Highest Product pom groupid org.glassfish.jersey.core Highest Product pom name jersey-core-common High Product pom parent-artifactid project Medium Product pom parent-groupid org.glassfish.jersey Medium Version file version 2.25.1 High Version Manifest Bundle-Version 2.25.1 High Version pom version 2.25.1 Highest
CVE-2021-28168 (OSSINDEX) suppress
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users. CWE-378 Creation of Temporary File With Insecure Permissions
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.glassfish.jersey.core:jersey-common:2.25.1:*:*:*:*:*:*:* jersey-server-2.25.1.jarDescription:
Jersey core server implementation License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/jersey/core/jersey-server/2.25.1/jersey-server-2.25.1.jar
MD5: 92dad916eab7a19c5398838a78ee9cab
SHA1: 276e2ee0fd1cdabf99357fce560c5baab675b1a2
SHA256: 4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile jersey-server-2.25.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jersey-server High Vendor jar package name glassfish Highest Vendor jar package name jersey Highest Vendor jar package name org Highest Vendor jar package name server Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Vendor pom artifactid jersey-server Highest Vendor pom artifactid jersey-server Low Vendor pom groupid org.glassfish.jersey.core Highest Vendor pom name jersey-core-server High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.glassfish.jersey Medium Product file name jersey-server High Product jar package name glassfish Highest Product jar package name jersey Highest Product jar package name org Highest Product jar package name server Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jersey-core-server Medium Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Product pom artifactid jersey-server Highest Product pom groupid org.glassfish.jersey.core Highest Product pom name jersey-core-server High Product pom parent-artifactid project Medium Product pom parent-groupid org.glassfish.jersey Medium Version file version 2.25.1 High Version Manifest Bundle-Version 2.25.1 High Version pom version 2.25.1 Highest
Related Dependencies jersey-client-2.25.1.jarFile Path: /home/jenkins/.m2/repository/org/glassfish/jersey/core/jersey-client/2.25.1/jersey-client-2.25.1.jar MD5: cbc88e55529984d664eb6ef1b65b3684 SHA1: 4d563b1f93352ee9fad597e9e1daf2c6159993c6 SHA256: 10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1 jersey-container-servlet-2.25.1.jarFile Path: /home/jenkins/.m2/repository/org/glassfish/jersey/containers/jersey-container-servlet/2.25.1/jersey-container-servlet-2.25.1.jar MD5: 80ebd9481c44844884fc70ac0ba333b4 SHA1: cf5f7a76fcea38158b890ab7a0142d4db709a882 SHA256: 3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4 pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1 jersey-container-servlet-core-2.25.1.jar jersey-entity-filtering-2.25.1.jarFile Path: /home/jenkins/.m2/repository/org/glassfish/jersey/ext/jersey-entity-filtering/2.25.1/jersey-entity-filtering-2.25.1.jar MD5: 91551b869eaebf55ef5cb84f434f7aab SHA1: 4a5805060f796ec2c9bb1ba0ce91c1db6d889524 SHA256: 34400c6cc739e2084401462c30f969189d1da4bb03b77a7153cd5791f79fbf12 pkg:maven/org.glassfish.jersey.ext/jersey-entity-filtering@2.25.1 jersey-guava-2.25.1.jarFile Path: /home/jenkins/.m2/repository/org/glassfish/jersey/bundles/repackaged/jersey-guava/2.25.1/jersey-guava-2.25.1.jar MD5: 08dc8642c4e990b054882cb4f422f88b SHA1: a2bb4f8208e134cf2cf71dfb8824e42942f7bd06 SHA256: 8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81 pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1 jersey-media-jaxb-2.25.1.jarFile Path: /home/jenkins/.m2/repository/org/glassfish/jersey/media/jersey-media-jaxb/2.25.1/jersey-media-jaxb-2.25.1.jar MD5: 43c2fe9a2848343cb562f855b06b7047 SHA1: 0d7da0beeed5614a3bfd882662faec602699e24b SHA256: 05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1 jersey-media-json-jackson-2.25.1.jarFile Path: /home/jenkins/.m2/repository/org/glassfish/jersey/media/jersey-media-json-jackson/2.25.1/jersey-media-json-jackson-2.25.1.jar MD5: 7cff87698191850f9e4aba8e51a936fc SHA1: 19d1e4276eb7b6386640c344d9e5c01eba7eae5d SHA256: d449a6343389dd06f4440cc4da5b033e65d1197e4193ee7fea737e2ba5c9babe pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.25.1 jersey-spring3-2.25.1.jarFile Path: /home/jenkins/.m2/repository/org/glassfish/jersey/ext/jersey-spring3/2.25.1/jersey-spring3-2.25.1.jar MD5: 88da70c71c3bdf6ae0c88baea2afde9e SHA1: a31bfcd2fcae5beb979d3f41079b6f4020d6fbc9 SHA256: 040f0f7b605450144f0b495b68c721ec08ba7e8ad38a044a8b79a690970d07a2 pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1 jfreechart-1.5.4.jarDescription:
JFreeChart is a class library, written in Java, for generating charts.
Utilising the Java2D API, it supports a wide range of chart types including
bar charts, pie charts, line charts, XY-plots, time series plots, Sankey charts
and more.
License:
GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt File Path: /home/jenkins/.m2/repository/org/jfree/jfreechart/1.5.4/jfreechart-1.5.4.jar
MD5: 36e760314d688997c7e5ad135a3efc44
SHA1: 9a5edddb05a3ca4fbc0628c594e6641a6f36a3b4
SHA256: cd0649b04b64f2638b55c7c3ac24788ff064b777bbbaf1b952f82ee078ed8b81
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jfreechart-1.5.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jfreechart High Vendor jar package name jfree Highest Vendor jar package name jfreechart Highest Vendor jar package name range Highest Vendor jar package name series Highest Vendor jar package name time Highest Vendor jar package name xy Highest Vendor Manifest automatic-module-name org.jfree.jfreechart Medium Vendor Manifest build-jdk-spec 19 Low Vendor pom artifactid jfreechart Highest Vendor pom artifactid jfreechart Low Vendor pom developer email dave@jfree.org Low Vendor pom developer name David Gilbert Medium Vendor pom groupid org.jfree Highest Vendor pom name JFreeChart High Vendor pom organization name JFree.org High Vendor pom organization url http://www.jfree.org/ Medium Vendor pom url http://www.jfree.org/jfreechart/ Highest Product file name jfreechart High Product jar package name jfree Highest Product jar package name jfreechart Highest Product jar package name range Highest Product jar package name series Highest Product jar package name time Highest Product jar package name xy Highest Product Manifest automatic-module-name org.jfree.jfreechart Medium Product Manifest build-jdk-spec 19 Low Product pom artifactid jfreechart Highest Product pom developer email dave@jfree.org Low Product pom developer name David Gilbert Low Product pom groupid org.jfree Highest Product pom name JFreeChart High Product pom organization name JFree.org Low Product pom organization url http://www.jfree.org/ Low Product pom url http://www.jfree.org/jfreechart/ Medium Version file version 1.5.4 High Version pom version 1.5.4 Highest
CVE-2023-52070 (OSSINDEX) suppress
JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. CWE-129 Improper Validation of Array Index
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:* CVE-2024-22949 (OSSINDEX) suppress
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. CWE-476 NULL Pointer Dereference
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:* CVE-2024-23076 (OSSINDEX) suppress
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. CWE-476 NULL Pointer Dereference
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:* jline-2.14.6.jarLicense:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /home/jenkins/.m2/repository/jline/jline/2.14.6/jline-2.14.6.jar
MD5: 480423551649bc6980b43f09e4717272
SHA1: c3aeac59c022bdc497c8c48ed86fa50450e4896a
SHA256: 97d1acaac82409be42e622d7a54d3ae9d08517e8aefdea3d2ba9791150c2f02d
Referenced In Project/Scope: Gemma Groovy Support:compile
jline-2.14.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name jline High Vendor jar package name jline Highest Vendor Manifest bundle-symbolicname jline Medium Vendor pom artifactid jline Highest Vendor pom artifactid jline Low Vendor pom developer email gnodet@gmail.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email mprudhom@gmail.com Low Vendor pom developer id gnodet Medium Vendor pom developer id jdillon Medium Vendor pom developer id mprudhom Medium Vendor pom developer name Guillaume Nodet Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Marc Prud'hommeaux Medium Vendor pom groupid jline Highest Vendor pom name JLine High Product file name jline High Product jar package name jline Highest Product Manifest Bundle-Name JLine Medium Product Manifest bundle-symbolicname jline Medium Product pom artifactid jline Highest Product pom developer email gnodet@gmail.com Low Product pom developer email jason@planet57.com Low Product pom developer email mprudhom@gmail.com Low Product pom developer id gnodet Low Product pom developer id jdillon Low Product pom developer id mprudhom Low Product pom developer name Guillaume Nodet Low Product pom developer name Jason Dillon Low Product pom developer name Marc Prud'hommeaux Low Product pom groupid jline Highest Product pom name JLine High Version file version 2.14.6 High Version Manifest Bundle-Version 2.14.6 High Version pom version 2.14.6 Highest
jniloader-1.1.jarDescription:
Lightweight convenience for loading JNI natives. License:
LGPL: http://www.gnu.org/licenses/lgpl.txt File Path: /home/jenkins/.m2/repository/com/github/fommil/jniloader/1.1/jniloader-1.1.jar
MD5: a9f5b7619b4329c6b6588a5d25164949
SHA1: 4840f897eeb54d67ee14e478f8a45cc9937f3ce1
SHA256: 2f1def54f30e1db5f1e7f2fd600fe2ab331bd6b52037e9a21505c237020b5573
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jniloader-1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name jniloader High Vendor jar package name fommil Highest Vendor jar package name fommil Low Vendor jar package name github Highest Vendor jar package name github Low Vendor jar package name jni Highest Vendor jar package name jni Low Vendor jar package name jniloader Highest Vendor pom artifactid jniloader Highest Vendor pom artifactid jniloader Low Vendor pom developer email sam.halliday@gmail.com Low Vendor pom developer id fommil Medium Vendor pom developer name Sam Halliday Medium Vendor pom groupid com.github.fommil Highest Vendor pom name JniLoader High Vendor pom url fommil/jniloader Highest Product file name jniloader High Product jar package name fommil Highest Product jar package name fommil Low Product jar package name github Highest Product jar package name jni Highest Product jar package name jni Low Product jar package name jniloader Highest Product pom artifactid jniloader Highest Product pom developer email sam.halliday@gmail.com Low Product pom developer id fommil Low Product pom developer name Sam Halliday Low Product pom groupid com.github.fommil Highest Product pom name JniLoader High Product pom url fommil/jniloader High Version file version 1.1 High Version pom version 1.1 Highest
jobmonitoring.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/jobmonitoring.jsMD5: c733b46b2177caff17baa6cdd40dfc25SHA1: 0d524ae4ac11e31a8f7d0e9ec1723903cab89026SHA256: e69cd92dc07381458c9a2967d870a8e86dd95ebfba96caf73eee860056d6a605Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
jquery-2.1.1.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/jquery-2.1.1.jsMD5: ce7814e0aa60981441ac81e0cc845a65SHA1: b4acbc7aeae543111e9f3094fa1a5043dab2000eSHA256: d81cbbba015638a5e168bec3a1c2e954fb91eec76208e787e2421ac7345fc0c4Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 2.1.1 High
CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ info - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b info - https://nvd.nist.gov/vuln/detail/CVE-2019-11358 Vulnerable Software & Versions (NVD):
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,VENDOR_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1 cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK,MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41 cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates (RETIREJS) suppress
jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates Unscored:
References:
jquery-ui-1.10.4.custom.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/jquery-ui-1.10.4.custom.jsMD5: f41eecc8792c6cbd386382b7fadbbcb8SHA1: 14eaa1f6f593ad5be74288de2a1e69f3a85e3b44SHA256: c8efba96a0af8129032a14602d2e522e4cb422dc2cf4fd122f02df5c707b083fReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence Vendor file name jquery-ui High Product file name jquery-ui High Version file version 1.10.4 High
CVE-2021-41182 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc info - https://nvd.nist.gov/vuln/detail/CVE-2021-41182 security-advisories@github.com - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2021-41183 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://bugs.jqueryui.com/ticket/15284 info - https://nvd.nist.gov/vuln/detail/CVE-2021-41183 security-advisories@github.com - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - ISSUE_TRACKING,VENDOR_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2021-41184 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 info - https://nvd.nist.gov/vuln/detail/CVE-2021-41184 security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,PATCH,VENDOR_ADVISORY security-advisories@github.com - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2022-31160 suppress
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:* cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2 cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* jquery.cytoscape.js-cxtmenu.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.js-cxtmenu/jquery.cytoscape.js-cxtmenu.jsMD5: 0876a6218b07b8ee459cc8bed54a85caSHA1: 5c7ea2fdc1a94ef50afe204fcaf981bd94c07c48SHA256: 28448d439ef8de38dbf91526e4877b4818a01a3d23235d5f682afde3a7ac9607Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
jquery.cytoscape.js-panzoom.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.js-panzoom/jquery.cytoscape.js-panzoom.jsMD5: e557936bdee55d04703298f8d048b481SHA1: 7a3f399fa1cfb840067f561cc488180063137560SHA256: 93332a91fc3eaf6ba89e5d0b2b6e409a1fbb0473fef93cb7fb28da811145422cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
jquery.jshowoff.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/jquery.jshowoff.jsMD5: 3f8b169be1571502e5e2fdaa3fc7ff1cSHA1: a7ed3c3f753a702546a38b59b8c0df654589647cSHA256: 4efe2348651fc25f191fec24f7e41bab9821e5c5e59e4154a7fe64f6e9dc5fdfReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
jquery.qtip.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/jquery.qtip.jsMD5: c2063fb73e8498b14d98b7ed1ebbfba9SHA1: c7135dbde869c2f1a8b904e997ea6e131d9c7d7cSHA256: 7268b880abe4387cf6a93889b643ed3578a1683babb5116ecd7a5f48cdb27194Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
jquery.sparkline.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/jquery.sparkline.jsMD5: 928592f222218fff51ad5020b4a7f69dSHA1: 8b43e4a7f7116a00146dc18eec06947bb62ac1c1SHA256: fac66d92386c229eaf21e7a29d7c1cd949eac8d339e31112fae7e650bfaecbe5Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
json-20231013.jarDescription:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There are a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
License:
Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE File Path: /home/jenkins/.m2/repository/org/json/json/20231013/json-20231013.jar
MD5: 1a0702c57783ce9e948252c34644f328
SHA1: e22e0c040fe16f04ffdb85d851d77b07fc05ea52
SHA256: 0f18192df289114e17aa1a0d0a7f8372cc9f5c7e4f7e39adcf8906fe714fa7d3
Referenced In Project/Scope: Gemma Web:compile
json-20231013.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name json-20231013 High Vendor jar package name cdl Highest Vendor jar package name http Highest Vendor jar package name json Highest Vendor jar package name xml Highest Vendor Manifest automatic-module-name org.json Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname json Medium Vendor pom artifactid json Highest Vendor pom artifactid json Low Vendor pom developer email douglas@crockford.com Low Vendor pom developer name Douglas Crockford Medium Vendor pom groupid org.json Highest Vendor pom name JSON in Java High Vendor pom url douglascrockford/JSON-java Highest Product file name json-20231013 High Product jar package name cdl Highest Product jar package name http Highest Product jar package name json Highest Product jar package name xml Highest Product Manifest automatic-module-name org.json Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name JSON in Java Medium Product Manifest bundle-symbolicname json Medium Product pom artifactid json Highest Product pom developer email douglas@crockford.com Low Product pom developer name Douglas Crockford Low Product pom groupid org.json Highest Product pom name JSON in Java High Product pom url douglascrockford/JSON-java High Version file version 20231013 Medium Version pom version 20231013 Highest
jsr305-3.0.2.jarDescription:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile jsr305-3.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Highest Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version pom version 3.0.2 Highest
junit-jupiter-api-5.10.2.jarDescription:
Module "junit-jupiter-api" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.10.2/junit-jupiter-api-5.10.2.jar
MD5: 6e691e23a36de8cbda5cbcc9f31461e3
SHA1: fb55d6e2bce173f35fd28422e7975539621055ef
SHA256: afff77c186cd317275803872fa5133aa801fd6ac40bd91c78a6cf8009b4b17cc
Referenced In Project/Scope: Gemma Groovy Support:compile
junit-jupiter-api-5.10.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name junit-jupiter-api High Vendor jar package name api Highest Vendor jar package name junit Highest Vendor jar package name jupiter Highest Vendor Manifest build-date 2024-02-04 Low Vendor Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Vendor Manifest build-time 09:34:27.111+0100 Low Vendor Manifest bundle-symbolicname junit-jupiter-api Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest specification-vendor junit.org Low Vendor pom artifactid junit-jupiter-api Highest Vendor pom artifactid junit-jupiter-api Low Vendor pom developer email business@johanneslink.net Low Vendor pom developer email derancourt.juliette@gmail.com Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email matthias.merdes@heidelpay.com Low Vendor pom developer email sam@sambrannen.com Low Vendor pom developer email sormuras@gmail.com Low Vendor pom developer email stefan.bechtold@me.com Low Vendor pom developer id bechte Medium Vendor pom developer id jlink Medium Vendor pom developer id juliette-derancourt Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id mmerdes Medium Vendor pom developer id sbrannen Medium Vendor pom developer id sormuras Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Johannes Link Medium Vendor pom developer name Juliette de Rancourt Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Matthias Merdes Medium Vendor pom developer name Sam Brannen Medium Vendor pom developer name Stefan Bechtold Medium Vendor pom groupid org.junit.jupiter Highest Vendor pom name JUnit Jupiter API High Vendor pom url https://junit.org/junit5/ Highest Product file name junit-jupiter-api High Product jar package name api Highest Product jar package name junit Highest Product jar package name jupiter Highest Product Manifest build-date 2024-02-04 Low Product Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Product Manifest build-time 09:34:27.111+0100 Low Product Manifest Bundle-Name JUnit Jupiter API Medium Product Manifest bundle-symbolicname junit-jupiter-api Medium Product Manifest Implementation-Title junit-jupiter-api High Product Manifest specification-title junit-jupiter-api Medium Product pom artifactid junit-jupiter-api Highest Product pom developer email business@johanneslink.net Low Product pom developer email derancourt.juliette@gmail.com Low Product pom developer email mail@marcphilipp.de Low Product pom developer email matthias.merdes@heidelpay.com Low Product pom developer email sam@sambrannen.com Low Product pom developer email sormuras@gmail.com Low Product pom developer email stefan.bechtold@me.com Low Product pom developer id bechte Low Product pom developer id jlink Low Product pom developer id juliette-derancourt Low Product pom developer id marcphilipp Low Product pom developer id mmerdes Low Product pom developer id sbrannen Low Product pom developer id sormuras Low Product pom developer name Christian Stein Low Product pom developer name Johannes Link Low Product pom developer name Juliette de Rancourt Low Product pom developer name Marc Philipp Low Product pom developer name Matthias Merdes Low Product pom developer name Sam Brannen Low Product pom developer name Stefan Bechtold Low Product pom groupid org.junit.jupiter Highest Product pom name JUnit Jupiter API High Product pom url https://junit.org/junit5/ Medium Version file version 5.10.2 High Version Manifest Bundle-Version 5.10.2 High Version Manifest Implementation-Version 5.10.2 High Version pom version 5.10.2 Highest
junit-jupiter-engine-5.10.2.jarDescription:
Module "junit-jupiter-engine" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.10.2/junit-jupiter-engine-5.10.2.jar
MD5: 830301d576c574fbf82320f93f8abacd
SHA1: f1f8fe97bd58e85569205f071274d459c2c4f8cd
SHA256: b6df35da750a546ae932376f11b3c0df841f0c90c7cb2944cd39adb432886e4b
Referenced In Project/Scope: Gemma Groovy Support:compile
junit-jupiter-engine-5.10.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name junit-jupiter-engine High Vendor jar package name engine Highest Vendor jar package name junit Highest Vendor jar package name jupiter Highest Vendor Manifest build-date 2024-02-04 Low Vendor Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Vendor Manifest build-time 09:34:27.111+0100 Low Vendor Manifest bundle-symbolicname junit-jupiter-engine Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest provide-capability org.junit.platform.engine;org.junit.platform.engine=junit-jupiter;version:Version="5.10.2" Low Vendor Manifest specification-vendor junit.org Low Vendor pom artifactid junit-jupiter-engine Highest Vendor pom artifactid junit-jupiter-engine Low Vendor pom developer email business@johanneslink.net Low Vendor pom developer email derancourt.juliette@gmail.com Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email matthias.merdes@heidelpay.com Low Vendor pom developer email sam@sambrannen.com Low Vendor pom developer email sormuras@gmail.com Low Vendor pom developer email stefan.bechtold@me.com Low Vendor pom developer id bechte Medium Vendor pom developer id jlink Medium Vendor pom developer id juliette-derancourt Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id mmerdes Medium Vendor pom developer id sbrannen Medium Vendor pom developer id sormuras Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Johannes Link Medium Vendor pom developer name Juliette de Rancourt Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Matthias Merdes Medium Vendor pom developer name Sam Brannen Medium Vendor pom developer name Stefan Bechtold Medium Vendor pom groupid org.junit.jupiter Highest Vendor pom name JUnit Jupiter Engine High Vendor pom url https://junit.org/junit5/ Highest Product file name junit-jupiter-engine High Product jar package name engine Highest Product jar package name junit Highest Product jar package name jupiter Highest Product Manifest build-date 2024-02-04 Low Product Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Product Manifest build-time 09:34:27.111+0100 Low Product Manifest Bundle-Name JUnit Jupiter Engine Medium Product Manifest bundle-symbolicname junit-jupiter-engine Medium Product Manifest Implementation-Title junit-jupiter-engine High Product Manifest provide-capability org.junit.platform.engine;org.junit.platform.engine=junit-jupiter;version:Version="5.10.2" Low Product Manifest specification-title junit-jupiter-engine Medium Product pom artifactid junit-jupiter-engine Highest Product pom developer email business@johanneslink.net Low Product pom developer email derancourt.juliette@gmail.com Low Product pom developer email mail@marcphilipp.de Low Product pom developer email matthias.merdes@heidelpay.com Low Product pom developer email sam@sambrannen.com Low Product pom developer email sormuras@gmail.com Low Product pom developer email stefan.bechtold@me.com Low Product pom developer id bechte Low Product pom developer id jlink Low Product pom developer id juliette-derancourt Low Product pom developer id marcphilipp Low Product pom developer id mmerdes Low Product pom developer id sbrannen Low Product pom developer id sormuras Low Product pom developer name Christian Stein Low Product pom developer name Johannes Link Low Product pom developer name Juliette de Rancourt Low Product pom developer name Marc Philipp Low Product pom developer name Matthias Merdes Low Product pom developer name Sam Brannen Low Product pom developer name Stefan Bechtold Low Product pom groupid org.junit.jupiter Highest Product pom name JUnit Jupiter Engine High Product pom url https://junit.org/junit5/ Medium Version file version 5.10.2 High Version Manifest Bundle-Version 5.10.2 High Version Manifest Implementation-Version 5.10.2 High Version pom version 5.10.2 Highest
junit-platform-engine-1.10.2.jarDescription:
Module "junit-platform-engine" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.m2/repository/org/junit/platform/junit-platform-engine/1.10.2/junit-platform-engine-1.10.2.jar
MD5: 0bab6a13692441a957234370baae15f0
SHA1: d53bb4e0ce7f211a498705783440614bfaf0df2e
SHA256: 905cba9b4998ccc29d1239085a7fb1fe0e28024d7526152356d810edec0a49a3
Referenced In Project/Scope: Gemma Groovy Support:compile
junit-platform-engine-1.10.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name junit-platform-engine High Vendor jar package name engine Highest Vendor jar package name junit Highest Vendor jar package name platform Highest Vendor Manifest build-date 2024-02-04 Low Vendor Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Vendor Manifest build-time 09:34:27.111+0100 Low Vendor Manifest bundle-symbolicname junit-platform-engine Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest specification-vendor junit.org Low Vendor pom artifactid junit-platform-engine Highest Vendor pom artifactid junit-platform-engine Low Vendor pom developer email business@johanneslink.net Low Vendor pom developer email derancourt.juliette@gmail.com Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email matthias.merdes@heidelpay.com Low Vendor pom developer email sam@sambrannen.com Low Vendor pom developer email sormuras@gmail.com Low Vendor pom developer email stefan.bechtold@me.com Low Vendor pom developer id bechte Medium Vendor pom developer id jlink Medium Vendor pom developer id juliette-derancourt Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id mmerdes Medium Vendor pom developer id sbrannen Medium Vendor pom developer id sormuras Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Johannes Link Medium Vendor pom developer name Juliette de Rancourt Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Matthias Merdes Medium Vendor pom developer name Sam Brannen Medium Vendor pom developer name Stefan Bechtold Medium Vendor pom groupid org.junit.platform Highest Vendor pom name JUnit Platform Engine API High Vendor pom url https://junit.org/junit5/ Highest Product file name junit-platform-engine High Product jar package name engine Highest Product jar package name junit Highest Product jar package name platform Highest Product Manifest build-date 2024-02-04 Low Product Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Product Manifest build-time 09:34:27.111+0100 Low Product Manifest Bundle-Name JUnit Platform Engine API Medium Product Manifest bundle-symbolicname junit-platform-engine Medium Product Manifest Implementation-Title junit-platform-engine High Product Manifest specification-title junit-platform-engine Medium Product pom artifactid junit-platform-engine Highest Product pom developer email business@johanneslink.net Low Product pom developer email derancourt.juliette@gmail.com Low Product pom developer email mail@marcphilipp.de Low Product pom developer email matthias.merdes@heidelpay.com Low Product pom developer email sam@sambrannen.com Low Product pom developer email sormuras@gmail.com Low Product pom developer email stefan.bechtold@me.com Low Product pom developer id bechte Low Product pom developer id jlink Low Product pom developer id juliette-derancourt Low Product pom developer id marcphilipp Low Product pom developer id mmerdes Low Product pom developer id sbrannen Low Product pom developer id sormuras Low Product pom developer name Christian Stein Low Product pom developer name Johannes Link Low Product pom developer name Juliette de Rancourt Low Product pom developer name Marc Philipp Low Product pom developer name Matthias Merdes Low Product pom developer name Sam Brannen Low Product pom developer name Stefan Bechtold Low Product pom groupid org.junit.platform Highest Product pom name JUnit Platform Engine API High Product pom url https://junit.org/junit5/ Medium Version file version 1.10.2 High Version Manifest Bundle-Version 1.10.2 High Version Manifest Implementation-Version 1.10.2 High Version pom version 1.10.2 Highest
Related Dependencies junit-platform-commons-1.10.2.jarFile Path: /home/jenkins/.m2/repository/org/junit/platform/junit-platform-commons/1.10.2/junit-platform-commons-1.10.2.jar MD5: ae199049daca42c359e64974009025c5 SHA1: 3197154a1f0c88da46c47a9ca27611ac7ec5d797 SHA256: b56a5ec000a479df4973b18bba24c98fe0db8faa14c8907d3ef451d8c71fd8ae pkg:maven/org.junit.platform/junit-platform-commons@1.10.2 junit-platform-launcher-1.10.2.jarFile Path: /home/jenkins/.m2/repository/org/junit/platform/junit-platform-launcher/1.10.2/junit-platform-launcher-1.10.2.jar MD5: 8697c2679111235abe01e66adca88773 SHA1: 8125dd29e847ca274dd1a7a9ca54859acc284cb3 SHA256: aed4f42fb90ada9b347c231f13656fc09121ba20dab6dc646a6bd9d4da31e4aa pkg:maven/org.junit.platform/junit-platform-launcher@1.10.2 kotlin-stdlib-1.8.21.jarDescription:
Kotlin Standard Library for JVM License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.8.21/kotlin-stdlib-1.8.21.jar
MD5: e4424cf44b4f8f7cd1517eafdda2f6a7
SHA1: 43d50ab85bc7587adfe3dda3dbe579e5f8d51265
SHA256: 042a1cd1ac976cdcfe5eb63f1d8e0b0b892c9248e15a69c8cfba495d546ea52a
Referenced In Project/Scope: Gemma Web:compile
kotlin-stdlib-1.8.21.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib High Vendor jar package name jvm Highest Vendor jar package name kotlin Highest Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Vendor pom artifactid kotlin-stdlib Highest Vendor pom artifactid kotlin-stdlib Low Vendor pom developer name Kotlin Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL https://www.jetbrains.com Medium Vendor pom groupid org.jetbrains.kotlin Highest Vendor pom name Kotlin Stdlib High Vendor pom url https://kotlinlang.org/ Highest Product file name kotlin-stdlib High Product jar package name jvm Highest Product jar package name kotlin Highest Product Manifest Implementation-Title kotlin-stdlib High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Product pom artifactid kotlin-stdlib Highest Product pom developer name Kotlin Team Low Product pom developer org JetBrains Low Product pom developer org URL https://www.jetbrains.com Low Product pom groupid org.jetbrains.kotlin Highest Product pom name Kotlin Stdlib High Product pom url https://kotlinlang.org/ Medium Version file version 1.8.21 High Version pom version 1.8.21 Highest
Related Dependencies kotlin-stdlib-jdk7-1.8.21.jarFile Path: /home/jenkins/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk7/1.8.21/kotlin-stdlib-jdk7-1.8.21.jar MD5: 0735e3e69d099e8cc8fc03e45be84c46 SHA1: 7473b8cd3c0ef9932345baf569bc398e8a717046 SHA256: 33d148db0e11debd0d90677d28242bced907f9c77730000fd597867089039d86 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk7@1.8.21 kotlin-stdlib-jdk8-1.8.21.jarFile Path: /home/jenkins/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk8/1.8.21/kotlin-stdlib-jdk8-1.8.21.jar MD5: 59e5a79996f1d856ddea6533a1080f86 SHA1: 67f57e154437cd9e6e9cf368394b95814836ff88 SHA256: 3db752a30074f06ee6c57984aa6f27da44f4d2bbc7f5442651f6988f1cb2b7d7 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.21 kotlin-stdlib-common-1.9.10.jarDescription:
Kotlin Common Standard Library License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-common/1.9.10/kotlin-stdlib-common-1.9.10.jar
MD5: de4024a53c843e959f2d50ecd1f0e951
SHA1: dafaf2c27f27c09220cee312df10917d9a5d97ce
SHA256: cde3341ba18a2ba262b0b7cf6c55b20c90e8d434e42c9a13e6a3f770db965a88
Referenced In Project/Scope: Gemma Web:compile
kotlin-stdlib-common-1.9.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib-common High Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor pom artifactid kotlin-stdlib-common Highest Vendor pom artifactid kotlin-stdlib-common Low Vendor pom developer name Kotlin Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL https://www.jetbrains.com Medium Vendor pom groupid org.jetbrains.kotlin Highest Vendor pom name Kotlin Stdlib Common High Vendor pom url https://kotlinlang.org/ Highest Product file name kotlin-stdlib-common High Product Manifest Implementation-Title kotlin-stdlib-common High Product Manifest kotlin-runtime-component Main Low Product pom artifactid kotlin-stdlib-common Highest Product pom developer name Kotlin Team Low Product pom developer org JetBrains Low Product pom developer org URL https://www.jetbrains.com Low Product pom groupid org.jetbrains.kotlin Highest Product pom name Kotlin Stdlib Common High Product pom url https://kotlinlang.org/ Medium Version file version 1.9.10 High Version pom version 1.9.10 Highest
loadExpressionExperiment.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/loadExpressionExperiment.jsMD5: e6072cf74ec8da6871e81b7825db1924SHA1: dceba856a5ede95fb3164afc4252f2db5bd02736SHA256: 3e007370caf579ac11c337ea7eccb9d3343df12e866c594d408061cab0ab69e9Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
log4j-core-2.23.1.jarDescription:
The Apache Log4j Implementation License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-core/2.23.1/log4j-core-2.23.1.jar
MD5: 34fad2df975cf874a2fdf4b797122f16
SHA1: 905802940e2c78042d75b837c136ac477d2b4e4d
SHA256: 7079368005fc34f56248f57f8a8a53361c3a53e9007d556dbc66fc669df081b5
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile log4j-core-2.23.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name log4j-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest provide-capability osgi.service;objectClass:List="javax.annotation.processing.Processor";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.core.util.ContextDataProvider";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.PluginProcessor",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.core.util.ContextDataProvider";register:="org.apache.logging.log4j.core.impl.ThreadContextDataProvider",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";register:="org.apache.logging.log4j.core.message.ExtendedThreadInfoFactory",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.log4j.core.impl.Log4jProvider" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-core Highest Vendor pom artifactid log4j-core Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j Core High Vendor pom parent-artifactid log4j Low Product file name log4j-core High Product jar package name apache Highest Product jar package name core Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Log4j Core Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Product Manifest Implementation-Title Apache Log4j Core High Product Manifest multi-release true Low Product Manifest provide-capability osgi.service;objectClass:List="javax.annotation.processing.Processor";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.core.util.ContextDataProvider";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.PluginProcessor",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.core.util.ContextDataProvider";register:="org.apache.logging.log4j.core.impl.ThreadContextDataProvider",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";register:="org.apache.logging.log4j.core.message.ExtendedThreadInfoFactory",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.log4j.core.impl.Log4jProvider" Low Product Manifest specification-title Apache Log4j Core Medium Product pom artifactid log4j-core Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j Core High Product pom parent-artifactid log4j Medium Version file version 2.23.1 High Version Manifest Bundle-Version 2.23.1 High Version Manifest Implementation-Version 2.23.1 High Version pom version 2.23.1 Highest
Related Dependencies log4j-1.2-api-2.23.1.jarFile Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-1.2-api/2.23.1/log4j-1.2-api-2.23.1.jar MD5: 1f411f575f9a78d132bdc595a581bff9 SHA1: f733b3c818352b0735cb59ca7987e2ce7848ee15 SHA256: 4d0433042361e962656250e1568f0008c9fac2e48c74f53ca51563a14363b927 pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.23.1 log4j-api-2.23.1.jarFile Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-api/2.23.1/log4j-api-2.23.1.jar MD5: bee2e2dcbeeb983bdb6b71c9c3476b6a SHA1: 9c15c29c526d9c6783049c0a77722693c66706e1 SHA256: 92ec1fd36ab3bc09de6198d2d7c0914685c0f7127ea931acc32fd2ecdd82ea89 pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1 log4j-jcl-2.23.1.jarFile Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-jcl/2.23.1/log4j-jcl-2.23.1.jar MD5: 86ad9c896f7f6f534e0e7c180f947abd SHA1: 293ddcca7baf5719e3e0e882c85de18bda8c86c3 SHA256: e14c9fb75eddb0afebe37d7a2d472494aadfd1b092874f18c8b4aaee671b12fa pkg:maven/org.apache.logging.log4j/log4j-jcl@2.23.1 log4j-jul-2.23.1.jarFile Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-jul/2.23.1/log4j-jul-2.23.1.jar MD5: 26b1cf1483bc49501a1fcd63d0c36d33 SHA1: 99b4cc7f25d55777bdec230e1ac7144894c94f0a SHA256: ad0deddf7608747567def82d075c45d6c14747e10c40dd1c91b6ccdea297c502 pkg:maven/org.apache.logging.log4j/log4j-jul@2.23.1 log4j-web-2.23.1.jarFile Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-web/2.23.1/log4j-web-2.23.1.jar MD5: 3ff4d4b7d44b7bdf9a47fb20499fe517 SHA1: 4c0c289ca180a209402e6a1fb249e344d2f1c7cf SHA256: c1e06fcae4d8d42f69a1da62e7dc454d9aa469ad73d474ecdebd408fa7663eb4 pkg:maven/org.apache.logging.log4j/log4j-web@2.23.1 log4j-slf4j-impl-2.23.1.jarDescription:
The Apache Log4j SLF4J API binding to Log4j 2 Core License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.23.1/log4j-slf4j-impl-2.23.1.jar
MD5: c5a27e08e18600d379d0ca72d71838b8
SHA1: 9ef67909a1b4eae999af4c7a211ab2379e4b86c2
SHA256: 210742c8fb85b0dcc26a9d74a32fbc828e0429087dee3d2920d4a76b1eb96d91
Referenced In Projects/Scopes: Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma:runtime Gemma Web:runtime Gemma REST:runtime log4j-slf4j-impl-2.23.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name log4j-slf4j-impl High Vendor jar package name apache Highest Vendor jar package name impl Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.slf4j.impl Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release false Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-slf4j-impl Highest Vendor pom artifactid log4j-slf4j-impl Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j SLF4J Binding High Vendor pom parent-artifactid log4j Low Product file name log4j-slf4j-impl High Product jar package name apache Highest Product jar package name impl Highest Product jar package name logging Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Log4j SLF4J Binding Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.slf4j.impl Medium Product Manifest Implementation-Title Apache Log4j SLF4J Binding High Product Manifest multi-release false Low Product Manifest specification-title Apache Log4j SLF4J Binding Medium Product pom artifactid log4j-slf4j-impl Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j SLF4J Binding High Product pom parent-artifactid log4j Medium Version file version 2.23.1 High Version Manifest Bundle-Version 2.23.1 High Version Manifest Implementation-Version 2.23.1 High Version pom version 2.23.1 Highest
lombok-1.18.32.jarDescription:
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! License:
The MIT License: https://projectlombok.org/LICENSE File Path: /home/jenkins/.m2/repository/org/projectlombok/lombok/1.18.32/lombok-1.18.32.jar
MD5: 56e9be7b9a26802ac0c784ad824f3a29
SHA1: 17d46b3e205515e1e8efd3ee4d57ce8018914163
SHA256: 97574674e2a25f567a313736ace00df8787d443de316407d57fc877d9f19a65d
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lombok-1.18.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lombok High Vendor jar package name java Highest Vendor jar package name lombok Highest Vendor jar package name tostring Highest Vendor Manifest automatic-module-name lombok Medium Vendor Manifest can-redefine-classes true Low Vendor pom artifactid lombok Highest Vendor pom artifactid lombok Low Vendor pom developer email reinier@projectlombok.org Low Vendor pom developer email roel@projectlombok.org Low Vendor pom developer id rspilker Medium Vendor pom developer id rzwitserloot Medium Vendor pom developer name Reinier Zwitserloot Medium Vendor pom developer name Roel Spilker Medium Vendor pom groupid org.projectlombok Highest Vendor pom name Project Lombok High Vendor pom url https://projectlombok.org Highest Product file name lombok High Product jar package name java Highest Product jar package name lombok Highest Product jar package name tostring Highest Product Manifest automatic-module-name lombok Medium Product Manifest can-redefine-classes true Low Product pom artifactid lombok Highest Product pom developer email reinier@projectlombok.org Low Product pom developer email roel@projectlombok.org Low Product pom developer id rspilker Low Product pom developer id rzwitserloot Low Product pom developer name Reinier Zwitserloot Low Product pom developer name Roel Spilker Low Product pom groupid org.projectlombok Highest Product pom name Project Lombok High Product pom url https://projectlombok.org Medium Version file version 1.18.32 High Version Manifest lombok-version 1.18.32 Medium Version pom version 1.18.32 Highest
lombok-1.18.32.jar: mavenEcjBootstrapAgent.jarFile Path: /home/jenkins/.m2/repository/org/projectlombok/lombok/1.18.32/lombok-1.18.32.jar/lombok/launch/mavenEcjBootstrapAgent.jarMD5: 81090c80616485973f6cd4a19d72bbdbSHA1: ed1e7c8794dea7c7f7050098d56b2751b9f91288SHA256: e97851350e56f4d1b02356ef61276886831e3a5e33a914ea95e878e2a46df69eReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile Evidence Type Source Name Value Confidence Vendor file name mavenEcjBootstrapAgent High Vendor jar package name launch Low Vendor jar package name lombok Low Vendor Manifest can-redefine-classes true Low Product file name mavenEcjBootstrapAgent High Product jar package name launch Low Product Manifest can-redefine-classes true Low
lucene-analyzers-3.6.2.jarDescription:
Additional Analyzers File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-analyzers/3.6.2/lucene-analyzers-3.6.2.jarMD5: 13f8241b6991bd1349c05369a7c0f002SHA1: 3a083510dcb0d0fc67f8456cdac6f48aa0da2993SHA256: 82f9f78ff2143f1895ac04500aa47fdac3c52632a08522dde7dbb0f0c082801fReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-analyzers-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name lucene-analyzers High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-analyzers Highest Vendor pom artifactid lucene-analyzers Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Common Analyzers High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-analyzers High Product jar package name apache Highest Product jar package name lucene Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: analyzers Medium Product pom artifactid lucene-analyzers Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Common Analyzers High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-core-3.6.2.jarDescription:
Apache Lucene Java Core File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-core/3.6.2/lucene-core-3.6.2.jarMD5: ee396d04f5a35557b424025f5382c815SHA1: 9ec77e2507f9cc01756964c71d91efd8154a8c47SHA256: cef4436bae85c31417443284f736e321511cd1615268103378a9bf00b1df036dReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-core-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lucene-core High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-core Highest Vendor pom artifactid lucene-core Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Core High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-core High Product jar package name apache Highest Product jar package name lucene Highest Product jar package name search Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: core Medium Product pom artifactid lucene-core Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Core High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-facet-3.6.2.jarDescription:
Package for Faceted Indexing and Search
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-facet/3.6.2/lucene-facet-3.6.2.jarMD5: c14d30cca1f61cfcc16678db730516f1SHA1: 72ae9f9115c4beb5f3e32b71966723a10cf4c083SHA256: 62ad5faecbf0f2da93ce495395d432e02e7715accaa0c074c94ec760e9de60faReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-facet-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lucene-facet High Vendor jar package name apache Highest Vendor jar package name facet Highest Vendor jar package name lucene Highest Vendor jar package name search Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-facet Highest Vendor pom artifactid lucene-facet Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Facets High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-facet High Product jar package name apache Highest Product jar package name facet Highest Product jar package name lucene Highest Product jar package name search Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: facet Medium Product pom artifactid lucene-facet Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Facets High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-grouping-3.6.2.jarDescription:
Lucene Grouping Module File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-grouping/3.6.2/lucene-grouping-3.6.2.jarMD5: 14598baf52660d5a1f282791ce09cc70SHA1: 77c16722fc1ab2a42634dde6478ed2662c0a061aSHA256: b1ac49babb6d325105b6646807d9abec97f3007a9bff581870e8f2b882d6dc10Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-grouping-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lucene-grouping High Vendor jar package name apache Highest Vendor jar package name grouping Highest Vendor jar package name lucene Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-grouping Highest Vendor pom artifactid lucene-grouping Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Grouping High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-grouping High Product jar package name apache Highest Product jar package name grouping Highest Product jar package name lucene Highest Product jar package name search Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: grouping Medium Product pom artifactid lucene-grouping Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Grouping High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-highlighter-3.6.2.jarDescription:
This is the highlighter for apache lucene java
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-highlighter/3.6.2/lucene-highlighter-3.6.2.jarMD5: f75c4869b55c060e2a313f6416ee68cfSHA1: a90682c6bc0b9e105bd260c9a041fefea9579e46SHA256: 377b2ddcb7c902daf5dd3d22a1ff5b8da4ad6f7fd6c5e5da4731d17a8d935534Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-highlighter-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final Evidence Type Source Name Value Confidence Vendor file name lucene-highlighter High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-highlighter Highest Vendor pom artifactid lucene-highlighter Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Highlighter High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-highlighter High Product jar package name apache Highest Product jar package name lucene Highest Product jar package name search Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: highlighter Medium Product pom artifactid lucene-highlighter Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Highlighter High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-kuromoji-3.6.2.jarDescription:
Lucene Kuromoji Japanese Morphological Analyzer
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-kuromoji/3.6.2/lucene-kuromoji-3.6.2.jarMD5: d8d1afc4ab28eee2f775e01b39808e78SHA1: f117e4b867987406b26069bb0fbd889ace21baddSHA256: 63f249909f29cf7b796a47a3816a72b30b2062ee37d2ce97942dfbc96e409bdaReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-kuromoji-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lucene-kuromoji High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-kuromoji Highest Vendor pom artifactid lucene-kuromoji Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Kuromoji Japanese Morphological Analyzer High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-kuromoji High Product jar package name apache Highest Product jar package name lucene Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: kuromoji Medium Product pom artifactid lucene-kuromoji Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Kuromoji Japanese Morphological Analyzer High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-memory-3.6.2.jarDescription:
High-performance single-document index to compare against Query
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-memory/3.6.2/lucene-memory-3.6.2.jarMD5: 765143db9e68cf91ac1c2070a2db6769SHA1: 11846819b2f661b229d6ce861bc857774c0c4cdbSHA256: d99058d68f4853457f47957a84b7a41078c3afd5a377735d82eaf4fc99f23415Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-memory-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final Evidence Type Source Name Value Confidence Vendor file name lucene-memory High Vendor jar package name apache Highest Vendor jar package name index Highest Vendor jar package name lucene Highest Vendor jar package name memory Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-memory Highest Vendor pom artifactid lucene-memory Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Memory High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-memory High Product jar package name apache Highest Product jar package name index Highest Product jar package name lucene Highest Product jar package name memory Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: memory Medium Product pom artifactid lucene-memory Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Memory High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-misc-3.6.2.jarDescription:
Miscellaneous Lucene extensions File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-misc/3.6.2/lucene-misc-3.6.2.jarMD5: eecbfe3cf5b047a9dab6933ee44f24d9SHA1: 2e64f8dc9cc1df63f98426aa46aae0f5fe8cee13SHA256: 4f957c6489be9337178167c874074742e39e3b8ea10d8b83de79704415db1642Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-misc-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lucene-misc High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor jar package name misc Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-misc Highest Vendor pom artifactid lucene-misc Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Miscellaneous High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-misc High Product jar package name apache Highest Product jar package name lucene Highest Product jar package name misc Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: misc Medium Product pom artifactid lucene-misc Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Miscellaneous High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-phonetic-3.6.2.jarDescription:
Phonetic Analyzer File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-phonetic/3.6.2/lucene-phonetic-3.6.2.jarMD5: 9bca3c6ca60efa9cbeb097c9fc3f6d30SHA1: 89268de870916789e041e676a2888c8a7d6e0ea2SHA256: cc987497e66ba8c12970c080671247f029dadeb2d9ab7dae10363a6bb5430845Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-phonetic-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lucene-phonetic High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor jar package name phonetic Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-phonetic Highest Vendor pom artifactid lucene-phonetic Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Phonetic Analyzer High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-phonetic High Product jar package name apache Highest Product jar package name lucene Highest Product jar package name phonetic Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: phonetic Medium Product pom artifactid lucene-phonetic Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Phonetic Analyzer High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-smartcn-3.6.2.jarDescription:
Smart Chinese Analyzer File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-smartcn/3.6.2/lucene-smartcn-3.6.2.jarMD5: 3935444a27b519b8e11b411f81b53446SHA1: e86dfea83d8fa5062145025c1f06ca27f9a49cabSHA256: e4f24de68ac692c11fa6c906653599f0c50445f65b8af84d44d27afeeb909735Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-smartcn-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final Evidence Type Source Name Value Confidence Vendor file name lucene-smartcn High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-smartcn Highest Vendor pom artifactid lucene-smartcn Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Smart Chinese Analyzer High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-smartcn High Product jar package name apache Highest Product jar package name lucene Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: smartcn Medium Product pom artifactid lucene-smartcn Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Smart Chinese Analyzer High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-spatial-3.6.2.jarDescription:
Spatial search package File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-spatial/3.6.2/lucene-spatial-3.6.2.jarMD5: 85f76ee4b163cc6d13b36e225add5603SHA1: 52e29032cfadec88dfe604257106ac038260b53bSHA256: 53139893aec0b576f3816592dda7051595759b1848e776d93e5b6efdd8c6f14eReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-spatial-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lucene-spatial High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor jar package name spatial Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-spatial Highest Vendor pom artifactid lucene-spatial Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Spatial High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-spatial High Product jar package name apache Highest Product jar package name lucene Highest Product jar package name spatial Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: spatial Medium Product pom artifactid lucene-spatial Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Spatial High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-spellchecker-3.6.2.jarDescription:
Spell Checker File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-spellchecker/3.6.2/lucene-spellchecker-3.6.2.jarMD5: a4b684913f93aea76f5dbd7e479f19c5SHA1: 15db0c0cfee44e275f15ad046e46b9a05910ad24SHA256: 307bb7da7f19b30326ea0163d470597854964796cbfef56b8fc7f9b3241dc609Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-spellchecker-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lucene-spellchecker High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor jar package name spell Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-spellchecker Highest Vendor pom artifactid lucene-spellchecker Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Spellchecker High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-spellchecker High Product jar package name apache Highest Product jar package name lucene Highest Product jar package name search Highest Product jar package name spell Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: spellchecker Medium Product pom artifactid lucene-spellchecker Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Spellchecker High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
lucene-stempel-3.6.2.jarDescription:
Stempel Analyzer File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-stempel/3.6.2/lucene-stempel-3.6.2.jarMD5: 0c87d87198b314ff4afdb8a63c1a702eSHA1: a0b8b2e20fd04724fbbd6a67037f5a1a98feed72SHA256: 0b9dd990e3515e3f253eae4a6e614bf9c980c2e04211f6529a34b6c6d95b1dc8Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile lucene-stempel-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name lucene-stempel High Vendor jar package name apache Highest Vendor jar package name lucene Highest Vendor jar package name stempel Highest Vendor Manifest extension-name org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid lucene-stempel Highest Vendor pom artifactid lucene-stempel Low Vendor pom groupid org.apache.lucene Highest Vendor pom name Lucene Stempel Analyzer High Vendor pom parent-artifactid lucene-parent Low Product file name lucene-stempel High Product jar package name apache Highest Product jar package name lucene Highest Product jar package name stempel Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: stempel Medium Product pom artifactid lucene-stempel Highest Product pom groupid org.apache.lucene Highest Product pom name Lucene Stempel Analyzer High Product pom parent-artifactid lucene-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
manageGroups.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/manageGroups.jsMD5: c6824f670be28d880b178f8083994112SHA1: f646fddf0f71df098e651541c2527995198b2cbaSHA256: 670d4c343a6780091589edf867b1f82262b7434f00b1afcebbd203501b17766aReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
metrics-core-4.2.25.jarDescription:
Metrics is a Java library which gives you unparalleled insight into what your code does in
production. Metrics provides a powerful toolkit of ways to measure the behavior of critical
components in your production environment.
License:
https://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/jenkins/.m2/repository/io/dropwizard/metrics/metrics-core/4.2.25/metrics-core-4.2.25.jar
MD5: f9476a4f1a8287f7a4a2af759c33e44a
SHA1: 76162cb1f7a6f902da4f80e5bcf472078e8cd7e1
SHA256: 8bc7de609a2816b78a7a5009bddf11be560ba527d44db74a0a31a6f44fdb5b5f
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile metrics-core-4.2.25.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 Evidence Type Source Name Value Confidence Vendor file name metrics-core High Vendor jar package name codahale Highest Vendor jar package name metrics Highest Vendor Manifest automatic-module-name com.codahale.metrics Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-symbolicname io.dropwizard.metrics.core Medium Vendor pom artifactid metrics-core Highest Vendor pom artifactid metrics-core Low Vendor pom groupid io.dropwizard.metrics Highest Vendor pom name Metrics Core High Vendor pom parent-artifactid metrics-parent Low Product file name metrics-core High Product jar package name codahale Highest Product jar package name metrics Highest Product Manifest automatic-module-name com.codahale.metrics Medium Product Manifest build-jdk-spec 17 Low Product Manifest Bundle-Name Metrics Core Medium Product Manifest bundle-symbolicname io.dropwizard.metrics.core Medium Product Manifest Implementation-Title Metrics Core High Product pom artifactid metrics-core Highest Product pom groupid io.dropwizard.metrics Highest Product pom name Metrics Core High Product pom parent-artifactid metrics-parent Medium Version file version 4.2.25 High Version Manifest Bundle-Version 4.2.25 High Version Manifest Implementation-Version 4.2.25 High Version pom version 4.2.25 Highest
metrics-jmx-4.2.25.jarDescription:
A set of classes which allow you to report metrics via JMX.
License:
https://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/jenkins/.m2/repository/io/dropwizard/metrics/metrics-jmx/4.2.25/metrics-jmx-4.2.25.jar
MD5: b8ec52ac806adc0f8dcd3cbc855b9f42
SHA1: 8d57d9f33530fef4ed3489dc8d1351deb18d1f15
SHA256: 6b6956f8eecc18b3712e266fccde58bc0844169e79214cea9d0f6dcc822ec714
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile metrics-jmx-4.2.25.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 Evidence Type Source Name Value Confidence Vendor file name metrics-jmx High Vendor jar package name codahale Highest Vendor jar package name jmx Highest Vendor jar package name metrics Highest Vendor Manifest automatic-module-name com.codahale.metrics.jmx Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-symbolicname io.dropwizard.metrics.jmx Medium Vendor pom artifactid metrics-jmx Highest Vendor pom artifactid metrics-jmx Low Vendor pom groupid io.dropwizard.metrics Highest Vendor pom name Metrics Integration with JMX High Vendor pom parent-artifactid metrics-parent Low Product file name metrics-jmx High Product jar package name codahale Highest Product jar package name jmx Highest Product jar package name metrics Highest Product Manifest automatic-module-name com.codahale.metrics.jmx Medium Product Manifest build-jdk-spec 17 Low Product Manifest Bundle-Name Metrics Integration with JMX Medium Product Manifest bundle-symbolicname io.dropwizard.metrics.jmx Medium Product Manifest Implementation-Title Metrics Integration with JMX High Product pom artifactid metrics-jmx Highest Product pom groupid io.dropwizard.metrics Highest Product pom name Metrics Integration with JMX High Product pom parent-artifactid metrics-parent Medium Version file version 4.2.25 High Version Manifest Bundle-Version 4.2.25 High Version Manifest Implementation-Version 4.2.25 High Version pom version 4.2.25 Highest
micrometer-commons-1.13.0.jarDescription:
Module containing common code License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-commons/1.13.0/micrometer-commons-1.13.0.jar
MD5: 92e95856a39f7b1319d1cb9131f1bfc5
SHA1: 156a59aff8d72c5e631eb4a2d739373ed5881609
SHA256: 039aef255b5092561fdf649367fd0ff9af8da00aadb25f0c60cf30ebad8dceb8
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile micrometer-commons-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 Evidence Type Source Name Value Confidence Vendor file name micrometer-commons High Vendor jar package name common Highest Vendor jar package name io Highest Vendor jar package name micrometer Highest Vendor Manifest automatic-module-name micrometer.commons Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2024-05-13_17:08:19 Low Vendor Manifest build-date-utc 2024-05-13T17:08:19.182983738Z Low Vendor Manifest build-host 8b938798e4b5 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 33400 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/33400 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-commons Medium Vendor Manifest change a5c1b72 Low Vendor Manifest full-change a5c1b721bc5491f052c0c8e872b12ffc509fc8bc Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-commons Low Vendor pom artifactid micrometer-commons Highest Vendor pom artifactid micrometer-commons Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-commons High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-commons High Product jar package name common Highest Product jar package name io Highest Product jar package name micrometer Highest Product Manifest automatic-module-name micrometer.commons Medium Product Manifest branch HEAD Low Product Manifest build-date 2024-05-13_17:08:19 Low Product Manifest build-date-utc 2024-05-13T17:08:19.182983738Z Low Product Manifest build-host 8b938798e4b5 Low Product Manifest build-job deploy Low Product Manifest build-number 33400 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/33400 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-commons Medium Product Manifest bundle-symbolicname micrometer-commons Medium Product Manifest change a5c1b72 Low Product Manifest full-change a5c1b721bc5491f052c0c8e872b12ffc509fc8bc Low Product Manifest Implementation-Title io.micrometer#micrometer-commons;1.13.0 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-commons Low Product pom artifactid micrometer-commons Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-commons High Product pom url micrometer-metrics/micrometer High Version file version 1.13.0 High Version Manifest Bundle-Version 1.13.0 High Version Manifest Implementation-Version 1.13.0 High Version pom version 1.13.0 Highest
micrometer-core-1.13.0.jarDescription:
Core module of Micrometer containing instrumentation API and implementation License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-core/1.13.0/micrometer-core-1.13.0.jar
MD5: cc5834ef064a952d17392cbc0216d8c8
SHA1: d7ed656fbc54fde5a03d978fc0d66f270cc4a997
SHA256: 1ced414878f151d08617b47732fa67a5d06b47b63903e2722f40e2294e883643
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile micrometer-core-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name micrometer-core High Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name micrometer Highest Vendor Manifest automatic-module-name micrometer.core Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2024-05-13_17:08:19 Low Vendor Manifest build-date-utc 2024-05-13T17:08:19.272052628Z Low Vendor Manifest build-host 8b938798e4b5 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 33400 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/33400 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-core Medium Vendor Manifest change a5c1b72 Low Vendor Manifest full-change a5c1b721bc5491f052c0c8e872b12ffc509fc8bc Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-core Low Vendor Manifest multi-release true Low Vendor pom artifactid micrometer-core Highest Vendor pom artifactid micrometer-core Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-core High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-core High Product jar package name core Highest Product jar package name io Highest Product jar package name micrometer Highest Product Manifest automatic-module-name micrometer.core Medium Product Manifest branch HEAD Low Product Manifest build-date 2024-05-13_17:08:19 Low Product Manifest build-date-utc 2024-05-13T17:08:19.272052628Z Low Product Manifest build-host 8b938798e4b5 Low Product Manifest build-job deploy Low Product Manifest build-number 33400 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/33400 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-core Medium Product Manifest bundle-symbolicname micrometer-core Medium Product Manifest change a5c1b72 Low Product Manifest full-change a5c1b721bc5491f052c0c8e872b12ffc509fc8bc Low Product Manifest Implementation-Title io.micrometer#micrometer-core;1.13.0 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-core Low Product Manifest multi-release true Low Product pom artifactid micrometer-core Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-core High Product pom url micrometer-metrics/micrometer High Version file version 1.13.0 High Version Manifest Bundle-Version 1.13.0 High Version Manifest Implementation-Version 1.13.0 High Version pom version 1.13.0 Highest
micrometer-observation-1.13.0.jarDescription:
Module containing Observation related code License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-observation/1.13.0/micrometer-observation-1.13.0.jar
MD5: 9a5c0482f47a2fb1b1f9812ae2e251d4
SHA1: 5aa75fbb4367dc3b28e557d14535d21335dc8985
SHA256: 33e7c9de55ef34ae502a2ad6c4c9786563b6d44eca2cbd2b832911594b378858
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile micrometer-observation-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 pkg:maven/io.micrometer/micrometer-core@1.13.0 Evidence Type Source Name Value Confidence Vendor file name micrometer-observation High Vendor jar package name io Highest Vendor jar package name micrometer Highest Vendor jar package name observation Highest Vendor Manifest automatic-module-name micrometer.observation Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2024-05-13_17:08:19 Low Vendor Manifest build-date-utc 2024-05-13T17:08:19.693327060Z Low Vendor Manifest build-host 8b938798e4b5 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 33400 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/33400 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-observation Medium Vendor Manifest change a5c1b72 Low Vendor Manifest full-change a5c1b721bc5491f052c0c8e872b12ffc509fc8bc Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-observation Low Vendor pom artifactid micrometer-observation Highest Vendor pom artifactid micrometer-observation Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-observation High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-observation High Product jar package name io Highest Product jar package name micrometer Highest Product jar package name observation Highest Product Manifest automatic-module-name micrometer.observation Medium Product Manifest branch HEAD Low Product Manifest build-date 2024-05-13_17:08:19 Low Product Manifest build-date-utc 2024-05-13T17:08:19.693327060Z Low Product Manifest build-host 8b938798e4b5 Low Product Manifest build-job deploy Low Product Manifest build-number 33400 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/33400 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-observation Medium Product Manifest bundle-symbolicname micrometer-observation Medium Product Manifest change a5c1b72 Low Product Manifest full-change a5c1b721bc5491f052c0c8e872b12ffc509fc8bc Low Product Manifest Implementation-Title io.micrometer#micrometer-observation;1.13.0 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-observation Low Product pom artifactid micrometer-observation Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-observation High Product pom url micrometer-metrics/micrometer High Version file version 1.13.0 High Version Manifest Bundle-Version 1.13.0 High Version Manifest Implementation-Version 1.13.0 High Version pom version 1.13.0 Highest
micrometer-registry-jmx-1.13.0.jarDescription:
Application monitoring instrumentation facade License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-registry-jmx/1.13.0/micrometer-registry-jmx-1.13.0.jar
MD5: ee24c9ffae39c0984582c5e68edba3ae
SHA1: 61e1dfeafa02d4b057d8bdfd48092d44a9835f2c
SHA256: 521334321adb38bf27e2f818b7d02d34b6737930b186e186594873bf2c346299
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile micrometer-registry-jmx-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name micrometer-registry-jmx High Vendor jar package name io Highest Vendor jar package name jmx Highest Vendor jar package name micrometer Highest Vendor Manifest automatic-module-name micrometer.registry.jmx Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2024-05-13_17:08:20 Low Vendor Manifest build-date-utc 2024-05-13T17:08:20.752773588Z Low Vendor Manifest build-host 8b938798e4b5 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 33400 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/33400 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-registry-jmx Medium Vendor Manifest change a5c1b72 Low Vendor Manifest full-change a5c1b721bc5491f052c0c8e872b12ffc509fc8bc Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /implementations/micrometer-registry-jmx Low Vendor pom artifactid micrometer-registry-jmx Highest Vendor pom artifactid micrometer-registry-jmx Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-registry-jmx High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-registry-jmx High Product jar package name io Highest Product jar package name jmx Highest Product jar package name micrometer Highest Product Manifest automatic-module-name micrometer.registry.jmx Medium Product Manifest branch HEAD Low Product Manifest build-date 2024-05-13_17:08:20 Low Product Manifest build-date-utc 2024-05-13T17:08:20.752773588Z Low Product Manifest build-host 8b938798e4b5 Low Product Manifest build-job deploy Low Product Manifest build-number 33400 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/33400 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-registry-jmx Medium Product Manifest bundle-symbolicname micrometer-registry-jmx Medium Product Manifest change a5c1b72 Low Product Manifest full-change a5c1b721bc5491f052c0c8e872b12ffc509fc8bc Low Product Manifest Implementation-Title io.micrometer#micrometer-registry-jmx;1.13.0 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /implementations/micrometer-registry-jmx Low Product pom artifactid micrometer-registry-jmx Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-registry-jmx High Product pom url micrometer-metrics/micrometer High Version file version 1.13.0 High Version Manifest Bundle-Version 1.13.0 High Version Manifest Implementation-Version 1.13.0 High Version pom version 1.13.0 Highest
monitoring.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/monitoring.jsMD5: af5bcb015f11c02eb4742f63189a6f9cSHA1: 622a96320ac642e842cbeeddfbcdffb0432a639fSHA256: d049db88db5ac929a734a2dc4a9fba00f134013cd2222fe834409136691fb057Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
mtj-1.0.4.jarDescription:
A comprehensive collection of matrix data structures, linear solvers, least squares methods,
eigenvalue, and singular value decompositions.
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.html File Path: /home/jenkins/.m2/repository/com/googlecode/matrix-toolkits-java/mtj/1.0.4/mtj-1.0.4.jar
MD5: 846c7a7311d492c6102afd23647f46cc
SHA1: e14ed840ff5e15de92dba2d1af29201fa70a0f35
SHA256: 27a53db335bc6af524b30f97ec3fb4b6df65e7648d70e752447c7dd9bc4697c8
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile mtj-1.0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name mtj High Vendor jar package name cipr Low Vendor jar package name matrix Highest Vendor jar package name no Low Vendor jar package name uib Low Vendor pom artifactid mtj Highest Vendor pom artifactid mtj Low Vendor pom developer email sam.halliday@gmail.com Low Vendor pom developer id fommil Medium Vendor pom developer name Bjørn-Ove Heimsund Medium Vendor pom developer name Sam Halliday Medium Vendor pom groupid com.googlecode.matrix-toolkits-java Highest Vendor pom name Matrix Toolkits for Java High Vendor pom url fommil/matrix-toolkits-java/ Highest Product file name mtj High Product jar package name cipr Low Product jar package name matrix Highest Product jar package name matrix Low Product jar package name uib Low Product pom artifactid mtj Highest Product pom developer email sam.halliday@gmail.com Low Product pom developer id fommil Low Product pom developer name Bjørn-Ove Heimsund Low Product pom developer name Sam Halliday Low Product pom groupid com.googlecode.matrix-toolkits-java Highest Product pom name Matrix Toolkits for Java High Product pom url fommil/matrix-toolkits-java/ High Version file version 1.0.4 High Version pom version 1.0.4 Highest
mysql-connector-j-8.4.0.jarDescription:
JDBC Type 4 driver for MySQL. License:
The GNU General Public License, v2 with Universal FOSS Exception, v1.0 File Path: /home/jenkins/.m2/repository/com/mysql/mysql-connector-j/8.4.0/mysql-connector-j-8.4.0.jar
MD5: 2607d710106276083d26e6a1505948d7
SHA1: b1bc0f47bcad26ad5f9bceefb63fcb920d868fca
SHA256: d77962877d010777cff997015da90ee689f0f4bb76848340e1488f2b83332af5
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile mysql-connector-j-8.4.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name mysql-connector-j High Vendor hint analyzer vendor oracle Highest Vendor hint analyzer (hint) vendor sun Highest Vendor jar package name cj Highest Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name mysql Highest Vendor jar package name type Highest Vendor Manifest bundle-symbolicname com.mysql.cj Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.mysql Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid mysql-connector-j Highest Vendor pom artifactid mysql-connector-j Low Vendor pom developer email filipe.silva@oracle.com Low Vendor pom developer name Filipe Silva Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL https://www.oracle.com/ Medium Vendor pom groupid com.mysql Highest Vendor pom name MySQL Connector/J High Vendor pom organization name Oracle Corporation High Vendor pom organization url https://www.oracle.com/ Medium Vendor pom url http://dev.mysql.com/doc/connector-j/en/ Highest Product file name mysql-connector-j High Product hint analyzer product mysql_connector/j Highest Product hint analyzer product mysql_connector_j Highest Product hint analyzer product mysql_connectors Highest Product jar package name cj Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name mysql Highest Product jar package name type Highest Product jar package name xdevapi Highest Product Manifest Bundle-Name Oracle Corporation's JDBC and XDevAPI Driver for MySQL Medium Product Manifest bundle-symbolicname com.mysql.cj Medium Product Manifest Implementation-Title MySQL Connector/J High Product Manifest specification-title JDBC Medium Product pom artifactid mysql-connector-j Highest Product pom developer email filipe.silva@oracle.com Low Product pom developer name Filipe Silva Low Product pom developer org Oracle Corporation Low Product pom developer org URL https://www.oracle.com/ Low Product pom groupid com.mysql Highest Product pom name MySQL Connector/J High Product pom organization name Oracle Corporation Low Product pom organization url https://www.oracle.com/ Low Product pom url http://dev.mysql.com/doc/connector-j/en/ Medium Version file version 8.4.0 High Version Manifest Bundle-Version 8.4.0 High Version Manifest Implementation-Version 8.4.0 High Version pom version 8.4.0 Highest
native_ref-java-1.1.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/native_ref-java/1.1/native_ref-java-1.1.jarMD5: 1aac8a554c0a9b36340e8eba1c8a8ba9SHA1: 408c71ffbc3646dda7bee1e22bf19101e5e9ee90SHA256: 120ca95d3a7b4646f44c3bcebdf7a149ec4f8cccf731a13bd84da103b836e236Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile native_ref-java-1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name native_ref-java High Vendor jar package name fommil Highest Vendor jar package name fommil Low Vendor jar package name github Highest Vendor jar package name github Low Vendor jar package name netlib Highest Vendor jar package name netlib Low Vendor pom artifactid native_ref-java Highest Vendor pom artifactid native_ref-java Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_ref Low Product file name native_ref-java High Product jar package name fommil Highest Product jar package name fommil Low Product jar package name github Highest Product jar package name netlib Highest Product jar package name netlib Low Product pom artifactid native_ref-java Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_ref Medium Version file version 1.1 High Version pom version 1.1 Highest
native_system-java-1.1.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/native_system-java/1.1/native_system-java-1.1.jarMD5: 7244aab504c9fdce6c320498459b9432SHA1: 3c6a2455f96b354a6940dce1393abb35ed7641daSHA256: 2414fc6e29b73ba40e0df21ab9618e4f5dc5ac66aab32bd81ee213a68796155dReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile native_system-java-1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name native_system-java High Vendor jar package name fommil Highest Vendor jar package name fommil Low Vendor jar package name github Highest Vendor jar package name github Low Vendor jar package name netlib Highest Vendor jar package name netlib Low Vendor pom artifactid native_system-java Highest Vendor pom artifactid native_system-java Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_system Low Product file name native_system-java High Product jar package name fommil Highest Product jar package name fommil Low Product jar package name github Highest Product jar package name netlib Highest Product jar package name netlib Low Product pom artifactid native_system-java Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_system Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_ref-linux-armhf-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-linux-armhf/1.1/netlib-native_ref-linux-armhf-1.1-natives.jarMD5: e2ff3e665c6eea38eb975e2ecf1abaa7SHA1: ec467162f74710fd8897cff6888534ceaf297d9aSHA256: 1d9ff5c35a542f598bd8d01c12d838ac4f457beae528f0b1930f21c0bff3eaaeReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_ref-linux-armhf-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_ref-linux-armhf High Vendor pom artifactid netlib-native_ref-linux-armhf Highest Vendor pom artifactid netlib-native_ref-linux-armhf Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_ref-xbuilds Low Product file name netlib-native_ref-linux-armhf High Product pom artifactid netlib-native_ref-linux-armhf Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_ref-xbuilds Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_ref-linux-i686-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-linux-i686/1.1/netlib-native_ref-linux-i686-1.1-natives.jarMD5: 101fb0618fbf80d1392d9e6bf2eaa8e1SHA1: eedd845b214aea560bce317d778ebb52f8f46038SHA256: bf1dcc3b32a32bde8bd897b8c7da21cbd75b9febb89321a11b4f9a254aeb92ecReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_ref-linux-i686-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_ref-linux-i686 High Vendor pom artifactid netlib-native_ref-linux-i686 Highest Vendor pom artifactid netlib-native_ref-linux-i686 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_ref-xbuilds Low Product file name netlib-native_ref-linux-i686 High Product pom artifactid netlib-native_ref-linux-i686 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_ref-xbuilds Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_ref-linux-x86_64-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-linux-x86_64/1.1/netlib-native_ref-linux-x86_64-1.1-natives.jarMD5: 950476b98b61793f045aab84f471fb96SHA1: 05a3e5787d03c39790d5ae08cce189dd1ccc4a38SHA256: f9034b22e89352ea1ba0c1edfb7529057c6b6acd651babb58839af19897e8ac0Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_ref-linux-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_ref-linux-x86_64 High Vendor pom artifactid netlib-native_ref-linux-x86_64 Highest Vendor pom artifactid netlib-native_ref-linux-x86_64 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_ref-xbuilds Low Product file name netlib-native_ref-linux-x86_64 High Product pom artifactid netlib-native_ref-linux-x86_64 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_ref-xbuilds Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_ref-osx-x86_64-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-osx-x86_64/1.1/netlib-native_ref-osx-x86_64-1.1-natives.jarMD5: 38b6cb1ce53e3793c48e1d99848d1600SHA1: 80da53ec862f283dc3b191b9dbd3166ea6671831SHA256: fbe45f80be86fb809eb159b75ba45433cbba2b5fb6814758d1f15823b2b17438Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_ref-osx-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_ref-osx-x86_64 High Vendor pom artifactid netlib-native_ref-osx-x86_64 Highest Vendor pom artifactid netlib-native_ref-osx-x86_64 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_ref Low Product file name netlib-native_ref-osx-x86_64 High Product pom artifactid netlib-native_ref-osx-x86_64 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_ref Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_ref-win-i686-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-win-i686/1.1/netlib-native_ref-win-i686-1.1-natives.jarMD5: 5f94993d3cffa7a46fb3ac1f5c28afd8SHA1: 167fb794a26cb0bfc74890c704c7137b1d5b50fdSHA256: 0dcdc8348430365f7d912dcffb13d4c133810fbc3f3334123edb7c7f88990c5fReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_ref-win-i686-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_ref-win-i686 High Vendor pom artifactid netlib-native_ref-win-i686 Highest Vendor pom artifactid netlib-native_ref-win-i686 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_ref Low Product file name netlib-native_ref-win-i686 High Product pom artifactid netlib-native_ref-win-i686 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_ref Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_ref-win-x86_64-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-win-x86_64/1.1/netlib-native_ref-win-x86_64-1.1-natives.jarMD5: d310ba2205a98b5d3219dbe1a66a0301SHA1: 4ab54511c2844546279d9f8e427c73953b794686SHA256: 322a4d1a9cdfa284b1025b3d85c9ece18605be2caf795abfbaa366eb403fbf32Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_ref-win-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_ref-win-x86_64 High Vendor pom artifactid netlib-native_ref-win-x86_64 Highest Vendor pom artifactid netlib-native_ref-win-x86_64 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_ref Low Product file name netlib-native_ref-win-x86_64 High Product pom artifactid netlib-native_ref-win-x86_64 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_ref Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_system-linux-armhf-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-linux-armhf/1.1/netlib-native_system-linux-armhf-1.1-natives.jarMD5: 09def97e97d35ff4be5692b3d33d4bfcSHA1: 27ae9f6a9c88b3f8d12ffa52d62941615f8ed416SHA256: aab65e3a3f3f664496dc512bea38d5ece0723799770f2aa608a4f1410342cb96Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_system-linux-armhf-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_system-linux-armhf High Vendor pom artifactid netlib-native_system-linux-armhf Highest Vendor pom artifactid netlib-native_system-linux-armhf Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_system-xbuilds Low Product file name netlib-native_system-linux-armhf High Product pom artifactid netlib-native_system-linux-armhf Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_system-xbuilds Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_system-linux-i686-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-linux-i686/1.1/netlib-native_system-linux-i686-1.1-natives.jarMD5: 93769919423f7fd54ee2347784d2c9d3SHA1: dd43225560dbd9115d306f9be3ca195aed236b78SHA256: ecfd3c4e442411be9bc9aa74ea1b28b0fdf201dda00fe4559c68cde6e311520fReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_system-linux-i686-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_system-linux-i686 High Vendor pom artifactid netlib-native_system-linux-i686 Highest Vendor pom artifactid netlib-native_system-linux-i686 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_system-xbuilds Low Product file name netlib-native_system-linux-i686 High Product pom artifactid netlib-native_system-linux-i686 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_system-xbuilds Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_system-linux-x86_64-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-linux-x86_64/1.1/netlib-native_system-linux-x86_64-1.1-natives.jarMD5: 39de4e1383f61881098e2e66cbb2b475SHA1: 163e88facabe7fa29952890dc2d3429e28501120SHA256: 9a929390c8c4845a2bff01e7bc0d8381fcc89ebc147c037f877f02b19806d013Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_system-linux-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_system-linux-x86_64 High Vendor pom artifactid netlib-native_system-linux-x86_64 Highest Vendor pom artifactid netlib-native_system-linux-x86_64 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_system-xbuilds Low Product file name netlib-native_system-linux-x86_64 High Product pom artifactid netlib-native_system-linux-x86_64 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_system-xbuilds Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_system-osx-x86_64-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-osx-x86_64/1.1/netlib-native_system-osx-x86_64-1.1-natives.jarMD5: ab50d62f2ffd44c4623d915ae11e0f37SHA1: d724e33675dc8eaa5c8fcb05a3aaca6f3339afa7SHA256: 07230441e6d7985e30e13b4c6844c6388324a971e1d3c5d46880a213b37a4dd1Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_system-osx-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_system-osx-x86_64 High Vendor pom artifactid netlib-native_system-osx-x86_64 Highest Vendor pom artifactid netlib-native_system-osx-x86_64 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_system Low Product file name netlib-native_system-osx-x86_64 High Product pom artifactid netlib-native_system-osx-x86_64 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_system Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_system-win-i686-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-win-i686/1.1/netlib-native_system-win-i686-1.1-natives.jarMD5: c83df62ee7516fb876c499921d2da434SHA1: c25fd1881cf93f7716f47b7deec859f6b6b7be50SHA256: 65b4900fd4fdc6715d3d48cfac2a7809cab5ed626f20e212a747f579bb60a40aReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_system-win-i686-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_system-win-i686 High Vendor pom artifactid netlib-native_system-win-i686 Highest Vendor pom artifactid netlib-native_system-win-i686 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_system Low Product file name netlib-native_system-win-i686 High Product pom artifactid netlib-native_system-win-i686 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_system Medium Version file version 1.1 High Version pom version 1.1 Highest
netlib-native_system-win-x86_64-1.1-natives.jarFile Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-win-x86_64/1.1/netlib-native_system-win-x86_64-1.1-natives.jarMD5: 2de500c3ad6bde324f59977f67dc33ccSHA1: 222c7915be1daf1c26a4206f375d4957ae5f9d81SHA256: d855c2fc7d70ffddaac504b556c6cc7c33288d85c173386e47921f44bbb34202Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile netlib-native_system-win-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name netlib-native_system-win-x86_64 High Vendor pom artifactid netlib-native_system-win-x86_64 Highest Vendor pom artifactid netlib-native_system-win-x86_64 Low Vendor pom groupid com.github.fommil.netlib Highest Vendor pom parent-artifactid native_system Low Product file name netlib-native_system-win-x86_64 High Product pom artifactid netlib-native_system-win-x86_64 Highest Product pom groupid com.github.fommil.netlib Highest Product pom parent-artifactid native_system Medium Version file version 1.1 High Version pom version 1.1 Highest
okhttp-4.12.0.jarDescription:
Square’s meticulous HTTP client for Java and Kotlin. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/squareup/okhttp3/okhttp/4.12.0/okhttp-4.12.0.jar
MD5: 6acba053af88fed87e710c6c29911d7c
SHA1: 2f4525d4a200e97e1b87449c2cd9bd2e25b7e8cd
SHA256: b1050081b14bb7a3a7e55a4d3ef01b5dcfabc453b4573a4fc019767191d5f4e0
Referenced In Project/Scope: Gemma Web:compile
okhttp-4.12.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
Evidence Type Source Name Value Confidence Vendor file name okhttp High Vendor jar package name http Highest Vendor jar package name okhttp Highest Vendor jar package name okhttp3 Highest Vendor Manifest automatic-module-name okhttp3 Medium Vendor pom artifactid okhttp Highest Vendor pom artifactid okhttp Low Vendor pom developer name Square, Inc. Medium Vendor pom groupid com.squareup.okhttp3 Highest Vendor pom name okhttp High Vendor pom url https://square.github.io/okhttp/ Highest Product file name okhttp High Product jar package name http Highest Product jar package name okhttp Highest Product jar package name okhttp3 Highest Product Manifest automatic-module-name okhttp3 Medium Product pom artifactid okhttp Highest Product pom developer name Square, Inc. Low Product pom groupid com.squareup.okhttp3 Highest Product pom name okhttp High Product pom url https://square.github.io/okhttp/ Medium Version file version 4.12.0 High Version pom version 4.12.0 Highest
okio-3.6.0.jarDescription:
A modern I/O library for Android, Java, and Kotlin Multiplatform. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/squareup/okio/okio/3.6.0/okio-3.6.0.jar
MD5: 990f7b25bbd4fee8787ffabf89aa229f
SHA1: 8bf9683c80762d7dd47db12b68e99abea2a7ae05
SHA256: 8e63292e5c53bb93c4a6b0c213e79f15990fed250c1340f1c343880e1c9c39b5
Referenced In Project/Scope: Gemma Web:compile
okio-3.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
Evidence Type Source Name Value Confidence Vendor file name okio High Vendor pom artifactid okio Highest Vendor pom artifactid okio Low Vendor pom developer id square Medium Vendor pom developer name Square, Inc. Medium Vendor pom groupid com.squareup.okio Highest Vendor pom name okio High Vendor pom url square/okio/ Highest Product file name okio High Product pom artifactid okio Highest Product pom developer id square Low Product pom developer name Square, Inc. Low Product pom groupid com.squareup.okio Highest Product pom name okio High Product pom url square/okio/ High Version file version 3.6.0 High Version pom version 3.6.0 Highest
Related Dependencies okio-jvm-3.6.0.jarFile Path: /home/jenkins/.m2/repository/com/squareup/okio/okio-jvm/3.6.0/okio-jvm-3.6.0.jar MD5: 26370180ff99a7e8a12dcaac2a70cc6e SHA1: 5600569133b7bdefe1daf9ec7f4abeb6d13e1786 SHA256: 67543f0736fc422ae927ed0e504b98bc5e269fda0d3500579337cb713da28412 pkg:maven/com.squareup.okio/okio-jvm@3.6.0 ontologyReIndexer.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/ontologyReIndexer.jsMD5: e7e0b9c5114dced3c1ba5dd59bf6ca3fSHA1: c2ea0482f55f1b5ac57ab203666e509f338d5f23SHA256: 30f87a101427e5ddfb214d07440d80f9dcb85705b7670e367a240af6695adf73Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
opencsv-5.9.jarDescription:
A simple library for reading and writing CSV in Java License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/opencsv/opencsv/5.9/opencsv-5.9.jar
MD5: 8cee3b4e9ebeba7bd2834831a969d97c
SHA1: 284ea0b60a24b71a530100783185e7d547ab5339
SHA256: 2023969b86ce968ad8ae549648ac587d141c19ae684a9a5c67c9105f37ab0d1c
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile opencsv-5.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name opencsv High Vendor jar package name opencsv Highest Vendor Manifest automatic-module-name com.opencsv Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname com.opencsv Medium Vendor pom artifactid opencsv Highest Vendor pom artifactid opencsv Low Vendor pom developer email arjones@t-online.de Low Vendor pom developer email sconway@users.sourceforge.net Low Vendor pom developer id aruckerjones Medium Vendor pom developer id scott_conway Medium Vendor pom developer name Andrew Rucker Jones Medium Vendor pom developer name Scott Conway Medium Vendor pom groupid com.opencsv Highest Vendor pom name opencsv High Vendor pom url http://opencsv.sf.net Highest Product file name opencsv High Product jar package name opencsv Highest Product Manifest automatic-module-name com.opencsv Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name opencsv Medium Product Manifest bundle-symbolicname com.opencsv Medium Product pom artifactid opencsv Highest Product pom developer email arjones@t-online.de Low Product pom developer email sconway@users.sourceforge.net Low Product pom developer id aruckerjones Low Product pom developer id scott_conway Low Product pom developer name Andrew Rucker Jones Low Product pom developer name Scott Conway Low Product pom groupid com.opencsv Highest Product pom name opencsv High Product pom url http://opencsv.sf.net Medium Version file version 5.9 High Version pom version 5.9 Highest
opentest4j-1.3.0.jarDescription:
Open Test Alliance for the JVM License:
The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar
MD5: 03c404f727531f3fd3b4c73997899327
SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e
SHA256: 48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b
Referenced In Project/Scope: Gemma Groovy Support:compile
opentest4j-1.3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name opentest4j High Vendor jar package name opentest4j Highest Vendor Manifest build-date 2023-07-06 Low Vendor Manifest build-revision 214973bfa4e7e9be7d04e623202cc4147c7036d2 Low Vendor Manifest build-time 14:25:06.116+0200 Low Vendor Manifest bundle-symbolicname org.opentest4j Medium Vendor Manifest Implementation-Vendor opentest4j.org High Vendor Manifest specification-vendor opentest4j.org Low Vendor pom artifactid opentest4j Highest Vendor pom artifactid opentest4j Low Vendor pom developer email business@johanneslink.net Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email matthias.merdes@heidelpay.com Low Vendor pom developer email sam@sambrannen.com Low Vendor pom developer email stefan.bechtold@me.com Low Vendor pom developer id bechte Medium Vendor pom developer id jlink Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id mmerdes Medium Vendor pom developer id sbrannen Medium Vendor pom developer name Johannes Link Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Matthias Merdes Medium Vendor pom developer name Sam Brannen Medium Vendor pom developer name Stefan Bechtold Medium Vendor pom groupid org.opentest4j Highest Vendor pom name org.opentest4j:opentest4j High Vendor pom url ota4j-team/opentest4j Highest Product file name opentest4j High Product jar package name opentest4j Highest Product Manifest build-date 2023-07-06 Low Product Manifest build-revision 214973bfa4e7e9be7d04e623202cc4147c7036d2 Low Product Manifest build-time 14:25:06.116+0200 Low Product Manifest Bundle-Name opentest4j Medium Product Manifest bundle-symbolicname org.opentest4j Medium Product Manifest Implementation-Title opentest4j High Product Manifest specification-title opentest4j Medium Product pom artifactid opentest4j Highest Product pom developer email business@johanneslink.net Low Product pom developer email mail@marcphilipp.de Low Product pom developer email matthias.merdes@heidelpay.com Low Product pom developer email sam@sambrannen.com Low Product pom developer email stefan.bechtold@me.com Low Product pom developer id bechte Low Product pom developer id jlink Low Product pom developer id marcphilipp Low Product pom developer id mmerdes Low Product pom developer id sbrannen Low Product pom developer name Johannes Link Low Product pom developer name Marc Philipp Low Product pom developer name Matthias Merdes Low Product pom developer name Sam Brannen Low Product pom developer name Stefan Bechtold Low Product pom groupid org.opentest4j Highest Product pom name org.opentest4j:opentest4j High Product pom url ota4j-team/opentest4j High Version file version 1.3.0 High Version Manifest Bundle-Version 1.3.0 High Version Manifest Implementation-Version 1.3.0 High Version pom version 1.3.0 Highest
org.abego.treelayout.core-1.0.3.jarDescription:
Efficient and customizable TreeLayout Algorithm in Java. License:
BSD 3-Clause "New" or "Revised" License (BSD-3-Clause): http://www.abego-software.de/legal/apl-v10.html File Path: /home/jenkins/.m2/repository/org/abego/treelayout/org.abego.treelayout.core/1.0.3/org.abego.treelayout.core-1.0.3.jar
MD5: 9c8cefab6360a672565370d5311f0f3c
SHA1: 457216e8e6578099ae63667bb1e4439235892028
SHA256: fa5e31395c39c2e7d46aca0f81f72060931607b2fa41bd36038eb2cb6fb93326
Referenced In Project/Scope: Gemma Groovy Support:compile
org.abego.treelayout.core-1.0.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name org.abego.treelayout.core High Vendor jar package name abego Highest Vendor jar package name treelayout Highest Vendor Manifest bundle-docurl http://abego-software.de Low Vendor Manifest bundle-symbolicname org.abego.treelayout.core Medium Vendor Manifest Implementation-Vendor abego Software GmbH, Germany High Vendor Manifest Implementation-Vendor-Id org.abego.treelayout Medium Vendor Manifest specification-vendor abego Software GmbH, Germany Low Vendor pom artifactid abego.treelayout.core Low Vendor pom artifactid org.abego.treelayout.core Highest Vendor pom developer email ub@abego.org Low Vendor pom developer id ub Medium Vendor pom developer name Udo Borkowski Medium Vendor pom developer org abego Software GmbH, Germany Medium Vendor pom developer org URL http://abego-software.de Medium Vendor pom groupid org.abego.treelayout Highest Vendor pom name abego TreeLayout Core High Vendor pom organization name abego Software GmbH, Germany High Vendor pom organization url http://abego-software.de Medium Vendor pom url http://treelayout.sourceforge.net Highest Product file name org.abego.treelayout.core High Product jar package name abego Highest Product jar package name treelayout Highest Product Manifest bundle-docurl http://abego-software.de Low Product Manifest Bundle-Name abego TreeLayout Core Medium Product Manifest bundle-symbolicname org.abego.treelayout.core Medium Product Manifest Implementation-Title abego TreeLayout Core High Product Manifest specification-title abego TreeLayout Core Medium Product pom artifactid abego.treelayout.core Highest Product pom artifactid org.abego.treelayout.core Highest Product pom developer email ub@abego.org Low Product pom developer id ub Low Product pom developer name Udo Borkowski Low Product pom developer org abego Software GmbH, Germany Low Product pom developer org URL http://abego-software.de Low Product pom groupid org.abego.treelayout Highest Product pom name abego TreeLayout Core High Product pom organization name abego Software GmbH, Germany Low Product pom organization url http://abego-software.de Low Product pom url http://treelayout.sourceforge.net Medium Version file version 1.0.3 High Version Manifest Bundle-Version 1.0.3 High Version Manifest Implementation-Version 1.0.3 High Version pom version 1.0.3 Highest
org.geneontology-1.002.jarFile Path: /home/jenkins/.m2/repository/obo/org.geneontology/1.002/org.geneontology-1.002.jarMD5: fd0489a45e4d8c8ea83b2ec5ba86a59cSHA1: 831ea4bc937235c49cb1b7fac5d612041aff29f3SHA256: 5d50f3b29d7b023e0716c06d5a6c48a754f80306856b407596a6823cbd066baeReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile org.geneontology-1.002.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name org.geneontology High Vendor jar package name geneontology Highest Vendor Manifest implementation-url http://www.sourceforge.net/projects/gmod Low Vendor Manifest Implementation-Vendor Berkeley Drosophila Genome Project High Vendor Manifest specification-vendor Berkeley Drosophila Genome Project Low Vendor pom artifactid geneontology Low Vendor pom artifactid org.geneontology Highest Vendor pom groupid obo Highest Product file name org.geneontology High Product jar package name geneontology Highest Product Manifest Implementation-Title BDGP Java Extensions Toolkit (org.bdgp) High Product Manifest implementation-url http://www.sourceforge.net/projects/gmod Low Product Manifest specification-title BDGP Java Extensions Toolkit (org.bdgp) Medium Product pom artifactid geneontology Highest Product pom artifactid org.geneontology Highest Product pom groupid obo Highest Version file version 1.002 High Version pom version 1.002 Highest
osgi-resource-locator-1.0.1.jarDescription:
See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information License:
https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar
MD5: 51e70ad8fc9d1e9fb19debeb55555b75
SHA1: 4ed2b2d4738aed5786cfa64cba5a332779c4c708
SHA256: 775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile osgi-resource-locator-1.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name osgi-resource-locator High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Vendor pom artifactid osgi-resource-locator Highest Vendor pom artifactid osgi-resource-locator Low Vendor pom developer id ss141213 Medium Vendor pom developer name Sahoo Medium Vendor pom developer org Sun Microsystems, Inc. Medium Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Vendor pom parent-artifactid pom Low Vendor pom parent-groupid org.glassfish Medium Product file name osgi-resource-locator High Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product Manifest Bundle-Name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. Medium Product Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Product pom artifactid osgi-resource-locator Highest Product pom developer id ss141213 Low Product pom developer name Sahoo Low Product pom developer org Sun Microsystems, Inc. Low Product pom groupid org.glassfish.hk2 Highest Product pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Product pom parent-artifactid pom Medium Product pom parent-groupid org.glassfish Medium Version file version 1.0.1 High Version Manifest Bundle-Version 1.0.1 High Version pom parent-version 1.0.1 Low Version pom version 1.0.1 Highest
picocli-4.7.5.jarDescription:
Java command line parser with both an annotations API and a programmatic API. Usage help with ANSI styles and colors. Autocomplete. Nested subcommands. Easily included as source to avoid adding a dependency. License:
The Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/info/picocli/picocli/4.7.5/picocli-4.7.5.jar
MD5: 130eeeb3c9c1a58d7174d10a9d771644
SHA1: a6f99ec0a97aeb3be63a9f55703b28f2cf08788f
SHA256: e83a906fb99b57091d1d68ac11f7c3d2518bd7a81a9c71b259e2c00d1564c8e8
Referenced In Project/Scope: Gemma Groovy Support:compile
picocli-4.7.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name picocli High Vendor jar package name autocomplete Highest Vendor jar package name picocli Highest Vendor Manifest bundle-symbolicname picocli Medium Vendor Manifest Implementation-Vendor Remko Popma High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor Remko Popma Low Vendor pom artifactid picocli Highest Vendor pom artifactid picocli Low Vendor pom developer email rpopma@apache.org Low Vendor pom developer id rpopma Medium Vendor pom developer name Remko Popma Medium Vendor pom groupid info.picocli Highest Vendor pom name picocli High Vendor pom url https://picocli.info Highest Product file name picocli High Product jar package name autocomplete Highest Product jar package name picocli Highest Product Manifest Bundle-Name picocli Medium Product Manifest bundle-symbolicname picocli Medium Product Manifest Implementation-Title picocli High Product Manifest multi-release true Low Product Manifest specification-title picocli Medium Product pom artifactid picocli Highest Product pom developer email rpopma@apache.org Low Product pom developer id rpopma Low Product pom developer name Remko Popma Low Product pom groupid info.picocli Highest Product pom name picocli High Product pom url https://picocli.info Medium Version file version 4.7.5 High Version Manifest Bundle-Version 4.7.5 High Version Manifest Implementation-Version 4.7.5 High Version pom version 4.7.5 Highest
poi-5.2.5.jarDescription:
Apache POI - Java API To Access Microsoft Format Files License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/poi/poi/5.2.5/poi-5.2.5.jar
MD5: c7725f44e62223d1f37e7a4883f01425
SHA1: 7e00f6b2f76375fe89022d5a7db8acb71cbd55f5
SHA256: 352e1b44a5777af2df3d7dc408cda9f75f932d0e0125fa1a7d336a13c0a663a7
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile poi-5.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name poi High Vendor jar package name apache Highest Vendor jar package name common Highest Vendor jar package name format Highest Vendor jar package name poi Highest Vendor Manifest automatic-module-name org.apache.poi.poi Medium Vendor Manifest Implementation-Vendor org.apache.poi High Vendor Manifest Implementation-Vendor-Id The Apache Software Foundation Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid poi Highest Vendor pom artifactid poi Low Vendor pom groupid org.apache.poi Highest Vendor pom name Apache POI - Common High Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://www.apache.org/ Medium Vendor pom url https://poi.apache.org/ Highest Product file name poi High Product jar package name apache Highest Product jar package name common Highest Product jar package name format Highest Product jar package name poi Highest Product Manifest automatic-module-name org.apache.poi.poi Medium Product Manifest Implementation-Title Apache POI High Product Manifest multi-release true Low Product Manifest specification-title Apache POI Medium Product pom artifactid poi Highest Product pom groupid org.apache.poi Highest Product pom name Apache POI - Common High Product pom organization name Apache Software Foundation Low Product pom organization url http://www.apache.org/ Low Product pom url https://poi.apache.org/ Medium Version file version 5.2.5 High Version Manifest Implementation-Version 5.2.5 High Version pom version 5.2.5 Highest
protobuf-java-3.25.1.jarDescription:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
License:
https://opensource.org/licenses/BSD-3-Clause File Path: /home/jenkins/.m2/repository/com/google/protobuf/protobuf-java/3.25.1/protobuf-java-3.25.1.jar
MD5: 7dc81d3c2187ce5627d134a37df88cc0
SHA1: 2933a5c3f022456d8842323fe0d7fb2d25a7e3c7
SHA256: 48a8e58a1a8f82eff141a7a388d38dfe77d7a48d5e57c9066ee37f19147e20df
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile protobuf-java-3.25.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.mysql/mysql-connector-j@8.4.0 pkg:maven/com.mysql/mysql-connector-j@8.4.0 pkg:maven/com.mysql/mysql-connector-j@8.4.0 pkg:maven/com.mysql/mysql-connector-j@8.4.0 pkg:maven/com.mysql/mysql-connector-j@8.4.0 pkg:maven/com.mysql/mysql-connector-j@8.4.0 Evidence Type Source Name Value Confidence Vendor file name protobuf-java High Vendor jar package name google Highest Vendor jar package name protobuf Highest Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Vendor Manifest bundle-symbolicname com.google.protobuf Medium Vendor Manifest target-label //java/core:lite_runtime_only Low Vendor pom artifactid protobuf-java Highest Vendor pom artifactid protobuf-java Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Core] High Vendor pom parent-artifactid protobuf-parent Low Product file name protobuf-java High Product jar package name google Highest Product jar package name protobuf Highest Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Product Manifest Bundle-Name Protocol Buffers [Core] Medium Product Manifest bundle-symbolicname com.google.protobuf Medium Product Manifest target-label //java/core:lite_runtime_only Low Product pom artifactid protobuf-java Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Core] High Product pom parent-artifactid protobuf-parent Medium Version file version 3.25.1 High Version Manifest Bundle-Version 3.25.1 High Version pom version 3.25.1 Highest
qdox-1.12.1.jarDescription:
QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/com/thoughtworks/qdox/qdox/1.12.1/qdox-1.12.1.jar
MD5: 9fb6970f934f8d836ae8e6d133316ab4
SHA1: f7122f6ab1f64bdf9f5970b0e89bfb355e036897
SHA256: 21fba22f830e9268f07cf4ab2d99e8181abbdcb0cb91ee0228eb3cb918dcdd1d
Referenced In Project/Scope: Gemma Groovy Support:compile
qdox-1.12.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21
Evidence Type Source Name Value Confidence Vendor file name qdox High Vendor jar package name model Low Vendor jar package name parser Highest Vendor jar package name qdox Highest Vendor jar package name qdox Low Vendor jar package name thoughtworks Highest Vendor jar package name thoughtworks Low Vendor jar package name tools Highest Vendor pom artifactid qdox Highest Vendor pom artifactid qdox Low Vendor pom developer id joe Medium Vendor pom developer id mauro Medium Vendor pom developer id mdub Medium Vendor pom developer id paul Medium Vendor pom developer id rfscholte Medium Vendor pom developer id rinkrank Medium Vendor pom developer name Aslak Hellesoy Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name Mauro Talevi Medium Vendor pom developer name Mike Williams Medium Vendor pom developer name Paul Hammant Medium Vendor pom developer name Robert Scholte Medium Vendor pom groupid com.thoughtworks.qdox Highest Vendor pom name QDox High Vendor pom parent-artifactid codehaus-parent Low Vendor pom parent-groupid org.codehaus Medium Vendor pom url http://qdox.codehaus.org Highest Product file name qdox High Product jar package name model Low Product jar package name parser Highest Product jar package name qdox Highest Product jar package name qdox Low Product jar package name thoughtworks Highest Product jar package name tools Highest Product pom artifactid qdox Highest Product pom developer id joe Low Product pom developer id mauro Low Product pom developer id mdub Low Product pom developer id paul Low Product pom developer id rfscholte Low Product pom developer id rinkrank Low Product pom developer name Aslak Hellesoy Low Product pom developer name Joe Walnes Low Product pom developer name Mauro Talevi Low Product pom developer name Mike Williams Low Product pom developer name Paul Hammant Low Product pom developer name Robert Scholte Low Product pom groupid com.thoughtworks.qdox Highest Product pom name QDox High Product pom parent-artifactid codehaus-parent Medium Product pom parent-groupid org.codehaus Medium Product pom url http://qdox.codehaus.org Medium Version file version 1.12.1 High Version pom parent-version 1.12.1 Low Version pom version 1.12.1 Highest
quartz-1.8.6.jarFile Path: /home/jenkins/.m2/repository/org/quartz-scheduler/quartz/1.8.6/quartz-1.8.6.jarMD5: fff6d47071fce5e1b36cc943aa118b65SHA1: 552019e55385a5fdbc6b594fabc4c03ea45a99bcSHA256: 056dadf9988fdf0f4493673d41d2b1a2b12ed056aa645d94e602a87face57d78Referenced In Project/Scope: Gemma Web:compilequartz-1.8.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name quartz High Vendor hint analyzer vendor softwareag Highest Vendor jar package name job Highest Vendor jar package name quartz Highest Vendor jar package name quartz Low Vendor jar package name scheduler Highest Vendor pom artifactid quartz Highest Vendor pom artifactid quartz Low Vendor pom groupid org.quartz-scheduler Highest Vendor pom name Quartz Enterprise Job Scheduler High Vendor pom parent-artifactid quartz-parent Low Product file name quartz High Product jar package name job Highest Product jar package name quartz Highest Product jar package name scheduler Highest Product pom artifactid quartz Highest Product pom groupid org.quartz-scheduler Highest Product pom name Quartz Enterprise Job Scheduler High Product pom parent-artifactid quartz-parent Medium Version file version 1.8.6 High Version pom version 1.8.6 Highest
CVE-2019-13990 suppress
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-39017 suppress
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
resetPassword.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/resetPassword.jsMD5: 9226b310eb03c000866fcf7b6e810eeaSHA1: 48985b0713fdbceab111676303490dbf6c957efbSHA256: c16bc39c5a9c511e795565c1ff02d06f91bcedfa74eb64ae113c7b282715cbcdReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
rome-1.0.jarDescription:
All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
(0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
a set of parsers and generators for the various flavors of feeds, as well as converters
to convert from one format to another. The parsers can give you back Java objects that
are either specific for the format you want to work with, or a generic normalized
SyndFeed object that lets you work on with the data without bothering about the
underlying format. File Path: /home/jenkins/.m2/repository/rome/rome/1.0/rome-1.0.jarMD5: 53d38c030287b939f4e6d745ba1269a7SHA1: 022b33347f315833e9348cec2751af1a5d5656e4SHA256: cd2cfd3b4e2af9eb8fb09d6a2384328e5b9cf1138bccaf7e31f971e5f7678c6cReferenced In Project/Scope: Gemma Web:compilerome-1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name rome High Vendor jar package name atom Highest Vendor jar package name rss Highest Vendor jar package name sun Highest Vendor jar package name syndication Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://java.sun.com/ Low Vendor Manifest bundle-symbolicname rome.rome Medium Vendor Manifest embed-directory META-INF/lib Low Vendor Manifest embed-transitive true Low Vendor Manifest originally-created-by 1.6.0_10 (Sun Microsystems Inc.) Low Vendor pom artifactid rome Highest Vendor pom artifactid rome Low Vendor pom developer name Alejandro Abdelnur Medium Vendor pom developer name Elaine Chien Medium Vendor pom developer name Patrick Chanezon Medium Vendor pom groupid rome Highest Vendor pom name ROME, RSS and atOM utilitiEs for Java High Vendor pom organization name Sun Microsystems High Vendor pom organization url http://java.sun.com/ Medium Vendor pom url https://rome.dev.java.net/ Highest Product file name rome High Product jar package name atom Highest Product jar package name rss Highest Product jar package name sun Highest Product jar package name syndication Highest Product Manifest bundle-docurl http://java.sun.com/ Low Product Manifest Bundle-Name ROME, RSS and atOM utilitiEs for Java Medium Product Manifest bundle-symbolicname rome.rome Medium Product Manifest embed-directory META-INF/lib Low Product Manifest embed-transitive true Low Product Manifest originally-created-by 1.6.0_10 (Sun Microsystems Inc.) Low Product pom artifactid rome Highest Product pom developer name Alejandro Abdelnur Low Product pom developer name Elaine Chien Low Product pom developer name Patrick Chanezon Low Product pom groupid rome Highest Product pom name ROME, RSS and atOM utilitiEs for Java High Product pom organization name Sun Microsystems Low Product pom organization url http://java.sun.com/ Low Product pom url https://rome.dev.java.net/ Medium Version file version 1.0 High Version Manifest Bundle-Version 1.0 High Version pom version 1.0 Highest
pkg:maven/rome/rome@1.0 (Confidence :High)cpe:2.3:a:oracle:system_utilities:1.0:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:oracle:utilities_framework:1.0:*:*:*:*:*:*:* (Confidence :Low) suppress rome-fetcher-1.0.jarFile Path: /home/jenkins/.m2/repository/rome/rome-fetcher/1.0/rome-fetcher-1.0.jarMD5: 8b38fab84e677d4121ca0ed8e12e50b1SHA1: 6044bcd5d6f793fa3a38843e774e58c0737a7125SHA256: b860e75b4596b756b7cfb351182eeba9544d8251bf8c3551b7abafbbfd23387fReferenced In Project/Scope: Gemma Web:compilerome-fetcher-1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name rome-fetcher High Vendor jar package name fetcher Highest Vendor jar package name fetcher Low Vendor jar package name sun Highest Vendor jar package name sun Low Vendor jar package name syndication Low Vendor jar (hint) package name oracle Highest Vendor jar (hint) package name oracle Low Vendor pom artifactid rome-fetcher Highest Vendor pom artifactid rome-fetcher Low Vendor pom groupid rome Highest Vendor pom name Rome HTTP Fetcher High Vendor pom organization name Sun Microsystems High Vendor pom organization url http://java.sun.com/ Medium Product file name rome-fetcher High Product jar package name fetcher Highest Product jar package name fetcher Low Product jar package name impl Low Product jar package name sun Highest Product jar package name syndication Low Product pom artifactid rome-fetcher Highest Product pom groupid rome Highest Product pom name Rome HTTP Fetcher High Product pom organization name Sun Microsystems Low Product pom organization url http://java.sun.com/ Low Version file version 1.0 High Version pom version 1.0 Highest
rsvp.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/rsvp.jsMD5: 7907545ad1a41828a33d897f834799d8SHA1: 0b72018ca4652fafb5285bae5d3a67b41bd1f82cSHA256: 2e14e5d67027a4cf380c76cfe28df7c827d1392b1244ca2905db7b2bd86fc71eReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
saaj-impl-1.5.3.jarDescription:
Implementation of Jakarta SOAP with Attachments Specification
License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/jenkins/.m2/repository/com/sun/xml/messaging/saaj/saaj-impl/1.5.3/saaj-impl-1.5.3.jar
MD5: 9c3bd20b7350f99f18f8c38fbed90199
SHA1: 1cd4aa51ea7a8987fe930083e3cd05e2ac72505b
SHA256: 21d451aa7dbe1254388ecc4e5ea71aabbc519c7d7344c9d93e9f79954f38b32b
Referenced In Project/Scope: Gemma Web:runtime
saaj-impl-1.5.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name saaj-impl High Vendor jar package name messaging Highest Vendor jar package name saaj Highest Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname com.sun.xml.messaging.saaj.impl Medium Vendor Manifest implementation-build-id 1.5.3 - 3f22ced Low Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor pom artifactid saaj-impl Highest Vendor pom artifactid saaj-impl Low Vendor pom groupid com.sun.xml.messaging.saaj Highest Vendor pom name Jakarta SOAP Implementation High Vendor pom parent-artifactid metro-saaj Low Product file name saaj-impl High Product jar package name messaging Highest Product jar package name saaj Highest Product jar package name sun Highest Product jar package name xml Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name Jakarta SOAP Implementation Medium Product Manifest bundle-symbolicname com.sun.xml.messaging.saaj.impl Medium Product Manifest implementation-build-id 1.5.3 - 3f22ced Low Product Manifest Implementation-Title Jakarta SOAP Implementation High Product pom artifactid saaj-impl Highest Product pom groupid com.sun.xml.messaging.saaj Highest Product pom name Jakarta SOAP Implementation High Product pom parent-artifactid metro-saaj Medium Version file version 1.5.3 High Version Manifest Bundle-Version 1.5.3 High Version Manifest implementation-build-id 1.5.3 Low Version Manifest Implementation-Version 1.5.3 High Version pom version 1.5.3 Highest
search.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/search/search.jsMD5: 7d8ca881e1ad4541cfc5f370896f6b8cSHA1: c75b6177ca5954591e14d7caa8a811f9cfe0ed11SHA256: f2d8e39b443bdc1f15a109f50cd90010b342b6cba34c31cae4ca62acd6d867b0Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
signup.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/signup.jsMD5: 2cfff14b81eec24de4dc0830c17c13c0SHA1: db61e86b34523392824834d9d3590229674931a7SHA256: 078d4fb1d1811fd8c4d136158464bee1e7be0d85c5ed4a858ca7c02afa84621cReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
sitemesh-2.5.0.jarDescription:
SiteMesh is a web-page layout and decoration framework and web- application integration framework to aid in creating large sites consisting of many pages for which a consistent look/feel, navigation and layout scheme is required. License:
The Apache Software License, Version 1.1: https://raw.githubusercontent.com/sitemesh/sitemesh2/master/LICENSE.txt File Path: /home/jenkins/.m2/repository/opensymphony/sitemesh/2.5.0/sitemesh-2.5.0.jar
MD5: b5440899b65cf71abec65951d0390910
SHA1: 3a68a575d04e46c0aebab8f8348a0584a3c341c2
SHA256: 2ff69371a6af9016965dd78d19dc63286c512c53ec76aa7d53e1250e3f349c84
Referenced In Project/Scope: Gemma Web:runtime
sitemesh-2.5.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name sitemesh High Vendor jar package name module Low Vendor jar package name opensymphony Highest Vendor jar package name opensymphony Low Vendor jar package name page Highest Vendor jar package name sitemesh Highest Vendor jar package name sitemesh Low Vendor pom artifactid sitemesh Highest Vendor pom artifactid sitemesh Low Vendor pom developer email joe dot walnes at gmail Low Vendor pom developer id codeconsole Medium Vendor pom developer id joewalnes Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name Scott Murphy Medium Vendor pom groupid opensymphony Highest Vendor pom name Sitemesh High Vendor pom organization name OpenSymphony High Vendor pom url sitemesh/sitemesh2 Highest Product file name sitemesh High Product jar package name module Low Product jar package name opensymphony Highest Product jar package name page Highest Product jar package name sitemesh Highest Product jar package name sitemesh Low Product pom artifactid sitemesh Highest Product pom developer email joe dot walnes at gmail Low Product pom developer id codeconsole Low Product pom developer id joewalnes Low Product pom developer name Joe Walnes Low Product pom developer name Scott Murphy Low Product pom groupid opensymphony Highest Product pom name Sitemesh High Product pom organization name OpenSymphony Low Product pom url sitemesh/sitemesh2 High Version file version 2.5.0 High Version pom version 2.5.0 Highest
slack-api-client-1.39.2.jarFile Path: /home/jenkins/.m2/repository/com/slack/api/slack-api-client/1.39.2/slack-api-client-1.39.2.jarMD5: 2110ed1a270873a0303b366205ddc3c4SHA1: 1fef9798893464bc1fc8ce2767d7af808a598b27SHA256: bdbcd8f06737232078ab83cf6bb2b90f270fb3650b228ee2753c35089ccb43d9Referenced In Project/Scope: Gemma Web:compileslack-api-client-1.39.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name slack-api-client High Vendor jar package name api Highest Vendor jar package name slack Highest Vendor Manifest build-jdk-spec 17 Low Vendor pom artifactid slack-api-client Highest Vendor pom artifactid slack-api-client Low Vendor pom groupid com.slack.api Highest Vendor pom parent-artifactid slack-sdk-parent Low Product file name slack-api-client High Product jar package name api Highest Product jar package name slack Highest Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title slack-api-client High Product pom artifactid slack-api-client Highest Product pom groupid com.slack.api Highest Product pom parent-artifactid slack-sdk-parent Medium Version file version 1.39.2 High Version Manifest Implementation-Version 1.39.2 High Version pom version 1.39.2 Highest
slack-api-model-1.39.2.jarFile Path: /home/jenkins/.m2/repository/com/slack/api/slack-api-model/1.39.2/slack-api-model-1.39.2.jarMD5: e8f65040a716d1ae942c00cbf1965790SHA1: 52d66fb21b762c1d52c7a18cc9314638aaadf33bSHA256: 714c13445c855d67ef5676272ce62e4ccd82630015887413253c60dc9d65315eReferenced In Project/Scope: Gemma Web:compileslack-api-model-1.39.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name slack-api-model High Vendor jar package name api Highest Vendor jar package name model Highest Vendor jar package name slack Highest Vendor Manifest build-jdk-spec 17 Low Vendor pom artifactid slack-api-model Highest Vendor pom artifactid slack-api-model Low Vendor pom groupid com.slack.api Highest Vendor pom parent-artifactid slack-sdk-parent Low Product file name slack-api-model High Product jar package name api Highest Product jar package name model Highest Product jar package name slack Highest Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title slack-api-model High Product pom artifactid slack-api-model Highest Product pom groupid com.slack.api Highest Product pom parent-artifactid slack-sdk-parent Medium Version file version 1.39.2 High Version Manifest Implementation-Version 1.39.2 High Version pom version 1.39.2 Highest
slf4j-api-1.7.36.jarDescription:
The slf4j API File Path: /home/jenkins/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jarMD5: 872da51f5de7f3923da4de871d57fd85SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14SHA256: d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/io.swagger.core.v3/swagger-core@2.2.22 pkg:maven/org.quartz-scheduler/quartz@1.8.6 pkg:maven/org.apache.velocity/velocity-engine-core@2.3 pkg:maven/baseCode/baseCode@1.1.23 pkg:maven/baseCode/baseCode@1.1.23 Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.slf4j Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest automatic-module-name org.slf4j Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.36 High Version Manifest Bundle-Version 1.7.36 High Version Manifest Implementation-Version 1.7.36 High Version pom version 1.7.36 Highest
snakeyaml-2.2.jarDescription:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256: 1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma REST:compile Gemma Web:compile snakeyaml-2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.apache.groovy/groovy-all@4.0.21 pkg:maven/io.swagger.core.v3/swagger-core@2.2.22 Evidence Type Source Name Value Confidence Vendor file name snakeyaml High Vendor jar package name emitter Highest Vendor jar package name org Highest Vendor jar package name parser Highest Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor Manifest multi-release true Low Vendor pom artifactid snakeyaml Highest Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email public.somov@gmail.com Low Vendor pom developer id asomov Medium Vendor pom developer id maslovalex Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url https://bitbucket.org/snakeyaml/snakeyaml Highest Product file name snakeyaml High Product jar package name emitter Highest Product jar package name org Highest Product jar package name parser Highest Product jar package name snakeyaml Highest Product jar package name yaml Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name SnakeYAML Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product Manifest multi-release true Low Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email public.somov@gmail.com Low Product pom developer id asomov Low Product pom developer id maslovalex Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url https://bitbucket.org/snakeyaml/snakeyaml Medium Version file version 2.2 High Version pom version 2.2 Highest
solr-core-3.6.2.jarDescription:
Apache Solr Core File Path: /home/jenkins/.m2/repository/org/apache/solr/solr-core/3.6.2/solr-core-3.6.2.jarMD5: 5c1ed4b8c48a422451f4566bc1a60d3aSHA1: 6a7fd7092ba403e9002dd935bbf6a42141a80c8cSHA256: 4369b38e5f600c81653f221776d7087aa7428084795d5fe7bf9896fd3ac83377Referenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile solr-core-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name solr-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name solr Highest Vendor Manifest extension-name org.apache.solr Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid solr-core Highest Vendor pom artifactid solr-core Low Vendor pom groupid org.apache.solr Highest Vendor pom name Apache Solr Core High Vendor pom parent-artifactid solr-parent Low Product file name solr-core High Product jar package name apache Highest Product jar package name core Highest Product jar package name search Highest Product jar package name solr Highest Product Manifest extension-name org.apache.solr Medium Product Manifest Implementation-Title org.apache.solr High Product Manifest specification-title Apache Solr Search Server: solr-core Medium Product pom artifactid solr-core Highest Product pom groupid org.apache.solr Highest Product pom name Apache Solr Core High Product pom parent-artifactid solr-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
CVE-2021-27905 suppress
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. CWE-918 Server-Side Request Forgery (SSRF)
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2021-44548 suppress
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-20 Improper Input Validation, CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2021-29943 suppress
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2020-13941 suppress
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2012-6612 suppress
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2017-3163 suppress
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-3164 suppress
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. CWE-918 Server-Side Request Forgery (SSRF)
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-1308 suppress
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-12401 suppress
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it���s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-29262 suppress
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. CWE-522 Insufficiently Protected Credentials
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2019-0193 suppress
CISA Known Exploited Vulnerability: Product: Apache Solr Name: Apache Solr DataImportHandler Code Injection Vulnerability Date Added: 2021-12-10 Description: The optional Apache Solr module DataImportHandler contains a code injection vulnerability. Required Action: Apply updates per vendor instructions. Due Date: 2022-06-10
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (7.2) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2013-6407 suppress
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2013-6408 suppress
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2015-8795 suppress
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2015-8796 suppress
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2015-8797 suppress
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-8026 (OSSINDEX) suppress
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.solr:solr-core:3.6.2:*:*:*:*:*:*:* CVE-2013-6397 suppress
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-11802 suppress
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin). CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
solr-solrj-3.6.2.jarDescription:
Apache Solr Solrj File Path: /home/jenkins/.m2/repository/org/apache/solr/solr-solrj/3.6.2/solr-solrj-3.6.2.jarMD5: 34df7ce752a336588fc80f4f67926e46SHA1: 7f7e4dc77f72b86eb198fb9199f8e1eebf800ba8SHA256: 135f76fb0c12ef41fad818b7a4be6595400e1481258c460e809079bc2393819bReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile solr-solrj-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name solr-solrj High Vendor jar package name apache Highest Vendor jar package name solr Highest Vendor jar package name solrj Highest Vendor Manifest extension-name org.apache.solr Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid solr-solrj Highest Vendor pom artifactid solr-solrj Low Vendor pom groupid org.apache.solr Highest Vendor pom name Apache Solr Solrj High Vendor pom parent-artifactid solr-parent Low Product file name solr-solrj High Product jar package name apache Highest Product jar package name solr Highest Product jar package name solrj Highest Product Manifest extension-name org.apache.solr Medium Product Manifest Implementation-Title org.apache.solr High Product Manifest specification-title Apache Solr Search Server: solr-solrj Medium Product pom artifactid solr-solrj Highest Product pom groupid org.apache.solr Highest Product pom name Apache Solr Solrj High Product pom parent-artifactid solr-parent Medium Version file version 3.6.2 High Version pom version 3.6.2 Highest
Related Dependencies solr-analysis-extras-3.6.2.jarFile Path: /home/jenkins/.m2/repository/org/apache/solr/solr-analysis-extras/3.6.2/solr-analysis-extras-3.6.2.jar MD5: 5935c8fe0ea1a1ffd40cafe0fb072e30 SHA1: 0865d794b0c3c8d4bbc2ff2f2d4b0fd90bc18ddb SHA256: 040f7cef093a5dc87f8241d342e6d75c1fdb839d59a039349b3dcc31b583b455 pkg:maven/org.apache.solr/solr-analysis-extras@3.6.2 CVE-2021-27905 suppress
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. CWE-918 Server-Side Request Forgery (SSRF)
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2021-44548 suppress
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-20 Improper Input Validation, CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2021-29943 suppress
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2020-13941 suppress
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2012-6612 suppress
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2017-3163 suppress
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-3164 suppress
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. CWE-918 Server-Side Request Forgery (SSRF)
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-1308 suppress
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-12401 suppress
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it���s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-29262 suppress
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. CWE-522 Insufficiently Protected Credentials
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2019-0193 suppress
CISA Known Exploited Vulnerability: Product: Apache Solr Name: Apache Solr DataImportHandler Code Injection Vulnerability Date Added: 2021-12-10 Description: The optional Apache Solr module DataImportHandler contains a code injection vulnerability. Required Action: Apply updates per vendor instructions. Due Date: 2022-06-10
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (7.2) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2013-6407 suppress
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2013-6408 suppress
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2015-8795 suppress
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2015-8796 suppress
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2015-8797 suppress
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2013-6397 suppress
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-11802 suppress
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin). CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
spring-bridge-2.5.0-b32.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/spring-bridge/2.5.0-b32/spring-bridge-2.5.0-b32.jar
MD5: 6ae9e7388f599d06bb76539c4a5e2755
SHA1: f38ecef23edc769942a95c062efd63541044de42
SHA256: 44f5a5f44d1b52e8cd252ee160b900b079d4ec273cfaffb329e8a986a65d3b70
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile spring-bridge-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-bridge High Vendor jar package name bridge Highest Vendor jar package name hk2 Highest Vendor jar package name spring Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.spring-bridge Medium Vendor pom artifactid spring-bridge Highest Vendor pom artifactid spring-bridge Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 Spring Bridge High Vendor pom parent-artifactid hk2-parent Low Product file name spring-bridge High Product jar package name bridge Highest Product jar package name hk2 Highest Product jar package name spring Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 Spring Bridge Medium Product Manifest bundle-symbolicname org.glassfish.hk2.spring-bridge Medium Product pom artifactid spring-bridge Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 Spring Bridge High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
spring-core-3.2.18.RELEASE.jarDescription:
Spring Core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/spring-core/3.2.18.RELEASE/spring-core-3.2.18.RELEASE.jar
MD5: 635537b54653d8155b107630ae41599e
SHA1: 0e2bd9c162280cd79c2ea0f67f174ee5d7b84ddd
SHA256: 5c7ab868509a6b1214ebe557bfcf489cfac6e1ae4c4a39181b0fe66621fbe32e
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile spring-core-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name springframework Highest Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom developer email jhoeller@gopivotal.com Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Core High Vendor pom organization name SpringSource High Vendor pom organization url http://springsource.org/spring-framework Medium Vendor pom url SpringSource/spring-framework Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name springframework Highest Product Manifest Implementation-Title spring-core High Product pom artifactid spring-core Highest Product pom developer email jhoeller@gopivotal.com Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Core High Product pom organization name SpringSource Low Product pom organization url http://springsource.org/spring-framework Low Product pom url SpringSource/spring-framework High Version Manifest Implementation-Version 3.2.18.RELEASE High Version pom version 3.2.18.RELEASE Highest
Related Dependencies spring-aop-3.2.18.RELEASE.jarFile Path: /home/jenkins/.m2/repository/org/springframework/spring-aop/3.2.18.RELEASE/spring-aop-3.2.18.RELEASE.jar MD5: a5a704f4d13928ebb1a4c81462d3a247 SHA1: bf3bd91214a6d0b4c4daeefbe3fcf008d9e3a368 SHA256: e8ecaea84ec5b6436b8b2562687bee81530ebb5224df816b78d658d3ceb8f2e5 pkg:maven/org.springframework/spring-aop@3.2.18.RELEASE spring-aspects-3.2.18.RELEASE.jarFile Path: /home/jenkins/.m2/repository/org/springframework/spring-aspects/3.2.18.RELEASE/spring-aspects-3.2.18.RELEASE.jar MD5: c6679726bb8f0e0143176a76649c79e9 SHA1: 6da09d3fffb160da4dcbfcb37f2c69841dc5880c SHA256: 4e01023c33a40401f331faa95af64fdddef2c6e8aa1686c8f21b385aa32f818c pkg:maven/org.springframework/spring-aspects@3.2.18.RELEASE spring-beans-3.2.18.RELEASE.jarFile Path: /home/jenkins/.m2/repository/org/springframework/spring-beans/3.2.18.RELEASE/spring-beans-3.2.18.RELEASE.jar MD5: e013e91aed4aeb10321131a2a10ac6fe SHA1: 4c0bb7e1a69d650145e8e08a3bcc03a8bc3c453e SHA256: 3ca7e8e3a2a053229fef927a315f038ee94a79368c396e50727eeedce9aef2c9 pkg:maven/org.springframework/spring-beans@3.2.18.RELEASE spring-context-3.2.18.RELEASE.jarFile Path: /home/jenkins/.m2/repository/org/springframework/spring-context/3.2.18.RELEASE/spring-context-3.2.18.RELEASE.jar MD5: f72aefc506821e60d5d254901f72d746 SHA1: e8dc9e1b55bfb6ad5ad49b358d5ca6e3d4cd7488 SHA256: 41f1e205169af8a7e8e8581ede75ddb01b0bf6f29359ced7fe77bd26e01c4e1b pkg:maven/org.springframework/spring-context@3.2.18.RELEASE spring-context-support-3.2.18.RELEASE.jarFile Path: /home/jenkins/.m2/repository/org/springframework/spring-context-support/3.2.18.RELEASE/spring-context-support-3.2.18.RELEASE.jar MD5: 077c613b8efd365d6eb6ff933be4a332 SHA1: 04350e904118d340ac3bab577a3cf1ce5e978bb2 SHA256: a5645bbc23d35d20641bdff73829306453b13fff74a5969f72eebf493ef39b5c pkg:maven/org.springframework/spring-context-support@3.2.18.RELEASE spring-jdbc-3.2.18.RELEASE.jarFile Path: /home/jenkins/.m2/repository/org/springframework/spring-jdbc/3.2.18.RELEASE/spring-jdbc-3.2.18.RELEASE.jar MD5: f0ca9a9c8d69e52602135dfa899e4276 SHA1: ff23752b5d75c96ffa6b3ec5055cbc07ed8f0675 SHA256: 67a62ad92532d5c9794c9d0ac74b39e4b5d73a922d17be03364a36f94eab2a55 pkg:maven/org.springframework/spring-jdbc@3.2.18.RELEASE spring-orm-3.2.18.RELEASE.jarFile Path: /home/jenkins/.m2/repository/org/springframework/spring-orm/3.2.18.RELEASE/spring-orm-3.2.18.RELEASE.jar MD5: d3988e940fc9c2ac60ce294ccb0d3d4d SHA1: 4a771498e04a81d107349ce717251558f8f24931 SHA256: 17d7e406fcf8f0ed172351fa126ced9dee60398371d697b05f8d154accda5169 pkg:maven/org.springframework/spring-orm@3.2.18.RELEASE spring-tx-3.2.18.RELEASE.jarFile Path: /home/jenkins/.m2/repository/org/springframework/spring-tx/3.2.18.RELEASE/spring-tx-3.2.18.RELEASE.jar MD5: 1ccd406eebc11d7cf0e77a1cd3a5568a SHA1: fdd56c7f7ac4ee463bae12ddcb2edb0afccbdde6 SHA256: 3663fdd44cdc0086db0174400feaad6d8b37d664f1bb822604c5345113aa251c pkg:maven/org.springframework/spring-tx@3.2.18.RELEASE CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2022-22965 suppress
CISA Known Exploited Vulnerability: Product: VMware Spring Framework Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability Date Added: 2022-04-04 Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Required Action: Apply updates per vendor instructions. Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-5007 suppress
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22950 suppress
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A References:
OSSINDEX - [CVE-2018-11039] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11039 OSSIndex - https://jira.spring.io/browse/SPR-16836 OSSIndex - https://pivotal.io/security/cve-2018-11039 security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - MITIGATION,VENDOR_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2022-22968 suppress
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. CWE-178 Improper Handling of Case Sensitivity
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22970 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-expression-3.2.18.RELEASE.jarDescription:
Spring Expression Language (SpEL) License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/spring-expression/3.2.18.RELEASE/spring-expression-3.2.18.RELEASE.jar
MD5: 7e5fbe8696a4e71dc310c1ff9f8286e1
SHA1: 070c1fb9f2111601193e01a8d0c3ccbca1bf3706
SHA256: cde7eda6cc2270ab726f963aeb546c3f4db76746c661c247fbfb5d2a4d2f4411
Referenced In Projects/Scopes: Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma:runtime Gemma Web:runtime Gemma REST:runtime spring-expression-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-expression High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name expression Highest Vendor jar package name spel Highest Vendor jar package name springframework Highest Vendor pom artifactid spring-expression Highest Vendor pom artifactid spring-expression Low Vendor pom developer email jhoeller@gopivotal.com Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Expression Language (SpEL) High Vendor pom organization name SpringSource High Vendor pom organization url http://springsource.org/spring-framework Medium Vendor pom url SpringSource/spring-framework Highest Product file name spring-expression High Product hint analyzer product springsource_spring_framework Highest Product jar package name expression Highest Product jar package name spel Highest Product jar package name springframework Highest Product Manifest Implementation-Title spring-expression High Product pom artifactid spring-expression Highest Product pom developer email jhoeller@gopivotal.com Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Expression Language (SpEL) High Product pom organization name SpringSource Low Product pom organization url http://springsource.org/spring-framework Low Product pom url SpringSource/spring-framework High Version Manifest Implementation-Version 3.2.18.RELEASE High Version pom version 3.2.18.RELEASE Highest
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
OSSINDEX - [CVE-2018-1270] CWE-358: Improperly Implemented Security Check for Standard OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1270 OSSIndex - http://www.polaris-lab.com/index.php/archives/501/ OSSIndex - https://chybeta.github.io/2018/04/07/spring-messaging-Remote-Code-Execution-%E5%88%86%E6%9E%90-%E3%80%90CVE-2018-1270%E3%80%91/ OSSIndex - https://jira.spring.io/browse/SPR-16588 security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2022-22965 suppress
CISA Known Exploited Vulnerability: Product: VMware Spring Framework Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability Date Added: 2022-04-04 Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Required Action: Apply updates per vendor instructions. Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-5007 suppress
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22950 suppress
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20863 (OSSINDEX) suppress
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-expression:3.2.18.RELEASE:*:*:*:*:*:*:* CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A References:
security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - MITIGATION,VENDOR_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2022-22968 suppress
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. CWE-178 Improper Handling of Case Sensitivity
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22970 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-oxm-3.2.4.RELEASE.jarDescription:
Spring Object/XML Marshalling License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/spring-oxm/3.2.4.RELEASE/spring-oxm-3.2.4.RELEASE.jar
MD5: 2abb980787ce24a67a9496172cef65cf
SHA1: 1de9e0537d7ea233668540577e72d86ff6df6d8b
SHA256: fc259b1b0946c862527c5714dca66f6e884ce8249b35d146bed0fa66d553b1e8
Referenced In Project/Scope: Gemma Web:compile
spring-oxm-3.2.4.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASE
Evidence Type Source Name Value Confidence Vendor file name spring-oxm High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name oxm Highest Vendor jar package name springframework Highest Vendor pom artifactid spring-oxm Highest Vendor pom artifactid spring-oxm Low Vendor pom developer email jhoeller@vmware.com Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Object/XML Marshalling High Vendor pom organization name SpringSource High Vendor pom organization url http://springsource.org/spring-framework Medium Vendor pom url SpringSource/spring-framework Highest Product file name spring-oxm High Product hint analyzer product springsource_spring_framework Highest Product jar package name oxm Highest Product jar package name springframework Highest Product Manifest Implementation-Title spring-oxm High Product pom artifactid spring-oxm Highest Product pom developer email jhoeller@vmware.com Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Object/XML Marshalling High Product pom organization name SpringSource Low Product pom organization url http://springsource.org/spring-framework Low Product pom url SpringSource/spring-framework High Version Manifest Implementation-Version 3.2.4.RELEASE High Version pom version 3.2.4.RELEASE Highest
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2022-22965 suppress
CISA Known Exploited Vulnerability: Product: VMware Spring Framework Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability Date Added: 2022-04-04 Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Required Action: Apply updates per vendor instructions. Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2015-5211 suppress
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. CWE-552 Files or Directories Accessible to External Parties
CVSSv2:
Base Score: HIGH (9.3) Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C CVSSv3:
Base Score: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2014-0225 suppress
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-5007 suppress
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. CWE-611 Improper Restriction of XML External Entity Reference, CWE-352 Cross-Site Request Forgery (CSRF)
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. CWE-352 Cross-Site Request Forgery (CSRF)
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22950 suppress
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A References:
security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - MITIGATION,VENDOR_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2015-3192 suppress
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22968 suppress
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. CWE-178 Improper Handling of Case Sensitivity
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22970 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2014-3578 suppress
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2014-3625 suppress
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
spring-retry-1.0.3.RELEASE.jarDescription:
Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff.
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/retry/spring-retry/1.0.3.RELEASE/spring-retry-1.0.3.RELEASE.jar
MD5: 5d5f5046b698320b27d4f86285928a34
SHA1: 33b967f6abaa0a496318bff2ce96e6da6285a54d
SHA256: d8f2fd2339e794f4dd78e29d44b33f1f0b5fa687525abee8e7246f61d9cd9fca
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile spring-retry-1.0.3.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-retry High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name backoff Highest Vendor jar package name policy Highest Vendor jar package name retry Highest Vendor jar package name springframework Highest Vendor Manifest bundle-symbolicname org.springframework.retry Medium Vendor pom artifactid spring-retry Highest Vendor pom artifactid spring-retry Low Vendor pom developer email dsyer@vmware.com Low Vendor pom developer id dsyer Medium Vendor pom developer name Dave Syer Medium Vendor pom groupid org.springframework.retry Highest Vendor pom name Spring Retry High Vendor pom organization name SpringSource High Vendor pom organization url http://www.springsource.com Medium Vendor pom url http://www.springsource.org Highest Product file name spring-retry High Product jar package name backoff Highest Product jar package name policy Highest Product jar package name retry Highest Product jar package name springframework Highest Product Manifest Bundle-Name Spring Retry Medium Product Manifest bundle-symbolicname org.springframework.retry Medium Product pom artifactid spring-retry Highest Product pom developer email dsyer@vmware.com Low Product pom developer id dsyer Low Product pom developer name Dave Syer Low Product pom groupid org.springframework.retry Highest Product pom name Spring Retry High Product pom organization name SpringSource Low Product pom organization url http://www.springsource.com Low Product pom url http://www.springsource.org Medium Version Manifest Bundle-Version 1.0.3.RELEASE High Version pom version 1.0.3.RELEASE Highest
spring-security-acl-3.2.10.RELEASE.jarDescription:
spring-security-acl License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-acl/3.2.10.RELEASE/spring-security-acl-3.2.10.RELEASE.jar
MD5: f87a9ef5d7952bc6f8096b3223d67e19
SHA1: 0417714b1b6c7f11cb6c2a5ee4c3738d43353928
SHA256: 7916014dbd3c61585d92aeb14e4c74584c60b7858bfb8e63b2af4560d1955315
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile spring-security-acl-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-acl High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name acls Low Vendor jar package name security Highest Vendor jar package name security Low Vendor jar package name springframework Highest Vendor jar package name springframework Low Vendor pom artifactid spring-security-acl Highest Vendor pom artifactid spring-security-acl Low Vendor pom developer email rwinch@gopivotal.com Low Vendor pom developer id rwinch Medium Vendor pom developer name Rob Winch Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-acl High Vendor pom organization name spring.io High Vendor pom organization url http://spring.io/ Medium Vendor pom url http://spring.io/spring-security Highest Product file name spring-security-acl High Product jar package name acls Low Product jar package name security Highest Product jar package name security Low Product jar package name springframework Highest Product pom artifactid spring-security-acl Highest Product pom developer email rwinch@gopivotal.com Low Product pom developer id rwinch Low Product pom developer name Rob Winch Low Product pom groupid org.springframework.security Highest Product pom name spring-security-acl High Product pom organization name spring.io Low Product pom organization url http://spring.io/ Low Product pom url http://spring.io/spring-security Medium Version pom version 3.2.10.RELEASE Highest
Related Dependencies spring-security-taglibs-3.2.10.RELEASE.jar CVE-2022-22978 suppress
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22112 suppress
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-5007 suppress
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22976 suppress
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-security-config-3.2.10.RELEASE.jarDescription:
spring-security-config License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-config/3.2.10.RELEASE/spring-security-config-3.2.10.RELEASE.jar
MD5: 8c8534526c1ed31e3cdc65523e782e3c
SHA1: c8c9c742067d5a4879bf8db289cb48b60262056a
SHA256: f8849bb9e245423924ccdaee6693d497f1b4d2dd2069e7695d4fdd2b82a2f5b3
Referenced In Projects/Scopes: Gemma CLI:runtime Gemma Core:runtime Gemma Groovy Support:runtime Gemma:runtime Gemma Web:runtime Gemma REST:runtime spring-security-config-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-config High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name config Highest Vendor jar package name config Low Vendor jar package name security Highest Vendor jar package name security Low Vendor jar package name springframework Highest Vendor jar package name springframework Low Vendor pom artifactid spring-security-config Highest Vendor pom artifactid spring-security-config Low Vendor pom developer email rwinch@gopivotal.com Low Vendor pom developer id rwinch Medium Vendor pom developer name Rob Winch Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-config High Vendor pom organization name spring.io High Vendor pom organization url http://spring.io/ Medium Vendor pom url http://spring.io/spring-security Highest Product file name spring-security-config High Product jar package name annotation Low Product jar package name config Highest Product jar package name config Low Product jar package name security Highest Product jar package name security Low Product jar package name springframework Highest Product pom artifactid spring-security-config Highest Product pom developer email rwinch@gopivotal.com Low Product pom developer id rwinch Low Product pom developer name Rob Winch Low Product pom groupid org.springframework.security Highest Product pom name spring-security-config High Product pom organization name spring.io Low Product pom organization url http://spring.io/ Low Product pom url http://spring.io/spring-security Medium Version pom version 3.2.10.RELEASE Highest
CVE-2022-22978 suppress
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22112 suppress
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-5007 suppress
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20862 (OSSINDEX) suppress
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-20862 for details CWE-459 Incomplete Cleanup
CVSSv3:
Base Score: MEDIUM (6.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-config:3.2.10.RELEASE:*:*:*:*:*:*:* CVE-2018-1199 (OSSINDEX) suppress
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (5.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-config:3.2.10.RELEASE:*:*:*:*:*:*:* CVE-2022-22976 suppress
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-security-core-3.2.10.RELEASE.jarDescription:
spring-security-core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-core/3.2.10.RELEASE/spring-security-core-3.2.10.RELEASE.jar
MD5: 86427a3f1e565f975b48cb8b9be4649d
SHA1: e8018fab2ada266288d1db83cc4e452de1e2ed1c
SHA256: 10443ef19e3cbe2b82197983d7fa0dec5bebd40dc3ca2c0cf02864359cdc2c93
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile spring-security-core-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name security Highest Vendor jar package name security Low Vendor jar package name springframework Highest Vendor jar package name springframework Low Vendor pom artifactid spring-security-core Highest Vendor pom artifactid spring-security-core Low Vendor pom developer email rwinch@gopivotal.com Low Vendor pom developer id rwinch Medium Vendor pom developer name Rob Winch Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-core High Vendor pom organization name spring.io High Vendor pom organization url http://spring.io/ Medium Vendor pom url http://spring.io/spring-security Highest Product file name spring-security-core High Product jar package name core Highest Product jar package name security Highest Product jar package name security Low Product jar package name springframework Highest Product pom artifactid spring-security-core Highest Product pom developer email rwinch@gopivotal.com Low Product pom developer id rwinch Low Product pom developer name Rob Winch Low Product pom groupid org.springframework.security Highest Product pom name spring-security-core High Product pom organization name spring.io Low Product pom organization url http://spring.io/ Low Product pom url http://spring.io/spring-security Medium Version pom version 3.2.10.RELEASE Highest
CVE-2022-22978 suppress
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22112 suppress
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2024-22257 (OSSINDEX) suppress
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
CWE-1390 Weak Authentication
CVSSv3:
Base Score: HIGH (8.199999809265137) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-core:3.2.10.RELEASE:*:*:*:*:*:*:* CVE-2016-5007 suppress
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-11272 (OSSINDEX) suppress
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". CWE-522 Insufficiently Protected Credentials
CVSSv3:
Base Score: HIGH (7.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-core:3.2.10.RELEASE:*:*:*:*:*:*:* CVE-2019-3795 (OSSINDEX) suppress
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2019-3795 for details CWE-330 Use of Insufficiently Random Values
CVSSv3:
Base Score: MEDIUM (5.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-core:3.2.10.RELEASE:*:*:*:*:*:*:* CVE-2022-22976 suppress
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-security-web-3.2.10.RELEASE.jarDescription:
spring-security-web License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-web/3.2.10.RELEASE/spring-security-web-3.2.10.RELEASE.jar
MD5: 22b94b4f676727805952091f92cd60f5
SHA1: b925996ca5a7310e3315705cd2b69a15214ee3e1
SHA256: 84b59931956693916e744977cec02db88fcd17eb11f47081d46b7fdc5196b1dd
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile spring-security-web-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name security Highest Vendor jar package name security Low Vendor jar package name springframework Highest Vendor jar package name springframework Low Vendor jar package name web Highest Vendor jar package name web Low Vendor pom artifactid spring-security-web Highest Vendor pom artifactid spring-security-web Low Vendor pom developer email rwinch@gopivotal.com Low Vendor pom developer id rwinch Medium Vendor pom developer name Rob Winch Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-web High Vendor pom organization name spring.io High Vendor pom organization url http://spring.io/ Medium Vendor pom url http://spring.io/spring-security Highest Product file name spring-security-web High Product jar package name security Highest Product jar package name security Low Product jar package name springframework Highest Product jar package name web Highest Product jar package name web Low Product pom artifactid spring-security-web Highest Product pom developer email rwinch@gopivotal.com Low Product pom developer id rwinch Low Product pom developer name Rob Winch Low Product pom groupid org.springframework.security Highest Product pom name spring-security-web High Product pom organization name spring.io Low Product pom organization url http://spring.io/ Low Product pom url http://spring.io/spring-security Medium Version pom version 3.2.10.RELEASE Highest
CVE-2022-22978 suppress
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22112 suppress
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-5007 suppress
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-9879 (OSSINDEX) suppress
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected. CWE-417 Communication Channel Errors
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-web:3.2.10.RELEASE:*:*:*:*:*:*:* CVE-2023-20862 (OSSINDEX) suppress
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-20862 for details CWE-459 Incomplete Cleanup
CVSSv3:
Base Score: MEDIUM (6.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-web:3.2.10.RELEASE:*:*:*:*:*:*:* CVE-2018-1199 (OSSINDEX) suppress
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (5.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-web:3.2.10.RELEASE:*:*:*:*:*:*:* CVE-2022-22976 suppress
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-social-core-1.0.3.RELEASE.jarDescription:
Foundational module containing the ServiceProvider Connect Framework and Service API invocation support. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/social/spring-social-core/1.0.3.RELEASE/spring-social-core-1.0.3.RELEASE.jar
MD5: 5e3390fe11574f09c63be485eea284c7
SHA1: 44e648f23b45162c698e255a16759832dfcfc004
SHA256: 07729c0ba458698cd1047a017894c5084d79aaf5cf1ccafb75710ad6e0c230c1
Referenced In Project/Scope: Gemma Web:runtime
spring-social-core-1.0.3.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spring-social-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name connect Highest Vendor jar package name serviceprovider Highest Vendor jar package name social Highest Vendor jar package name springframework Highest Vendor jar package name support Highest Vendor pom artifactid spring-social-core Highest Vendor pom artifactid spring-social-core Low Vendor pom developer email cwalls@vmware.com Low Vendor pom developer id cwalls Medium Vendor pom developer name Craig Walls Medium Vendor pom groupid org.springframework.social Highest Vendor pom name Foundational module containing the ServiceProvider Connect Framework and Service API invocation support. High Vendor pom organization name SpringSource High Vendor pom organization url http://springsource.org/spring-social Medium Vendor pom url SpringSource/spring-social Highest Product file name spring-social-core High Product jar package name connect Highest Product jar package name serviceprovider Highest Product jar package name social Highest Product jar package name springframework Highest Product jar package name support Highest Product Manifest Implementation-Title spring-social-core High Product pom artifactid spring-social-core Highest Product pom developer email cwalls@vmware.com Low Product pom developer id cwalls Low Product pom developer name Craig Walls Low Product pom groupid org.springframework.social Highest Product pom name Foundational module containing the ServiceProvider Connect Framework and Service API invocation support. High Product pom organization name SpringSource Low Product pom organization url http://springsource.org/spring-social Low Product pom url SpringSource/spring-social High Version Manifest Implementation-Version 1.0.3.RELEASE High Version pom version 1.0.3.RELEASE Highest
CVE-2015-5258 suppress
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. CWE-352 Cross-Site Request Forgery (CSRF)
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
spring-web-3.2.18.RELEASE.jarDescription:
Spring Web License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/spring-web/3.2.18.RELEASE/spring-web-3.2.18.RELEASE.jar
MD5: c3435c31fea5f1e479b4bb5eba32133d
SHA1: bc0bdade0a7a52b8fae88e1febc8479383a2acad
SHA256: 0aa220d3703eaf6eff670423978566a2af506fb9ea8bb728fa05bb16bdc74e9c
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile spring-web-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework/spring-webmvc@3.2.18.RELEASE pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor pom artifactid spring-web Highest Vendor pom artifactid spring-web Low Vendor pom developer email jhoeller@gopivotal.com Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web High Vendor pom organization name SpringSource High Vendor pom organization url http://springsource.org/spring-framework Medium Vendor pom url SpringSource/spring-framework Highest Product file name spring-web High Product hint analyzer product springsource_spring_framework Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest Implementation-Title spring-web High Product pom artifactid spring-web Highest Product pom developer email jhoeller@gopivotal.com Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web High Product pom organization name SpringSource Low Product pom organization url http://springsource.org/spring-framework Low Product pom url SpringSource/spring-framework High Version Manifest Implementation-Version 3.2.18.RELEASE High Version pom version 3.2.18.RELEASE Highest
CVE-2016-1000027 suppress
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2022-22965 suppress
CISA Known Exploited Vulnerability: Product: VMware Spring Framework Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability Date Added: 2022-04-04 Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Required Action: Apply updates per vendor instructions. Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2024-22243 (OSSINDEX) suppress
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-22243 for details CWE-20 Improper Input Validation
CVSSv3:
Base Score: HIGH (8.100000381469727) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-web:3.2.18.RELEASE:*:*:*:*:*:*:* CVE-2024-22262 (OSSINDEX) suppress
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CWE-20 Improper Input Validation
CVSSv3:
Base Score: HIGH (8.100000381469727) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-web:3.2.18.RELEASE:*:*:*:*:*:*:* CVE-2016-5007 suppress
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 (OSSINDEX) suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. CWE-264 Permissions, Privileges, and Access Controls
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-web:3.2.18.RELEASE:*:*:*:*:*:*:* CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22950 suppress
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A References:
OSSINDEX - [CVE-2018-11039] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11039 OSSIndex - https://jira.spring.io/browse/SPR-16836 OSSIndex - https://pivotal.io/security/cve-2018-11039 security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - MITIGATION,VENDOR_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2022-22968 suppress
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. CWE-178 Improper Handling of Case Sensitivity
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22970 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-webmvc-3.2.18.RELEASE.jarDescription:
Spring Web MVC License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/springframework/spring-webmvc/3.2.18.RELEASE/spring-webmvc-3.2.18.RELEASE.jar
MD5: 2cb8a9569b95a76a0485d71c913c1819
SHA1: 60e5bb3dc9cb83d6cc53628082ec89a57d4832b2
SHA256: effcce98fd4e9fa95c9a53e49db801f1e2d011ee6dcbb7a7eb1a3ca3bcb2cfd5
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile spring-webmvc-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-webmvc High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name mvc Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor pom artifactid spring-webmvc Highest Vendor pom artifactid spring-webmvc Low Vendor pom developer email jhoeller@gopivotal.com Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web MVC High Vendor pom organization name SpringSource High Vendor pom organization url http://springsource.org/spring-framework Medium Vendor pom url SpringSource/spring-framework Highest Product file name spring-webmvc High Product hint analyzer product springsource_spring_framework Highest Product jar package name mvc Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest Implementation-Title spring-webmvc High Product pom artifactid spring-webmvc Highest Product pom developer email jhoeller@gopivotal.com Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web MVC High Product pom organization name SpringSource Low Product pom organization url http://springsource.org/spring-framework Low Product pom url SpringSource/spring-framework High Version Manifest Implementation-Version 3.2.18.RELEASE High Version pom version 3.2.18.RELEASE Highest
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY security_alert@emc.com - THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2022-22965 suppress
CISA Known Exploited Vulnerability: Product: VMware Spring Framework Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability Date Added: 2022-04-04 Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Required Action: Apply updates per vendor instructions. Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-5007 suppress
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22950 suppress
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 (OSSINDEX) suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv3:
Base Score: MEDIUM (5.900000095367432) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-webmvc:3.2.18.RELEASE:*:*:*:*:*:*:* CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A References:
OSSINDEX - [CVE-2018-11039] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11039 OSSIndex - https://jira.spring.io/browse/SPR-16836 OSSIndex - https://pivotal.io/security/cve-2018-11039 security_alert@emc.com - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY security_alert@emc.com - MAILING_LIST,THIRD_PARTY_ADVISORY security_alert@emc.com - MITIGATION,VENDOR_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY security_alert@emc.com - PATCH,THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2022-22968 suppress
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. CWE-178 Improper Handling of Case Sensitivity
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22970 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22060 (OSSINDEX) suppress
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. CWE-117 Improper Output Neutralization for Logs
CVSSv3:
Base Score: MEDIUM (4.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-webmvc:3.2.18.RELEASE:*:*:*:*:*:*:* spring-ws-core-2.1.4.RELEASE.jarDescription:
Spring Web Services Core package. File Path: /home/jenkins/.m2/repository/org/springframework/ws/spring-ws-core/2.1.4.RELEASE/spring-ws-core-2.1.4.RELEASE.jarMD5: 3af5370615b2816ef898934d4d666039SHA1: 136d082e0aa7f43edee019f0779a2555b1c72fd4SHA256: 8782c0b394ada40448ad5ace1914f4a88d3ebe79c92fa79bd3d816fd86222365Referenced In Project/Scope: Gemma Web:compilespring-ws-core-2.1.4.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spring-ws-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor hint analyzer vendor web services Medium Vendor jar package name core Highest Vendor jar package name springframework Highest Vendor jar package name ws Highest Vendor Manifest bundle-symbolicname org.springframework.ws Medium Vendor pom artifactid spring-ws-core Highest Vendor pom artifactid spring-ws-core Low Vendor pom groupid org.springframework.ws Highest Vendor pom name Spring WS Core High Vendor pom parent-artifactid spring-ws-parent Low Product file name spring-ws-core High Product hint analyzer product web services Medium Product jar package name core Highest Product jar package name springframework Highest Product jar package name ws Highest Product Manifest Bundle-Name Spring Web Services Core Medium Product Manifest bundle-symbolicname org.springframework.ws Medium Product pom artifactid spring-ws-core Highest Product pom groupid org.springframework.ws Highest Product pom name Spring WS Core High Product pom parent-artifactid spring-ws-parent Medium Version Manifest Bundle-Version 2.1.4.RELEASE High Version pom version 2.1.4.RELEASE Highest
Related Dependencies spring-xml-2.1.4.RELEASE.jarFile Path: /home/jenkins/.m2/repository/org/springframework/ws/spring-xml/2.1.4.RELEASE/spring-xml-2.1.4.RELEASE.jar MD5: fa30842762dd8913efa9c2f37ecf088d SHA1: fe77b7918833f8305c6e3bbc889bcc9b6b5a885f SHA256: 52778755c73b616f9721cd0d42b0eac8f3bd7d38bd583fad5c77ef8ffc4c4c39 pkg:maven/org.springframework.ws/spring-xml@2.1.4.RELEASE CVE-2019-3773 suppress
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
sprintf.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/lib/sprintf.jsMD5: 0c3e73c7b1e5cca8a023069e95a425f7SHA1: a6cbfbb143b37bc96018ba2f30c5cb9726365968SHA256: 43f65740b06335358f30a556015d0116778974813b8d9060f9a5b775e9a1f9ceReferenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
stax-api-1.0-2.jarDescription:
StAX is a standard XML processing API that allows you to stream XML data from and to your application.
License:
GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html File Path: /home/jenkins/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
SHA256: e8c70ebd76f982c9582a82ef82cf6ce14a7d58a4a4dca5cb7b7fc988c80089b7
Referenced In Project/Scope: Gemma Web:compile
stax-api-1.0-2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASE
Evidence Type Source Name Value Confidence Vendor file name stax-api High Vendor jar package name javax Highest Vendor jar package name javax Low Vendor jar package name stream Highest Vendor jar package name stream Low Vendor jar package name xml Highest Vendor jar package name xml Low Vendor pom artifactid stax-api Highest Vendor pom artifactid stax-api Low Vendor pom groupid javax.xml.stream Highest Vendor pom name Streaming API for XML High Product file name stax-api High Product jar package name javax Highest Product jar package name stream Highest Product jar package name stream Low Product jar package name xml Highest Product jar package name xml Low Product pom artifactid stax-api Highest Product pom groupid javax.xml.stream Highest Product pom name Streaming API for XML High Version pom version 1.0-2 Highest
stax-ex-1.8.3.jarDescription:
Extensions to JSR-173 StAX API. License:
Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/jenkins/.m2/repository/org/jvnet/staxex/stax-ex/1.8.3/stax-ex-1.8.3.jar
MD5: f6d943e74064cc1e7986236699d6cd04
SHA1: 4d69b68ee007aa15238cd4477392068b32747df3
SHA256: bee08da10bbc481418a1af70b9e9a80321b745bfb4dbdebbe98c1aa17c45caf8
Referenced In Project/Scope: Gemma Web:runtime
stax-ex-1.8.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3
Evidence Type Source Name Value Confidence Vendor file name stax-ex High Vendor jar package name jvnet Highest Vendor jar package name staxex Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname org.jvnet.staxex.stax-ex Medium Vendor Manifest implementation-build-id 1.8.3 - 1.8.3-RELEASE-eb4e2c1 Low Vendor Manifest implementation-url https://projects.eclipse.org/projects/ee4j/stax-ex Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.jvnet.staxex Medium Vendor pom artifactid stax-ex Highest Vendor pom artifactid stax-ex Low Vendor pom developer email Roman.Grigoriadi@oracle.com Low Vendor pom developer email Zheng.Jun.Li@oracle.com Low Vendor pom developer id bravehorsie Medium Vendor pom developer id zhengjl Medium Vendor pom developer name Roman Grigoriadi Medium Vendor pom developer name Zheng Jun Li Medium Vendor pom groupid org.jvnet.staxex Highest Vendor pom name Extended StAX API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Product file name stax-ex High Product jar package name jvnet Highest Product jar package name staxex Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Extended StAX API Medium Product Manifest bundle-symbolicname org.jvnet.staxex.stax-ex Medium Product Manifest implementation-build-id 1.8.3 - 1.8.3-RELEASE-eb4e2c1 Low Product Manifest Implementation-Title Extended StAX API High Product Manifest implementation-url https://projects.eclipse.org/projects/ee4j/stax-ex Low Product pom artifactid stax-ex Highest Product pom developer email Roman.Grigoriadi@oracle.com Low Product pom developer email Zheng.Jun.Li@oracle.com Low Product pom developer id bravehorsie Low Product pom developer id zhengjl Low Product pom developer name Roman Grigoriadi Low Product pom developer name Zheng Jun Li Low Product pom groupid org.jvnet.staxex Highest Product pom name Extended StAX API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Version file version 1.8.3 High Version Manifest Bundle-Version 1.8.3 High Version Manifest implementation-build-id 1.8.3 Low Version Manifest Implementation-Version 1.8.3 High Version pom parent-version 1.8.3 Low Version pom version 1.8.3 Highest
swagger-core-2.2.22.jarDescription:
swagger-core License:
"Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html" File Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-core/2.2.22/swagger-core-2.2.22.jar
MD5: 03ddcaa6a062b05e648920c5349325bb
SHA1: bda27a7291d01e96eb4b33bab33ca44f323becaf
SHA256: 8a8753f2425304fa7001eb79064bbba5949a2ab3c096c48096c07a5acea95b9f
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile swagger-core-2.2.22.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name swagger-core High Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name swagger Highest Vendor jar package name v3 Highest Vendor Manifest automatic-module-name io.swagger.v3.core Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-developers frantuma;email="frantuma@yahoo.com";name="Francesco Tumanischvili",fehguy;email="fehguy@gmail.com";name="Tony Tam",webron;email="webron@gmail.com";name="Ron Ratovsky" Low Vendor Manifest bundle-docurl https://github.com/swagger-api/swagger-core/modules/swagger-core Low Vendor Manifest bundle-symbolicname io.swagger.core.v3.swagger-core Medium Vendor Manifest mode development Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low Vendor pom artifactid swagger-core Highest Vendor pom artifactid swagger-core Low Vendor pom groupid io.swagger.core.v3 Highest Vendor pom name swagger-core High Vendor pom parent-artifactid swagger-project Low Product file name swagger-core High Product jar package name core Highest Product jar package name io Highest Product jar package name swagger Highest Product jar package name v3 Highest Product Manifest automatic-module-name io.swagger.v3.core Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-developers frantuma;email="frantuma@yahoo.com";name="Francesco Tumanischvili",fehguy;email="fehguy@gmail.com";name="Tony Tam",webron;email="webron@gmail.com";name="Ron Ratovsky" Low Product Manifest bundle-docurl https://github.com/swagger-api/swagger-core/modules/swagger-core Low Product Manifest Bundle-Name swagger-core Medium Product Manifest bundle-symbolicname io.swagger.core.v3.swagger-core Medium Product Manifest mode development Low Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low Product pom artifactid swagger-core Highest Product pom groupid io.swagger.core.v3 Highest Product pom name swagger-core High Product pom parent-artifactid swagger-project Medium Version file version 2.2.22 High Version Manifest Bundle-Version 2.2.22 High Version Manifest implementation-version 2.2.22 High Version pom version 2.2.22 Highest
Related Dependencies swagger-annotations-2.2.22.jarFile Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-annotations/2.2.22/swagger-annotations-2.2.22.jar MD5: 2010c66fe450b61569fa7d8649ce85a6 SHA1: a62994e7d8d87a0966bb12b85536bdd35287ab1b SHA256: bf8f7c5564f4f6506f00b88e745bef3427845cbc854155c8b220b22cb0349fa8 pkg:maven/io.swagger.core.v3/swagger-annotations@2.2.22 swagger-integration-2.2.22.jarFile Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-integration/2.2.22/swagger-integration-2.2.22.jar MD5: 7a16379be2d09984d9dd5d33e6bdd134 SHA1: 887e094142c5bffdf68e6f9a4360b4e8cb03ef23 SHA256: 7ba639d91b98cb2f7eeca572958ecebe511bebfae295c16efed0ef8745c20826 pkg:maven/io.swagger.core.v3/swagger-integration@2.2.22 swagger-jaxrs2-2.2.22.jarFile Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-jaxrs2/2.2.22/swagger-jaxrs2-2.2.22.jar MD5: 0e9265023975813471fe287e7edf5eeb SHA1: 01c4b3245478a22f42b28c8a560d00f847e84497 SHA256: 8ed2ae68d0133b15215883c009fb2bd3c98d0d97b7f048d561464f967a7fa300 pkg:maven/io.swagger.core.v3/swagger-jaxrs2@2.2.22 swagger-models-2.2.22.jarFile Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-models/2.2.22/swagger-models-2.2.22.jar MD5: cfcbe5ba5fe10fd1af35df181059ee59 SHA1: 551fff49689c1146807713ad8a00ddde1bb5af2c SHA256: baccce45fb5df7c8a60c65553a61436d4a7502e90a4ceb932939b8c316f0c682 pkg:maven/io.swagger.core.v3/swagger-models@2.2.22 swagger-jaxrs2-servlet-initializer-v2-2.2.22.jarDescription:
swagger-servlet-initializer-v2 License:
"Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html" File Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-jaxrs2-servlet-initializer-v2/2.2.22/swagger-jaxrs2-servlet-initializer-v2-2.2.22.jar
MD5: 3d281b49e5133881a0dbc19caefd29e6
SHA1: 0aa29d99663edc8e6b370be19dbe1d1c99d6a081
SHA256: 92883aab52b4631dcbbc0c43fe50de3f5e4ac65ef9ea7d1df50534c98070b125
Referenced In Projects/Scopes: Gemma Web:runtime Gemma REST:runtime swagger-jaxrs2-servlet-initializer-v2-2.2.22.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name swagger-jaxrs2-servlet-initializer-v2 High Vendor jar package name io Highest Vendor jar package name jaxrs2 Highest Vendor jar package name swagger Highest Vendor jar package name v3 Highest Vendor Manifest automatic-module-name io.swagger.v3.jaxrs2.integration.servlet Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-developers frantuma;email="frantuma@yahoo.com";name="Francesco Tumanischvili",fehguy;email="fehguy@gmail.com";name="Tony Tam",webron;email="webron@gmail.com";name="Ron Ratovsky" Low Vendor Manifest bundle-docurl https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs2-servlet-initializer-v2 Low Vendor Manifest bundle-symbolicname io.swagger.core.v3.swagger-jaxrs2-servlet-initializer-v2 Medium Vendor Manifest mode development Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs2-servlet-initializer-v2 Low Vendor pom artifactid swagger-jaxrs2-servlet-initializer-v2 Highest Vendor pom artifactid swagger-jaxrs2-servlet-initializer-v2 Low Vendor pom groupid io.swagger.core.v3 Highest Vendor pom name swagger-jaxrs2-servlet-initializer-v2 High Vendor pom parent-artifactid swagger-project Low Product file name swagger-jaxrs2-servlet-initializer-v2 High Product jar package name io Highest Product jar package name jaxrs2 Highest Product jar package name swagger Highest Product jar package name v3 Highest Product Manifest automatic-module-name io.swagger.v3.jaxrs2.integration.servlet Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-developers frantuma;email="frantuma@yahoo.com";name="Francesco Tumanischvili",fehguy;email="fehguy@gmail.com";name="Tony Tam",webron;email="webron@gmail.com";name="Ron Ratovsky" Low Product Manifest bundle-docurl https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs2-servlet-initializer-v2 Low Product Manifest Bundle-Name swagger-jaxrs2-servlet-initializer-v2 Medium Product Manifest bundle-symbolicname io.swagger.core.v3.swagger-jaxrs2-servlet-initializer-v2 Medium Product Manifest mode development Low Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs2-servlet-initializer-v2 Low Product pom artifactid swagger-jaxrs2-servlet-initializer-v2 Highest Product pom groupid io.swagger.core.v3 Highest Product pom name swagger-jaxrs2-servlet-initializer-v2 High Product pom parent-artifactid swagger-project Medium Version file version 2.2.22 High Version Manifest Bundle-Version 2.2.22 High Version Manifest implementation-version 2.2.22 High Version pom version 2.2.22 Highest
swagger-ui-bundle.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-rest/src/main/resources/restapidocs/swagger-ui-bundle.jsMD5: 56af2cfa879107ba286dc4b47cd3aac7SHA1: 4bce1f94eaf4e61f4ea48d884a0e8a3bcbe01166SHA256: a973bd4c447fcc6cc1210dae81b7ec6001048fa59a0a24c231ff316728ff1255Referenced In Project/Scope: Gemma REST
Evidence Type Source Name Value Confidence
taglibs-standard-impl-1.2.5.jarDescription:
An implementation of the JSP Standard Tag Library (JSTL).
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/taglibs/taglibs-standard-impl/1.2.5/taglibs-standard-impl-1.2.5.jar
MD5: 8e5c8db242fbef3db1acfcbb3bc8ec8b
SHA1: 9b9783ccb2a323383e6e20e36d368f8997b71967
SHA256: d075cb77d94e2d115b4d90a897b57d65cc31ed8e1b95d65361da324642705728
Referenced In Project/Scope: Gemma Web:runtime
taglibs-standard-impl-1.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name taglibs-standard-impl High Vendor jar package name apache Highest Vendor jar package name standard Highest Vendor jar package name tag Highest Vendor jar package name taglibs Highest Vendor Manifest bundle-docurl http://tomcat.apache.org/taglibs/standard-1.2.5/taglibs-standard-impl Low Vendor Manifest bundle-symbolicname org.apache.taglibs.standard-impl Medium Vendor pom artifactid taglibs-standard-impl Highest Vendor pom artifactid taglibs-standard-impl Low Vendor pom developer name Bjorn Townsend Medium Vendor pom developer name Dmitri Plotnikov Medium Vendor pom developer name Felipe Leme Medium Vendor pom developer name Glenn Nielsen Medium Vendor pom developer name Hans Bergsten Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jan Luehe Medium Vendor pom developer name Justyna Horwat Medium Vendor pom developer name Mark Kolb Medium Vendor pom developer name Nathan Abramson Medium Vendor pom developer name Pierre Delisle Medium Vendor pom developer name Scott Hasse Medium Vendor pom developer name Shawn Bayern Medium Vendor pom groupid org.apache.taglibs Highest Vendor pom name Apache Standard Taglib Implementation High Vendor pom parent-artifactid taglibs-standard Low Product file name taglibs-standard-impl High Product jar package name apache Highest Product jar package name standard Highest Product jar package name tag Highest Product jar package name taglibs Highest Product Manifest bundle-docurl http://tomcat.apache.org/taglibs/standard-1.2.5/taglibs-standard-impl Low Product Manifest Bundle-Name Apache Standard Taglib Implementation Medium Product Manifest bundle-symbolicname org.apache.taglibs.standard-impl Medium Product Manifest Implementation-Title Apache Standard Taglib Implementation High Product pom artifactid taglibs-standard-impl Highest Product pom developer name Bjorn Townsend Low Product pom developer name Dmitri Plotnikov Low Product pom developer name Felipe Leme Low Product pom developer name Glenn Nielsen Low Product pom developer name Hans Bergsten Low Product pom developer name Henri Yandell Low Product pom developer name Jan Luehe Low Product pom developer name Justyna Horwat Low Product pom developer name Mark Kolb Low Product pom developer name Nathan Abramson Low Product pom developer name Pierre Delisle Low Product pom developer name Scott Hasse Low Product pom developer name Shawn Bayern Low Product pom groupid org.apache.taglibs Highest Product pom name Apache Standard Taglib Implementation High Product pom parent-artifactid taglibs-standard Medium Version file version 1.2.5 High Version Manifest Bundle-Version 1.2.5 High Version Manifest Implementation-Version 1.2.5 High Version pom version 1.2.5 Highest
Related Dependencies taglibs-standard-spec-1.2.5.jarFile Path: /home/jenkins/.m2/repository/org/apache/taglibs/taglibs-standard-spec/1.2.5/taglibs-standard-spec-1.2.5.jar MD5: 671c434560d04e8f06aac02a413d11e4 SHA1: c3bb98c30f75fef1e229d1d03cf8457de22f1ba0 SHA256: 81a195f8acab3f072fe4d6c279b7c29575bcac49081076e3d08bbda829275189 pkg:maven/org.apache.taglibs/taglibs-standard-spec@1.2.5 tiger-types-1.4.jarFile Path: /home/jenkins/.m2/repository/org/jvnet/tiger-types/1.4/tiger-types-1.4.jarMD5: 51f3d145cf8ff9ee5af99f58c1cc7930SHA1: 09f75db7dea926f497e76eae2cea36eca74ea508SHA256: 0dd463a62f6417d7da60dad0613f2e14d598aa2fa93fe535de7142ae19cdfbe5Referenced In Projects/Scopes:
Gemma REST:compile Gemma Web:compile tiger-types-1.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1 pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name tiger-types High Vendor jar package name jvnet Highest Vendor jar package name jvnet Low Vendor jar package name tiger_types Low Vendor jar package name types Highest Vendor pom artifactid tiger-types Highest Vendor pom artifactid tiger-types Low Vendor pom groupid org.jvnet Highest Vendor pom name Type arithmetic library for Java5 High Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Product file name tiger-types High Product jar package name jvnet Highest Product jar package name tiger_types Low Product jar package name types Highest Product pom artifactid tiger-types Highest Product pom groupid org.jvnet Highest Product pom name Type arithmetic library for Java5 High Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Version file version 1.4 High Version pom parent-version 1.4 Low Version pom version 1.4 Highest
tomcat-el-api-8.5.100.jarDescription:
Expression language package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/tomcat/tomcat-el-api/8.5.100/tomcat-el-api-8.5.100.jar
MD5: 3772bab0c4b0f526a4899fce6ff1180b
SHA1: 6b68b9ab1ba410470b3c736a5308bfe0ee1a343e
SHA256: b0ad398943452ec46044a7f56f47e2804c20b4c77ab1ea2045b075058b2f91ed
Referenced In Project/Scope: Gemma Web:provided
tomcat-el-api-8.5.100.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-jsp-api@8.5.100
Evidence Type Source Name Value Confidence Vendor file name tomcat-el-api High Vendor jar package name el Highest Vendor jar package name expression Highest Vendor manifest: javax/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-el-api Highest Vendor pom artifactid tomcat-el-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-el-api High Product jar package name el Highest Product jar package name expression Highest Product jar package name javax Highest Product manifest: javax/el/ Implementation-Title javax.el Medium Product manifest: javax/el/ Specification-Title Expression Language Medium Product pom artifactid tomcat-el-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 8.5.100 High Version pom version 8.5.100 Highest
tomcat-jsp-api-8.5.100.jarDescription:
JSP package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/tomcat/tomcat-jsp-api/8.5.100/tomcat-jsp-api-8.5.100.jar
MD5: 51aba47f8aa48dace992786794e25424
SHA1: 0a3faf3871fe08dbc21e4bd822e081d3e091d502
SHA256: 2db4a0aef16c947cef0b07f55526d5d5fca78501ab0218e9473face754dbfd9f
Referenced In Project/Scope: Gemma Web:provided
tomcat-jsp-api-8.5.100.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-jsp-api High Vendor jar package name jsp Highest Vendor manifest: javax/servlet/jsp/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-jsp-api Highest Vendor pom artifactid tomcat-jsp-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-jsp-api High Product jar package name javax Highest Product jar package name jsp Highest Product jar package name servlet Highest Product manifest: javax/servlet/jsp/ Implementation-Title javax.servlet.jsp Medium Product manifest: javax/servlet/jsp/ Specification-Title Java API for JavaServer Pages Medium Product pom artifactid tomcat-jsp-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 8.5.100 High Version pom version 8.5.100 Highest
CVE-2020-8022 suppress
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1. CWE-276 Incorrect Default Permissions
CVSSv2:
Base Score: HIGH (7.2) Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
tomcat-servlet-api-8.5.100.jarDescription:
javax.servlet package License:
Apache License, Version 2.0 and
Common Development And Distribution License (CDDL) Version 1.0
:
http://www.apache.org/licenses/LICENSE-2.0.txt and
http://www.opensource.org/licenses/cddl1.txt
File Path: /home/jenkins/.m2/repository/org/apache/tomcat/tomcat-servlet-api/8.5.100/tomcat-servlet-api-8.5.100.jar
MD5: 99277a4e6c494366b9727ede06a026fa
SHA1: 22cd16d8a163746c340b6dda941a921781c87492
SHA256: e7b1f8ea8081d2ae1da52c082a993b840fdcda9774264565818a5cf27b9a4f08
Referenced In Project/Scope: Gemma Web:provided
tomcat-servlet-api-8.5.100.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-servlet-api Highest Vendor pom artifactid tomcat-servlet-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/ Specification-Title Java API for Servlets Medium Product pom artifactid tomcat-servlet-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 8.5.100 High Version pom version 8.5.100 Highest
userHelpMessages.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/userHelpMessages.jsMD5: a40f8b83106fd753b79e3788bf6c9599SHA1: 110b84c00cadb1f6f8e662c74cbe5030b7da92f6SHA256: a0e97a60cca412a8e6302edb1353d12d3afce09fb8d57c16bc8e3a3c13a95a13Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
userManager.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/app/userManager.jsMD5: 19df7363d048b40fe6c4a2717aca001dSHA1: 3fcbd9f5765fb0e4d44b07c7d47137650a84ab85SHA256: e68358d02fa480e739df86637fd43375d9df794607d922a90200fe1f60210ae9Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
validation-api-1.1.0.Final.jarDescription:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
Referenced In Projects/Scopes: Gemma REST:compile Gemma Web:compile validation-api-1.1.0.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 Evidence Type Source Name Value Confidence Vendor file name validation-api High Vendor jar package name javax Highest Vendor jar package name validation Highest Vendor Manifest bundle-symbolicname javax.validation.api Medium Vendor pom artifactid validation-api Highest Vendor pom artifactid validation-api Low Vendor pom developer email emmanuel@hibernate.org Low Vendor pom developer email gunnar@hibernate.org Low Vendor pom developer email hferents@redhat.com Low Vendor pom developer id emmanuelbernard Medium Vendor pom developer id epbernard Medium Vendor pom developer id gunnar.morling Medium Vendor pom developer id hardy.ferentschik Medium Vendor pom developer name Emmanuel Bernard Medium Vendor pom developer name Gunnar Morling Medium Vendor pom developer name Hardy Ferentschik Medium Vendor pom developer org JBoss, by Red Hat Medium Vendor pom groupid javax.validation Highest Vendor pom name Bean Validation API High Vendor pom url http://beanvalidation.org Highest Product file name validation-api High Product jar package name javax Highest Product jar package name validation Highest Product Manifest Bundle-Name Bean Validation API Medium Product Manifest bundle-symbolicname javax.validation.api Medium Product pom artifactid validation-api Highest Product pom developer email emmanuel@hibernate.org Low Product pom developer email gunnar@hibernate.org Low Product pom developer email hferents@redhat.com Low Product pom developer id emmanuelbernard Low Product pom developer id epbernard Low Product pom developer id gunnar.morling Low Product pom developer id hardy.ferentschik Low Product pom developer name Emmanuel Bernard Low Product pom developer name Gunnar Morling Low Product pom developer name Hardy Ferentschik Low Product pom developer org JBoss, by Red Hat Low Product pom groupid javax.validation Highest Product pom name Bean Validation API High Product pom url http://beanvalidation.org Medium Version Manifest Bundle-Version 1.1.0.Final High Version pom version 1.1.0.Final Highest
valueObjectsInheritanceStructure.jsFile Path: /space/jenkins/.jenkins/workspace/Gemma_hotfix-1.31.6/gemma-web/src/main/webapp/scripts/api/valueObjectsInheritanceStructure.jsMD5: ba6f864034a66a00bffbf44bc81b75d9SHA1: df873fa990570dfd28683b926ee6f83196ba29b4SHA256: f9d5fed68c1bbc2115a8092c71c59104681c6591b674d78065b970bcf0404697Referenced In Project/Scope: Gemma Web
Evidence Type Source Name Value Confidence
velocity-engine-core-2.3.jar (shaded: commons-io:commons-io:2.8.0)Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-engine-core/2.3/velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xmlMD5: bde9745d9cea5e45d720cb5a860f1fc6SHA1: 9bde4473ef8c6f2e5aef5bc5fbf357663a90834eSHA256: d7c8641a37d6e76f36fb9e81fc1420e26a09d63fa32f00f74764de067ca8347dReferenced In Projects/Scopes:
Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile Evidence Type Source Name Value Confidence Vendor pom artifactid commons-io Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jeremias@apache.org Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email krosenvold@apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email matth@apache.org Low Vendor pom developer email nicolaken@apache.org Low Vendor pom developer email roxspring@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dion Medium Vendor pom developer id ggregory Medium Vendor pom developer id jeremias Medium Vendor pom developer id jochen Medium Vendor pom developer id jukka Medium Vendor pom developer id krosenvold Medium Vendor pom developer id martinc Medium Vendor pom developer id matth Medium Vendor pom developer id niallp Medium Vendor pom developer id nicolaken Medium Vendor pom developer id roxspring Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jeremias Maerki Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name Jukka Zitting Medium Vendor pom developer name Kristian Rosenvold Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nicola Ken Barozzi Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid commons-io Highest Vendor pom name Apache Commons IO High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-io/ Highest Product pom artifactid commons-io Highest Product pom developer email bayard@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email jeremias@apache.org Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email krosenvold@apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email matth@apache.org Low Product pom developer email nicolaken@apache.org Low Product pom developer email roxspring@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer id bayard Low Product pom developer id dion Low Product pom developer id ggregory Low Product pom developer id jeremias Low Product pom developer id jochen Low Product pom developer id jukka Low Product pom developer id krosenvold Low Product pom developer id martinc Low Product pom developer id matth Low Product pom developer id niallp Low Product pom developer id nicolaken Low Product pom developer id roxspring Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jeremias Maerki Low Product pom developer name Jochen Wiedmann Low Product pom developer name Jukka Zitting Low Product pom developer name Kristian Rosenvold Low Product pom developer name Martin Cooper Low Product pom developer name Matthew Hawthorne Low Product pom developer name Niall Pemberton Low Product pom developer name Nicola Ken Barozzi Low Product pom developer name Rob Oxspring Low Product pom developer name Scott Sanders Low Product pom developer name Stephen Colebourne Low Product pom groupid commons-io Highest Product pom name Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-io/ Medium Version pom parent-version 2.8.0 Low Version pom version 2.8.0 Highest
velocity-engine-core-2.3.jarDescription:
Apache Velocity is a general purpose template engine. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-engine-core/2.3/velocity-engine-core-2.3.jar
MD5: e761e6088b946b42289c5d676a515581
SHA1: e2133b723d0e42be74880d34de6bf6538ea7f915
SHA256: b086cee8fd8183e240b4afcf54fe38ec33dd8eb0da414636e5bf7aa4d9856629
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile velocity-engine-core-2.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name velocity-engine-core High Vendor jar package name apache Highest Vendor jar package name velocity Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.velocity.engine-core Medium Vendor Manifest implementation-url http://velocity.apache.org/engine/devel/velocity-engine-core/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.velocity Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid velocity-engine-core Highest Vendor pom artifactid velocity-engine-core Low Vendor pom groupid org.apache.velocity Highest Vendor pom name Apache Velocity - Engine High Vendor pom parent-artifactid velocity-engine-parent Low Product file name velocity-engine-core High Product jar package name apache Highest Product jar package name template Highest Product jar package name velocity Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Velocity - Engine Medium Product Manifest bundle-symbolicname org.apache.velocity.engine-core Medium Product Manifest Implementation-Title Apache Velocity - Engine High Product Manifest implementation-url http://velocity.apache.org/engine/devel/velocity-engine-core/ Low Product Manifest specification-title Apache Velocity - Engine Medium Product pom artifactid velocity-engine-core Highest Product pom groupid org.apache.velocity Highest Product pom name Apache Velocity - Engine High Product pom parent-artifactid velocity-engine-parent Medium Version file version 2.3 High Version Manifest Implementation-Version 2.3 High Version pom version 2.3 Highest
wsdl4j-1.6.1.jarDescription:
Java stub generator for WSDL License:
CPL: http://www.opensource.org/licenses/cpl1.0.txt File Path: /home/jenkins/.m2/repository/wsdl4j/wsdl4j/1.6.1/wsdl4j-1.6.1.jar
MD5: 333331aee2e0f65e846b9ef0e20432e5
SHA1: 9e9cee064ec2c9c01e0cd6b8bffd1a7013d81f65
SHA256: 0d712ccfd0f0edbf9b0e6793c9562d8c2037bfd8878e9d46f476a68d6f83c11e
Referenced In Project/Scope: Gemma Web:compile
wsdl4j-1.6.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASE
Evidence Type Source Name Value Confidence Vendor file name wsdl4j High Vendor jar package name ibm Highest Vendor jar package name wsdl Highest Vendor Manifest Implementation-Vendor IBM High Vendor Manifest specification-vendor IBM (Java Community Process) Low Vendor pom artifactid wsdl4j Highest Vendor pom artifactid wsdl4j Low Vendor pom groupid wsdl4j Highest Vendor pom name WSDL4J High Vendor pom url http://sf.net/projects/wsdl4j Highest Product file name wsdl4j High Product jar package name wsdl Highest Product Manifest Implementation-Title WSDL4J High Product Manifest specification-title JWSDL Medium Product pom artifactid wsdl4j Highest Product pom groupid wsdl4j Highest Product pom name WSDL4J High Product pom url http://sf.net/projects/wsdl4j Medium Version file version 1.6.1 High Version pom version 1.6.1 Highest
xalan-2.7.3.jar (shaded: org.apache.bcel:bcel:6.7.0)Description:
Apache Commons Bytecode Engineering Library File Path: /home/jenkins/.m2/repository/xalan/xalan/2.7.3/xalan-2.7.3.jar/META-INF/maven/org.apache.bcel/bcel/pom.xmlMD5: d295c30370ff8cf96227ecff62fcb78dSHA1: 38983d16d320ff710f8898e2dd342299d76939a7SHA256: b0a59c14c26bdb4c7a5a2b13b8dcbd9acebf55e67fe91497140d8894de2fdeaeReferenced In Project/Scope: Gemma Web:runtime
Evidence Type Source Name Value Confidence Vendor pom artifactid bcel Low Vendor pom developer email dbrosius at mebigfatguy.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jason at zenplex.com Low Vendor pom developer email m.dahm at gmx.de Low Vendor pom developer email tcurdt at apache.org Low Vendor pom developer id dbrosius Medium Vendor pom developer id ggregory Medium Vendor pom developer id mdahm Medium Vendor pom developer id tcurdt Medium Vendor pom developer name Dave Brosius Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Markus Dahm Medium Vendor pom developer name Torsten Curdt Medium Vendor pom developer org ASF Medium Vendor pom developer org it-frameworksolutions Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL http://www.apache.org/ Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.bcel Highest Vendor pom name Apache Commons BCEL High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-bcel Highest Product pom artifactid bcel Highest Product pom developer email dbrosius at mebigfatguy.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jason at zenplex.com Low Product pom developer email m.dahm at gmx.de Low Product pom developer email tcurdt at apache.org Low Product pom developer id dbrosius Low Product pom developer id ggregory Low Product pom developer id mdahm Low Product pom developer id tcurdt Low Product pom developer name Dave Brosius Low Product pom developer name Gary Gregory Low Product pom developer name Jason van Zyl Low Product pom developer name Markus Dahm Low Product pom developer name Torsten Curdt Low Product pom developer org ASF Low Product pom developer org it-frameworksolutions Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL http://www.apache.org/ Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.bcel Highest Product pom name Apache Commons BCEL High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-bcel Medium Version pom parent-version 6.7.0 Low Version pom version 6.7.0 Highest
xalan-2.7.3.jarFile Path: /home/jenkins/.m2/repository/xalan/xalan/2.7.3/xalan-2.7.3.jarMD5: e384223db0825925765f2bf66839d26dSHA1: 5095bedf29e73756fb5729f2241fd5ffa33d87e0SHA256: febd48bb133a96c447282213951a6b74ea7fb45c0d896121296c014316bda6b0Referenced In Project/Scope: Gemma Web:runtimexalan-2.7.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name xalan High Vendor jar package name apache Highest Vendor jar package name xalan Highest Vendor manifest: java_cup/runtime/ Implementation-Vendor Princeton University Medium Vendor manifest: org/apache/bcel/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/regexp/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xalan/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xalan/xsltc/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xml/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid xalan Highest Vendor pom artifactid xalan Low Vendor pom groupid xalan Highest Product file name xalan High Product jar package name apache Highest Product jar package name bcel Highest Product jar package name expression Highest Product jar package name regexp Highest Product jar package name runtime Highest Product jar package name xalan Highest Product jar package name xml Highest Product jar package name xpath Highest Product jar package name xsltc Highest Product manifest: java_cup/runtime/ Implementation-Title runtime Medium Product manifest: java_cup/runtime/ Specification-Title Runtime component of JCup Medium Product manifest: org/apache/bcel/ Implementation-Title org.apache.bcel Medium Product manifest: org/apache/bcel/ Specification-Title Apache Commons BCEL Medium Product manifest: org/apache/regexp/ Implementation-Title org.apache.regexp Medium Product manifest: org/apache/regexp/ Specification-Title Java Regular Expression package Medium Product manifest: org/apache/xalan/ Implementation-Title org.apache.xalan Medium Product manifest: org/apache/xalan/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xalan/xsltc/ Implementation-Title org.apache.xalan.xsltc Medium Product manifest: org/apache/xalan/xsltc/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xml/ Implementation-Title org.apache.xml Medium Product manifest: org/apache/xpath/ Implementation-Title org.apache.xpath Medium Product pom artifactid xalan Highest Product pom groupid xalan Highest Version file version 2.7.3 High Version manifest: java_cup/runtime/ Implementation-Version 2.7.3 Medium Version manifest: org/apache/bcel/ Implementation-Version 2.7.3 Medium Version manifest: org/apache/regexp/ Implementation-Version 2.7.3 Medium Version manifest: org/apache/xalan/ Implementation-Version 2.7.3 Medium Version manifest: org/apache/xalan/xsltc/ Implementation-Version 2.7.3 Medium Version manifest: org/apache/xml/ Implementation-Version 2.7.3 Medium Version manifest: org/apache/xpath/ Implementation-Version 2.7.3 Medium Version pom version 2.7.3 Highest
xercesImpl-2.12.2.jarDescription:
Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar
MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9
SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2
SHA256: 6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile xercesImpl-2.12.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name xercesImpl High Vendor jar package name apache Highest Vendor jar package name dom Highest Vendor jar package name parsers Highest Vendor jar package name serialize Highest Vendor jar package name version Highest Vendor jar package name w3c Highest Vendor jar package name xerces Highest Vendor jar package name xinclude Highest Vendor jar package name xml Highest Vendor jar package name xni Highest Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/namespace/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/stream/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xerces/impl/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xerces/xni/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom artifactid xercesImpl Highest Vendor pom artifactid xercesImpl Low Vendor pom developer email j-dev@xerces.apache.org Low Vendor pom developer id xerces Medium Vendor pom developer name Apache Software Foundation Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom developer org URL http://www.apache.org Medium Vendor pom groupid xerces Highest Vendor pom name Xerces2-j High Vendor pom url https://xerces.apache.org/xerces2-j/ Highest Product file name xercesImpl High Product hint analyzer product xerces-j Highest Product jar package name apache Highest Product jar package name datatype Highest Product jar package name dom Highest Product jar package name impl Highest Product jar package name parsers Highest Product jar package name serialize Highest Product jar package name validation Highest Product jar package name version Highest Product jar package name w3c Highest Product jar package name xerces Highest Product jar package name xinclude Highest Product jar package name xml Highest Product jar package name xni Highest Product jar package name xpath Highest Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/namespace/ Implementation-Title javax.xml.namespace Medium Product manifest: javax/xml/namespace/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/stream/ Implementation-Title javax.xml.stream Medium Product manifest: javax/xml/stream/ Specification-Title Streaming API for XML Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xerces/impl/ Implementation-Title org.apache.xerces.impl.Version Medium Product manifest: org/apache/xerces/xni/ Implementation-Title org.apache.xerces.xni Medium Product manifest: org/apache/xerces/xni/ Specification-Title Xerces Native Interface Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 3 Core Medium Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model, Level 3 Load and Save Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product pom artifactid xercesImpl Highest Product pom developer email j-dev@xerces.apache.org Low Product pom developer id xerces Low Product pom developer name Apache Software Foundation Low Product pom developer org Apache Software Foundation Low Product pom developer org URL http://www.apache.org Low Product pom groupid xerces Highest Product pom name Xerces2-j High Product pom url https://xerces.apache.org/xerces2-j/ Medium Version file version 2.12.2 High Version manifest: org/apache/xerces/impl/ Implementation-Version 2.12.2 Medium Version pom version 2.12.2 Highest
pkg:maven/xerces/xercesImpl@2.12.2 (Confidence :High)cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2017-10355 (OSSINDEX) suppress
sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)
The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. CWE-833 Deadlock
CVSSv3:
Base Score: MEDIUM (5.900000095367432) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:* xml-apis-1.4.01.jarDescription:
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip File Path: /home/jenkins/.m2/repository/xml-apis/xml-apis/1.4.01/xml-apis-1.4.01.jar
MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad
Referenced In Projects/Scopes: Gemma Groovy Support:compile Gemma Core:compile Gemma:compile Gemma CLI:compile Gemma REST:compile Gemma Web:compile xml-apis-1.4.01.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/gemma/gemma-web@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-cli@1.31.6-SNAPSHOT pkg:maven/gemma/gemma@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-rest@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-groovy-support@1.31.6-SNAPSHOT pkg:maven/gemma/gemma-core@1.31.6-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name xml-apis High Vendor jar package name apache Highest Vendor jar package name dom Highest Vendor jar package name sax Highest Vendor jar package name version Highest Vendor jar package name w3c Highest Vendor jar package name xml Highest Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/namespace/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/stream/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom artifactid xml-apis Highest Vendor pom artifactid xml-apis Low Vendor pom developer email commons-dev@xml.apache.org Low Vendor pom developer id xml-apis Medium Vendor pom developer name Apache Software Foundation Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom developer org URL http://www.apache.org Medium Vendor pom groupid xml-apis Highest Vendor pom name XML Commons External Components XML APIs High Vendor pom url http://xml.apache.org/commons/components/external/ Highest Product file name xml-apis High Product jar package name apache Highest Product jar package name datatype Highest Product jar package name document Highest Product jar package name dom Highest Product jar package name javax Highest Product jar package name ls Highest Product jar package name namespace Highest Product jar package name parsers Highest Product jar package name sax Highest Product jar package name stax Highest Product jar package name stream Highest Product jar package name transform Highest Product jar package name validation Highest Product jar package name version Highest Product jar package name w3c Highest Product jar package name xml Highest Product jar package name xmlcommons Highest Product jar package name xpath Highest Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/namespace/ Implementation-Title javax.xml.namespace Medium Product manifest: javax/xml/namespace/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/stream/ Implementation-Title javax.xml.stream Medium Product manifest: javax/xml/stream/ Specification-Title Streaming API for XML (StAX) 1.0 Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model (DOM) Level 3 Core Medium Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model (DOM) Level 3 Load and Save Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product pom artifactid xml-apis Highest Product pom developer email commons-dev@xml.apache.org Low Product pom developer id xml-apis Low Product pom developer name Apache Software Foundation Low Product pom developer org Apache Software Foundation Low Product pom developer org URL http://www.apache.org Low Product pom groupid xml-apis Highest Product pom name XML Commons External Components XML APIs High Product pom url http://xml.apache.org/commons/components/external/ Medium Version file version 1.4.01 High Version manifest: javax/xml/datatype/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/namespace/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/parsers/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/stream/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/transform/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/validation/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/xpath/ Implementation-Version 1.4.01 Medium Version manifest: org/apache/xmlcommons/Version Implementation-Version 1.4.01 Medium Version pom version 1.4.01 Highest