Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Gemma

gemma:gemma:1.31.6

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
AjaxLogin.js 00
AjaxRegister.js 00
AnalysesSearchUtils.js 00
AnalysisResultsSearchExamples.js 00
AnalysisResultsSearchForm.js 00
AnalysisResultsSearchMethods.js 00
AnnotationGrid.js 00
AnnotationToolBar.js 00
ArrayDesignCombo.js 00
ArrayDesignsNonPagingGrid.js 00
AuditTrailGrid.js 00
BioAssayGridPanel.js 00
BioMaterialEditor.js 00
BrowseButton.js 00
CategoryCombo.js 00
CellToolTips.js 00
CenterLayout.js 00
CharacteristicBrowser.js 00
CharacteristicCombo.js 00
CheckColumn.js 00
CoexGraphData.js 00
CoexVOUtil.js 00
CoexpressionDisplaySettings.js 00
CoexpressionDownloadWindow.js 00
CoexpressionGrid.js 00
CoexpressionGridLight.js 00
CoexpressionGridRecord.js 00
CoexpressionJSONUtils.js 00
CoexpressionSearchData.js 00
CollapsedPanelTitlePlugin.js 00
ContainerMask.js 00
CreateSetDetailsWindow.js 00
CurationTools.js 00
CytoscapeControlBar.js 00
CytoscapeDownloadPanel.js 00
CytoscapeJSCoexGraphInitializer.js 00
CytoscapeJSDisplay.js 00
CytoscapeJSPanel.js 00
CytoscapePanelUtil.js 00
CytoscapeSettings.js 00
DataFilterCombo.js 00
DatasetGroupCombo.js 00
DatasetGroupComboPanel.js 00
DatasetGroupEditor.js 00
DatasetGroupPanel.js 00
DatasetGroupStore.js 00
DatasetSearchField.js 00
DatasetSearchToolbar.js 00
DiffExSearchAndVisualize.js 00
DifferentialExpressionAnalysesSummaryTree.js 00
DownloadWindow.js 00
DwrProxy.js 00
DwrTreeLoader.js 00
EEDetailsVisualizationWidget.js 00
EEManager.js 00
Error.js 00
ErrorPanel.js 00
Eventbus.js 00
Evidence.js 00
EvidenceCodeCombo.js 00
EvidenceTypeComboBox.js 00
ExperimentAndExperimentGroupCombo.js 00
ExperimentSearchAndPreview.js 00
ExperimentSetPreview.js 00
ExperimentTagCategoryComboBox.js 00
ExperimentTagValueComboBox.js 00
ExperimentTagsPanel.js 00
ExperimentalDesign.js 00
ExperimentalFactorCombo.js 00
ExperimentalFactorEditor.js 00
ExperimentalPanel.js 00
ExpressionExperimentDetails.js 00
ExpressionExperimentExperimentalFactorGrid.js 00
ExpressionExperimentGrid.js 00
ExpressionExperimentManage.js 00
ExpressionExperimentMembersGrid.js 00
ExpressionExperimentPage.js 00
ExpressionExperimentPagingGrid.js 00
ExpressionExperimentQuantitationTypeGrid.js 00
ExpressionExperimentSetPage.js 00
ExpressionExperimentSetSummary.js 00
ExpressionExperimentTools.js 00
ExpressionExperimentsSummaryPanel.js 00
Ext.ux.tot2ivn.AccordionVboxLayout.js 00
ExternalDatabaseGrid.js 00
FactorValueCombo.js 00
FactorValueEditor.js 00
FileUploadField.js 00
FileUploadForm.js 00
GemmaGridPanel.js 00
GemmaLinkRoots.js 00
GemmaNavigationHeader.js 00
GemmaStatUtils.js 00
GemmaTemplates.js 00
GemmaViewPort.js 00
GeneAllenBrainAtlasImagesTab.js 00
GeneAndGeneGroupCombo.js 00
GeneChooserPanel.js 00
GeneCombo.js 00
GeneDetailsTab.js 00
GeneElementsPanel.js 00
GeneGoGrid.js 00
GeneGroupCombo.js 00
GeneGroupEditToolbar.js 00
GeneGroupGrid.js 00
GeneGroupManager.js 00
GeneMembersGrid.js 00
GenePage.js 00
GeneSearchAndPreview.js 00
GeneSearchComboBox.js 00
GeneSetOverlayPicker.js 00
GeneSetPage.js 00
GeneSetPreview.js 00
GeneSetSummary.js 00
GenomeAlignmentsGrid.js 00
HdrHistogram-2.2.1.jarpkg:maven/org.hdrhistogram/HdrHistogram@2.2.1 030
Heatmap.js 00
HikariCP-4.0.3.jarpkg:maven/com.zaxxer/HikariCP@4.0.3 038
HomePageAnalysisSearch.js 00
InitialTextGridView.js 00
InlineHelpFormLayout.js 00
InlineHelpIcon.js 00
JRI-0.5-0.jarpkg:maven/RoSuDA/JRI@0.5-0 015
JRIEngine-0.5-0.jarcpe:2.3:a:rengine_project:rengine:0.5.0:*:*:*:*:*:*:*pkg:maven/RoSuDA/JRIEngine@0.5-0CRITICAL2Low17
JavaEWAH-0.7.9.jarcpe:2.3:a:google:gmail:0.7.9:*:*:*:*:*:*:*pkg:maven/com.googlecode.javaewah/JavaEWAH@0.7.9 0Low31
LatencyUtils-2.0.3.jarcpe:2.3:a:utils_project:utils:2.0.3:*:*:*:*:*:*:*pkg:maven/org.latencyutils/LatencyUtils@2.0.3 0Highest20
LinePlot.js 00
ListRangeReader.js 00
LiteraturePanel.js 00
LockingGridView.js 00
MetaAnalysisEvidenceWindow.js 00
MetaAnalysisManagerGridPanel.js 00
MetaAnalysisResultPanel.js 00
MetaAnalysisSaveResultWindow.js 00
MetaAnalysisSelectExperimentPanel.js 00
MetaAnalysisSelectFactorPanel.js 00
MetaAnalysisShowResultPanel.js 00
MetaAnalysisUtilities.js 00
MetaAnalysisWindow.js 00
MetaheatmapApplication.js 00
MetaheatmapColorLegend.js 00
MetaheatmapConfiguration.js 00
MetaheatmapControlPanel.js 00
MetaheatmapDetailsPopups.js 00
MetaheatmapDownload.js 00
MetaheatmapFactorTree.js 00
MetaheatmapFilter.js 00
MetaheatmapHoverWindow.js 00
MetaheatmapLabelPanel.js 00
MetaheatmapMainArea.js 00
MetaheatmapSortFilter.js 00
MetaheatmapUtils.js 00
MetaheatmapVisualizationPanel.js 00
NeurocartaStatistics.js 00
ObservableSubmittedTask.js 00
Overrides.js 00
PageSizePlugin.js 00
PagingDataStore.js 00
PagingMemoryProxy.js 00
PhenotypeAssociationFormWindow.js 00
PhenotypeEvidenceGridPanel.js 00
PhenotypeEvidenceManagerGridPanel.js 00
PhenotypeGeneGridPanel.js 00
PhenotypeGridPanel.js 00
PhenotypeGridPanelCommonConfig.js 00
PhenotypePanel.js 00
PhenotypePanelToolbar.js 00
PhenotypeSearchComboBox.js 00
PhenotypeTabPanel.js 00
PhenotypeTreeGridPanel.js 00
PhenotypesSearchPanel.js 00
PlatformDetailsTab.js 00
PlatformElementGrid.js 00
PlatformElementsPanel.js 00
PlatformPage.js 00
ProbeLevelDiffExGrid.js 00
ProgressWidget.js 00
QuantitationTypePanel.js 00
REngine-2.1.0.jarcpe:2.3:a:rengine_project:rengine:2.1.0:*:*:*:*:*:*:*pkg:maven/org.rosuda.REngine/REngine@2.1.0 0Low24
RadioFieldSet.js 00
RelationCombo.js 00
Renderers.js 00
RowActions.js 00
RowExpander.js 00
SearchField.js 00
SecurityManager.js 00
SequenceDetailsPanel.js 00
SessionBoundSetRegistrationUtils.js 00
SetPreview.js 00
SparseBitSet-1.3.jarcpe:2.3:a:bit_project:bit:1.3:*:*:*:*:*:*:*pkg:maven/com.zaxxer/SparseBitSet@1.3 0Low28
Spinner.js 00
SpinnerField.js 00
StatefulRemoteCombo.js 00
StatusBar.js 00
TaxonCombo.js 00
TreeGrid.js 00
TutorialQtips.js 00
UserExpressionDataUpload.js 00
VisualizationWidget.js 00
WizardTabPanel.js 00
WizardTabPanelItemPanel.js 00
activation-1.1.jarpkg:maven/javax.activation/activation@1.1 026
all-1.1.2.pompkg:maven/com.github.fommil.netlib/all@1.1.2 011
all-1.1.2.pompkg:maven/com.github.fommil.netlib/all@1.1.2 011
all-1.1.2.pompkg:maven/com.github.fommil.netlib/all@1.1.2 011
all-1.1.2.pompkg:maven/com.github.fommil.netlib/all@1.1.2 011
all-1.1.2.pompkg:maven/com.github.fommil.netlib/all@1.1.2 011
annotations-13.0.jarpkg:maven/org.jetbrains/annotations@13.0 032
ant-1.10.14.jarcpe:2.3:a:apache:ant:1.10.14:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.14 0Highest24
antlr-2.7.7.jarpkg:maven/antlr/antlr@2.7.7 024
antlr4-runtime-4.9.3.jarpkg:maven/org.antlr/antlr4-runtime@4.9.3 031
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
aopalliance-repackaged-2.5.0-b32.jarpkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32 023
arbor.js 00
arpack_combined_all-0.1.jarcpe:2.3:a:lapack_project:lapack:0.1:*:*:*:*:*:*:*pkg:maven/net.sourceforge.f2j/arpack_combined_all@0.1CRITICAL1Low28
arrayDesign.js 00
asm-9.7.jarpkg:maven/org.ow2.asm/asm@9.7 054
asm-all-repackaged-2.5.0-b32.jarpkg:maven/org.glassfish.hk2.external/asm-all-repackaged@2.5.0-b32 024
asm-analysis-9.7.jarpkg:maven/org.ow2.asm/asm-analysis@9.7 060
asm-tree-9.7.jarpkg:maven/org.ow2.asm/asm-tree@9.7 058
asm-util-9.7.jarpkg:maven/org.ow2.asm/asm-util@9.7 058
aspectjweaver-1.9.22.1.jarpkg:maven/org.aspectj/aspectjweaver@1.9.22.1 049
baseCode-1.1.23.jarpkg:maven/baseCode/baseCode@1.1.23 037
bibliographicReferenceDetails.js 00
bibliographicReferencePage.js 00
bibliographicReferenceSearchResultGrid.js 00
bioassay.draganddrop.js 00
bmFactorValues.js 00
canvas-text-functions.js 00
class-model-2.5.0-b32.jarpkg:maven/org.glassfish.hk2/class-model@2.5.0-b32 021
classgraph-4.8.165.jarpkg:maven/io.github.classgraph/classgraph@4.8.165 042
color.js 00
colt-1.2.0.jarpkg:maven/colt/colt@1.2.0 014
commons-cli-1.7.0.jarpkg:maven/commons-cli/commons-cli@1.7.0 0102
commons-codec-1.16.0.jarpkg:maven/commons-codec/commons-codec@1.16.0 0119
commons-codec-1.16.1.jarpkg:maven/commons-codec/commons-codec@1.16.1 0123
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest105
commons-configuration2-2.8.0.jarcpe:2.3:a:apache:commons_configuration:2.8.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-configuration2@2.8.0MEDIUM2Highest147
commons-csv-1.11.0.jarpkg:maven/org.apache.commons/commons-csv@1.11.0 090
commons-fileupload-1.5.jarcpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*pkg:maven/commons-fileupload/commons-fileupload@1.5 0Highest115
commons-httpclient-3.0.1.jarcpe:2.3:a:apache:commons-httpclient:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:3.0.1:*:*:*:*:*:*:*		pkg:maven/commons-httpclient/commons-httpclient@3.0.1MEDIUM2Highest94
commons-io-2.16.1.jarcpe:2.3:a:apache:commons_io:2.16.1:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.16.1 0Highest125
commons-lang-2.6.jarpkg:maven/commons-lang/commons-lang@2.6 0122
commons-lang3-3.14.0.jarpkg:maven/org.apache.commons/commons-lang3@3.14.0 0145
commons-logging-1.3.2.jarpkg:maven/commons-logging/commons-logging@1.3.2 0129
commons-logging-api-1.1.jarpkg:maven/commons-logging/commons-logging-api@1.1 0105
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0134
commons-net-3.10.0.jarcpe:2.3:a:apache:commons_net:3.10.0:*:*:*:*:*:*:*pkg:maven/commons-net/commons-net@3.10.0 0Highest107
commons-text-1.12.0.jarcpe:2.3:a:apache:commons_text:1.12.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.12.0 0Highest73
concurrent-1.3.4.jarpkg:maven/concurrent/concurrent@1.3.4 021
config-types-2.5.0-b32.jarpkg:maven/org.glassfish.hk2/config-types@2.5.0-b32 023
core-1.1.2.jarpkg:maven/com.github.fommil.netlib/core@1.1.2 023
cytoscape.js-qtip.js 00
cytoscape.js 00
datasetchooserapp.js 00
discrete-color-range.js 00
dom4j-2.1.4.jarcpe:2.3:a:dom4j_project:dom4j:2.1.4:*:*:*:*:*:*:*pkg:maven/org.dom4j/dom4j@2.1.4 0Highest21
dwr-2.0.11-RELEASE.jarcpe:2.3:a:directwebremoting:direct_web_remoting:2.0.11:release:*:*:*:*:*:*
cpe:2.3:a:web_project:web:2.0.11:release:*:*:*:*:*:*		pkg:maven/org.directwebremoting/dwr@2.0.11-RELEASE 0High27
dwr-2.0.11-RELEASE.jar: DWRActionUtil.js 00
dwr-2.0.11-RELEASE.jar: auth.js 00
dwr-2.0.11-RELEASE.jar: engine.js 00
dwr-2.0.11-RELEASE.jar: util.js 00
dwrServices.js 00
editUser.js 00
eeDataFetch.js 00
eeDesignMatrix.js 00
ehcache-core-2.4.3.jarpkg:maven/net.sf.ehcache/ehcache-core@2.4.3 027
excanvas-text.js 00
excanvas.js 00
ext-all-debug.js 00
ext-jquery-adapter-debug.jspkg:javascript/ExtJS@3.4.1.1HIGH33
extjs_fontawesome.js 00
flotr2.js 00
gemma-gsec-0.0.16.jarpkg:maven/pavlab/gemma-gsec@0.0.16 034
generalSearchSimple.js 00
geoBrowse.js 00
globals.js 00
groovy-4.0.21.jarcpe:2.3:a:apache:groovy:4.0.21:*:*:*:*:*:*:*pkg:maven/org.apache.groovy/groovy@4.0.21 0Highest289
groovy-ant-4.0.21.jarcpe:2.3:a:apache:ant:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:groovy:4.0.21:*:*:*:*:*:*:*		pkg:maven/org.apache.groovy/groovy-ant@4.0.21 0Highest286
groovy-sql-4.0.21.jarcpe:2.3:a:apache:groovy:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:www-sql_project:www-sql:4.0.21:*:*:*:*:*:*:*		pkg:maven/org.apache.groovy/groovy-sql@4.0.21 0Highest288
gson-2.10.1.jarcpe:2.3:a:google:gson:2.10.1:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.10.1 0Highest33
helvetiker-normal-normal.js 00
hibernate-commons-annotations-4.0.2.Final.jarpkg:maven/org.hibernate.common/hibernate-commons-annotations@4.0.2.Final 047
hibernate-core-4.2.21.Final.jarcpe:2.3:a:hibernate:hibernate_orm:4.2.21:*:*:*:*:*:*:*pkg:maven/org.hibernate/hibernate-core@4.2.21.FinalHIGH2Low37
hibernate-jpa-2.0-api-1.0.1.Final.jarpkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.0-api@1.0.1.Final 045
hibernate-search-engine-4.4.6.Final.jarcpe:2.3:a:hibernate:hibernate_orm:4.4.6:*:*:*:*:*:*:*pkg:maven/org.hibernate/hibernate-search-engine@4.4.6.FinalHIGH2Low30
hibernate-search-orm-4.4.6.Final.jarcpe:2.3:a:hibernate:hibernate_orm:4.4.6:*:*:*:*:*:*:*pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.FinalHIGH2Highest24
hk2-2.5.0-b32.jarpkg:maven/org.glassfish.hk2/hk2@2.5.0-b32 017
hk2-api-2.5.0-b32.jarpkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32 023
hk2-config-2.5.0-b32.jarpkg:maven/org.glassfish.hk2/hk2-config@2.5.0-b32 023
hk2-core-2.5.0-b32.jarpkg:maven/org.glassfish.hk2/hk2-core@2.5.0-b32 023
hk2-locator-2.5.0-b32.jarcpe:2.3:a:service_project:service:2.5.0.b32:*:*:*:*:*:*:*pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32 0Low19
hk2-utils-2.5.0-b32.jarcpe:2.3:a:utils_project:utils:2.5.0:b32:*:*:*:*:*:*pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32 0Highest27
httpclient-4.5.14.jarcpe:2.3:a:apache:httpclient:4.5.14:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.14 0Highest32
httpcore-4.4.16.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.16 032
indexer.js 00
ivy-2.5.2.jarcpe:2.3:a:apache:ivy:2.5.2:*:*:*:*:*:*:*pkg:maven/org.apache.ivy/ivy@2.5.2 0Highest41
jackson-core-2.17.1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.1 0Low47
jackson-databind-2.17.1.jarcpe:2.3:a:fasterxml:jackson-databind:2.17.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.1:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.1 0Highest41
jackson-dataformat-yaml-2.16.2.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.16.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.16.2 0Highest39
jackson-dataformat-yaml-2.17.0.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.17.0:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.17.0 0Highest39
jackson-datatype-jsr310-2.16.2.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.16.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.16.2 0Low45
jackson-jaxrs-base-2.8.4.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.8.4 035
jackson-jaxrs-json-provider-2.8.4.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.8.4 035
jackson-module-jaxb-annotations-2.8.4.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.8.4 040
jakarta.activation-1.2.2.jarpkg:maven/com.sun.activation/jakarta.activation@1.2.2 033
jakarta.xml.soap-api-1.4.2.jarpkg:maven/jakarta.xml.soap/jakarta.xml.soap-api@1.4.2 042
javaparser-core-3.25.10.jarpkg:maven/com.github.javaparser/javaparser-core@3.25.10 027
javassist-3.30.2-GA.jarpkg:maven/org.javassist/javassist@3.30.2-GA 059
javax.activation-api-1.2.0.jarpkg:maven/javax.activation/javax.activation-api@1.2.0 039
javax.annotation-api-1.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.2 046
javax.inject-2.5.0-b32.jarpkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32 025
javax.mail-1.6.2.jarpkg:maven/com.sun.mail/javax.mail@1.6.2 042
javax.resource-api-1.7.1.jarpkg:maven/javax.resource/javax.resource-api@1.7.1 048
javax.servlet-api-3.1.0.jarcpe:2.3:a:oracle:java_se:3.1.0:*:*:*:*:*:*:*pkg:maven/javax.servlet/javax.servlet-api@3.1.0 0Medium49
javax.transaction-api-1.3.jarpkg:maven/javax.transaction/javax.transaction-api@1.3 048
javax.ws.rs-api-2.0.1.jarpkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1 057
jawr-core-3.9.jarcpe:2.3:a:web_project:web:3.9:*:*:*:*:*:*:*pkg:maven/net.jawr/jawr-core@3.9 0Low20
jawr-core-3.9.jar: ast.js 00
jawr-core-3.9.jar: autoprefixer-6.4.0.js 00
jawr-core-3.9.jar: coffee-script.js 00
jawr-core-3.9.jar: compress.js 00
jawr-core-3.9.jar: debughandler.js 00
jawr-core-3.9.jar: handler.js 00
jawr-core-3.9.jar: messages.js 00
jawr-core-3.9.jar: mozilla-ast.js 00
jawr-core-3.9.jar: output.js 00
jawr-core-3.9.jar: parse.js 00
jawr-core-3.9.jar: scope.js 00
jawr-core-3.9.jar: skinSwitcher.js 00
jawr-core-3.9.jar: sourcemap.js 00
jawr-core-3.9.jar: transform.js 00
jawr-core-3.9.jar: uglify.js 00
jawr-core-3.9.jar: utils.js 00
jawr-dwr2.x-extension-3.9.jarpkg:maven/net.jawr.extensions/jawr-dwr2.x-extension@3.9 018
jaxb-api-2.3.1.jarpkg:maven/javax.xml.bind/jaxb-api@2.3.1 035
jboss-ejb3x-4.2.2.GA.jarpkg:maven/jboss/jboss-ejb3x@4.2.2.GA 016
jboss-logging-3.1.0.GA.jarpkg:maven/org.jboss.logging/jboss-logging@3.1.0.GA 036
jboss-transaction-api_1.1_spec-1.0.1.Final.jarpkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.1_spec@1.0.1.Final 039
jdom-1.0.jarcpe:2.3:a:jdom:jdom:1.0:*:*:*:*:*:*:*pkg:maven/jdom/jdom@1.0HIGH1Highest45
jena-core-2.13.0.jarcpe:2.3:a:apache:jena:2.13.0:*:*:*:*:*:*:*pkg:maven/org.apache.jena/jena-core@2.13.0HIGH1Highest26
jena-iri-1.1.2.jarcpe:2.3:a:apache:jena:1.1.2:*:*:*:*:*:*:*pkg:maven/org.apache.jena/jena-iri@1.1.2HIGH1Highest26
jersey-common-2.25.1.jarcpe:2.3:a:jersey_project:jersey:2.25.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1MEDIUM1Highest25
jersey-server-2.25.1.jarcpe:2.3:a:jersey_project:jersey:2.25.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1 0Highest29
jfreechart-1.5.4.jarcpe:2.3:a:time_project:time:1.5.4:*:*:*:*:*:*:*pkg:maven/org.jfree/jfreechart@1.5.4HIGH3Low37
jline-2.14.6.jarcpe:2.3:a:jline:jline:2.14.6:*:*:*:*:*:*:*pkg:maven/jline/jline@2.14.6 0Highest35
jniloader-1.1.jarpkg:maven/com.github.fommil/jniloader@1.1 032
jobmonitoring.js 00
jquery-2.1.1.jspkg:javascript/jquery@2.1.1MEDIUM53
jquery-ui-1.10.4.custom.jspkg:javascript/jquery-ui@1.10.4MEDIUM43
jquery.cytoscape.js-cxtmenu.js 00
jquery.cytoscape.js-panzoom.js 00
jquery.jshowoff.js 00
jquery.qtip.js 00
jquery.sparkline.js 00
json-20231013.jarcpe:2.3:a:json-java_project:json-java:20231013:*:*:*:*:*:*:*pkg:maven/org.json/json@20231013 0Highest32
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
junit-jupiter-api-5.10.2.jarpkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.2 076
junit-jupiter-engine-5.10.2.jarpkg:maven/org.junit.jupiter/junit-jupiter-engine@5.10.2 078
junit-platform-engine-1.10.2.jarcpe:2.3:a:fan_platform_project:fan_platform:1.10.2:*:*:*:*:*:*:*pkg:maven/org.junit.platform/junit-platform-engine@1.10.2 0Low76
kotlin-stdlib-1.8.21.jarcpe:2.3:a:jetbrains:kotlin:1.8.21:*:*:*:*:*:*:*pkg:maven/org.jetbrains.kotlin/kotlin-stdlib@1.8.21 0Highest29
kotlin-stdlib-common-1.9.10.jarcpe:2.3:a:jetbrains:kotlin:1.9.10:*:*:*:*:*:*:*pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-common@1.9.10 0Highest23
loadExpressionExperiment.js 00
log4j-core-2.23.1.jarcpe:2.3:a:apache:log4j:2.23.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.23.1 0Highest40
log4j-slf4j-impl-2.23.1.jarpkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.23.1 036
lombok-1.18.32.jarpkg:maven/org.projectlombok/lombok@1.18.32 036
lombok-1.18.32.jar: mavenEcjBootstrapAgent.jar 07
lucene-analyzers-3.6.2.jarpkg:maven/org.apache.lucene/lucene-analyzers@3.6.2 023
lucene-core-3.6.2.jarpkg:maven/org.apache.lucene/lucene-core@3.6.2 024
lucene-facet-3.6.2.jarpkg:maven/org.apache.lucene/lucene-facet@3.6.2 027
lucene-grouping-3.6.2.jarpkg:maven/org.apache.lucene/lucene-grouping@3.6.2 026
lucene-highlighter-3.6.2.jarpkg:maven/org.apache.lucene/lucene-highlighter@3.6.2 024
lucene-kuromoji-3.6.2.jarpkg:maven/org.apache.lucene/lucene-kuromoji@3.6.2 023
lucene-memory-3.6.2.jarpkg:maven/org.apache.lucene/lucene-memory@3.6.2 027
lucene-misc-3.6.2.jarpkg:maven/org.apache.lucene/lucene-misc@3.6.2 025
lucene-phonetic-3.6.2.jarpkg:maven/org.apache.lucene/lucene-phonetic@3.6.2 025
lucene-smartcn-3.6.2.jarpkg:maven/org.apache.lucene/lucene-smartcn@3.6.2 023
lucene-spatial-3.6.2.jarpkg:maven/org.apache.lucene/lucene-spatial@3.6.2 025
lucene-spellchecker-3.6.2.jarpkg:maven/org.apache.lucene/lucene-spellchecker@3.6.2 026
lucene-stempel-3.6.2.jarpkg:maven/org.apache.lucene/lucene-stempel@3.6.2 025
manageGroups.js 00
metrics-core-4.2.25.jarpkg:maven/io.dropwizard.metrics/metrics-core@4.2.25 027
metrics-jmx-4.2.25.jarpkg:maven/io.dropwizard.metrics/metrics-jmx@4.2.25 029
micrometer-commons-1.13.0.jarpkg:maven/io.micrometer/micrometer-commons@1.13.0 065
micrometer-core-1.13.0.jarpkg:maven/io.micrometer/micrometer-core@1.13.0 067
micrometer-observation-1.13.0.jarpkg:maven/io.micrometer/micrometer-observation@1.13.0 065
micrometer-registry-jmx-1.13.0.jarpkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0 065
monitoring.js 00
mtj-1.0.4.jarpkg:maven/com.googlecode.matrix-toolkits-java/mtj@1.0.4 029
mysql-connector-j-8.4.0.jarcpe:2.3:a:mysql:mysql:8.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:8.4.0:*:*:*:*:*:*:*		pkg:maven/com.mysql/mysql-connector-j@8.4.0 0Highest52
native_ref-java-1.1.jarpkg:maven/com.github.fommil.netlib/native_ref-java@1.1 022
native_system-java-1.1.jarpkg:maven/com.github.fommil.netlib/native_system-java@1.1 022
netlib-native_ref-linux-armhf-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_ref-linux-armhf@1.1 011
netlib-native_ref-linux-i686-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_ref-linux-i686@1.1 011
netlib-native_ref-linux-x86_64-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_ref-linux-x86_64@1.1 011
netlib-native_ref-osx-x86_64-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_ref-osx-x86_64@1.1 011
netlib-native_ref-win-i686-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_ref-win-i686@1.1 011
netlib-native_ref-win-x86_64-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_ref-win-x86_64@1.1 011
netlib-native_system-linux-armhf-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_system-linux-armhf@1.1 011
netlib-native_system-linux-i686-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_system-linux-i686@1.1 011
netlib-native_system-linux-x86_64-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_system-linux-x86_64@1.1 011
netlib-native_system-osx-x86_64-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_system-osx-x86_64@1.1 011
netlib-native_system-win-i686-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_system-win-i686@1.1 011
netlib-native_system-win-x86_64-1.1-natives.jarpkg:maven/com.github.fommil.netlib/netlib-native_system-win-x86_64@1.1 011
okhttp-4.12.0.jarcpe:2.3:a:squareup:okhttp:4.12.0:*:*:*:*:*:*:*
cpe:2.3:a:squareup:okhttp3:4.12.0:*:*:*:*:*:*:*		pkg:maven/com.squareup.okhttp3/okhttp@4.12.0 0Highest23
okio-3.6.0.jarcpe:2.3:a:squareup:okio:3.6.0:*:*:*:*:*:*:*pkg:maven/com.squareup.okio/okio@3.6.0 0Highest17
ontologyReIndexer.js 00
opencsv-5.9.jarpkg:maven/com.opencsv/opencsv@5.9 034
opentest4j-1.3.0.jarpkg:maven/org.opentest4j/opentest4j@1.3.0 060
org.abego.treelayout.core-1.0.3.jarpkg:maven/org.abego.treelayout/org.abego.treelayout.core@1.0.3 044
org.geneontology-1.002.jarpkg:maven/obo/org.geneontology@1.002 018
osgi-resource-locator-1.0.1.jarpkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1 034
picocli-4.7.5.jarpkg:maven/info.picocli/picocli@4.7.5 034
poi-5.2.5.jarcpe:2.3:a:apache:poi:5.2.5:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@5.2.5 0Highest35
protobuf-java-3.25.1.jarcpe:2.3:a:google:protobuf-java:3.25.1:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:3.25.1:*:*:*:*:*:*:*		pkg:maven/com.google.protobuf/protobuf-java@3.25.1 0Highest25
qdox-1.12.1.jarpkg:maven/com.thoughtworks.qdox/qdox@1.12.1 055
quartz-1.8.6.jarcpe:2.3:a:softwareag:quartz:1.8.6:*:*:*:*:*:*:*pkg:maven/org.quartz-scheduler/quartz@1.8.6CRITICAL2Highest21
resetPassword.js 00
rome-1.0.jarcpe:2.3:a:oracle:system_utilities:1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:1.0:*:*:*:*:*:*:*		pkg:maven/rome/rome@1.0 0Low44
rome-fetcher-1.0.jarpkg:maven/rome/rome-fetcher@1.0 027
rsvp.js 00
saaj-impl-1.5.3.jarpkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3 034
search.js 00
signup.js 00
sitemesh-2.5.0.jarcpe:2.3:a:symphony_project:symphony:2.5.0:*:*:*:*:*:*:*pkg:maven/opensymphony/sitemesh@2.5.0 0Low36
slack-api-client-1.39.2.jarpkg:maven/com.slack.api/slack-api-client@1.39.2 019
slack-api-model-1.39.2.jarpkg:maven/com.slack.api/slack-api-model@1.39.2 021
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest42
solr-core-3.6.2.jarcpe:2.3:a:apache:solr:3.6.2:*:*:*:*:*:*:*pkg:maven/org.apache.solr/solr-core@3.6.2CRITICAL*20Highest26
solr-solrj-3.6.2.jarcpe:2.3:a:apache:solr:3.6.2:*:*:*:*:*:*:*pkg:maven/org.apache.solr/solr-solrj@3.6.2CRITICAL*19Highest25
spring-bridge-2.5.0-b32.jarpkg:maven/org.glassfish.hk2/spring-bridge@2.5.0-b32 023
spring-core-3.2.18.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.18:release:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@3.2.18.RELEASECRITICAL*11Highest32
spring-expression-3.2.18.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.18:release:*:*:*:*:*:*		pkg:maven/org.springframework/spring-expression@3.2.18.RELEASECRITICAL*12Highest34
spring-oxm-3.2.4.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:3.2.4:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:3.2.4:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.4:release:*:*:*:*:*:*		pkg:maven/org.springframework/spring-oxm@3.2.4.RELEASECRITICAL*20Highest32
spring-retry-1.0.3.RELEASE.jarpkg:maven/org.springframework.retry/spring-retry@1.0.3.RELEASE 037
spring-security-acl-3.2.10.RELEASE.jarcpe:2.3:a:pivotal_software:spring_security:3.2.10:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.10:release:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-acl@3.2.10.RELEASECRITICAL4Highest34
spring-security-config-3.2.10.RELEASE.jarcpe:2.3:a:pivotal_software:spring_security:3.2.10:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.10:release:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-config@3.2.10.RELEASECRITICAL6Highest37
spring-security-core-3.2.10.RELEASE.jarcpe:2.3:a:pivotal_software:spring_security:3.2.10:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.10:release:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@3.2.10.RELEASECRITICAL7Highest34
spring-security-web-3.2.10.RELEASE.jarcpe:2.3:a:pivotal_software:spring_security:3.2.10:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.10:release:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.2.10:release:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-web@3.2.10.RELEASECRITICAL7Highest36
spring-social-core-1.0.3.RELEASE.jarcpe:2.3:a:vmware:spring_social:1.0.3:release:*:*:*:*:*:*pkg:maven/org.springframework.social/spring-social-core@1.0.3.RELEASEHIGH1Highest37
spring-web-3.2.18.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.2.18:release:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@3.2.18.RELEASECRITICAL*15Highest32
spring-webmvc-3.2.18.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.18:release:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.2.18:release:*:*:*:*:*:*		pkg:maven/org.springframework/spring-webmvc@3.2.18.RELEASECRITICAL*13Highest34
spring-ws-core-2.1.4.RELEASE.jarcpe:2.3:a:pivotal_software:spring_web_services:2.1.4:release:*:*:*:*:*:*pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASECRITICAL1Low27
sprintf.js 00
stax-api-1.0-2.jarpkg:maven/javax.xml.stream/stax-api@1.0-2 021
stax-ex-1.8.3.jarcpe:2.3:a:oracle:projects:1.8.3:*:*:*:*:*:*:*pkg:maven/org.jvnet.staxex/stax-ex@1.8.3 0Low49
swagger-core-2.2.22.jarcpe:2.3:a:http-swagger_project:http-swagger:2.2.22:*:*:*:*:*:*:*pkg:maven/io.swagger.core.v3/swagger-core@2.2.22 0Low38
swagger-jaxrs2-servlet-initializer-v2-2.2.22.jarcpe:2.3:a:gmail-servlet_project:gmail-servlet:2.2.22:*:*:*:*:*:*:*
cpe:2.3:a:http-swagger_project:http-swagger:2.2.22:*:*:*:*:*:*:*		pkg:maven/io.swagger.core.v3/swagger-jaxrs2-servlet-initializer-v2@2.2.22 0Low38
swagger-ui-bundle.jspkg:maven/gemma/gemma-rest@1.31.6 04
taglibs-standard-impl-1.2.5.jarcpe:2.3:a:apache:standard_taglibs:1.2.5:*:*:*:*:*:*:*pkg:maven/org.apache.taglibs/taglibs-standard-impl@1.2.5 0Highest55
tiger-types-1.4.jarpkg:maven/org.jvnet/tiger-types@1.4 023
tomcat-el-api-8.5.100.jarpkg:maven/org.apache.tomcat/tomcat-el-api@8.5.100 019
tomcat-jsp-api-8.5.100.jarcpe:2.3:a:apache:tomcat:8.5.100:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:8.5.100:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-jsp-api@8.5.100HIGH1Highest18
tomcat-servlet-api-8.5.100.jarpkg:maven/org.apache.tomcat/tomcat-servlet-api@8.5.100 018
userHelpMessages.js 00
userManager.js 00
validation-api-1.1.0.Final.jarpkg:maven/javax.validation/validation-api@1.1.0.Final 042
valueObjectsInheritanceStructure.js 00
velocity-engine-core-2.3.jar (shaded: commons-io:commons-io:2.8.0)cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.8.0 0Highest92
velocity-engine-core-2.3.jarcpe:2.3:a:apache:velocity_engine:2.3:*:*:*:*:*:*:*pkg:maven/org.apache.velocity/velocity-engine-core@2.3 0Highest33
wsdl4j-1.6.1.jarpkg:maven/wsdl4j/wsdl4j@1.6.1 020
xalan-2.7.3.jar (shaded: org.apache.bcel:bcel:6.7.0)cpe:2.3:a:apache:commons_bcel:6.7.0:*:*:*:*:*:*:*pkg:maven/org.apache.bcel/bcel@6.7.0 0Low52
xalan-2.7.3.jarcpe:2.3:a:apache:xalan-java:2.7.3:*:*:*:*:*:*:*pkg:maven/xalan/xalan@2.7.3 0Highest46
xercesImpl-2.12.2.jarcpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*		pkg:maven/xerces/xercesImpl@2.12.2MEDIUM1Low84
xml-apis-1.4.01.jarpkg:maven/xml-apis/xml-apis@1.4.01 087

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

AjaxLogin.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/security/AjaxLogin.js
MD5: 7103c06f778f208a528f1c42e8a7e89e
SHA1: 57cd818c568971024c7151e1b404727a786b73f6
SHA256:5ee8b4a1983fe551122fb43c98f8f62b22f55cf699919830343eb7489d0438b6
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

AjaxRegister.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/security/AjaxRegister.js
MD5: 5a45af101828623fa0af8ed5dc7dfc54
SHA1: c00d6ece399f6d3d3d7e98e48c2006d6ef881bf5
SHA256:ad380c66e2c4064494a0092ebbf3040fb46dc3d12008aabbf0405dc34715ef5d
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

AnalysesSearchUtils.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysesSearchUtils.js
MD5: f613de4312936dbda0abaac5cffe0c50
SHA1: 390800b5aa10fdebd433e73c4033d8a4cb061183
SHA256:006478fe178c685875871ebff65302d5126b3eb20385a46f12d844b716dc0402
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

AnalysisResultsSearchExamples.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysisResultsSearchExamples.js
MD5: fc443f1f1f00d7c2edfa6e961127f861
SHA1: bea8d21ddc6736fa3d3afdc46dd4fdd27df05a38
SHA256:103c6e9fe2e62cb0bdd30168e5300562b6b3f21556c07bb586dd9fa50152df75
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

AnalysisResultsSearchForm.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysisResultsSearchForm.js
MD5: c5bc25e808a1fe388b350c0d71e65d00
SHA1: bbf94185b699045038880f161e12f1ccb5ab8cce
SHA256:f322676d009abc1ade51c9300b073735c707109211e71c8ef5800f052036c4c1
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

AnalysisResultsSearchMethods.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysisResultsSearchMethods.js
MD5: fa6ec5e68777ed4be09dce6bf3d416aa
SHA1: e5eecd86ea8d9eec5d8ccc9e8b60408e5b7405fa
SHA256:2b78c0d875665390bfafa79a6c45bcac5b95e1b529926655f0032e87caf627ba
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

AnnotationGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/AnnotationGrid.js
MD5: 8b2e3f48627d6b7209222875f9a79076
SHA1: 1a4f8020e016ad6c15e97bd140c99f446b8cc156
SHA256:5579d1194a4e8ef19ed5a57f1d5d39e6c103c7317949c0ce3441419ce3bdf0ae
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

AnnotationToolBar.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/AnnotationToolBar.js
MD5: ebe3310d7c11a2541fad6834d91ac276
SHA1: 68499946d6aa5904d967e060e6324299e6e0ac6a
SHA256:0c22b01a572537331818467395639aaad3934c5b651f85bb5b0e6c3d2e03ade6
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ArrayDesignCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/ArrayDesignCombo.js
MD5: 6fd04c6213799121c3bc21b71751e1f5
SHA1: 935e02fbf3e805585e6543489a7fbdcf797b1bd4
SHA256:61cdd5c0a872cfcc5984006769b03fc29653ab0597d3f4f03d5f681680ef5628
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ArrayDesignsNonPagingGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/ArrayDesignsNonPagingGrid.js
MD5: 8c81a4fe88ea3b560af735920e4ac745
SHA1: 980d88a6c231af781a892778fec14e58dff254a9
SHA256:da705106afa88ed9fff6cd3fbd044051a3c68811ef884d3a24b501303b6cc124
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

AuditTrailGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/AuditTrailGrid.js
MD5: 79f986a0fb74a73bdb6bdf0bfd118b2f
SHA1: c66f6c6f738f6581d4f53e2c861a82fc1cee8ab2
SHA256:44e3b418e02fad3a3a437d630faa6691a4fd385cf68d6c3f9df95487d8a8e517
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

BioAssayGridPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/BioAssayGridPanel.js
MD5: cf26c9f402f817a857e5f659b2a2d5b3
SHA1: 919461bfe6503eab69eb02b82c91e19dc1bf8974
SHA256:d6a045c53f5287b49ca79435dc8678deeada4d0a2daf6a176b0d35a0e3c3ce75
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

BioMaterialEditor.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/BioMaterialEditor.js
MD5: 2a03c5aca60dea84a1d7afc45eeb99fa
SHA1: acb8766f6646762e5631f0a9340e1c339803c495
SHA256:ec5f8f7ad76b8f0493b086986a8b0a1ec2294a96217a23d3132cc67314eb85fd
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

BrowseButton.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/BrowseButton.js
MD5: 0c099e87c8821aac56d041024fe67212
SHA1: 7f75251871682666866a999111d710327cd686e1
SHA256:43a0938ff2476cef665514e34c6a3567fbd8bddc0be5c864c0056f2d59ccb4e5
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CategoryCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/CategoryCombo.js
MD5: a515a8ad78f3b8af37daf0e6d4bdd80c
SHA1: a85285245b1fa8141bdf5501bb5a47e33a54ace3
SHA256:27be0299782a43f6db1f4b90c724fa5f1880aafa772db7bf05959564dcab1925
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CellToolTips.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/CellToolTips.js
MD5: 5dc0ca61230395db950cbf4947fc981a
SHA1: f6db3cadc5150e0d35f52fffeb13fd1fdd34a7f1
SHA256:e9e5490634a58a390f2277a8373bf906caccf167d47ade85c10ab9146f61f897
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CenterLayout.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/CenterLayout.js
MD5: 50636e02f0eacb1f586a01f5779168f8
SHA1: c2ace99fc4a4d9f37deec27723096add9df4f620
SHA256:1fe42ac1a290b17bfdf937179aeee11ed274a5bd8607eb3a3e36065e546e8ff4
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CharacteristicBrowser.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/CharacteristicBrowser.js
MD5: 0b74c4207591fd3511bc6cc31622905f
SHA1: 6ac90ae65fc99368973f3e7017e1f448110dc89f
SHA256:998994d763ca1b5b60b2a09419bf341006b97d06e7844ff89aec4020acaf35a3
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CharacteristicCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/CharacteristicCombo.js
MD5: 3a10d07a90c20f616dc89efd19367b2c
SHA1: 311ce182d574dee2a7d65ce2171c84d5d969daf7
SHA256:e22c8b4d7d4587707f4bd4166bf7a4ba31f3b42b43a18b1fe13527db877a7082
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CheckColumn.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/CheckColumn.js
MD5: a06a32551766823ef2940a3e24fec5ac
SHA1: 2ffc8c56d6539a58ec40d782d093623ae3fe4ccc
SHA256:755294f88a0e24e6afc9af60e538673672e77629a65ac11aa8bd777e1c594cc7
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CoexGraphData.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CoexGraphData.js
MD5: 67859ccf17d7fad41aa491bcf6d6cdf3
SHA1: 84fde9149f855e602b88c2a43489f3f7e1df3259
SHA256:f692b78e4d0f0923161d2b62f32187a4753b5ff5223a3ae4412efcdd329aa599
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CoexVOUtil.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexVOUtil.js
MD5: fccaecae5fa7c7fbfa249eb831f9ad0f
SHA1: 39d9dad25c04dd189395d4d0b325c698ebc10f6f
SHA256:3d3cb540ccd373821174d62de942f5d6d1bc4d769a87dc11d00d8f12a9570608
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CoexpressionDisplaySettings.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionDisplaySettings.js
MD5: a2932a4461451c48e3203e226eead96e
SHA1: 22a70a654612879f12b8c02eece95dec72d11af8
SHA256:b045fe4eb6045623447b50e16ced15423a4cf1c24c36baa57862420ecb5294e5
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CoexpressionDownloadWindow.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionDownloadWindow.js
MD5: f54d6926e2b07a580fc1b08d4abd71e3
SHA1: 823c898056c12322302fcd632d45f5c0f8b5e766
SHA256:6672122e74ace3aa7ed3e2a0427497be4dddaaae4c160c6094f70fb6acf35b97
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CoexpressionGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionGrid.js
MD5: 22faf34499b68b2f207f3a1777953837
SHA1: c3a15acef352ff643b557321edc6cde51529f39e
SHA256:5be0915c73b6a89745543dcc2311b20ce177cdd597059ea2b073e9af5d96e3cb
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CoexpressionGridLight.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionGridLight.js
MD5: 3b8b3e419bc7ed6a2ffbd93cc0e50dc7
SHA1: bb4b28fe7760d771d467eaf713efad25f6e97bf8
SHA256:9ff09bc5829d4e381a0b60406321d3b0f48c2603d6dd7833ec405685d9c034a0
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CoexpressionGridRecord.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionGridRecord.js
MD5: c0d5dc29a142d75aa00cb004045e18b1
SHA1: ece356d3f6fd19beb81f2934a383e5de36bedcd2
SHA256:75448f4e53b606ad72acd3da66fe2a6352a0cc76c598a263db7097864aa97e85
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CoexpressionJSONUtils.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CoexpressionJSONUtils.js
MD5: 13834b46c25da9e1e97c54099f158046
SHA1: 993bf9d48829c0b35885f80bc80899af5f223093
SHA256:0860e5376e715051e8236b4534b1efc4c0aa8887ae26b7b40983913487e3daa0
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CoexpressionSearchData.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionSearchData.js
MD5: 8e9a9c6d8e53d7e87336ae101a4ed323
SHA1: 2aee607a440b54b2fb6a4b547a1834554eb15c76
SHA256:971b718a43422d2ef8b242a23f5bdc64fa121b3ebff5df19fae2c058c199ee09
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CollapsedPanelTitlePlugin.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/ext/CollapsedPanelTitlePlugin.js
MD5: dfe5f380e817ff658c4cb96ce0de7c28
SHA1: ba26621556df39b8a29b05f08bed7a95a6da1fd4
SHA256:e2414fdf811c5c0d32e94aedc2925e7d1f500475bd233cdac40ff7a18c04512e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ContainerMask.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/ContainerMask.js
MD5: 5d51f5ab173aa74d93a51ed98d94ea13
SHA1: d55cfab417d68fa456278d8819d466d1aaae8984
SHA256:81e28b0e6a972ec5b9ac697cdc70c0fb667e6b7346ba7d4d0a710f65125e4595
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CreateSetDetailsWindow.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/CreateSetDetailsWindow.js
MD5: 53dcc25f87b5a5d045b88608c27a7616
SHA1: 9f2293074ed9624a731d25da2241f49129d6d588
SHA256:66b78888a2892df12ebcc9b5449ec9b83565465e6f10e52f8414c4d82db89eb0
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CurationTools.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/CurationTools.js
MD5: 253fe0c021ffee20e373e07770bebb29
SHA1: 68e19496b1c7447d140211f4c96ed4e7310a7a8c
SHA256:d71198cd761265c01d3cd8613aabf3199c14d3306a8d46abfbae20b07e23e488
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CytoscapeControlBar.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeControlBar.js
MD5: 43b9140bd7cf009faf161ce315630a8b
SHA1: a172f07f120bd46d813e585aea3dae52dfc9a6d4
SHA256:a40052c21aa0c196054e27a8517e6c05585c725f4ca727068b251970a75a460e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CytoscapeDownloadPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeDownloadPanel.js
MD5: 0cbf8d1a2105e92aa0279e6656498c3f
SHA1: 019247333e80c2bf8d5a7c2e8473fe77c7c6a37c
SHA256:852310a75233817e2b45e9b7153b1336f3bc3f675623d9311f6aadf1b4df7186
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CytoscapeJSCoexGraphInitializer.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeJSCoexGraphInitializer.js
MD5: cd8baa0e81b10a472dcfcc4879e77336
SHA1: 9a4633e73a290204ea96265c1c38a3d0b509569d
SHA256:064d62250504501e2a610e55c9fc96f7c44207daf25f066641de2c1f2bbc7994
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CytoscapeJSDisplay.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeJSDisplay.js
MD5: 0e45041d9c967dc6ebcac6c20c3d0726
SHA1: a26be17b48a82e779e001daf49ed7650df5aa389
SHA256:b63d9080f1d33df5e3b84a6f5d84e67675ce77cf545f39bf7886a51b2f7b37cd
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CytoscapeJSPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeJSPanel.js
MD5: fc51d38ab5c41da211094b2ae9ea7c02
SHA1: 4c5f86778a5722b432fd4cb555a6f062f1d3e4e6
SHA256:1b278217cd4ff361d36c25067be0565e7e6e6f362dbea909a1b68b8a3cce8723
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CytoscapePanelUtil.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapePanelUtil.js
MD5: 90321e21b5f187cec2566614b950e8dc
SHA1: 4c0da31d682d97bde90b65da17b5d2c783cb6bc7
SHA256:2e021bbbf8353ece5fce840a4d372ebaac376337eab049b99b7e1ffb1a9dbda2
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

CytoscapeSettings.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeSettings.js
MD5: bc57a89876dfb0499f1e997d9593e64a
SHA1: 56ee9001f1450723d7c464451e3d4d05694cfa20
SHA256:f794bcd36d84d584f4630663e41cbad428e3afc10192b94cb8ce98db42b7cdb3
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DataFilterCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DataFilterCombo.js
MD5: 34cf0d4935e8c120d4b764d4f51bd913
SHA1: 51a9dd547e46831caf4add32310e34dcf392ba1f
SHA256:f769338c0b890e700436f60edb8d7816c0a6758bc72f13161e394daf06ab0a91
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DatasetGroupCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupCombo.js
MD5: d008f93620af35382fffab6ed9bafe55
SHA1: 6bef3947f97643051279c9a6cf242ee0e3d46314
SHA256:f4034eb971d20fc7b964ff15581ff34c7b0f9945f1146c20fb9624318963a98d
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DatasetGroupComboPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupComboPanel.js
MD5: 088f61b869594b9fd822c5c90e1ca309
SHA1: cce02040ded312245fe189f4f39d5af3724bf355
SHA256:c76bd063f1c17649fe01d77c9adfaba6c8362845bb66af9a260beff72ec78329
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DatasetGroupEditor.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupEditor.js
MD5: a8dd58a2c21a4f84b1d875003ada7cfc
SHA1: ddcc76157ab847b30a8e61c052ba667dc1b082bc
SHA256:d0dff2d6582f3a77192c78e196aff36e64fcaffaaa612f5b15253d12b2c72ccd
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DatasetGroupPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupPanel.js
MD5: 03e367e8037a0a2e0c694cecfb144fd6
SHA1: 054906cc9bc96b4fade3181d0a569f1b04c129f7
SHA256:050304f2860eb444fff875fe9fb9a45ffc21aa17a331998e20d22b2d52d3bbb6
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DatasetGroupStore.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupStore.js
MD5: caf82b22b3bbb6ac6b83ae3a13bd5358
SHA1: 1720a7d794c049b1ae4c35809a3d71da966abca4
SHA256:80406bd8075b28bf997bfca0879d054fd3e80db480c69c3f7b7b61c13b781b0e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DatasetSearchField.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetSearchField.js
MD5: 827856a3cf6d8887ca0e51b939cffc78
SHA1: 280112865ccf06dff30bc2fa2976f588a8f2b352
SHA256:d0f4021bca2ca524f8a3ca7bf5255c5a718bebae7360cc5d0f5082d1ccf3f5e3
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DatasetSearchToolbar.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetSearchToolbar.js
MD5: 4304e454d68fc4e95c20735bdf78cd55
SHA1: 7361f3829a6e8faf6b730b7d5e993ba0e1813145
SHA256:bd4664cd8a6410c9b7c66b205c5751b52780524af267bc751fedfebf0de8cd23
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DiffExSearchAndVisualize.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/DiffExSearchAndVisualize.js
MD5: 1c55f0dba3fe67e24c7ff2f0d0967b82
SHA1: 7a6b6caeefe60be19e98793901a473602ffb9db4
SHA256:19eaa4000d4ebaac5e62060ed8f4dc90fd1889890a48e3ce5e0d6d617756d04a
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DifferentialExpressionAnalysesSummaryTree.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/analysis/differentialExpression/DifferentialExpressionAnalysesSummaryTree.js
MD5: bff751997abf71ff574927c16a4f6cdc
SHA1: a275824de27df8dbeaa4ea747de59d7919473bb5
SHA256:b4ce931e9cfcec38378becd0f6dc9a70e320c4577cdce4f68f773ed68545895e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DownloadWindow.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/DownloadWindow.js
MD5: e625013b8cc8fe116d9eeac35d35e768
SHA1: 3086449b3d0af6d8a4030538c51707f04d381614
SHA256:2653521e967bc0941e895ad7bc0c08316e2f03b9eca37c195f38cb531844e510
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DwrProxy.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/ext/data/DwrProxy.js
MD5: 9c0dab945118e24ac98de65aef0e5c1e
SHA1: 5be1729bf9416ddc4a452e520794fc493623b908
SHA256:6d2e57d5acc093942fb895ed5c4105f5df8ea6326401df8e602bc918f824c739
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

DwrTreeLoader.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/ext/DwrTreeLoader.js
MD5: 647dba6601c42e88dcf48121f224d1e5
SHA1: e55c9db6818b74e387066f8579893d4462597498
SHA256:8b5c1e247e2e6efceb1bee4d34b030dc24da4d76a6da76b67905c39bf90e28d0
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

EEDetailsVisualizationWidget.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/EEDetailsVisualizationWidget.js
MD5: 51f56861338342fc88cf4735fbc8ccc5
SHA1: 1574c8296fbb19182606b151b145c0bed88a64eb
SHA256:46c735150381e1133b54af47f13cc587110567f85d8c3aaebeb25ed1fb46d19f
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

EEManager.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/EEManager.js
MD5: c70a3faed328e2d6aea525fe2400c4a5
SHA1: 444ed74bb248db01382f7bdab6dfc3ac149e6898
SHA256:ce4056188f249f454d5ba6b664a3e76f2e08a7b2ad6af05fc5c1860132ee6f1c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

Error.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/Error.js
MD5: cdc7bc660c6910458b72c7e326e02729
SHA1: 6bd337107c9b8f65ce5973adf20a33f2ce8de2dc
SHA256:00251c782a7fae8bdf0bf34b9c87a9d9982c1fee3b2c495670ba517c818f7b71
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ErrorPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ErrorPanel.js
MD5: b7aa2d9b00d0f21a140aa96b98b7344b
SHA1: 3ce9db91b39b6e4367e6bc7871a5a58d548f0f9d
SHA256:d0eaf8bbde64722d8869e2af356e82e4876e3da361f7cd08ee039701ea6cebc2
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

Eventbus.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/Eventbus.js
MD5: fe3b40e6851e4f4154baecbb4245029f
SHA1: 7ec45952b2453ead930dd8c2e0fa6f4847819d31
SHA256:3b98c9ff4120e73ae469790a1b7161b32fa20d4e60a77c7946f1291cd9f712cc
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

Evidence.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/Evidence.js
MD5: 198811b2ca1abddd51b92b90f6938f63
SHA1: 0c48c2cdb24515509d999b306d955222427a1bcf
SHA256:bfa1459c18e9a0d5c55e6ea440e86a2c3a7105bdd51af632786c92af0e5db9b0
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

EvidenceCodeCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/EvidenceCodeCombo.js
MD5: cf29bdf11dac914927b29fecbebd12ef
SHA1: bcc28a9a6c21f2c2648e79c655f3bd7b306fa5b6
SHA256:316805940686559889318bc7165e3448b07c7bbc508837489bb8fc9e08553c55
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

EvidenceTypeComboBox.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/EvidenceTypeComboBox.js
MD5: 6709520b8166b5e820a7005d47e45c98
SHA1: a2535d33e2525ece795a11048a037d542eccf548
SHA256:b437a82af287ee79823d859ae4d82b3ec5c43b976abc93767c43f735b34e46cf
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentAndExperimentGroupCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExperimentAndExperimentGroupCombo.js
MD5: fb2f91c6ce47a9f3f60ce9ed0ffeda57
SHA1: 153ff457107c305f34451fc8cf35a493fed1ea3b
SHA256:f71266ca2b47962efdb3573c7091008a584ce4610c941e6d9664390c7df07d06
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentSearchAndPreview.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExperimentSearchAndPreview.js
MD5: 33388c61450d32ca006a4afb18569f25
SHA1: 887e497777810947965d75a9acfdfac82c33910d
SHA256:02931ea8de25853c485b3650e0d2c3b25497975c71485ac0e01135b85932f4d3
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentSetPreview.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExperimentSetPreview.js
MD5: 08632af57a46b7e32dabf7d0d41b4e65
SHA1: a4aae417b7bacad9c6789fa19c7974b195ca1c38
SHA256:0f31fc473a8d9aea9d00eefe9c62606045415ca4ce0afea0920c7146586dfaa1
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentTagCategoryComboBox.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentTagCategoryComboBox.js
MD5: 722b96e4a0b9ae84cc3ddd776d4935f7
SHA1: 54d92136923ee4edd794ed9c92c87f5f1cc5014a
SHA256:2b0965b73142d8819eabcb50c0180c4219dbc9f7f969210db798e651b371243c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentTagValueComboBox.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentTagValueComboBox.js
MD5: 1486ee0c18b820e91d982cb033fb6609
SHA1: 44d6278b2aca2134248715bf7be9e9a05a1c8308
SHA256:d6ecfa4a4d48a5fc5bb8d0c1e3d4748b7b3442869680954dabdf4cda43448945
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentTagsPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentTagsPanel.js
MD5: 0704927454541a88f1c42c42e697cb44
SHA1: 053d6aa487d9f9d0b20f3499e891a7c1824f894c
SHA256:4709952e60fb34746797acefe80f8331d1937550f6a605411051dfcaacca7531
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentalDesign.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/ExperimentalDesign.js
MD5: 6ac59387a5c98a33f4583dc1a0e61a7d
SHA1: 427acbbc41544f4247a01e85c987e4d24da7a5b1
SHA256:0eba3e45304b1171f0b7b8aaba9f794f5be1bbfae47f839ea9078656db57af35
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentalFactorCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/ExperimentalFactorCombo.js
MD5: 14a21cd98f2258b77a677f4b0476c361
SHA1: c729fbc78b21879a9875f0306beab0ba01cf64f0
SHA256:072bbc5c33d003f184a88cd82ed92c01b5ccbbdcb54903444e99fd6bd91b2d95
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentalFactorEditor.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/ExperimentalFactorEditor.js
MD5: 857d892aa0660387358e1a85c8f927c4
SHA1: e04509afb042a0b2eeeba59ece5742d27543060c
SHA256:3757ee03b3ab80db8cd0265fc4026b94e2c6742beff0e3cac30259d345e88ff7
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExperimentalPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentalPanel.js
MD5: cafecf000d04628b431b0a13498cdb4e
SHA1: 78548c6e6a8f1d45f8041d1b0895af60c07bc045
SHA256:bfb20632a65286088cafd9c94d083b2136e2de55720e48634d50737f49ce334d
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentDetails.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentDetails.js
MD5: b4676d072fed1990e4f0ceea08468d7d
SHA1: 7f08286bb310ebea5520bffec71c34aac6eaf318
SHA256:67e7f219e562255471b943b84e9d3b53a635d8ffa2f0ece65c0f7220cf14afcf
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentExperimentalFactorGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentExperimentalFactorGrid.js
MD5: f1ec776e3afdedc0bdbee4771812b96f
SHA1: d1097870bf105ef8ad369a84807825eab89e6fe3
SHA256:e7146817900c66798994e6b989f809cf4e676db377340b3e38ae92c394a22ff2
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentGrid.js
MD5: 992b6ad8a4f1c68d14e64a51b6a941cb
SHA1: 7d8d3e7851518148246003a5b2c4df54ab09558f
SHA256:8a352bcccfc8722219eed5d61f0f748cc101485b2d9632fa033cf88d90f4c4b7
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentManage.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentManage.js
MD5: d045b8127369937e5c8ed8ababaea174
SHA1: a6d32b35a20ba97ff1f40a43d6d7b3cd32e23279
SHA256:3788d8cc057e00b76290d4d9ebb4bc90c034b7204dbe546f14aa3dd86243a150
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentMembersGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentMembersGrid.js
MD5: 1f5465bba36549d8c2c78072f74c8a4a
SHA1: 50ddf1b5052cf62bbd3e027e36418b392b95b711
SHA256:e25e1d285692e10862f6b22135d4a353330b5398b375ae8cb16468ab902bf4af
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentPage.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentPage.js
MD5: 3220c952b33377e1f0f2e31d94130e41
SHA1: 1e74e0b389c5f5384b347a922ed366e5e9d8b5e2
SHA256:ef69d078bec1929516a485fca1fb821423a45e1b168d57bdf60b175ee5faf608
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentPagingGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentPagingGrid.js
MD5: 1ae77655955bdfdeaf9f1226ef3bda7b
SHA1: 70a00c13309db333abdf9f1a2b094b7a49442986
SHA256:50c56af2c39a177ede0b42b795b3f806508af3672e002c6289e6ea6bce612e54
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentQuantitationTypeGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentQuantitationTypeGrid.js
MD5: 09248ead301bb704280a49e10cbbc43f
SHA1: ad4fe0910d995d6c0d21a3c69487a5d6b3285568
SHA256:d5cec9082a072264b4969830f1d12e2a5abe2fbebcc4e69748003a34c1c6f782
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentSetPage.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentSetPage.js
MD5: bc8ed60776be06a0fc6b1016867ca691
SHA1: 68ffae9e137f7e11baf529d264615b1d1c33cf07
SHA256:b96b886a029651bc345055a90817ecf006ce5b219bd6460f3bdb6203c8204854
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentSetSummary.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentSetSummary.js
MD5: efc3dd2b702320cb9944ed361eba5361
SHA1: f30e2aac01ff1ee68a9cd543e5d6d9a588856bcf
SHA256:aadd10e21213c914764feac32251b58cc211301e837a8d58be340c73d618aede
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentTools.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentTools.js
MD5: 2bddd675c14e2d7551719ff108925268
SHA1: 40fe6400f194e6d75289e3c9af14f34908278215
SHA256:5e120da29a0f4f1065dcf391c869310223443b9c11d449800a2ca39bba68c709
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExpressionExperimentsSummaryPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentsSummaryPanel.js
MD5: 31ac7aa8dedf78b8bdaec6846ba9253c
SHA1: 19f5c940a5ede64ce5fcd7d21b18bdce4389168a
SHA256:37b0cf6b00627a6c30148f46f958fde22344f49fefd3bc971aad2b22cab678c7
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

Ext.ux.tot2ivn.AccordionVboxLayout.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/Ext.ux.tot2ivn.AccordionVboxLayout.js
MD5: 150c316153afdba92f76d65fa1bab4fe
SHA1: b591059c2181cb468f115a14dce53e26fafdd3b7
SHA256:bb56ca1fc693598e238d74bb903dae9e7a50d66757b9947b8eb4d9a2cd9783bc
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ExternalDatabaseGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/ExternalDatabaseGrid.js
MD5: 0415b53babece871297be885d127f227
SHA1: de25543027bf28990a88298e9e027cdd7bc19509
SHA256:255eee314ce3db6e28b0eaa0b8450ad92eba558fc9b3fd31d03da2d53794f100
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

FactorValueCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/FactorValueCombo.js
MD5: 6e8115379158b098018b39f91b6aba8b
SHA1: baa594aa6fd5b36879978a5dcd2b20d71eab9f80
SHA256:534dcc18a6c94b8c8087cfaa4a4c9e37ffa20c6801746d6db31bddfa947d6569
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

FactorValueEditor.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/FactorValueEditor.js
MD5: 7cb5e8083a22da635cd19dfd2b0aff9f
SHA1: c453d8fb080fcc823687f8d4ef8cb738f3af484d
SHA256:03aee6b35b708191c6ba02b8073ddf18507cd401767e227dd9b6a4d0e6c15463
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

FileUploadField.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/FileUploadField.js
MD5: 69a510fd47c4fdd85a4dfb083f61502b
SHA1: 7e6b23f40f5b22885cde2d9041ff65ae9a3a8abb
SHA256:15a77019c830bb470e3d471de53f497f85e69ae8f4ca3d0132eedc92da251f40
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

FileUploadForm.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/FileUploadForm.js
MD5: a454a8b506142ec2d1f2c71d11621903
SHA1: d1898c5c0026b99ad5ad090f357634af5a04dbe4
SHA256:a8033d36dc71f8a927cb7af9c93b2b646cfaf9bf7d0f4a6ec70ba6cde7a826b3
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GemmaGridPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/GemmaGridPanel.js
MD5: aea15f55d2b9272bebaa87a02cc36e2e
SHA1: 34a022786db0c21752699703d46fbbe50814df2a
SHA256:6c149332072c714ec572fce0ddee003501b5e224d29daa3817c971806a857704
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GemmaLinkRoots.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/GemmaLinkRoots.js
MD5: 71c3b0e19b835e13763f8b86ab6e3548
SHA1: a5420f221399fdcc882cced7d6b0203679e1a205
SHA256:255a5825c1b0e8d44fcc70d1387760c45a2322832e310ca94c234565a93a8781
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GemmaNavigationHeader.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/GemmaNavigationHeader.js
MD5: 511b189c304139894790be5f1691dcb7
SHA1: 1d50dfceece76f2e05e6f638e1a33c050c4f0193
SHA256:f481fd1419e6261e32789f74599ecf8cffd430ffde3956a1b079b177c0eb43a2
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GemmaStatUtils.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/GemmaStatUtils.js
MD5: dd75ebe7815bbe911219d59b120cd7ff
SHA1: 54066b58675952cf74d62c9293d2cb9130dbc54f
SHA256:a918d33f4b23c6c667c6399246600bed74da7c23646bab7a88d4afb8358f05dc
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GemmaTemplates.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/GemmaTemplates.js
MD5: 642d09e9aed4443ef028bdb26e65587c
SHA1: 2e1e8fac10ff07994c80652ee2ad4e64fcec1346
SHA256:0ff89d56a2eb35b04aeaf038b39541862bd58202cb02abf3a72335569e00a57e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GemmaViewPort.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/GemmaViewPort.js
MD5: 05299715194621e30d3d20619992077c
SHA1: 96d13dbf3441bf5d74d97744501c2efabccb8782
SHA256:a9371c294b918719f8e0421fd35de202ade0635457e3b02dcd0b4167d17f9504
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneAllenBrainAtlasImagesTab.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneAllenBrainAtlasImagesTab.js
MD5: 162e6929af0f01bb413a7a3c40422814
SHA1: 00d56ace77a5cd1b9b28455bb3ee131a3b80d224
SHA256:586a27bbf20025d630096e7d24f6ab44212507509c60044f7f5b89b9b89c6951
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneAndGeneGroupCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneAndGeneGroupCombo.js
MD5: 528947e5abfaa5b8a8606fcc5d777566
SHA1: f79c329e7b739f277ae7dfdf152e2c6449cc4dd8
SHA256:96351c4dfa59c389069fe0666a5ba55d866dd85f91e7ba75c00b506e6f34fab8
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneChooserPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneChooserPanel.js
MD5: 772b308a955bdb297e8ab6f2e7d20684
SHA1: 17609d65f6a107dc4c64892723994d2d910dd29f
SHA256:68a46f7a5b7a59c44faba72751039a10ed59a9f00b3913dbd6431101a4630a25
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneCombo.js
MD5: fe0333395ebf3b570458742e1a1616ef
SHA1: 31f889981bb7913bf1bcb4229a60d4bf5bd71269
SHA256:ef20324a8a1e7d5362d08db14639fa3ce5d16b5525c49734da7b1967b7721a16
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneDetailsTab.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneDetailsTab.js
MD5: 2f57afdef6a376d79dd6be732c0cfe8e
SHA1: 3d463de55cf7e664019e77603fa9dcce1707e65a
SHA256:229c433ab5a76f2ebbcc91dce75b2a8d4d634d6f79dadb65cf14e70a209ddf46
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneElementsPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneElementsPanel.js
MD5: 77385a0ad1857b3a64c3d2e02b950ea4
SHA1: d805af155da800c3b2a441cc1dc0fa6299afbc57
SHA256:3e6d066e832822762e92264c950e56d3f9c8fae3ed1d7e611bb09effce44b2f0
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneGoGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGoGrid.js
MD5: ed64e3c3f4a73ea17580834ee78c047e
SHA1: 8818cb9f625dc87b4ce9c1140f4f7d0daca1ca2b
SHA256:b290d277531863936a9773b5e731bdb89738b3f07c921feea31834079fe3424f
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneGroupCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupCombo.js
MD5: 6340e10a959ff0173b84728e45562701
SHA1: 3752e1929ddac24499e89bb38a15d43711e74955
SHA256:752e55e9ef5b65c0c7ef0109834647e76367090d309dbd11b7a3fb222d04e843
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneGroupEditToolbar.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupEditToolbar.js
MD5: d9c79135e1d9ac6e00874267b310834f
SHA1: 3223fad5c48bd66011980213730e659d4368be8b
SHA256:e790248525245e8196ae8fb0f4cf1403e670961415d337ff5bb4f3cbcd30ef53
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneGroupGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupGrid.js
MD5: 1149d312ff12e016397b3d0699a11d44
SHA1: 5110fdb3b7323f27f8a36b55d50903286f241ed2
SHA256:fca401171f8091755938773e970d89f63de6916e040344709fe45b6fd0879f2a
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneGroupManager.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupManager.js
MD5: 40fb54f4f5209e4e89ebba565d5e4cff
SHA1: 63d09bada4bd27ef6a079ff6ede68a922ac68d57
SHA256:7c0e61b72fd9b190065882a9e37ae980841a1f968772d5a4f69372e3ff6d661f
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneMembersGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneMembersGrid.js
MD5: 783bf2aff3d2d6cc58e63460fb70ae86
SHA1: 4fd61a6558f2aa579b396e6afa085c6121428d08
SHA256:b44fb6425dab7171d2f987c2d7b4728cae57dc833ff9f525022472883129a4e7
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GenePage.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GenePage.js
MD5: a0875d0a1e4f77cc7fa1fd66707bfff2
SHA1: c6183080f257dc51fb607fe7b9ac02097907ed11
SHA256:a886819651b0e9ebe67c5ec7c3dba052682b99a2498bdbd70e66eff9cbdaea86
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneSearchAndPreview.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSearchAndPreview.js
MD5: 785d7d63754326350ba53c40325e0000
SHA1: 301f1770f0d836ac7578e2f914fbcb898beed3c9
SHA256:10d322ad1e5e66394e4c593d21503d539930788460ce64d528442ff6e8770311
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneSearchComboBox.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/GeneSearchComboBox.js
MD5: 749b3f894e3cc94ccb39eaab58ca2cdf
SHA1: 40e87e2e89731076a6856d728cbb59a8e0a044c9
SHA256:4ea86d862b2045d490ca3376026c78e0dfc9f5dab4526c36feea6cbc7f9274f5
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneSetOverlayPicker.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/GeneSetOverlayPicker.js
MD5: 99e7cdf7dec26678630116bc16449db3
SHA1: 12f6372ab45d940f21418af8acf15709453d766b
SHA256:77cf94e09037cb80895c3a737aa71c9431701159671bd9cfdb76d32e9c02da5f
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneSetPage.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSetPage.js
MD5: 1f6e9f2c2e167a02d2f0e0dd1fad3ae4
SHA1: 843b7e4a21ba650733a969ef2a8850893c8c53c6
SHA256:96ef013efc6a7963992b0a79d14f0424ecf84c378eb1d14dd378dda00d8d6114
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneSetPreview.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSetPreview.js
MD5: 833620a2195c403c8d357a2a1fcff572
SHA1: 66b7d76a2f1393726df39da09a0fb3fb71b03ae6
SHA256:329b4c7da34e5a4e86f9d4e3a7b7bd1aef00475a4a8e5fd69156f8f30e125ac7
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GeneSetSummary.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSetSummary.js
MD5: a7d5c5d61b0d41562f32059209c5632b
SHA1: b47d2cff2e08ed67ab8c673acfb405f42126582e
SHA256:ba6092ad4903fa4db5012f9eebb4cce66f8709a70123b638d1fa123b56ae3d32
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

GenomeAlignmentsGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/GenomeAlignmentsGrid.js
MD5: 6397cc9c40c8b56c12d241f79524e2a2
SHA1: d39fdb11aa9d8efbbf8ec3e974b143b935c584af
SHA256:8848669b353aaa16a4beb5d9b62a54dd088bbacddb40e7fc4e0165f0f6858182
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

HdrHistogram-2.2.1.jar

Description:

        HdrHistogram supports the recording and analyzing sampled data value
        counts across a configurable integer value range with configurable value
        precision within the range. Value precision is expressed as the number of
        significant digits in the value recording, and provides control over value
        quantization behavior across the value range and the subsequent value
        resolution at any given level.

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
BSD-2-Clause: https://opensource.org/licenses/BSD-2-Clause
File Path: /home/jenkins/.m2/repository/org/hdrhistogram/HdrHistogram/2.2.1/HdrHistogram-2.2.1.jar
MD5: da024c845b9456beec00d8890fd8ef51
SHA1: 0eb1feb351f64176c377772a30174e582c0274d5
SHA256:df6afd38afcf79fc5c8e67087ea953c1b83b040176d5f573db4ce91a260fc07c
Referenced In Projects/Scopes:
  • Gemma CLI:runtime
  • Gemma Core:runtime
  • Gemma Groovy Support:runtime
  • Gemma:runtime
  • Gemma Web:runtime
  • Gemma REST:runtime

HdrHistogram-2.2.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0

Identifiers

Heatmap.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/Heatmap.js
MD5: 04a534c9c353d8e88e9ce2ea46b984dd
SHA1: 1e41f28b24d681a6f110914fdb3b002deda2638d
SHA256:ff7203853afde1b50b569847b588d5be395aec698af3968fac7c25cc9de07683
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

HikariCP-4.0.3.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/zaxxer/HikariCP/4.0.3/HikariCP-4.0.3.jar
MD5: e725642926105cd1bbf4ad7fdff5d5a9
SHA1: 107cbdf0db6780a065f895ae9d8fbf3bb0e1c21f
SHA256:7c024aeff1c1063576d74453513f9de6447d8e624d17f8e27f30a2e97688c6c9
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

HikariCP-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

HomePageAnalysisSearch.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/HomePageAnalysisSearch.js
MD5: cd4b01b2edbf680fc141898d32e5bc65
SHA1: e0db6428bd99f72e11e8b209246835c5ffb1c579
SHA256:490834d5cbc67f004041695a20673ae5a02dade853cdf893148d719f6a233fa7
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

InitialTextGridView.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/InitialTextGridView.js
MD5: f2bb0a0fca5485004d1ab21ffc65bc72
SHA1: 540da50ac3b64c8c902797e0f3c059fa80f310a9
SHA256:e0bc76d52b74a14ef3eeb3bd5235a5a7acfe08ea7061d0322c6669ff12c20d11
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

InlineHelpFormLayout.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/InlineHelpFormLayout.js
MD5: a2a8e1fa4c6ec3ca193698b5ed5fae74
SHA1: 056272e3684a6129d6afbf134af14fb9cd5e97be
SHA256:80a8834398c0039963ad45c4c9a493f71fcbcc9607afdb25f6c1ca6e6560dd9e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

InlineHelpIcon.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/InlineHelpIcon.js
MD5: 6d1ac2989698f1653e4fcb4edb644c69
SHA1: 80aa83615203515fb9de2ae0c45d553abddfb359
SHA256:b003a9c96de8c44b9ee3b61e9f37943e23264da0e471d058a0784f3a6c2f085c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

JRI-0.5-0.jar

File Path: /home/jenkins/.m2/repository/RoSuDA/JRI/0.5-0/JRI-0.5-0.jar
MD5: da1c711f9748c288afc2f8574165405f
SHA1: 2d9612a95065c291b2ae41fcac28446aa47a8410
SHA256:bcc4b8bd8edc28aa2fbaec6b441fe44e4ed51fb11a310477928460748cf69a04
Referenced In Projects/Scopes:

  • Gemma CLI:runtime
  • Gemma Core:runtime
  • Gemma Groovy Support:runtime
  • Gemma:runtime
  • Gemma Web:runtime
  • Gemma REST:runtime

JRI-0.5-0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

JRIEngine-0.5-0.jar

File Path: /home/jenkins/.m2/repository/RoSuDA/JRIEngine/0.5-0/JRIEngine-0.5-0.jar
MD5: b0cb089fab38efdc95b200ab931b2efb
SHA1: 9751022a2938a4207e178f8c8142d098e4c549d7
SHA256:dd26c4bc37222635388ea5898fc78740f486a384bebcb5ea2fa7e2f4ad453750
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

JRIEngine-0.5-0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

CVE-2022-1813  

OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2021-39491  

A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions:

JavaEWAH-0.7.9.jar

Description:

The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.

JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.

The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/googlecode/javaewah/JavaEWAH/0.7.9/JavaEWAH-0.7.9.jar
MD5: 3186322b6558b126cef0e00bdbd2466c
SHA1: eceaf316a8faf0e794296ebe158ae110c7d72a5a
SHA256:fc499deb9153610f735f75817f1c177978d27a95a18e03d7d3849cfcb35abfc4
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

JavaEWAH-0.7.9.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

LatencyUtils-2.0.3.jar

Description:

        LatencyUtils is a package that provides latency recording and reporting utilities.

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /home/jenkins/.m2/repository/org/latencyutils/LatencyUtils/2.0.3/LatencyUtils-2.0.3.jar
MD5: 2ad12e1ef7614cecfb0483fa9ac6da73
SHA1: 769c0b82cb2421c8256300e907298a9410a2a3d3
SHA256:a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec
Referenced In Projects/Scopes:
  • Gemma CLI:runtime
  • Gemma Core:runtime
  • Gemma Groovy Support:runtime
  • Gemma:runtime
  • Gemma Web:runtime
  • Gemma REST:runtime

LatencyUtils-2.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0

Identifiers

LinePlot.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/LinePlot.js
MD5: 3efe8bfa0eafc26cfb028afd993b8398
SHA1: fb768ac5aaf61502f947bd60fae2657b44e9256d
SHA256:330678162e8452335794bd73ddf294f83fa075a8103ec887f64aa89976186de5
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ListRangeReader.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/ext/data/ListRangeReader.js
MD5: 5388a4b59918367ba24681b2d2d8d045
SHA1: eeda9182b9bc7c4ac912daff9950fea495ea1f70
SHA256:da084f91aa1fe4fa69dcdd081882c5386dc5f5d4456e646fcf1438897f78760e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

LiteraturePanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/LiteraturePanel.js
MD5: ca26107ee51329499c0b202e611df6c7
SHA1: 35c55dfb646d60c18fc274cb7b3359ceb218ec74
SHA256:f18190ad20cf058cc63a07dbc8d2cffc4ed3fbc12a74be8793d51b728d79b236
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

LockingGridView.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/LockingGridView.js
MD5: 2558e43459ee04e39d3b4cc183be89c4
SHA1: 7e5c119f99bad26b4385955052d0e6400d1ed567
SHA256:5f18f78486fb9e08e95386805b3ecc253cdbdee9ee1832efb113e7e1e8a4784d
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaAnalysisEvidenceWindow.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisEvidenceWindow.js
MD5: 36b188f6def11c58d8636e9a03cc798b
SHA1: 82d700c3163cd866b2d53b74a48a9b87a2ea6c8d
SHA256:0b77cc7df50c4ab9445347ac14b1aa1336e673126454a48581c8502728189024
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaAnalysisManagerGridPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisManagerGridPanel.js
MD5: 7d517fdcca07ad5dc4838ea6abeba428
SHA1: e028e29d95669f888ef66154c74a414e87a1ddfe
SHA256:34dccf93e91ddbfd9e64ba99f660f61287124849173608d9c8844a07e0d1f7c5
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaAnalysisResultPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisResultPanel.js
MD5: 7ee515ddf2db9fc49f355f3be50654ca
SHA1: 2122253513f0397681585bbbab43acfa08b61d12
SHA256:f10d6c587f6070c2780c48d56d4b94421dc13c7c0f9e40b63c15f46648619d6e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaAnalysisSaveResultWindow.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisSaveResultWindow.js
MD5: f0f07b9fc46d56d87dec19cbbebc7fbb
SHA1: 32c6e99a56862da101a5c9c84ab449149fd2d807
SHA256:8badb55941352f6389135db7f6837d04bf9f8672816a0b680459005cbf604965
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaAnalysisSelectExperimentPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisSelectExperimentPanel.js
MD5: 5cf0fbf918bc7bcbefbe21ecf3960358
SHA1: 14271dac8811ef2ea79a133f6591c8018847ac6f
SHA256:5fea470bf783a0d03455c8f92982b1ae8a395aa2d5b3df86d84d10f70f76fc4c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaAnalysisSelectFactorPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisSelectFactorPanel.js
MD5: e21a6b1c5cd0b1d0329db392c459a680
SHA1: fd42a6ca512b65c2367482560eede559a251db55
SHA256:6057b37e790ec846d1937b2a843d95b0f23bbc52d3813a2e07dff3f3b717608f
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaAnalysisShowResultPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisShowResultPanel.js
MD5: 4a7d8cd77e4f4f0769218d01ddd94cdc
SHA1: 0f6bc1d2e5b8a2d771f67b45902da7d0d62e5431
SHA256:ee6ab4b7f4b692ccd886a060aca2e267024cff6199e4868e4e6e7ee8bb9477d6
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaAnalysisUtilities.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisUtilities.js
MD5: 02a5c155fad5d83d39e7bc42247548c0
SHA1: 198f6d772cca49cdabdb764c60b230df20ef8f93
SHA256:982bad49e49301bd683f1264cf3ce11895a8eb1324cb783deb8f85b0e543bf5d
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaAnalysisWindow.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/metaanalysis/MetaAnalysisWindow.js
MD5: a2e7f04d8499651c10427ebaa427d6a4
SHA1: 8646aa489f1c451f21683f42c42d6dfced97f667
SHA256:03c2d4de633569e32acf9891a42c7138c6716f8f34b940dfc14a4ee233902ad5
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapApplication.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapApplication.js
MD5: 6747eda433c45b5283219d2b971267ab
SHA1: e68189d20a8ce6613089ec69e871485aaf63e32f
SHA256:abc0cd4f5ff9f54fb51646104e03575a6f188e64ed7a7d780f84d2448289f488
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapColorLegend.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapColorLegend.js
MD5: 04abd9d9c78de6446be03da414a66482
SHA1: 6ea52b80c871cd7b534ade02aaa294584b5b8c8a
SHA256:225a8ed4b1190a2be86c5547350ff3a6987b484cfffe5161144a9685410df3dd
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapConfiguration.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapConfiguration.js
MD5: 63ca9cb23c7e10ddc47c47f96dfc1df4
SHA1: 89743d1195dc6ce7d84b109e212d33eb449e3dbe
SHA256:b4d3ceec65d3337f01cbf685fb37d77c1753446b22ddb712d32393e9214144ce
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapControlPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapControlPanel.js
MD5: 3010b73e17340e5927eb388ea1e7c900
SHA1: 3c26357c00df72fdc5121bb00540e2c1bf13ec27
SHA256:4b6d0b2bb440b5e0988f9c80b1a4bc4ddcb9e26aba51161ca7dfe77fe742b980
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapDetailsPopups.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapDetailsPopups.js
MD5: 449f6aa574bd69482b745c5d77f266bb
SHA1: d3eaaf64e5b17443eb05fb8ec695be72fca9ad6f
SHA256:3a521720c2d889fbceeb9d5bbf2ccab7bb568823081af2a262aefabc677d3988
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapDownload.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapDownload.js
MD5: 9b1aa8fa2ed99baffac20d0bf3f62d03
SHA1: 8c2332f09f41929a35de4934b8b95c1193208951
SHA256:25efbbb28f7376ca5ed2226e00edb364b27b1dfd215c71b50e79c0982e01d04b
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapFactorTree.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapFactorTree.js
MD5: 2c8c4eb3e3e1e61572de2d065e518f3b
SHA1: 5da7d514d0bb31f9b03326a403901eeda882f8bc
SHA256:46f646077ea6388d8c725cab25503d3b89ef94511591e94a7beff314dcae79b5
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapFilter.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapFilter.js
MD5: b717b385fdb4730b1ef67d76371bdce2
SHA1: 6a1dfe19538fa217181dd64e3d45e753a63a0a12
SHA256:1e67870972aeb5351a1988fe0f9f52463f9161db2f5312f923720dfef3f9794f
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapHoverWindow.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapHoverWindow.js
MD5: b02d4641d4a9048c009ac2e58f1561c1
SHA1: 34164a9a3f870aab31b3ca4a179bb0ee76fcbfb7
SHA256:9c98f0974070ccb398731ff6850245559d3a4277d875e3eebc39306d2e1b890e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapLabelPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapLabelPanel.js
MD5: c36f57829eb7eaa5a90599aa5b265ee7
SHA1: 98a17e6ad4e4e12a68234e2352130eec1e786208
SHA256:2b4f3952a75bb0c56a3dff3230bef9b20aa40a0db91d5a2b17f34ee19308b928
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapMainArea.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapMainArea.js
MD5: 8508cd76c70718f9edd755464da13c1c
SHA1: 2b4d344c6cd9fd4c0d221127ed4795e9cae27644
SHA256:67999cb72a44fff234bf1bb7f427c94d3eb2468797427212b25c769d2f2e5e25
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapSortFilter.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapSortFilter.js
MD5: e84a85efc71763be0609620943edc8aa
SHA1: 07c5dbb7a9384d9e39ce1e5a5da27461d378d1e6
SHA256:3e856679aab95aee27052d616d40603f689cb74718a39573edd0af62006a6c3b
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapUtils.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapUtils.js
MD5: d51b314a5e287e014125cc31e941c571
SHA1: db3711eb299146e9579af828ed6a25dd8a48e317
SHA256:b1381b7ffb234d3d7a246a05800af1c31fe6d117ad352bf69b8f1feffcf93fdb
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

MetaheatmapVisualizationPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/MetaheatmapVisualizationPanel.js
MD5: 826bd06f0dc68bd90eede58c3c3cd79a
SHA1: a8763b06a96c1c07d4d1337705a0186db2d66a06
SHA256:e7ff271d1eca5184438fa7163a7f2dba8f851f3a0cab8990e33ba4b9af732818
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

NeurocartaStatistics.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/NeurocartaStatistics.js
MD5: 54c5750dd2a28c54805e32949f2a6b54
SHA1: 74a521c7411dd9aa5d8fc8c69cb0b7e0a9bdb26c
SHA256:7429f84794af484445b9e3156af842975f014397e093701bad777af1daf42976
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ObservableSubmittedTask.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/ObservableSubmittedTask.js
MD5: 5b7811f1393d3747409ac2c6f04460d9
SHA1: 90acf702f687f03601498ccd627e0fcbf139b4af
SHA256:565f87e6cf11ccc18f911005e45271cf7860adc884bc26b7e4b9da0c5c094d57
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

Overrides.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/Overrides.js
MD5: 042b6f2c2bfa47bd2b87713b73bd87e9
SHA1: 069f7d64084bd5b31613d162544650b10fc78227
SHA256:0e9ce3ae855cb0361af9440878483e75416d53ac3f454e1b47087d8a6dbd4b40
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PageSizePlugin.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/PageSizePlugin.js
MD5: fb5d0d28c282bbbd1e18cd420ca8aad8
SHA1: 84b234cf6fc892400e47858ba5a0b6ea6cc84ad5
SHA256:e86bb33fb28684ff2aff940659c27a860de218c70221b12979a22cfda68a1d58
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PagingDataStore.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/PagingDataStore.js
MD5: a98c5801c3aefd8c52658f3745c56759
SHA1: 80dd6e486f68fbefd0647c3f29bd861576a04b0e
SHA256:a2f8a3dbd90e26f9c825121cf3a15e92b1399aad8e0087ff0068182e85b15ef3
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PagingMemoryProxy.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/ext/data/PagingMemoryProxy.js
MD5: 0f62943ac81f1ae7349d116abe926f7d
SHA1: 1321c4b28adc85f3d6c7e46599cef0bb1d482d1d
SHA256:3c6da8369736f6dd15acd518d10ae453517b3c79725284ddf570e987d33992a1
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypeAssociationFormWindow.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/PhenotypeAssociationFormWindow.js
MD5: b971c63c3e060b43d78b802fc459d28b
SHA1: ce984048521290cc3d1815bd404a911e5175a78a
SHA256:cb1e2c4d77eaa553f2c814f7792b39707a84af1c65bc7af56fd187c4f2632a29
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypeEvidenceGridPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeEvidenceGridPanel.js
MD5: 7091f13ece161667598440790126b943
SHA1: fdb73676d4d194aba3bd137745ee45e4d991e551
SHA256:25de42ac2f2e57f0260e12ca2425fed5d82c28a4b053a727d10b8e5caf862145
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypeEvidenceManagerGridPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeEvidenceManagerGridPanel.js
MD5: a9e5fec6384f90b285d551546550cb04
SHA1: ca33b583449e7709fcdba6b91587cb89e462f7c7
SHA256:895b6ceca9c02fa454d3396fb52aeac5f502937891b924a7c3336cc99d6d1630
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypeGeneGridPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeGeneGridPanel.js
MD5: 88cb0837f7e21ed4404bffb9577c0246
SHA1: 7c49c0c802fb262a5b6a794984c47641e90cae25
SHA256:be607b189696573afc620b0b70becd40197d199da7fdad1454fc7b3c705a7403
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypeGridPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeGridPanel.js
MD5: 66c55b370b66b5fe08a4d440a6bea474
SHA1: 76c609be715beadbdafa8da89ca47884dd17771c
SHA256:23d468c68ff1e82f0aefbf70fcb4500e98bfdc7c71bc65c57dfc98bf74e936b2
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypeGridPanelCommonConfig.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeGridPanelCommonConfig.js
MD5: 79109ecd81847745392c93b62cd1e149
SHA1: f21214e57b0544aacd49a510107a69c387624668
SHA256:6e449ccab19b8e1b49b18a95ea446caf244cf555cd970b3f4968a31904142ce7
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypePanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypePanel.js
MD5: 8e100b55c2fde24845b654f0021ce4c0
SHA1: 0dbc5bf2e216c0a04e33897f1ea49a3d8482ebf6
SHA256:070dea07e097609d86f73ee54e6b6f6cf3e58efccbd78559d899ae26fa9a913c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypePanelToolbar.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypePanelToolbar.js
MD5: 3d574fcb7a563bcde5c1a9d449949819
SHA1: 3b2207680a72093ee4d5c32c587bb8b1263ac883
SHA256:6b12be2a6311eec33e97ce1b5dfd69e4740b0f23ceb96c1ceb09cb068b3f5d05
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypeSearchComboBox.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/PhenotypeSearchComboBox.js
MD5: 079e85fe329cb168fc10342cce5f1c10
SHA1: f874e1e375e9565f4a12529409ff33c8f10daaf2
SHA256:03e3d55b4203145fa277f996072e1c79b9fa12bb53db245f52823ceff8c58d93
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypeTabPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeTabPanel.js
MD5: 4a4f111118ffe6101e016ece1ebaa9ad
SHA1: 8a2f6f9814891bb397b7cfc19177f990cbc14fd9
SHA256:8e78b52abb8b980478ef11a4d7e86cca5707f6cd31d4f52fbf3c8a1c4aeb00b1
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypeTreeGridPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/PhenotypeTreeGridPanel.js
MD5: 68bab485ca4252f15adfaea431851858
SHA1: e35bd1830bbeb7fe527d25d642c1929f335499e1
SHA256:fcd39f305190e48c496f70bda9b5e03d88dd3482c89f44f84516a37c239986d8
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PhenotypesSearchPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/PhenotypesSearchPanel.js
MD5: 0dd20cd844e854c7e90da6fd192a2acf
SHA1: 93ec685338169f0d4bae6e122b0aa18a3779c844
SHA256:44185e83cf7b4c9229af9fb8b2e7e7ce7d69bb3778c8a591e233833dc7e707a2
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PlatformDetailsTab.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/PlatformDetailsTab.js
MD5: e7522f6ee4964ad1559e1c0a06fd20ce
SHA1: 870fc67e2790d5563b0e27a9882a1d14b3ec66fd
SHA256:077ab488a3b1a9753676c00e1ca3a770c76f91b0d9ebcdc052c43d7e4acb917d
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PlatformElementGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/PlatformElementGrid.js
MD5: f39284067e8bede8fa751fe172f54dfb
SHA1: dca7fed6e0cd58f6eec7ceecad625fffb799cd7f
SHA256:9bf6afeb7f892478a6542953b92baafdab945998e69f7a1b9af3bbd9c9885173
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PlatformElementsPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/PlatformElementsPanel.js
MD5: 8f8318b5961f2ce27a1ab82b869ab0d8
SHA1: 2e839f0c9ddc08650337be5573a7b53ff5e4f53b
SHA256:1fc2b9bcfedc44711af4cd5e6e4a2147ea5c992852c0b732c96577a7aa796a43
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

PlatformPage.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/PlatformPage.js
MD5: 345025bb49cb8d5c0100f80cdf420214
SHA1: 9f978107c54b33f1e4560bd6ea16fb8f96b768e4
SHA256:39c36f112af300f2e2229d8ae5b0db7683dca1edb1e6872efc74d8ed06c26a01
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ProbeLevelDiffExGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/ProbeLevelDiffExGrid.js
MD5: 93e22679eb53462f769750a6b34e016d
SHA1: 65ad2d18fdd0fea96133a7de39f2c41900496a97
SHA256:a234547577adc7506d31ad9108b0c2dc6d155397cf478de30e98aa1dac5dce98
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ProgressWidget.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/ProgressWidget.js
MD5: 09880c7238b585ae6003c98e4bbf802e
SHA1: 6664795ba897a48115953cb1ebcf2093d6ab5c16
SHA256:36247feea821d8c5ff37f45ae0e713d11565dd19aa89b2cbf6448119e322102e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

QuantitationTypePanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/QuantitationTypePanel.js
MD5: bd22f262687c9a6f2375841ac79651a1
SHA1: 50435249b831cd8514b01ddd98925635aaec6c05
SHA256:2a5d76557af9d71347124947fc4868b2178c611eb0ebad4ed6ebc09bbdeca7e6
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

REngine-2.1.0.jar

Description:

REngine API to access R from Java in a backend-independent way.

License:

LGPL v2.1: https://www.gnu.org/licenses/lgpl-2.1.txt
File Path: /home/jenkins/.m2/repository/org/rosuda/REngine/REngine/2.1.0/REngine-2.1.0.jar
MD5: 9377ddb81ad3e37d94926367b410c9fc
SHA1: 73c31209d4ac42d669ccf731e8a1d845f601adac
SHA256:a268b4d1e0aa0c5ab3a79153764beca2d90087904c7d087b33110fa188fe5c04
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

REngine-2.1.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

RadioFieldSet.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/RadioFieldSet.js
MD5: 355640cc02121fa73805f43ad1e2abf8
SHA1: 064023a56cdc6dc79d77cf768b2e213daa0800ac
SHA256:ec218ecb86db3fe97e9c4a5493f3615398864f2c30672c7702535f0711acf337
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

RelationCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/RelationCombo.js
MD5: 2c009d6972b75b4a60d1e246b75d9f28
SHA1: f12f18dbb2abc52a7bfdb301a639c17e9d7f0ff5
SHA256:d4a85d50e7a441d78760c1592145e6595220b53e1888be39b9f093cd0e205470
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

Renderers.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/Renderers.js
MD5: a88dab506bd6c340d82711e2a7fd6680
SHA1: 1cc946ce4a7048edf85a3041fc52866053964cd6
SHA256:736d40648ebf504e82becf7454da63854ef2a6be07a8ad3c0db98b4b01f77002
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

RowActions.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/RowActions.js
MD5: d504180c7f78439725e2dfec52ef82e5
SHA1: 005a4768ebd3e26b7a02c20f26da29a30e3741a2
SHA256:80fdfe4c8b9343255aebfb21b66def6054f1238165f46076e8b7a065bffce7a9
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

RowExpander.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/RowExpander.js
MD5: 95aef6ba8076867670a89d1f3eeaf6aa
SHA1: 03f1c7163c26b8be443930b250c3a57626b70c33
SHA256:6ccba7f20891cf1e1b66bf5f10ec1380a71fc6ea51a8fd3e02b864387bc44b3e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

SearchField.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/SearchField.js
MD5: fc417876b52ebed5ad9032de9d083fe7
SHA1: c7de05a82e52468aba9d70c34731872745b08fa4
SHA256:05180c72e18c2304ef09c9075c8999ce674e532358066f1d2113f19d2d03d1ae
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

SecurityManager.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/security/SecurityManager.js
MD5: f58879834bca54c03619d4ec5154e825
SHA1: 6da96c39a1f8ce9342e4c3094d3c3d6e359adbd3
SHA256:6d11fad880e2055b7cd4af74f4c20676870542a3ff7c582791c01faa59f10798
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

SequenceDetailsPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/SequenceDetailsPanel.js
MD5: 1e9d55a4750bb62363e03d2209152b12
SHA1: 4b7ee80884055172d08b030e678d67b834738b4a
SHA256:5f6e919be27d96fbbce55757c4108eceacf81b0c22fffebe5b98e99cb7f0af2b
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

SessionBoundSetRegistrationUtils.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/SessionBoundSetRegistrationUtils.js
MD5: e755889ca1ce24a52ed81a77ea96f85f
SHA1: 71548b44b082f289b93cb815e34972a6576c9b65
SHA256:d1b9b9ede8221ae6464056a4311a7784e1bf91625e31072d8e9019f7a30f485b
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

SetPreview.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/SetPreview.js
MD5: ad317ecad88fef6bc7b2e4267502a662
SHA1: 60480875367da6c67e7948f3fa9c07d5e1e94409
SHA256:dac678edd625fccf1b4f1da5762405237d5f0e1105e424eaa271453bb1a065f8
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

SparseBitSet-1.3.jar

Description:

An efficient sparse bitset implementation for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/zaxxer/SparseBitSet/1.3/SparseBitSet-1.3.jar
MD5: fbe27bb4c05e8719b7fff5aa71a57364
SHA1: 533eac055afe3d5f614ea95e333afd6c2bde8f26
SHA256:f76b85adb0c00721ae267b7cfde4da7f71d3121cc2160c9fc00c0c89f8c53c8a
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

SparseBitSet-1.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

Spinner.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/Spinner.js
MD5: 5c098879cac2ac5017384d04c0d54244
SHA1: 9c3271bcec8dcd2b1021fd3cfe8e10e5adde001c
SHA256:a8387b3d2c6e8c536b42a409517e09f65193c5423378e8180bdc7c743a2b6bf3
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

SpinnerField.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/SpinnerField.js
MD5: 0580f6b45db64bf9e6b623baec246671
SHA1: 934f845b823ef4170190c371c57fc0f864478529
SHA256:e90a11e23abc9122648c07ce4cdc4c306c58d7de791c690aa224e7c24021c113
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

StatefulRemoteCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/StatefulRemoteCombo.js
MD5: 05c93f5bacb846dcfd30992a6d7aa0ef
SHA1: 9fed1d65bb6075d7e84fa71e08f41a49f9101012
SHA256:b99a7744abd81a1477e63aae1fec080dc6b91429a7425bcad8c3242833ce436b
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

StatusBar.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/StatusBar.js
MD5: 70719cb2ed60b4ec1f9928e7e47aa4e4
SHA1: abfcbc9109c4f093b6a1a7f30240f32300942103
SHA256:f35ad4b989ec8fa9b3ae321f765e79005102a03f57779d79e3b91c3edc105fc3
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

TaxonCombo.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/TaxonCombo.js
MD5: 15a3cf9d2aab9fa551ef490b5f75b288
SHA1: 7b20bed043fa2cfdd43f6ce227dbdfa057aabf25
SHA256:32e99103bad6f8261f16fe3c2080be6ee4ad32058df7bd55ce58e6ca4b606911
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

TreeGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/TreeGrid.js
MD5: 46d0204bbbe3c50656a3214151d3c5a7
SHA1: 9530b6170dbe1e0c4ec15087905154bfa6e81497
SHA256:4dca3112c80d4c13c3622bd9ad4b5077a56065da8d15257a221e407c1e9b0f3e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

TutorialQtips.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/TutorialQtips.js
MD5: 55831bb63854deafba123b3cd14897e4
SHA1: c1f10836de76537ce060073771ba104ec1afbe04
SHA256:e1ce14641e8eb619d7cd3c5fd77e1cdb6c1e79219fc9098cbd3df1dd524fa53d
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

UserExpressionDataUpload.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/UserExpressionDataUpload.js
MD5: 11a7cbe9cecf943659b5218c7119a16a
SHA1: e139ea814f918c392d1fcab6b8dcad1c00367742
SHA256:fd57b0be1cff16fd05c4f0ad3252f40aa37c47dba1a0164307e0510d8d722f9a
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

VisualizationWidget.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/VisualizationWidget.js
MD5: c09132609e6c522edaf9f226c6b7469c
SHA1: 60e7cb69f5ad7b6e0cf163b9779c887f577b320c
SHA256:15439bd700867c2f9b53443e0ad49cf07e7409ce1330403edecf76eaa4978d86
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

WizardTabPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/WizardTabPanel.js
MD5: 3d724e3ed37bad46960aeeac1687822f
SHA1: 5e764ee0511ab022fe3368343a5414f45dbde5b0
SHA256:ba9f259f7baeb75c2aafd5b4a989c620af4d7b1b1e839b488bf50e8949d7af00
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

WizardTabPanelItemPanel.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/WizardTabPanelItemPanel.js
MD5: 755b9a0695869fafde4057aeffab4500
SHA1: de68841c691ca6cf3bddf63c928bf979707711d9
SHA256:16cb4704568fa0317b610be4877a343d6b2de2dc2978c047150586f7ecf7f362
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

activation-1.1.jar

Description:

    JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/jenkins/.m2/repository/javax/activation/activation/1.1/activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
SHA256:2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3
Referenced In Projects/Scopes:
  • Gemma CLI:runtime
  • Gemma Core:runtime
  • Gemma Groovy Support:runtime
  • Gemma Web:runtime
  • Gemma REST:runtime

activation-1.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/com.sun.mail/javax.mail@1.6.2
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

all-1.1.2.pom

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pom
MD5: b60dd3450b3a8d030f4799dcb273f846
SHA1: f235011206ac009adad2d6607f222649aba5ca9e
SHA256:cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67
all-1.1.2.pom is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23

Identifiers

all-1.1.2.pom

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pom
MD5: b60dd3450b3a8d030f4799dcb273f846
SHA1: f235011206ac009adad2d6607f222649aba5ca9e
SHA256:cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67
all-1.1.2.pom is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23

Identifiers

all-1.1.2.pom

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pom
MD5: b60dd3450b3a8d030f4799dcb273f846
SHA1: f235011206ac009adad2d6607f222649aba5ca9e
SHA256:cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67
all-1.1.2.pom is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23

Identifiers

all-1.1.2.pom

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pom
MD5: b60dd3450b3a8d030f4799dcb273f846
SHA1: f235011206ac009adad2d6607f222649aba5ca9e
SHA256:cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67
all-1.1.2.pom is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23

Identifiers

all-1.1.2.pom

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pom
MD5: b60dd3450b3a8d030f4799dcb273f846
SHA1: f235011206ac009adad2d6607f222649aba5ca9e
SHA256:cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67
all-1.1.2.pom is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23

Identifiers

annotations-13.0.jar

Description:

A set of annotations used for code inspection support and code documentation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/jetbrains/annotations/13.0/annotations-13.0.jar
MD5: f4fb462172517b46b6cd90003508515a
SHA1: 919f0dfe192fb4e063e7dacadee7f8bb9a2672a9
SHA256:ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478
Referenced In Project/Scope: Gemma Web:compile
annotations-13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2

Identifiers

ant-1.10.14.jar

File Path: /home/jenkins/.m2/repository/org/apache/ant/ant/1.10.14/ant-1.10.14.jar
MD5: 263e00d844d0e4efa54440ec5ed6362a
SHA1: 1edce9bbfa60dfd51f010879c78f4421dafae7a7
SHA256:4cbbd9243de4c1042d61d9a15db4c43c90ff93b16d78b39481da1c956c8e9671
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

ant-1.10.14.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

antlr-2.7.7.jar

Description:

    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: /home/jenkins/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

antlr-2.7.7.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final

Identifiers

antlr4-runtime-4.9.3.jar

Description:

The ANTLR 4 Runtime

License:

http://www.antlr.org/license.html
File Path: /home/jenkins/.m2/repository/org/antlr/antlr4-runtime/4.9.3/antlr4-runtime-4.9.3.jar
MD5: 718f199bafa6574ffa1111fa3e10276a
SHA1: 81befc16ebedb8b8aea3e4c0835dd5ca7e8523a8
SHA256:131a6594969bc4f321d652ea2a33bc0e378ca312685ef87791b2c60b29d01ea5
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

antlr4-runtime-4.9.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /home/jenkins/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.security/spring-security-web@3.2.10.RELEASE
  • pkg:maven/pavlab/gemma-gsec@0.0.16
  • pkg:maven/pavlab/gemma-gsec@0.0.16
  • pkg:maven/org.springframework.security/spring-security-web@3.2.10.RELEASE
  • pkg:maven/org.springframework.security/spring-security-web@3.2.10.RELEASE
  • pkg:maven/pavlab/gemma-gsec@0.0.16

Identifiers

aopalliance-repackaged-2.5.0-b32.jar

Description:

Dependency Injection Kernel

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.5.0-b32/aopalliance-repackaged-2.5.0-b32.jar
MD5: 99809f55109881865ce8b47f03522fb6
SHA1: 6af37c3f8ec6f9e9653ec837eb508da28ce443cd
SHA256:32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

aopalliance-repackaged-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

arbor.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/scriptsnonjawr/arbor.js
MD5: cbc3d8f56ca5f506253729e079d41814
SHA1: 55105233417b8dbe5834c4dbb9b7cf441c4fc78d
SHA256:73dec7a9cf90ba345b5d7eaf5977cac5d840f75ecc96fa25bf1b3717a55daf5e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

arpack_combined_all-0.1.jar

Description:

Java APIs for the BLAS, LAPACK, and ARPACK Fortran libraries as translated through F2J.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/jenkins/.m2/repository/net/sourceforge/f2j/arpack_combined_all/0.1/arpack_combined_all-0.1.jar
MD5: 83d82dd480da2aeba6429e746453ec0b
SHA1: 225619a060b42605b4d9fd4af11815664abf26eb
SHA256:9964fb948ef213548a79b23dd480af9d72f1450824fa006bbfea211ac1ffa6dc
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

arpack_combined_all-0.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

CVE-2021-4048  

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
CWE-125 Out-of-bounds Read

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

arrayDesign.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/arrayDesign.js
MD5: fe07fa83e948c48058c2c8e7cdc6f9e2
SHA1: 82d014c7acd27de5012aadf5add09236a4926157
SHA256:6ee84b0b12f90c3630722add4b16d83f391f59949b57c972ec993f231e5087e0
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

asm-9.7.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm/9.7/asm-9.7.jar
MD5: 3957b18bf02a62edcb6726d074b90b08
SHA1: 073d7b3086e14beb604ced229c302feff6449723
SHA256:adf46d5e34940bdf148ecdd26a9ee8eea94496a72034ff7141066b3eea5c4e9d
Referenced In Project/Scope: Gemma Groovy Support:compile
asm-9.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

asm-all-repackaged-2.5.0-b32.jar

Description:

org.objectweb.asm.all version  repackaged as a module

File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/external/asm-all-repackaged/2.5.0-b32/asm-all-repackaged-2.5.0-b32.jar
MD5: b7710f0109a9aca153b48fa5474b8a9d
SHA1: dc705f1d54cd5a96cbc5a473525e75ef1cb59a9e
SHA256:83bd18063fefc7a6352539fde4e3fc7a0ec13734e17f8b787dc1bff5d426820c
Referenced In Projects/Scopes:

  • Gemma REST:compile
  • Gemma Web:compile

asm-all-repackaged-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

asm-analysis-9.7.jar

Description:

Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-analysis/9.7/asm-analysis-9.7.jar
MD5: 910ac9c691023f1a9ff33c413ae9fbf6
SHA1: e4a258b7eb96107106c0599f0061cfc1832fe07a
SHA256:7bc6bcbc21379948a0c8c467fb0f864206e5b818f6bc0b546872f5c9f941556f
Referenced In Project/Scope: Gemma Groovy Support:compile
asm-analysis-9.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

asm-tree-9.7.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-tree/9.7/asm-tree-9.7.jar
MD5: ea5cad3e0cbd2520688e4b0b5c4218e7
SHA1: e446a17b175bfb733b87c5c2560ccb4e57d69f1a
SHA256:62f4b3bc436045c1acb5c3ba2d8ec556ec3369093d7f5d06c747eb04b56d52b1
Referenced In Project/Scope: Gemma Groovy Support:compile
asm-tree-9.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

asm-util-9.7.jar

Description:

Utilities for ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-util/9.7/asm-util-9.7.jar
MD5: e7d6e20888e6fd99605f4c5fe1dfa8b0
SHA1: c0655519f24d92af2202cb681cd7c1569df6ead6
SHA256:37a6414d36641973f1af104937c95d6d921b2ddb4d612c66c5a9f2b13fc14211
Referenced In Project/Scope: Gemma Groovy Support:compile
asm-util-9.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

aspectjweaver-1.9.22.1.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /home/jenkins/.m2/repository/org/aspectj/aspectjweaver/1.9.22.1/aspectjweaver-1.9.22.1.jar
MD5: f2edbc088126174a11b68279bd26c6eb
SHA1: bca243d0af0db4758fbae45c5f4995cb5dabb612
SHA256:cd2dd01ec2424c05669df4d557f6c6cd7ed87b05257ee3c866b4c5b116b18a78
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

aspectjweaver-1.9.22.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

baseCode-1.1.23.jar

Description:

		Data structures, math and statistics tools, and utilities that are often needed across projects.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/baseCode/baseCode/1.1.23/baseCode-1.1.23.jar
MD5: 209fa8b43a8f35843c2dd2657508a350
SHA1: 3d762955f197c680df14a7189201e979bbfa1a59
SHA256:26ac5054f781f5666e96c056f88ccd1e227e90f163bc36b04b48d32ba9ff9fbd
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

baseCode-1.1.23.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma@1.31.6

Identifiers

bibliographicReferenceDetails.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/bibliographicReference/bibliographicReferenceDetails.js
MD5: 8170842459ec2d31e47fd177aa983e7a
SHA1: 1cb1069da98a21aa72703a830e6d5368bf332665
SHA256:3054ab3cba005e2d115cda673b8b4913c5ea32874aeba358699713b4e5b48f8f
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

bibliographicReferencePage.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/bibliographicReference/bibliographicReferencePage.js
MD5: b92177c654c884bca5c42ad3def2363d
SHA1: 38b0c3eea902636211af0912cc080e75f64ee376
SHA256:6b01397b7f133c4058b82a4215cae79fd5294912119c50888e1a1241d3e56b59
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

bibliographicReferenceSearchResultGrid.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/bibliographicReference/bibliographicReferenceSearchResultGrid.js
MD5: b3704aa48edc51aeaf215b649a730f7f
SHA1: 3073d94dd357346d9ff8e022437583619c83b4c7
SHA256:fba7e3cccfe3a88cbf660a786470efc601a2a530ad37c29707cbbf90324a5d8a
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

bioassay.draganddrop.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/bioassay.draganddrop.js
MD5: 0f60a5190f59b190d6eea7e03278632d
SHA1: d23f7f3368551a445c298b279947e57e218c5e5b
SHA256:96ccd83378344ff9eda3967a2bdb48b070e74fc43b9decc42b8df61843336697
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

bmFactorValues.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/bmFactorValues.js
MD5: 3b728d8224779b431f68f32747bcda5f
SHA1: 5e878b49f8b6ecfb3b42b1ae96a0209513f5ff8d
SHA256:b3b097d6d7cfab6d8c7d9dbb8a85464fa5434c9e504fdf5d4798532c5c38e982
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

canvas-text-functions.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/canvas-text-functions.js
MD5: 738b5a052e08234da0b2fa9c7fccc4cf
SHA1: 71523d809469959159995fd2ca4c5c932a82da2d
SHA256:53260576f16056b66dbe1a9984d21df431cd9003a8eb8c40a1c54595d4b3bc8c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

class-model-2.5.0-b32.jar

Description:

Dependency Injection Kernel

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/class-model/2.5.0-b32/class-model-2.5.0-b32.jar
MD5: b995e20985e420e7bce29be5a35d7aeb
SHA1: 017f054f3e91898c0c0fc52163ad904b13c24e8b
SHA256:9a4d6e54e48bf71f7669cae5e10277b3dbc438d29c48730c778725a121df8d64
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

class-model-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

classgraph-4.8.165.jar

Description:

The uber-fast, ultra-lightweight classpath and module scanner for JVM languages.

License:

The MIT License (MIT): http://opensource.org/licenses/MIT
File Path: /home/jenkins/.m2/repository/io/github/classgraph/classgraph/4.8.165/classgraph-4.8.165.jar
MD5: 184a77ae08192b53063aa42e540d2d4a
SHA1: d7237a1fc235030b7b548eb3d671f714da01e50b
SHA256:5258d9218fc6413f4d14218a5a6e784528e349f60f48883b77de74bb478ebafd
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

classgraph-4.8.165.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/io.swagger.core.v3/swagger-jaxrs2@2.2.22

Identifiers

color.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/color.js
MD5: 8053f2b455f4e152c7beb931ed277c0a
SHA1: d549d71752f82f5d019ba9c36d34ee31d89cb567
SHA256:f8d34601628fca74fbc9d14f14dd61d80a792e1e40b0abe318ebcd86b16fc96a
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

colt-1.2.0.jar

File Path: /home/jenkins/.m2/repository/colt/colt/1.2.0/colt-1.2.0.jar
MD5: f6be558e44de25df08b9f515b2a7ffee
SHA1: 0abc984f3adc760684d49e0f11ddf167ba516d4f
SHA256:e1fcbfbdd0d0caedadfb59febace5a62812db3b9425f3a03ef4c4cbba3ed0ee3
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

colt-1.2.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6

Identifiers

commons-cli-1.7.0.jar

Description:

    Apache Commons CLI provides a simple API for presenting, processing and validating a Command Line Interface.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-cli/commons-cli/1.7.0/commons-cli-1.7.0.jar
MD5: a7843398103e8e4f9e5c037862b0a5c1
SHA1: 6504b3f17e8bc5adc6b6c8deecc90144d0154075
SHA256:ef990c7522ed6caa06265e24317f29ce839f7702938e1aebe8187a0bac19c0d7
Referenced In Project/Scope: Gemma CLI:compile
commons-cli-1.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-cli@1.31.6

Identifiers

commons-codec-1.16.0.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-codec/commons-codec/1.16.0/commons-codec-1.16.0.jar
MD5: 6e26920fa7228891980890cce06b718c
SHA1: 4e3eb3d79888d76b54e28b350915b5dc3919c9de
SHA256:56595fb20b0b85bc91d0d503dad50bb7f1b9afc0eed5dffa6cbb25929000484d
Referenced In Project/Scope: Gemma:compile
commons-codec-1.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23

Identifiers

commons-codec-1.16.1.jar

Description:

     The Apache Commons Codec component contains encoder and decoders for
     various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-codec-1.16.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.apache.commons/commons-csv@1.11.0
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

commons-configuration2-2.8.0.jar

Description:

        Tools to assist in the reading of configuration/preferences files in
        various formats

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-configuration2/2.8.0/commons-configuration2-2.8.0.jar
MD5: 4bb1f1ad26727cf5966554cb6b9eb073
SHA1: 6a76acbe14d2c01d4758a57171f3f6a150dbd462
SHA256:e5c46e4b0b1acddbc96651838c19d3df70da92dfb5107a6e4c42cb92d3a300bd
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-configuration2-2.8.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6

Identifiers

CVE-2024-29131 (OSSINDEX)  

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.

Users are recommended to upgrade to version 2.10.1, which fixes the issue.



Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29131 for details
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.commons:commons-configuration2:2.8.0:*:*:*:*:*:*:*

CVE-2024-29133 (OSSINDEX)  

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.

Users are recommended to upgrade to version 2.10.1, which fixes the issue.



Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29133 for details
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (4.400000095367432)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.commons:commons-configuration2:2.8.0:*:*:*:*:*:*:*

commons-csv-1.11.0.jar

Description:

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-csv/1.11.0/commons-csv-1.11.0.jar
MD5: 670327702ca6f22103531d20d140bc9e
SHA1: 8f2dc805097da534612128b7cdf491a5a76752bf
SHA256:b697fe3f94cfc4f7e2a87bddf78d15cd10d8c86cbe56ae9196a62d6edbf6b76d
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-csv-1.11.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

commons-fileupload-1.5.jar

Description:

    The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.5/commons-fileupload-1.5.jar
MD5: e57ac8a1a6412886a133a2fa08b89735
SHA1: ad4ad2ab2961b4e1891472bd1a33fabefb0385f3
SHA256:51f7b3dcb4e50c7662994da2f47231519ff99707a5c7fb7b05f4c4d3a1728c14
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-fileupload-1.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

commons-httpclient-3.0.1.jar

Description:

The HttpClient  component supports the client-side of RFC 1945 (HTTP/1.0)  and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/jenkins/.m2/repository/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1.jar
MD5: 456245a3b1b49eb51c57d037acebfefc
SHA1: d6364bcc1b2b2aa69d008602d36a700453648560
SHA256:310c8ad76748ee7af743465304533406dc2e70464ce04c7cd410caddd2747bf9
Referenced In Project/Scope: Gemma Web:compile
commons-httpclient-3.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/rome/rome-fetcher@1.0

Identifiers

CVE-2012-5783 (OSSINDEX)  

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.800000190734863)
  • Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:commons-httpclient:commons-httpclient:3.0.1:*:*:*:*:*:*:*

CVE-2020-13956  

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

commons-io-2.16.1.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.16.1/commons-io-2.16.1.jar
MD5: ed8191a5a217940140001b0acfed18d9
SHA1: 377d592e740dc77124e0901291dbfaa6810a200e
SHA256:f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-io-2.16.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6

Identifiers

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-lang-2.6.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/com.jayway.jsonpath/json-path@0.8.1
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

commons-lang3-3.14.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar
MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f
SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae
SHA256:7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-lang3-3.14.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

commons-logging-1.3.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well-known logging systems.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging/1.3.2/commons-logging-1.3.2.jar
MD5: 4b970f3b14a5e53d8e8edff1cf2ecd91
SHA1: 3dc966156ef19d23c839715165435e582fafa753
SHA256:6b858424f518015f32bfcd1183a373f4a827d72d026b6031da0c91cf0e8f3489
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-logging-1.3.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6

Identifiers

commons-logging-api-1.1.jar

Description:

Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar
MD5: 4374238076ab08e60e0d296234480837
SHA1: 7d4cf5231d46c8524f9b9ed75bb2d1c69ab93322
SHA256:33a4dd47bb4764e4eb3692d86386d17a0d9827f4f4bb0f70121efab6bc03ba35
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-logging-api-1.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma@1.31.6

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

commons-net-3.10.0.jar

Description:

Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-net/commons-net/3.10.0/commons-net-3.10.0.jar
MD5: 84511bcbcbd37725fd1a53360e0c3fd6
SHA1: 86762ea0ac98fd41c91745a32d496a985e2bd5e7
SHA256:2230eec44ef4b8112ea09cbeb6de826977abe792e627cee2770e35ca8c39dce1
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-net-3.10.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

commons-text-1.12.0.jar

Description:

Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
    and manipulating text that should be of use in a Java environment.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar
MD5: 544add6fbc8d4b100b07c3692d08099e
SHA1: 66aa90dc099701c4d3b14bd256c328f592ccf0d6
SHA256:de023257ff166044a56bd1aa9124e843cd05dac5806cc705a9311f3556d5a15f
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

commons-text-1.12.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6

Identifiers

concurrent-1.3.4.jar

License:

Public domain, Sun Microsoystems: >http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html
File Path: /home/jenkins/.m2/repository/concurrent/concurrent/1.3.4/concurrent-1.3.4.jar
MD5: f29b9d930d3426ebc56919eba10fbd4d
SHA1: 1cf394c2a388199db550cda311174a4c6a7d117c
SHA256:12639def9a5b5ebf56040ab764bd42b7e662523d3b983e5d5da04bf37be152f9
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

concurrent-1.3.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/colt/colt@1.2.0
  • pkg:maven/colt/colt@1.2.0
  • pkg:maven/colt/colt@1.2.0
  • pkg:maven/colt/colt@1.2.0
  • pkg:maven/colt/colt@1.2.0
  • pkg:maven/colt/colt@1.2.0

Identifiers

config-types-2.5.0-b32.jar

Description:

Dependency Injection Kernel

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/config-types/2.5.0-b32/config-types-2.5.0-b32.jar
MD5: 6ad3a1e788c84830ffc2f3a4454ce5ee
SHA1: 686bbe7f80b1b879d64c06bc6606c97721a795f2
SHA256:21b4c91cfe7f3a78802fe1c63fbe738a664e1ba21ee29177442ff2c75b798d7b
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

config-types-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1

Identifiers

core-1.1.2.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/core/1.1.2/core-1.1.2.jar
MD5: ab845840ad73fa2ec1a5025a7c48b97e
SHA1: 574b480eca62f535fad6d259e144fee3ef24b66e
SHA256:5ffaddee0a3f8d09a56064aa05feb95837ddad9d42d9dcc37479c66e869aa139
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

core-1.1.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

cytoscape.js-qtip.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.js-qtip.js
MD5: 020c8099cabe2276d16f98e02e950f69
SHA1: fd2c68f0447e0ad6e8ffb2c4d69bef8a97733dd6
SHA256:6325f06331b91faf6684b86bdf5f80031019b9cc67bc8907356ec8a24660083c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

cytoscape.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.js
MD5: 91cd56f9481880cee61b564197c71f31
SHA1: 614f3c5faf3f0ad726a988cef5adc42e7aade5f6
SHA256:cba2edf89c4649788887b53eebc048718b78a3eb5e96114dafbdb4c32627c96c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

datasetchooserapp.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/test/datasetchooserapp.js
MD5: a9b463b7604e3c906482d9ab5a3c3b21
SHA1: 40fd0627fad6c5586a467e650948e10b07d7cdb5
SHA256:b64466caa4b74ff03ec9a859e26202584be9ea647271664f494dfd011f1b3ee0
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

discrete-color-range.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/discrete-color-range.js
MD5: 98029aa9249e661ebf97cc2f8dd61a97
SHA1: a0b7fe3ea6e14610ec7d8c35cdd1ef7c45730e2c
SHA256:37acc17a27274ced76055cf0ee078808d734778b0540a793b283f90338526938
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

dom4j-2.1.4.jar

Description:

flexible XML framework for Java

License:

Plexus: https://github.com/dom4j/dom4j/blob/master/LICENSE
File Path: /home/jenkins/.m2/repository/org/dom4j/dom4j/2.1.4/dom4j-2.1.4.jar
MD5: 8246840e53db2781ca941e4d3f9ad715
SHA1: 35c16721b88cf17b8279fcb134c0abb161cc0e9b
SHA256:235a9167a8a199be04b5326d92927ca0adeb90d11f69fe2e821b34ce8433b591
Referenced In Projects/Scopes:
  • Gemma CLI:runtime
  • Gemma Core:runtime
  • Gemma Groovy Support:runtime
  • Gemma:runtime
  • Gemma Web:runtime
  • Gemma REST:runtime

dom4j-2.1.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6

Identifiers

dwr-2.0.11-RELEASE.jar

Description:

	DWR is easy Ajax for Java. It makes it simple to call Java code directly from Javascript.
	It gets rid of almost all the boiler plate code between the web browser and your Java code.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar
MD5: 9c4f14c69b863e43632f8db41cbb71c3
SHA1: 4b8d5615d93c575909f5936098c5a7bd3c7b17bb
SHA256:3edaf099cabe669b994d54fe2ade38028c60bbb87e88530ebbfccecc3acbd741
Referenced In Project/Scope: Gemma Web:compile
dwr-2.0.11-RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

dwr-2.0.11-RELEASE.jar: DWRActionUtil.js

File Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar/org/directwebremoting/webwork/DWRActionUtil.js
MD5: aa24bc4053d338ca92b23d76161b9088
SHA1: 1a376c4c0d20b1ecbdbeaeba716ca8c08abe74b6
SHA256:d0515b81fa1aca04e1a76ac9fc02c7a67d8e92a49a99f86118097e633355036c
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

dwr-2.0.11-RELEASE.jar: auth.js

File Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar/org/directwebremoting/auth.js
MD5: 52993c534d7435ec92621f01db5cb399
SHA1: 5182c539e701da871bb0fc46b2efb551464128e4
SHA256:65baa91ec070a657258a3219f80fdedad9cc0171955284598ded11f95b54e039
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

dwr-2.0.11-RELEASE.jar: engine.js

File Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar/org/directwebremoting/engine.js
MD5: 286f209923da62550cc001a39ab7a552
SHA1: 5dfdc76e035f9b20a95bbf68ca4c56f88cb23544
SHA256:c16856c39a8a36831b9a58f7d0bdb79e5ea295bf830f34c6c35479c3cf80671d
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

dwr-2.0.11-RELEASE.jar: util.js

File Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar/org/directwebremoting/util.js
MD5: b0b04f1befb5f223620449d16ba76c70
SHA1: 465a1d7f78f6698a80c1331ebd690d1b672d77fb
SHA256:e0e62b9751e091e553320398c27d0d311da997cc35d16dddcfbebd8925fcf2ee
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

dwrServices.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/dwrServices.js
MD5: b60c638ea7b4e60d5fe2a76a74961fe7
SHA1: 7bd76fe792d1cf3551b45115f718aa525bcab055
SHA256:d5cf0e76ed46ceba2e0a1fb1f8a0fc558573a8cbd3b5e4160c4255a40717c48c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

editUser.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/editUser.js
MD5: 2a7304609a58dcc17cf6b5334ed555bf
SHA1: 30023f3d49d21d980815e88c9a848798b9c05f84
SHA256:ef52ebeaf242022df29b3357b7551077d3bf0ce68167cac7917d9e9b09725112
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

eeDataFetch.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/eeDataFetch.js
MD5: 0b934b860d52e2147f619f687d7461a0
SHA1: bdaa1780ace60bbc2c9ff3c411106cfaeb65e387
SHA256:b9aeee41e23739c52ce3a5177dc6a811ffc3e7c78736dd28396a88a5b474314e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

eeDesignMatrix.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/eeDesignMatrix.js
MD5: a2ce64392117742ef610051ba961f212
SHA1: 2cad43a8714c169985fd1e9351ce2aafacb70281
SHA256:8076fb91554d39ce3554a687055065cc925c1b90015cbe14af63dccfe8ee3072
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ehcache-core-2.4.3.jar

Description:

This is the ehcache core module. Pair it with other modules for added
        functionality.

License:

The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: /home/jenkins/.m2/repository/net/sf/ehcache/ehcache-core/2.4.3/ehcache-core-2.4.3.jar
MD5: 9d4b1464a2fcbc16ae46740669a0dab8
SHA1: fd258ef6959f27fb678b04f90139ded4588e2d15
SHA256:9b93a12cda08e7ad4d567d2027d292e67ee726da0cbb330f5de0e90aeb1d3fd1
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

ehcache-core-2.4.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6

Identifiers

excanvas-text.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/excanvas-text.js
MD5: 322c4e1d96cdcdec1a70f8d117439088
SHA1: 65a17d57d609496ccf2bee484b86d0e1b61f5802
SHA256:209e91cd6ba1ca7416412a8245b2bf6e83ad8487e7773d19a7c2a78f696d09db
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

excanvas.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/excanvas.js
MD5: c0cad58f958c967912d024bbd714323e
SHA1: f0e4d90b4b7b5ce7a48c24f1252a06a35a3bcc84
SHA256:eb83b648be468f90407bdd8e210aac8c167b9167a7770287ca771428a6986997
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ext-all-debug.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/ext-all-debug.js
MD5: 575d68d1e77ca456953580a96e584425
SHA1: c75d8b52583202f475adab02d2e6f64c40e05bc0
SHA256:13e7254b94d22cae79ee9e983dd54fe1f5bbf6f8c5f8ddcb7a4c1704bb37f35a
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ext-jquery-adapter-debug.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/adapter/jquery/ext-jquery-adapter-debug.js
MD5: 8802c3ba57ae5052fb4569036fa7a442
SHA1: 986cd840598f280bcc29db06b8dcd99662d3539a
SHA256:674448fccb4e5784d7da4e64fce0fe9515d46ae298c19e6c89d66bf0b76f6005
Referenced In Project/Scope: Gemma Web

Identifiers

CVE-2007-2285  

Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter.  NOTE: analysis by third party researchers indicates that this issue might be platform dependent.
NVD-CWE-Other

CVSSv2:
  • Base Score: HIGH (7.8)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jack_slocum:ext_js:1.0_alpha1:*:*:*:*:*:*:*

CVE-2010-4207  

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* version is NOT VULNERABLE
  • cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:* version is NOT VULNERABLE
  • cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*

CVE-2012-5881  

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*
  • cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*

extjs_fontawesome.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/extjs_fontawesome.js
MD5: 34272480b735be0e8021aa81c9fb76f4
SHA1: 9f9f62ab8d753bf3a4c1e90095c0496e14cff05f
SHA256:2798f1dff23a461616c46bdfdc8b75bbf5a645dcc8c3938fa959da9c7c705d75
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

flotr2.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/flotr2.js
MD5: 506699edf51625bf90e639e766ad42a7
SHA1: c0a3c0ff56745f907bf63300e93576ee9d359816
SHA256:149d4c691d28a3fdffd30aa5f19e2b23fde7f097f0a5cca629c8dd244d9c4016
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

gemma-gsec-0.0.16.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/pavlab/gemma-gsec/0.0.16/gemma-gsec-0.0.16.jar
MD5: f28b6a8bd682b7e4806493f9e2328f7c
SHA1: 40e5cd542c29de0474c151076c9f604c866a3a9f
SHA256:4ff346e56a7de22605181eb5b05c2445840b62644b376d0ace3adc081f13e650
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

gemma-gsec-0.0.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6

Identifiers

generalSearchSimple.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/search/generalSearchSimple.js
MD5: 25d92b8ca101910037351de7f4c41dde
SHA1: e27974b75213c127c78737e26921eb679ee0ed4b
SHA256:e3620666b6b20100fe047f6174bba810a139907c13461ddc0514abc4a5a1627b
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

geoBrowse.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/geoBrowse.js
MD5: cfb5b0b4a0f6273760523ab414e1c795
SHA1: 2ab1496d80de85a7de7b039651e2560f48140618
SHA256:569af2564af541649853cbaad417ecc03c0e8b80c3ab24835e865b2cbe6b2d91
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

globals.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/globals.js
MD5: 237757ab545f9a30f9a1e4e96f28c55c
SHA1: 6c8ddd4c1f0ef86a2f5eec5821ba9b3e57d25646
SHA256:e15b89bcc7ab6a377a8bfb98e7564d510fc4c91ddb2c227c2c5bdcd94e825803
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

groovy-4.0.21.jar

Description:

Groovy: A powerful multi-faceted language for the JVM

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/groovy/groovy/4.0.21/groovy-4.0.21.jar
MD5: 56f1004f1c65355f884584967b7deb69
SHA1: 6ff3635d098b128f899c064dbc17cc1fe0db9bdc
SHA256:6743c1fef504a404945821e33cf746a6456caf686c6c6e72931716ec81c6516c
Referenced In Project/Scope: Gemma Groovy Support:compile
groovy-4.0.21.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

groovy-ant-4.0.21.jar

Description:

Groovy: A powerful multi-faceted language for the JVM

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/groovy/groovy-ant/4.0.21/groovy-ant-4.0.21.jar
MD5: 52e8c4e4b9a1e306a41dec68a7f3f728
SHA1: e8eec3250f433c7119719758fe00716fd701a5a2
SHA256:e5cffab2e89ae7f045b1dcf114e10b6f434a585a2ee638615773c432725df337
Referenced In Project/Scope: Gemma Groovy Support:compile
groovy-ant-4.0.21.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

groovy-sql-4.0.21.jar

Description:

Groovy: A powerful multi-faceted language for the JVM

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/groovy/groovy-sql/4.0.21/groovy-sql-4.0.21.jar
MD5: 4d97660191998e8674ce978440e1c867
SHA1: 6d4d122f036d3ce36a54d392cfb4b609310883c9
SHA256:88557a5113d939cdec90e1414947b451ad77222fd1ff1ebfcb62200e5b00d77f
Referenced In Project/Scope: Gemma Groovy Support:compile
groovy-sql-4.0.21.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

gson-2.10.1.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar
MD5: df6097815738cb31fc56391553210843
SHA1: b3add478d4382b78ea20b1671390a858002feb6c
SHA256:4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
Referenced In Project/Scope: Gemma Web:compile
gson-2.10.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2

Identifiers

helvetiker-normal-normal.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/faces/helvetiker-normal-normal.js
MD5: 40013a32b6b084c2e5c477d4c6ad26bf
SHA1: 265615d33fb3f2ef7a7920e7fc7e647be865161a
SHA256:0020f8eb7a35548916af97759ead2ba529c59fb0daec4706376d539f4a6e3031
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

hibernate-commons-annotations-4.0.2.Final.jar

Description:

Common reflection code used in support of annotation processing

License:

GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/jenkins/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.2.Final/hibernate-commons-annotations-4.0.2.Final.jar
MD5: 916d4ddfb26db16da75ee8f973fd08ad
SHA1: 0094edcc5572efb02e123cc9ef7ad7d0fa5f76cf
SHA256:ae6b6708a03a144265ac7bf1def64b18def3b6576a8a52d7a6787d9cf00aa0ec
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

hibernate-commons-annotations-4.0.2.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final

Identifiers

hibernate-core-4.2.21.Final.jar

Description:

A module of the Hibernate O/RM project

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-core/4.2.21.Final/hibernate-core-4.2.21.Final.jar
MD5: 492567c1f36fb3a5968ca2d3c452edaf
SHA1: bb587d00287c13d9e4324bc76c13abbd493efa81
SHA256:7c33583de97e42b95c530e7e4752efbdbd46a566f7708ff0e8cf490203db74e3
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

hibernate-core-4.2.21.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6

Identifiers

CVE-2020-25638  

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900  

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

hibernate-jpa-2.0-api-1.0.1.Final.jar

Description:

        Hibernate definition of the Java Persistence 2.0 (JSR 317) API.

License:

license.txt
File Path: /home/jenkins/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar
MD5: d7e7d8f60fc44a127ba702d43e71abec
SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b
SHA256:bacfb6460317d421aa2906d9e63c293b69dc1a5dac480d0f6416df50796a4bb3
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

hibernate-jpa-2.0-api-1.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final

Identifiers

hibernate-search-engine-4.4.6.Final.jar

Description:

the core of the Object/Lucene mapper, query engine and index management

File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-search-engine/4.4.6.Final/hibernate-search-engine-4.4.6.Final.jar
MD5: 9e9d56601b801f8d22a95f93aa14b599
SHA1: b3395324b7a3ff069ceae3f929805859b6f78cd4
SHA256:c4b6df8b2045f512f65559ad0a0ad370f8dc2a41a1854142c0a826cd3f30d86c
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

hibernate-search-engine-4.4.6.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final

Identifiers

CVE-2020-25638  

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900  

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

hibernate-search-orm-4.4.6.Final.jar

Description:

Hibernate Search integration with Hibernate Core

File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-search-orm/4.4.6.Final/hibernate-search-orm-4.4.6.Final.jar
MD5: 211a4877ef941c8f754e22f049076b27
SHA1: 306bbf61e5c9d5e807cf178f20de09ce65bf088d
SHA256:62703d15aa0d11376b263e0d25abdbc25242975c62260f1795d0eae8ba6990b0
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

hibernate-search-orm-4.4.6.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

CVE-2020-25638  

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900  

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

hk2-2.5.0-b32.jar

Description:

This is so that other modules can depend on HK2 as an HK2 module.

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2/2.5.0-b32/hk2-2.5.0-b32.jar
MD5: 31e1db921be02e0d5af049306502e730
SHA1: 0c3accae585955e49c771d464899e906ecc9ffb4
SHA256:544704ba09f01b7079b4280c9f45c73221693e37f3f3de77953d53cbe8c3b4dc
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

hk2-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1

Identifiers

hk2-api-2.5.0-b32.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-api/2.5.0-b32/hk2-api-2.5.0-b32.jar
MD5: 93322931c4ec277c5190c7cddf7ad155
SHA1: 6a576c9653832ce610b80a2f389374ef19d96171
SHA256:b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

hk2-api-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

hk2-config-2.5.0-b32.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-config/2.5.0-b32/hk2-config-2.5.0-b32.jar
MD5: 6ea901d4ede7a568fda9c3b91bebc648
SHA1: dce05ac4225dbc0c1c382ad02e3b5bee51f0168a
SHA256:7aa82ea0bfbfe68959473414a5cb12b3a3a288795f18b1187043ae9b953e81c3
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

hk2-config-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

hk2-core-2.5.0-b32.jar

Description:

Dependency Injection Kernel

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-core/2.5.0-b32/hk2-core-2.5.0-b32.jar
MD5: 9b0ee99635dcb6e04100698d4f805c90
SHA1: 8cb6a8a9522ec523b7740d29f555bdbe9d936af2
SHA256:ad86f38c17d4c0d2d4b7972ef64ae92383beb5751f05ddf8fe98da574f8412e1
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

hk2-core-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

hk2-locator-2.5.0-b32.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-locator/2.5.0-b32/hk2-locator-2.5.0-b32.jar
MD5: 5baf0f144cf8552a9fe476b096fc18a7
SHA1: 195474f8ad0a8d130e9ea949a771bcf1215fc33b
SHA256:27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

hk2-locator-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1

Identifiers

hk2-utils-2.5.0-b32.jar

Description:

${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-utils/2.5.0-b32/hk2-utils-2.5.0-b32.jar
MD5: acc873aece4f8e89814ac0300b549e3e
SHA1: 5108a926988c4ceda7f1e681dddfe3101454a002
SHA256:3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

hk2-utils-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1

Identifiers

httpclient-4.5.14.jar

Description:

   Apache HttpComponents Client

File Path: /home/jenkins/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jar
MD5: 2cb357c4b763f47e58af6cad47df6ba3
SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98
SHA256:c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

httpclient-4.5.14.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

httpcore-4.4.16.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /home/jenkins/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar
MD5: 28d2cd9bf8789fd2ec774fb88436ebd1
SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850
SHA256:6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

httpcore-4.4.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

indexer.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/indexer.js
MD5: aa46495eb50f856ea75dd9dc9d6b5f06
SHA1: 4d19636b27bb87f29566f89e7fae303aa16ed93a
SHA256:a6fecbf5e9c99da2e5026de23a249419d5d63728e438c233e48936557b01c61a
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

ivy-2.5.2.jar

File Path: /home/jenkins/.m2/repository/org/apache/ivy/ivy/2.5.2/ivy-2.5.2.jar
MD5: 48ac3b12020a3d41b3edf7977eb04a46
SHA1: cdde632c88d66bee5b13379448d12ed8baa58464
SHA256:98428d545ea63cd9a0aaf255caf42cb8cb64fe430dbb5e709aed536d4daeed04
Referenced In Project/Scope: Gemma Groovy Support:compile
ivy-2.5.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

jackson-core-2.17.1.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.1/jackson-core-2.17.1.jar
MD5: 9363584821290882417f1c3ceab784df
SHA1: 5e52a11644cd59a28ef79f02bddc2cc3bab45edb
SHA256:ddb26c8a1f1a84535e8213c48b35b253370434e3287b3cf15777856fc4e58ce6
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jackson-core-2.17.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma@1.31.6

Identifiers

jackson-databind-2.17.1.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.1/jackson-databind-2.17.1.jar
MD5: f0a1c37dc7d937f14e183d84f15c0f83
SHA1: 0524dcbcccdde7d45a679dfc333e4763feb09079
SHA256:b6ca2f7d5b1ab245cec5495ec339773d2d90554c48592590673fb18f4400a948
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jackson-databind-2.17.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma@1.31.6

Identifiers

jackson-dataformat-yaml-2.16.2.jar

Description:

Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.16.2/jackson-dataformat-yaml-2.16.2.jar
MD5: 195173d37b475172610d4830fb66e506
SHA1: 13088f6762211f264bc0ebf5467be96d8e9e3ebf
SHA256:df33f4dd29f975600d3ac2e7c891ef7a9bce33f0715680df479c63a44ddc8fa9
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

jackson-dataformat-yaml-2.16.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/io.swagger.core.v3/swagger-core@2.2.22

Identifiers

jackson-dataformat-yaml-2.17.0.jar

Description:

Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.17.0/jackson-dataformat-yaml-2.17.0.jar
MD5: 24f6f98e917bff8382dfc8890a0b634b
SHA1: 57a963c6258c49febc11390082d8503f71bb15a9
SHA256:46b65ace036b01743710bcfc9e7f041eded2fc82ba0d3d83e19b32c818c18b4c
Referenced In Project/Scope: Gemma Groovy Support:compile
jackson-dataformat-yaml-2.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

jackson-datatype-jsr310-2.16.2.jar

Description:

Add-on module to support JSR-310 (Java 8 Date & Time API) data types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.16.2/jackson-datatype-jsr310-2.16.2.jar
MD5: 17b881ce122838518321585edd2e8586
SHA1: 58e86108e4b1b1e893e7a69b1bbca880acfca143
SHA256:9d03ad6d47b5f9951b75fb0cae0760156fa827794730cd5ef6cd79d3785cc9c0
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

jackson-datatype-jsr310-2.16.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/io.swagger.core.v3/swagger-core@2.2.22
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

jackson-jaxrs-base-2.8.4.jar

Description:

Pile of code that is shared by all Jackson-based JAX-RS
providers.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.8.4/jackson-jaxrs-base-2.8.4.jar
MD5: a4f28b06972a3a1228f00d391a78c528
SHA1: 6c0ceb3c9fed2e225b0cc2a45533574df393f606
SHA256:f33eebc483f6f23a3afb160a5d0199aa9e932f0bd554a2f04ad0e26b3d80e2dc
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

jackson-jaxrs-base-2.8.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.25.1

Identifiers

jackson-jaxrs-json-provider-2.8.4.jar

Description:

Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.8.4/jackson-jaxrs-json-provider-2.8.4.jar
MD5: 1d6803bb4c746d7dc561805d31e831b1
SHA1: 839366ece31829a19cb15719b2b54a3f9f91148d
SHA256:27e4110361836b62e3fdb8909e058518ef2f0e208ee744b4daf4ce2d644726c7
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

jackson-jaxrs-json-provider-2.8.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.25.1

Identifiers

jackson-module-jaxb-annotations-2.8.4.jar

Description:

Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring data binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.8.4/jackson-module-jaxb-annotations-2.8.4.jar
MD5: 2f72f2cfedb7f9db842ca4b3cdd4a97a
SHA1: d2eec7cf6c4284f7d5f0b1a72dc7cfa9d6bb579d
SHA256:07fa24560b69913166d584eb4806e09515e6dd5f2a6858defa1239119466c790
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

jackson-module-jaxb-annotations-2.8.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.25.1

Identifiers

jakarta.activation-1.2.2.jar

Description:

Jakarta Activation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/jenkins/.m2/repository/com/sun/activation/jakarta.activation/1.2.2/jakarta.activation-1.2.2.jar
MD5: 0b8bee3bf29b9a015f8b992035581a7c
SHA1: 74548703f9851017ce2f556066659438019e7eb5
SHA256:02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a
Referenced In Project/Scope: Gemma Web:runtime
jakarta.activation-1.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3

Identifiers

jakarta.xml.soap-api-1.4.2.jar

Description:

Provides the API for creating and building SOAP messages.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/jenkins/.m2/repository/jakarta/xml/soap/jakarta.xml.soap-api/1.4.2/jakarta.xml.soap-api-1.4.2.jar
MD5: d19eb8a4a5401296985db733868425e0
SHA1: 4f71fa8ca30be4d04ba658339df3c927fa21209a
SHA256:0b2e9db574869c09b18e7fe87482be2e4e14b3f3cc8207646595806eede77706
Referenced In Project/Scope: Gemma Web:runtime
jakarta.xml.soap-api-1.4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3

Identifiers

javaparser-core-3.25.10.jar

Description:

The core parser functionality. This may be all you need.

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-3.0.html
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/github/javaparser/javaparser-core/3.25.10/javaparser-core-3.25.10.jar
MD5: 0570ebdb35505af63dbd953106562690
SHA1: ed2d4a9c601507713cf2f6208df4c844fe6447b2
SHA256:9e80a37f92dd777d715c413a9a227e27a369d4a389ddbf2292cd74faec7e77d0
Referenced In Project/Scope: Gemma Groovy Support:compile
javaparser-core-3.25.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

javassist-3.30.2-GA.jar

Description:

    Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: https://www.mozilla.org/en-US/MPL/1.1/
LGPL 2.1: https://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.30.2-GA/javassist-3.30.2-GA.jar
MD5: f5b827b8ddec0629cc7a6d7dafc45999
SHA1: 284580b5e42dfa1b8267058566435d9e93fae7f7
SHA256:eba37290994b5e4868f3af98ff113f6244a6b099385d9ad46881307d3cb01aaf
Referenced In Projects/Scopes:
  • Gemma CLI:runtime
  • Gemma Core:runtime
  • Gemma Groovy Support:runtime
  • Gemma:runtime
  • Gemma Web:runtime
  • Gemma REST:runtime

javassist-3.30.2-GA.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/io.swagger.core.v3/swagger-jaxrs2@2.2.22
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final

Identifiers

javax.activation-api-1.2.0.jar

Description:

JavaBeans Activation Framework API jar

License:

https://github.com/javaee/activation/blob/master/LICENSE.txt
File Path: /home/jenkins/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256:43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

javax.activation-api-1.2.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/javax.xml.bind/jaxb-api@2.3.1
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

javax.annotation-api-1.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/jenkins/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

javax.annotation-api-1.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1

Identifiers

javax.inject-2.5.0-b32.jar

Description:

Injection API (JSR 330) version  repackaged as OSGi bundle

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/external/javax.inject/2.5.0-b32/javax.inject-2.5.0-b32.jar
MD5: b7e8633eb1e5aad9f44a37a3f3bfa8f5
SHA1: b2fa50c8186a38728c35fe6a9da57ce4cc806923
SHA256:437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

javax.inject-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

javax.mail-1.6.2.jar

Description:

JavaMail API

License:

https://javaee.github.io/javamail/LICENSE
File Path: /home/jenkins/.m2/repository/com/sun/mail/javax.mail/1.6.2/javax.mail-1.6.2.jar
MD5: 0b81d022797740d72d21620781841374
SHA1: 935151eb71beff17a2ffac15dd80184a99a0514f
SHA256:45b515e7104944c09e45b9c7bb1ce5dff640486374852dd2b2e80cc3752dfa11
Referenced In Projects/Scopes:
  • Gemma CLI:runtime
  • Gemma Core:runtime
  • Gemma Groovy Support:runtime
  • Gemma Web:runtime
  • Gemma REST:runtime

javax.mail-1.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

javax.resource-api-1.7.1.jar

Description:

Java EE Connector Architecture API

License:

CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /home/jenkins/.m2/repository/javax/resource/javax.resource-api/1.7.1/javax.resource-api-1.7.1.jar
MD5: 41f26638ff807ef37845d6d89ef0e694
SHA1: f86b4d697ecd992ec6c4c6053736db16d41dc57f
SHA256:c75bd698263abd9c8c773e3b433a4da2c983fbc92a0a4ef5fc3286e62f41e411
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

javax.resource-api-1.7.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6

Identifiers

javax.servlet-api-3.1.0.jar

Description:

Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/jenkins/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256:af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: Gemma REST:provided
javax.servlet-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1

Identifiers

javax.transaction-api-1.3.jar

Description:

Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.transaction/blob/master/LICENSE
File Path: /home/jenkins/.m2/repository/javax/transaction/javax.transaction-api/1.3/javax.transaction-api-1.3.jar
MD5: 6e9cb1684621821248b6823143ae26c0
SHA1: e006adf5cf3cca2181d16bd640ecb80148ec0fce
SHA256:603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

javax.transaction-api-1.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/javax.resource/javax.resource-api@1.7.1
  • pkg:maven/javax.resource/javax.resource-api@1.7.1
  • pkg:maven/javax.resource/javax.resource-api@1.7.1
  • pkg:maven/javax.resource/javax.resource-api@1.7.1
  • pkg:maven/javax.resource/javax.resource-api@1.7.1
  • pkg:maven/javax.resource/javax.resource-api@1.7.1

Identifiers

javax.ws.rs-api-2.0.1.jar

Description:

Java API for RESTful Web Services (JAX-RS)

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256:38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

javax.ws.rs-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

jawr-core-3.9.jar

Description:

Javascript/CSS bundling and compressing tool for java web apps.
  	By using jawr resources are automatically bundled together and optionally minified and gzipped. 
  	Jawr provides tag libraries to reference a generated bundle either by id or by using the name of any of its members.

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar
MD5: f7615f9921db47ae876992bc36dc9c08
SHA1: ec6f341cf39fca76a16b4bfde3a0afe3ff434490
SHA256:a81958004d12f4f2d68aa5594ba9a0415e808e3e2b85695eeddaacfdb03ff60a
Referenced In Project/Scope: Gemma Web:compile
jawr-core-3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

jawr-core-3.9.jar: ast.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/ast.js
MD5: 88a0db839d73b9b941253581b467b8ca
SHA1: 26479c7ce811d1a7c5c58fbd93e7f2d4db25dc62
SHA256:4504323b016635f562e5b3bde2a3f68afa399abee068495aadcd03e4be9af429
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: autoprefixer-6.4.0.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/css/autoprefixer/autoprefixer-6.4.0.js
MD5: 0cc2a262e1cc40313125f4c8cb36d974
SHA1: df339e8414354ca23fdf96e145e6aaa3bfc75822
SHA256:0dc3a5016e6695eabd8a42a10bacd045b6d4b275d8962a1e9d536145ff05f4b3
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: coffee-script.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/generator/js/coffee/coffee-script.js
MD5: a34aca4e292396656e782c33f0cdde06
SHA1: cee97110b12583c1c733a41d8e8a125871325848
SHA256:1e0f62cec3f92a31c6379bbbbef1981826da8e0db8386c83144a1395fe3fbff3
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: compress.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/compress.js
MD5: 67c908f5154e5c975b82e70fb0d52388
SHA1: 97243ef8bf8b57b80fdbb2fe85d6950f7c9aaad0
SHA256:b661216111b62743875829b5d55999ee3c360780d30ad864476fd91e030e5aaf
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: debughandler.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/handler/debughandler.js
MD5: b6e5ad55e4f2c22dc74ed9b8fdac4a58
SHA1: 5ebebf793220961828e1ad0a3d0e62c6423a2ef6
SHA256:bc0ef32cd1d58c035da2f86074e3ef402f31d80d51ff029c0f2fa066e28349fd
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: handler.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/handler/handler.js
MD5: abf91a2a3ba2fb1198d74602a746a4dc
SHA1: db273638c7bb320d9f966f61e4f6f4ca51653c74
SHA256:d17757648046347523923287cacb2d24f38c15d0cf92956e790f8504620ef8d6
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: messages.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/message/messages.js
MD5: eca5658057e833a2f2c6eea369b7bcd6
SHA1: 981ed765c1ba377b95620a5a5ad8eafde13f62b1
SHA256:fb4367def7dcfe5649f1bff65a052599bff87c680ab94d1d7bfaa23970c7764f
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: mozilla-ast.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/mozilla-ast.js
MD5: dfbbf71fdb0f8028ad3b5772dcf27f06
SHA1: de4c04e57f8247e749883b3e552883394492a2bb
SHA256:87d6adbee4254fbe8bab007867e32e7c6956543d8ae354b918e6c8cf130e6da5
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: output.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/output.js
MD5: 1962439b6a14d2e734222fe186af3153
SHA1: 9bad75fa654713be92ac0f83a76d0bc254268361
SHA256:b47ae1ceb6a5fbc4b7d07ba28c1e6bed5c3f6143458333b68f7e25404b60ab3d
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: parse.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/parse.js
MD5: 3c1660c79dc7d4ddc7dace93a8d450c3
SHA1: 83766183c7f895c2c560fe70a5f6221918a174db
SHA256:f62e15220df14f77fa6413cda0686cffbdec072965608727d7b088fb2eb7f8b8
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: scope.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/scope.js
MD5: 642e3430fdd7fa75eea5da73a8032bea
SHA1: 096c26739f772a453549e67db4cf9845b3336e07
SHA256:bd18b62a782b82430c1a374e40aaac2801bdc34232addebe300d5351bf8b3f5e
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: skinSwitcher.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/skin/skinSwitcher.js
MD5: ee7e736b4e7b5f7162a014e8ec1b5bb1
SHA1: a3b36057dc4fc880f6d9357c7906a3243bc42138
SHA256:3f9bf157100f1221f9cbbc2d9c10a4358072492811b60448453ddc63910d78e7
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: sourcemap.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/sourcemap.js
MD5: 4fd7a5887bea88c733a172bdb9137045
SHA1: 8b22176a5d25d805314d14aaaf9aef3e7ebf10a5
SHA256:62ef638a1b7ceae6fd9143af2c22ed879315d1f1f03b80bd1ff23601871cb105
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: transform.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/transform.js
MD5: 3fd499cf194d134a67f59feb74e66fa8
SHA1: 8aa30c863932ffb23b24d13e32dd2cabbae29229
SHA256:7b9219d4c07dd4d6146a943a73c53a8d076e088caeb1a6ddd62a7f574a2f89f5
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: uglify.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/uglify.js
MD5: 839fd49f036373f9678f5ef59b66fc0a
SHA1: df0f9445af7ad49cd649b9a25bfba708a1dc698c
SHA256:d49d49eccfaa0c005b5313c866e3701c3f75297746213c932cc35b0855232dff
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-core-3.9.jar: utils.js

File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar/net/jawr/web/resource/bundle/postprocessor/js/uglify/utils.js
MD5: fd34223fc69025f3d960f50977212fc3
SHA1: 9ce312e98d7280eb308d9f4eaa622b1a87684f7b
SHA256:52cee710c8136e8c32eea2d4f3bae1c9febe8b35eccb592b6f738ccb77578330
Referenced In Project/Scope: Gemma Web:compile

Identifiers

  • None

jawr-dwr2.x-extension-3.9.jar

Description:

This module provides dwr2.x support in Jawr

File Path: /home/jenkins/.m2/repository/net/jawr/extensions/jawr-dwr2.x-extension/3.9/jawr-dwr2.x-extension-3.9.jar
MD5: dba4f13687996017c0b5b3ea081d1f73
SHA1: 189505de6950cf9b6d7c6a9ab396e7b9539ea82e
SHA256:5b42e2ce185b283a2a3c8e7b97822e535c75e292af37f85fb83c6f88d8ddd0d3
Referenced In Project/Scope: Gemma Web:runtime
jawr-dwr2.x-extension-3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

jaxb-api-2.3.1.jar

Description:

JAXB (JSR 222) API

License:

https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /home/jenkins/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256:88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jaxb-api-2.3.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

jboss-ejb3x-4.2.2.GA.jar

Description:

POM was created from install:install-file

File Path: /home/jenkins/.m2/repository/jboss/jboss-ejb3x/4.2.2.GA/jboss-ejb3x-4.2.2.GA.jar
MD5: d16f3d4ae032297b792b42f54879eeb0
SHA1: b11f499d19a6346b1446146307131ec901081bfd
SHA256:17a8db82cd60b9336adc3d13eacc5cf2aaf85f821338503cecad1875e0f6e64c
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jboss-ejb3x-4.2.2.GA.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

jboss-logging-3.1.0.GA.jar

Description:

The JBoss Logging Framework

License:

GNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt
File Path: /home/jenkins/.m2/repository/org/jboss/logging/jboss-logging/3.1.0.GA/jboss-logging-3.1.0.GA.jar
MD5: 735bcea3e47fd715900cfb95ec68b50f
SHA1: c71f2856e7b60efe485db39b37a31811e6c84365
SHA256:dea2fe7895033bdbbe2c1688ad08a0588d9d9b0f17d53349081cc20dda31353e
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jboss-logging-3.1.0.GA.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final

Identifiers

jboss-transaction-api_1.1_spec-1.0.1.Final.jar

Description:

The Java Transaction 1.1 API classes

License:

Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt
File Path: /home/jenkins/.m2/repository/org/jboss/spec/javax/transaction/jboss-transaction-api_1.1_spec/1.0.1.Final/jboss-transaction-api_1.1_spec-1.0.1.Final.jar
MD5: 679cd909d6130e6bf467b291031e1e2d
SHA1: 18f0e1d42f010a8b53aa447bf274a706d5148852
SHA256:d9ccc72cdcf5450fcb8cc614b4930261d5cc5b40da6b3be783308cebcd100723
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jboss-transaction-api_1.1_spec-1.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
  • pkg:maven/org.hibernate/hibernate-core@4.2.21.Final

Identifiers

jdom-1.0.jar

File Path: /home/jenkins/.m2/repository/jdom/jdom/1.0/jdom-1.0.jar
MD5: 0b8f97de82fc9529b1028a77125ce4f8
SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec
SHA256:3b23bc3979aec14a952a12aafc483010dc57579775f2ffcacef5256a90eeda02
Referenced In Project/Scope: Gemma Web:compile
jdom-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/rome/rome@1.0

Identifiers

CVE-2021-33813  

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

jena-core-2.13.0.jar

Description:

Jena is a Java framework for building Semantic Web applications. It provides a programmatic environment for RDF, RDFS and OWL, SPARQL and includes a rule-based inference engine.

File Path: /home/jenkins/.m2/repository/org/apache/jena/jena-core/2.13.0/jena-core-2.13.0.jar
MD5: 21d03d936cee3e62c22978cb73115a28
SHA1: 74f2536cd41a23892acd1ef4c016bed29c81994c
SHA256:5423ddf5ca2541311aadad2301743522e52bf86645fbaacc47e3a992aa9bef59
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jena-core-2.13.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

CVE-2021-39239  

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jena-iri-1.1.2.jar

Description:

    The IRI module provides an implementation of the IRI and URI specifications (RFC 3987 and 3986) which are used across Jena in order to comply with relevant W3C specifications for RDF and SPARQL which require conformance to these specifications.

File Path: /home/jenkins/.m2/repository/org/apache/jena/jena-iri/1.1.2/jena-iri-1.1.2.jar
MD5: eca2119771d9114c440014045cbe216b
SHA1: 533fb3ae5e839c84227688e7c92c946131d6886e
SHA256:6ecb4f137f9495cedf6ac5ea799905106955092905996c5674989958c12d6d94
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jena-iri-1.1.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

CVE-2021-39239  

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jersey-common-2.25.1.jar

Description:

Jersey core common packages

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/jersey/core/jersey-common/2.25.1/jersey-common-2.25.1.jar
MD5: d1f25f421cafb38efb49e2fef0799339
SHA1: 2438ce68d4907046095ab54aa83a6092951b4bbb
SHA256:4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

jersey-common-2.25.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1

Identifiers

CVE-2021-28168 (OSSINDEX)  

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
CWE-378 Creation of Temporary File With Insecure Permissions

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.glassfish.jersey.core:jersey-common:2.25.1:*:*:*:*:*:*:*

jersey-server-2.25.1.jar

Description:

Jersey core server implementation

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/jenkins/.m2/repository/org/glassfish/jersey/core/jersey-server/2.25.1/jersey-server-2.25.1.jar
MD5: 92dad916eab7a19c5398838a78ee9cab
SHA1: 276e2ee0fd1cdabf99357fce560c5baab675b1a2
SHA256:4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

jersey-server-2.25.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

jfreechart-1.5.4.jar

Description:

        JFreeChart is a class library, written in Java, for generating charts. 
        Utilising the Java2D API, it supports a wide range of chart types including
        bar charts, pie charts, line charts, XY-plots, time series plots, Sankey charts
        and more.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/jenkins/.m2/repository/org/jfree/jfreechart/1.5.4/jfreechart-1.5.4.jar
MD5: 36e760314d688997c7e5ad135a3efc44
SHA1: 9a5edddb05a3ca4fbc0628c594e6641a6f36a3b4
SHA256:cd0649b04b64f2638b55c7c3ac24788ff064b777bbbaf1b952f82ee078ed8b81
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jfreechart-1.5.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

CVE-2023-52070 (OSSINDEX)  

JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-129 Improper Validation of Array Index

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:*

CVE-2024-22949 (OSSINDEX)  

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-476 NULL Pointer Dereference

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:*

CVE-2024-23076 (OSSINDEX)  

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-476 NULL Pointer Dereference

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:*

jline-2.14.6.jar

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/jenkins/.m2/repository/jline/jline/2.14.6/jline-2.14.6.jar
MD5: 480423551649bc6980b43f09e4717272
SHA1: c3aeac59c022bdc497c8c48ed86fa50450e4896a
SHA256:97d1acaac82409be42e622d7a54d3ae9d08517e8aefdea3d2ba9791150c2f02d
Referenced In Project/Scope: Gemma Groovy Support:compile
jline-2.14.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

jniloader-1.1.jar

Description:

Lightweight convenience for loading JNI natives.

License:

LGPL: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/jenkins/.m2/repository/com/github/fommil/jniloader/1.1/jniloader-1.1.jar
MD5: a9f5b7619b4329c6b6588a5d25164949
SHA1: 4840f897eeb54d67ee14e478f8a45cc9937f3ce1
SHA256:2f1def54f30e1db5f1e7f2fd600fe2ab331bd6b52037e9a21505c237020b5573
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jniloader-1.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

jobmonitoring.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/jobmonitoring.js
MD5: c733b46b2177caff17baa6cdd40dfc25
SHA1: 0d524ae4ac11e31a8f7d0e9ec1723903cab89026
SHA256:e69cd92dc07381458c9a2967d870a8e86dd95ebfba96caf73eee860056d6a605
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

jquery-2.1.1.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/jquery-2.1.1.js
MD5: ce7814e0aa60981441ac81e0cc845a65
SHA1: b4acbc7aeae543111e9f3094fa1a5043dab2000e
SHA256:d81cbbba015638a5e168bec3a1c2e954fb91eec76208e787e2421ac7345fc0c4
Referenced In Project/Scope: Gemma Web

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates (RETIREJS)  

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
Unscored:
  • Severity: low

References:

jquery-ui-1.10.4.custom.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/jquery-ui-1.10.4.custom.js
MD5: f41eecc8792c6cbd386382b7fadbbcb8
SHA1: 14eaa1f6f593ad5be74288de2a1e69f3a85e3b44
SHA256:c8efba96a0af8129032a14602d2e522e4cb422dc2cf4fd122f02df5c707b083f
Referenced In Project/Scope: Gemma Web

Identifiers

CVE-2021-41182  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41183  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41184  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2022-31160  

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:*
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

jquery.cytoscape.js-cxtmenu.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.js-cxtmenu/jquery.cytoscape.js-cxtmenu.js
MD5: 0876a6218b07b8ee459cc8bed54a85ca
SHA1: 5c7ea2fdc1a94ef50afe204fcaf981bd94c07c48
SHA256:28448d439ef8de38dbf91526e4877b4818a01a3d23235d5f682afde3a7ac9607
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

jquery.cytoscape.js-panzoom.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.js-panzoom/jquery.cytoscape.js-panzoom.js
MD5: e557936bdee55d04703298f8d048b481
SHA1: 7a3f399fa1cfb840067f561cc488180063137560
SHA256:93332a91fc3eaf6ba89e5d0b2b6e409a1fbb0473fef93cb7fb28da811145422c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

jquery.jshowoff.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/jquery.jshowoff.js
MD5: 3f8b169be1571502e5e2fdaa3fc7ff1c
SHA1: a7ed3c3f753a702546a38b59b8c0df654589647c
SHA256:4efe2348651fc25f191fec24f7e41bab9821e5c5e59e4154a7fe64f6e9dc5fdf
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

jquery.qtip.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/jquery.qtip.js
MD5: c2063fb73e8498b14d98b7ed1ebbfba9
SHA1: c7135dbde869c2f1a8b904e997ea6e131d9c7d7c
SHA256:7268b880abe4387cf6a93889b643ed3578a1683babb5116ecd7a5f48cdb27194
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

jquery.sparkline.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/jquery.sparkline.js
MD5: 928592f222218fff51ad5020b4a7f69d
SHA1: 8b43e4a7f7116a00146dc18eec06947bb62ac1c1
SHA256:fac66d92386c229eaf21e7a29d7c1cd949eac8d339e31112fae7e650bfaecbe5
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

json-20231013.jar

Description:

        JSON is a light-weight, language independent, data interchange format.
        See http://www.JSON.org/

        The files in this package implement JSON encoders/decoders in Java.
        It also includes the capability to convert between JSON and XML, HTTP
        headers, Cookies, and CDL.

        This is a reference implementation. There are a large number of JSON packages
        in Java. Perhaps someday the Java community will standardize on one. Until
        then, choose carefully.

License:

Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE
File Path: /home/jenkins/.m2/repository/org/json/json/20231013/json-20231013.jar
MD5: 1a0702c57783ce9e948252c34644f328
SHA1: e22e0c040fe16f04ffdb85d851d77b07fc05ea52
SHA256:0f18192df289114e17aa1a0d0a7f8372cc9f5c7e4f7e39adcf8906fe714fa7d3
Referenced In Project/Scope: Gemma Web:compile
json-20231013.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma@1.31.6

Identifiers

junit-jupiter-api-5.10.2.jar

Description:

Module "junit-jupiter-api" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /home/jenkins/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.10.2/junit-jupiter-api-5.10.2.jar
MD5: 6e691e23a36de8cbda5cbcc9f31461e3
SHA1: fb55d6e2bce173f35fd28422e7975539621055ef
SHA256:afff77c186cd317275803872fa5133aa801fd6ac40bd91c78a6cf8009b4b17cc
Referenced In Project/Scope: Gemma Groovy Support:compile
junit-jupiter-api-5.10.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

junit-jupiter-engine-5.10.2.jar

Description:

Module "junit-jupiter-engine" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /home/jenkins/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.10.2/junit-jupiter-engine-5.10.2.jar
MD5: 830301d576c574fbf82320f93f8abacd
SHA1: f1f8fe97bd58e85569205f071274d459c2c4f8cd
SHA256:b6df35da750a546ae932376f11b3c0df841f0c90c7cb2944cd39adb432886e4b
Referenced In Project/Scope: Gemma Groovy Support:compile
junit-jupiter-engine-5.10.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

junit-platform-engine-1.10.2.jar

Description:

Module "junit-platform-engine" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /home/jenkins/.m2/repository/org/junit/platform/junit-platform-engine/1.10.2/junit-platform-engine-1.10.2.jar
MD5: 0bab6a13692441a957234370baae15f0
SHA1: d53bb4e0ce7f211a498705783440614bfaf0df2e
SHA256:905cba9b4998ccc29d1239085a7fb1fe0e28024d7526152356d810edec0a49a3
Referenced In Project/Scope: Gemma Groovy Support:compile
junit-platform-engine-1.10.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

kotlin-stdlib-1.8.21.jar

Description:

Kotlin Standard Library for JVM

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.8.21/kotlin-stdlib-1.8.21.jar
MD5: e4424cf44b4f8f7cd1517eafdda2f6a7
SHA1: 43d50ab85bc7587adfe3dda3dbe579e5f8d51265
SHA256:042a1cd1ac976cdcfe5eb63f1d8e0b0b892c9248e15a69c8cfba495d546ea52a
Referenced In Project/Scope: Gemma Web:compile
kotlin-stdlib-1.8.21.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2

Identifiers

kotlin-stdlib-common-1.9.10.jar

Description:

Kotlin Common Standard Library

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-common/1.9.10/kotlin-stdlib-common-1.9.10.jar
MD5: de4024a53c843e959f2d50ecd1f0e951
SHA1: dafaf2c27f27c09220cee312df10917d9a5d97ce
SHA256:cde3341ba18a2ba262b0b7cf6c55b20c90e8d434e42c9a13e6a3f770db965a88
Referenced In Project/Scope: Gemma Web:compile
kotlin-stdlib-common-1.9.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2

Identifiers

loadExpressionExperiment.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/loadExpressionExperiment.js
MD5: e6072cf74ec8da6871e81b7825db1924
SHA1: dceba856a5ede95fb3164afc4252f2db5bd02736
SHA256:3e007370caf579ac11c337ea7eccb9d3343df12e866c594d408061cab0ab69e9
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

log4j-core-2.23.1.jar

Description:

The Apache Log4j Implementation

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-core/2.23.1/log4j-core-2.23.1.jar
MD5: 34fad2df975cf874a2fdf4b797122f16
SHA1: 905802940e2c78042d75b837c136ac477d2b4e4d
SHA256:7079368005fc34f56248f57f8a8a53361c3a53e9007d556dbc66fc669df081b5
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

log4j-core-2.23.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6

Identifiers

log4j-slf4j-impl-2.23.1.jar

Description:

The Apache Log4j SLF4J API binding to Log4j 2 Core

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.23.1/log4j-slf4j-impl-2.23.1.jar
MD5: c5a27e08e18600d379d0ca72d71838b8
SHA1: 9ef67909a1b4eae999af4c7a211ab2379e4b86c2
SHA256:210742c8fb85b0dcc26a9d74a32fbc828e0429087dee3d2920d4a76b1eb96d91
Referenced In Projects/Scopes:
  • Gemma CLI:runtime
  • Gemma Core:runtime
  • Gemma Groovy Support:runtime
  • Gemma:runtime
  • Gemma Web:runtime
  • Gemma REST:runtime

log4j-slf4j-impl-2.23.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

lombok-1.18.32.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /home/jenkins/.m2/repository/org/projectlombok/lombok/1.18.32/lombok-1.18.32.jar
MD5: 56e9be7b9a26802ac0c784ad824f3a29
SHA1: 17d46b3e205515e1e8efd3ee4d57ce8018914163
SHA256:97574674e2a25f567a313736ace00df8787d443de316407d57fc877d9f19a65d
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lombok-1.18.32.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

lombok-1.18.32.jar: mavenEcjBootstrapAgent.jar

File Path: /home/jenkins/.m2/repository/org/projectlombok/lombok/1.18.32/lombok-1.18.32.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: 81090c80616485973f6cd4a19d72bbdb
SHA1: ed1e7c8794dea7c7f7050098d56b2751b9f91288
SHA256:e97851350e56f4d1b02356ef61276886831e3a5e33a914ea95e878e2a46df69e
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

Identifiers

  • None

lucene-analyzers-3.6.2.jar

Description:

Additional Analyzers

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-analyzers/3.6.2/lucene-analyzers-3.6.2.jar
MD5: 13f8241b6991bd1349c05369a7c0f002
SHA1: 3a083510dcb0d0fc67f8456cdac6f48aa0da2993
SHA256:82f9f78ff2143f1895ac04500aa47fdac3c52632a08522dde7dbb0f0c082801f
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-analyzers-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

lucene-core-3.6.2.jar

Description:

Apache Lucene Java Core

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-core/3.6.2/lucene-core-3.6.2.jar
MD5: ee396d04f5a35557b424025f5382c815
SHA1: 9ec77e2507f9cc01756964c71d91efd8154a8c47
SHA256:cef4436bae85c31417443284f736e321511cd1615268103378a9bf00b1df036d
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-core-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

lucene-facet-3.6.2.jar

Description:

    Package for Faceted Indexing and Search

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-facet/3.6.2/lucene-facet-3.6.2.jar
MD5: c14d30cca1f61cfcc16678db730516f1
SHA1: 72ae9f9115c4beb5f3e32b71966723a10cf4c083
SHA256:62ad5faecbf0f2da93ce495395d432e02e7715accaa0c074c94ec760e9de60fa
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-facet-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final

Identifiers

lucene-grouping-3.6.2.jar

Description:

Lucene Grouping Module

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-grouping/3.6.2/lucene-grouping-3.6.2.jar
MD5: 14598baf52660d5a1f282791ce09cc70
SHA1: 77c16722fc1ab2a42634dde6478ed2662c0a061a
SHA256:b1ac49babb6d325105b6646807d9abec97f3007a9bff581870e8f2b882d6dc10
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-grouping-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

lucene-highlighter-3.6.2.jar

Description:

    This is the highlighter for apache lucene java

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-highlighter/3.6.2/lucene-highlighter-3.6.2.jar
MD5: f75c4869b55c060e2a313f6416ee68cf
SHA1: a90682c6bc0b9e105bd260c9a041fefea9579e46
SHA256:377b2ddcb7c902daf5dd3d22a1ff5b8da4ad6f7fd6c5e5da4731d17a8d935534
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-highlighter-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final

Identifiers

lucene-kuromoji-3.6.2.jar

Description:

  	 Lucene Kuromoji Japanese Morphological Analyzer

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-kuromoji/3.6.2/lucene-kuromoji-3.6.2.jar
MD5: d8d1afc4ab28eee2f775e01b39808e78
SHA1: f117e4b867987406b26069bb0fbd889ace21badd
SHA256:63f249909f29cf7b796a47a3816a72b30b2062ee37d2ce97942dfbc96e409bda
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-kuromoji-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

lucene-memory-3.6.2.jar

Description:

    High-performance single-document index to compare against Query

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-memory/3.6.2/lucene-memory-3.6.2.jar
MD5: 765143db9e68cf91ac1c2070a2db6769
SHA1: 11846819b2f661b229d6ce861bc857774c0c4cdb
SHA256:d99058d68f4853457f47957a84b7a41078c3afd5a377735d82eaf4fc99f23415
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-memory-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final

Identifiers

lucene-misc-3.6.2.jar

Description:

Miscellaneous Lucene extensions

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-misc/3.6.2/lucene-misc-3.6.2.jar
MD5: eecbfe3cf5b047a9dab6933ee44f24d9
SHA1: 2e64f8dc9cc1df63f98426aa46aae0f5fe8cee13
SHA256:4f957c6489be9337178167c874074742e39e3b8ea10d8b83de79704415db1642
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-misc-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

lucene-phonetic-3.6.2.jar

Description:

Phonetic Analyzer

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-phonetic/3.6.2/lucene-phonetic-3.6.2.jar
MD5: 9bca3c6ca60efa9cbeb097c9fc3f6d30
SHA1: 89268de870916789e041e676a2888c8a7d6e0ea2
SHA256:cc987497e66ba8c12970c080671247f029dadeb2d9ab7dae10363a6bb5430845
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-phonetic-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

lucene-smartcn-3.6.2.jar

Description:

Smart Chinese Analyzer

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-smartcn/3.6.2/lucene-smartcn-3.6.2.jar
MD5: 3935444a27b519b8e11b411f81b53446
SHA1: e86dfea83d8fa5062145025c1f06ca27f9a49cab
SHA256:e4f24de68ac692c11fa6c906653599f0c50445f65b8af84d44d27afeeb909735
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-smartcn-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

lucene-spatial-3.6.2.jar

Description:

Spatial search package

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-spatial/3.6.2/lucene-spatial-3.6.2.jar
MD5: 85f76ee4b163cc6d13b36e225add5603
SHA1: 52e29032cfadec88dfe604257106ac038260b53b
SHA256:53139893aec0b576f3816592dda7051595759b1848e776d93e5b6efdd8c6f14e
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-spatial-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final

Identifiers

lucene-spellchecker-3.6.2.jar

Description:

Spell Checker

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-spellchecker/3.6.2/lucene-spellchecker-3.6.2.jar
MD5: a4b684913f93aea76f5dbd7e479f19c5
SHA1: 15db0c0cfee44e275f15ad046e46b9a05910ad24
SHA256:307bb7da7f19b30326ea0163d470597854964796cbfef56b8fc7f9b3241dc609
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-spellchecker-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

lucene-stempel-3.6.2.jar

Description:

Stempel Analyzer

File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-stempel/3.6.2/lucene-stempel-3.6.2.jar
MD5: 0c87d87198b314ff4afdb8a63c1a702e
SHA1: a0b8b2e20fd04724fbbd6a67037f5a1a98feed72
SHA256:0b9dd990e3515e3f253eae4a6e614bf9c980c2e04211f6529a34b6c6d95b1dc8
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

lucene-stempel-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

manageGroups.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/manageGroups.js
MD5: c6824f670be28d880b178f8083994112
SHA1: f646fddf0f71df098e651541c2527995198b2cba
SHA256:670d4c343a6780091589edf867b1f82262b7434f00b1afcebbd203501b17766a
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

metrics-core-4.2.25.jar

Description:

        Metrics is a Java library which gives you unparalleled insight into what your code does in
        production. Metrics provides a powerful toolkit of ways to measure the behavior of critical
        components in your production environment.

License:

https://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/jenkins/.m2/repository/io/dropwizard/metrics/metrics-core/4.2.25/metrics-core-4.2.25.jar
MD5: f9476a4f1a8287f7a4a2af759c33e44a
SHA1: 76162cb1f7a6f902da4f80e5bcf472078e8cd7e1
SHA256:8bc7de609a2816b78a7a5009bddf11be560ba527d44db74a0a31a6f44fdb5b5f
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

metrics-core-4.2.25.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0

Identifiers

metrics-jmx-4.2.25.jar

Description:

        A set of classes which allow you to report metrics via JMX.

License:

https://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/jenkins/.m2/repository/io/dropwizard/metrics/metrics-jmx/4.2.25/metrics-jmx-4.2.25.jar
MD5: b8ec52ac806adc0f8dcd3cbc855b9f42
SHA1: 8d57d9f33530fef4ed3489dc8d1351deb18d1f15
SHA256:6b6956f8eecc18b3712e266fccde58bc0844169e79214cea9d0f6dcc822ec714
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

metrics-jmx-4.2.25.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
  • pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0

Identifiers

micrometer-commons-1.13.0.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-commons/1.13.0/micrometer-commons-1.13.0.jar
MD5: 92e95856a39f7b1319d1cb9131f1bfc5
SHA1: 156a59aff8d72c5e631eb4a2d739373ed5881609
SHA256:039aef255b5092561fdf649367fd0ff9af8da00aadb25f0c60cf30ebad8dceb8
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

micrometer-commons-1.13.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0

Identifiers

micrometer-core-1.13.0.jar

Description:

Core module of Micrometer containing instrumentation API and implementation

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-core/1.13.0/micrometer-core-1.13.0.jar
MD5: cc5834ef064a952d17392cbc0216d8c8
SHA1: d7ed656fbc54fde5a03d978fc0d66f270cc4a997
SHA256:1ced414878f151d08617b47732fa67a5d06b47b63903e2722f40e2294e883643
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

micrometer-core-1.13.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

micrometer-observation-1.13.0.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-observation/1.13.0/micrometer-observation-1.13.0.jar
MD5: 9a5c0482f47a2fb1b1f9812ae2e251d4
SHA1: 5aa75fbb4367dc3b28e557d14535d21335dc8985
SHA256:33e7c9de55ef34ae502a2ad6c4c9786563b6d44eca2cbd2b832911594b378858
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

micrometer-observation-1.13.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0
  • pkg:maven/io.micrometer/micrometer-core@1.13.0

Identifiers

micrometer-registry-jmx-1.13.0.jar

Description:

Application monitoring instrumentation facade

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-registry-jmx/1.13.0/micrometer-registry-jmx-1.13.0.jar
MD5: ee24c9ffae39c0984582c5e68edba3ae
SHA1: 61e1dfeafa02d4b057d8bdfd48092d44a9835f2c
SHA256:521334321adb38bf27e2f818b7d02d34b6737930b186e186594873bf2c346299
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

micrometer-registry-jmx-1.13.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

monitoring.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/monitoring.js
MD5: af5bcb015f11c02eb4742f63189a6f9c
SHA1: 622a96320ac642e842cbeeddfbcdffb0432a639f
SHA256:d049db88db5ac929a734a2dc4a9fba00f134013cd2222fe834409136691fb057
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

mtj-1.0.4.jar

Description:

A comprehensive collection of matrix data structures, linear solvers, least squares methods,
        eigenvalue, and singular value decompositions.

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.html
File Path: /home/jenkins/.m2/repository/com/googlecode/matrix-toolkits-java/mtj/1.0.4/mtj-1.0.4.jar
MD5: 846c7a7311d492c6102afd23647f46cc
SHA1: e14ed840ff5e15de92dba2d1af29201fa70a0f35
SHA256:27a53db335bc6af524b30f97ec3fb4b6df65e7648d70e752447c7dd9bc4697c8
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

mtj-1.0.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

mysql-connector-j-8.4.0.jar

Description:

JDBC Type 4 driver for MySQL.

License:

The GNU General Public License, v2 with Universal FOSS Exception, v1.0
File Path: /home/jenkins/.m2/repository/com/mysql/mysql-connector-j/8.4.0/mysql-connector-j-8.4.0.jar
MD5: 2607d710106276083d26e6a1505948d7
SHA1: b1bc0f47bcad26ad5f9bceefb63fcb920d868fca
SHA256:d77962877d010777cff997015da90ee689f0f4bb76848340e1488f2b83332af5
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

mysql-connector-j-8.4.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma@1.31.6
  • pkg:maven/gemma/gemma-web@1.31.6
  • pkg:maven/gemma/gemma-cli@1.31.6
  • pkg:maven/gemma/gemma-groovy-support@1.31.6
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

native_ref-java-1.1.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/native_ref-java/1.1/native_ref-java-1.1.jar
MD5: 1aac8a554c0a9b36340e8eba1c8a8ba9
SHA1: 408c71ffbc3646dda7bee1e22bf19101e5e9ee90
SHA256:120ca95d3a7b4646f44c3bcebdf7a149ec4f8cccf731a13bd84da103b836e236
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

native_ref-java-1.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

native_system-java-1.1.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/native_system-java/1.1/native_system-java-1.1.jar
MD5: 7244aab504c9fdce6c320498459b9432
SHA1: 3c6a2455f96b354a6940dce1393abb35ed7641da
SHA256:2414fc6e29b73ba40e0df21ab9618e4f5dc5ac66aab32bd81ee213a68796155d
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

native_system-java-1.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_ref-linux-armhf-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-linux-armhf/1.1/netlib-native_ref-linux-armhf-1.1-natives.jar
MD5: e2ff3e665c6eea38eb975e2ecf1abaa7
SHA1: ec467162f74710fd8897cff6888534ceaf297d9a
SHA256:1d9ff5c35a542f598bd8d01c12d838ac4f457beae528f0b1930f21c0bff3eaae
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_ref-linux-armhf-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_ref-linux-i686-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-linux-i686/1.1/netlib-native_ref-linux-i686-1.1-natives.jar
MD5: 101fb0618fbf80d1392d9e6bf2eaa8e1
SHA1: eedd845b214aea560bce317d778ebb52f8f46038
SHA256:bf1dcc3b32a32bde8bd897b8c7da21cbd75b9febb89321a11b4f9a254aeb92ec
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_ref-linux-i686-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_ref-linux-x86_64-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-linux-x86_64/1.1/netlib-native_ref-linux-x86_64-1.1-natives.jar
MD5: 950476b98b61793f045aab84f471fb96
SHA1: 05a3e5787d03c39790d5ae08cce189dd1ccc4a38
SHA256:f9034b22e89352ea1ba0c1edfb7529057c6b6acd651babb58839af19897e8ac0
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_ref-linux-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_ref-osx-x86_64-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-osx-x86_64/1.1/netlib-native_ref-osx-x86_64-1.1-natives.jar
MD5: 38b6cb1ce53e3793c48e1d99848d1600
SHA1: 80da53ec862f283dc3b191b9dbd3166ea6671831
SHA256:fbe45f80be86fb809eb159b75ba45433cbba2b5fb6814758d1f15823b2b17438
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_ref-osx-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_ref-win-i686-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-win-i686/1.1/netlib-native_ref-win-i686-1.1-natives.jar
MD5: 5f94993d3cffa7a46fb3ac1f5c28afd8
SHA1: 167fb794a26cb0bfc74890c704c7137b1d5b50fd
SHA256:0dcdc8348430365f7d912dcffb13d4c133810fbc3f3334123edb7c7f88990c5f
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_ref-win-i686-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_ref-win-x86_64-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-win-x86_64/1.1/netlib-native_ref-win-x86_64-1.1-natives.jar
MD5: d310ba2205a98b5d3219dbe1a66a0301
SHA1: 4ab54511c2844546279d9f8e427c73953b794686
SHA256:322a4d1a9cdfa284b1025b3d85c9ece18605be2caf795abfbaa366eb403fbf32
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_ref-win-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_system-linux-armhf-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-linux-armhf/1.1/netlib-native_system-linux-armhf-1.1-natives.jar
MD5: 09def97e97d35ff4be5692b3d33d4bfc
SHA1: 27ae9f6a9c88b3f8d12ffa52d62941615f8ed416
SHA256:aab65e3a3f3f664496dc512bea38d5ece0723799770f2aa608a4f1410342cb96
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_system-linux-armhf-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_system-linux-i686-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-linux-i686/1.1/netlib-native_system-linux-i686-1.1-natives.jar
MD5: 93769919423f7fd54ee2347784d2c9d3
SHA1: dd43225560dbd9115d306f9be3ca195aed236b78
SHA256:ecfd3c4e442411be9bc9aa74ea1b28b0fdf201dda00fe4559c68cde6e311520f
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_system-linux-i686-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_system-linux-x86_64-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-linux-x86_64/1.1/netlib-native_system-linux-x86_64-1.1-natives.jar
MD5: 39de4e1383f61881098e2e66cbb2b475
SHA1: 163e88facabe7fa29952890dc2d3429e28501120
SHA256:9a929390c8c4845a2bff01e7bc0d8381fcc89ebc147c037f877f02b19806d013
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_system-linux-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_system-osx-x86_64-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-osx-x86_64/1.1/netlib-native_system-osx-x86_64-1.1-natives.jar
MD5: ab50d62f2ffd44c4623d915ae11e0f37
SHA1: d724e33675dc8eaa5c8fcb05a3aaca6f3339afa7
SHA256:07230441e6d7985e30e13b4c6844c6388324a971e1d3c5d46880a213b37a4dd1
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_system-osx-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_system-win-i686-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-win-i686/1.1/netlib-native_system-win-i686-1.1-natives.jar
MD5: c83df62ee7516fb876c499921d2da434
SHA1: c25fd1881cf93f7716f47b7deec859f6b6b7be50
SHA256:65b4900fd4fdc6715d3d48cfac2a7809cab5ed626f20e212a747f579bb60a40a
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_system-win-i686-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

netlib-native_system-win-x86_64-1.1-natives.jar

File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-win-x86_64/1.1/netlib-native_system-win-x86_64-1.1-natives.jar
MD5: 2de500c3ad6bde324f59977f67dc33cc
SHA1: 222c7915be1daf1c26a4206f375d4957ae5f9d81
SHA256:d855c2fc7d70ffddaac504b556c6cc7c33288d85c173386e47921f44bbb34202
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

netlib-native_system-win-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

okhttp-4.12.0.jar

Description:

Square’s meticulous HTTP client for Java and Kotlin.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/squareup/okhttp3/okhttp/4.12.0/okhttp-4.12.0.jar
MD5: 6acba053af88fed87e710c6c29911d7c
SHA1: 2f4525d4a200e97e1b87449c2cd9bd2e25b7e8cd
SHA256:b1050081b14bb7a3a7e55a4d3ef01b5dcfabc453b4573a4fc019767191d5f4e0
Referenced In Project/Scope: Gemma Web:compile
okhttp-4.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2

Identifiers

okio-3.6.0.jar

Description:

A modern I/O library for Android, Java, and Kotlin Multiplatform.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/squareup/okio/okio/3.6.0/okio-3.6.0.jar
MD5: 990f7b25bbd4fee8787ffabf89aa229f
SHA1: 8bf9683c80762d7dd47db12b68e99abea2a7ae05
SHA256:8e63292e5c53bb93c4a6b0c213e79f15990fed250c1340f1c343880e1c9c39b5
Referenced In Project/Scope: Gemma Web:compile
okio-3.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2

Identifiers

ontologyReIndexer.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/ontologyReIndexer.js
MD5: e7e0b9c5114dced3c1ba5dd59bf6ca3f
SHA1: c2ea0482f55f1b5ac57ab203666e509f338d5f23
SHA256:30f87a101427e5ddfb214d07440d80f9dcb85705b7670e367a240af6695adf73
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

opencsv-5.9.jar

Description:

A simple library for reading and writing CSV in Java

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/opencsv/opencsv/5.9/opencsv-5.9.jar
MD5: 8cee3b4e9ebeba7bd2834831a969d97c
SHA1: 284ea0b60a24b71a530100783185e7d547ab5339
SHA256:2023969b86ce968ad8ae549648ac587d141c19ae684a9a5c67c9105f37ab0d1c
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

opencsv-5.9.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

opentest4j-1.3.0.jar

Description:

Open Test Alliance for the JVM

License:

The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar
MD5: 03c404f727531f3fd3b4c73997899327
SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e
SHA256:48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b
Referenced In Project/Scope: Gemma Groovy Support:compile
opentest4j-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

org.abego.treelayout.core-1.0.3.jar

Description:

Efficient and customizable TreeLayout Algorithm in Java.

License:

BSD 3-Clause "New" or "Revised" License (BSD-3-Clause): http://www.abego-software.de/legal/apl-v10.html
File Path: /home/jenkins/.m2/repository/org/abego/treelayout/org.abego.treelayout.core/1.0.3/org.abego.treelayout.core-1.0.3.jar
MD5: 9c8cefab6360a672565370d5311f0f3c
SHA1: 457216e8e6578099ae63667bb1e4439235892028
SHA256:fa5e31395c39c2e7d46aca0f81f72060931607b2fa41bd36038eb2cb6fb93326
Referenced In Project/Scope: Gemma Groovy Support:compile
org.abego.treelayout.core-1.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

org.geneontology-1.002.jar

File Path: /home/jenkins/.m2/repository/obo/org.geneontology/1.002/org.geneontology-1.002.jar
MD5: fd0489a45e4d8c8ea83b2ec5ba86a59c
SHA1: 831ea4bc937235c49cb1b7fac5d612041aff29f3
SHA256:5d50f3b29d7b023e0716c06d5a6c48a754f80306856b407596a6823cbd066bae
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

org.geneontology-1.002.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6

Identifiers

osgi-resource-locator-1.0.1.jar

Description:

 See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information

License:

https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar
MD5: 51e70ad8fc9d1e9fb19debeb55555b75
SHA1: 4ed2b2d4738aed5786cfa64cba5a332779c4c708
SHA256:775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843
Referenced In Projects/Scopes:
  • Gemma REST:compile
  • Gemma Web:compile

osgi-resource-locator-1.0.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1
  • pkg:maven/gemma/gemma-rest@1.31.6

Identifiers

picocli-4.7.5.jar

Description:

Java command line parser with both an annotations API and a programmatic API. Usage help with ANSI styles and colors. Autocomplete. Nested subcommands. Easily included as source to avoid adding a dependency.

License:

The Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/info/picocli/picocli/4.7.5/picocli-4.7.5.jar
MD5: 130eeeb3c9c1a58d7174d10a9d771644
SHA1: a6f99ec0a97aeb3be63a9f55703b28f2cf08788f
SHA256:e83a906fb99b57091d1d68ac11f7c3d2518bd7a81a9c71b259e2c00d1564c8e8
Referenced In Project/Scope: Gemma Groovy Support:compile
picocli-4.7.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

poi-5.2.5.jar

Description:

Apache POI - Java API To Access Microsoft Format Files

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/poi/poi/5.2.5/poi-5.2.5.jar
MD5: c7725f44e62223d1f37e7a4883f01425
SHA1: 7e00f6b2f76375fe89022d5a7db8acb71cbd55f5
SHA256:352e1b44a5777af2df3d7dc408cda9f75f932d0e0125fa1a7d336a13c0a663a7
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

poi-5.2.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/baseCode/baseCode@1.1.23

Identifiers

protobuf-java-3.25.1.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /home/jenkins/.m2/repository/com/google/protobuf/protobuf-java/3.25.1/protobuf-java-3.25.1.jar
MD5: 7dc81d3c2187ce5627d134a37df88cc0
SHA1: 2933a5c3f022456d8842323fe0d7fb2d25a7e3c7
SHA256:48a8e58a1a8f82eff141a7a388d38dfe77d7a48d5e57c9066ee37f19147e20df
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

protobuf-java-3.25.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.mysql/mysql-connector-j@8.4.0
  • pkg:maven/com.mysql/mysql-connector-j@8.4.0
  • pkg:maven/com.mysql/mysql-connector-j@8.4.0
  • pkg:maven/com.mysql/mysql-connector-j@8.4.0
  • pkg:maven/com.mysql/mysql-connector-j@8.4.0
  • pkg:maven/com.mysql/mysql-connector-j@8.4.0

Identifiers

qdox-1.12.1.jar

Description:

    QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
    complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/thoughtworks/qdox/qdox/1.12.1/qdox-1.12.1.jar
MD5: 9fb6970f934f8d836ae8e6d133316ab4
SHA1: f7122f6ab1f64bdf9f5970b0e89bfb355e036897
SHA256:21fba22f830e9268f07cf4ab2d99e8181abbdcb0cb91ee0228eb3cb918dcdd1d
Referenced In Project/Scope: Gemma Groovy Support:compile
qdox-1.12.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-all@4.0.21

Identifiers

quartz-1.8.6.jar

File Path: /home/jenkins/.m2/repository/org/quartz-scheduler/quartz/1.8.6/quartz-1.8.6.jar
MD5: fff6d47071fce5e1b36cc943aa118b65
SHA1: 552019e55385a5fdbc6b594fabc4c03ea45a99bc
SHA256:056dadf9988fdf0f4493673d41d2b1a2b12ed056aa645d94e602a87face57d78
Referenced In Project/Scope: Gemma Web:compile
quartz-1.8.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

CVE-2019-13990  

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-39017  

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

resetPassword.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/resetPassword.js
MD5: 9226b310eb03c000866fcf7b6e810eea
SHA1: 48985b0713fdbceab111676303490dbf6c957efb
SHA256:c16bc39c5a9c511e795565c1ff02d06f91bcedfa74eb64ae113c7b282715cbcd
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

rome-1.0.jar

Description:

All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
		easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
		(0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
		a set of parsers and generators for the various flavors of feeds, as well as converters
		to convert from one format to another. The parsers can give you back Java objects that
		are either specific for the format you want to work with, or a generic normalized
		SyndFeed object that lets you work on with the data without bothering about the
		underlying format.

File Path: /home/jenkins/.m2/repository/rome/rome/1.0/rome-1.0.jar
MD5: 53d38c030287b939f4e6d745ba1269a7
SHA1: 022b33347f315833e9348cec2751af1a5d5656e4
SHA256:cd2cfd3b4e2af9eb8fb09d6a2384328e5b9cf1138bccaf7e31f971e5f7678c6c
Referenced In Project/Scope: Gemma Web:compile
rome-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

  • pkg:maven/rome/rome@1.0  (Confidence:High)
  • cpe:2.3:a:oracle:system_utilities:1.0:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:oracle:utilities_framework:1.0:*:*:*:*:*:*:*  (Confidence:Low)  

rome-fetcher-1.0.jar

File Path: /home/jenkins/.m2/repository/rome/rome-fetcher/1.0/rome-fetcher-1.0.jar
MD5: 8b38fab84e677d4121ca0ed8e12e50b1
SHA1: 6044bcd5d6f793fa3a38843e774e58c0737a7125
SHA256:b860e75b4596b756b7cfb351182eeba9544d8251bf8c3551b7abafbbfd23387f
Referenced In Project/Scope: Gemma Web:compile
rome-fetcher-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

rsvp.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/rsvp.js
MD5: 7907545ad1a41828a33d897f834799d8
SHA1: 0b72018ca4652fafb5285bae5d3a67b41bd1f82c
SHA256:2e14e5d67027a4cf380c76cfe28df7c827d1392b1244ca2905db7b2bd86fc71e
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

saaj-impl-1.5.3.jar

Description:

       Implementation of Jakarta SOAP with Attachments Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/jenkins/.m2/repository/com/sun/xml/messaging/saaj/saaj-impl/1.5.3/saaj-impl-1.5.3.jar
MD5: 9c3bd20b7350f99f18f8c38fbed90199
SHA1: 1cd4aa51ea7a8987fe930083e3cd05e2ac72505b
SHA256:21d451aa7dbe1254388ecc4e5ea71aabbc519c7d7344c9d93e9f79954f38b32b
Referenced In Project/Scope: Gemma Web:runtime
saaj-impl-1.5.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

search.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/search/search.js
MD5: 7d8ca881e1ad4541cfc5f370896f6b8c
SHA1: c75b6177ca5954591e14d7caa8a811f9cfe0ed11
SHA256:f2d8e39b443bdc1f15a109f50cd90010b342b6cba34c31cae4ca62acd6d867b0
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

signup.js

File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/signup.js
MD5: 2cfff14b81eec24de4dc0830c17c13c0
SHA1: db61e86b34523392824834d9d3590229674931a7
SHA256:078d4fb1d1811fd8c4d136158464bee1e7be0d85c5ed4a858ca7c02afa84621c
Referenced In Project/Scope: Gemma Web

Identifiers

  • None

sitemesh-2.5.0.jar

Description:

SiteMesh is a web-page layout and decoration framework and web- application integration framework to aid in creating large sites consisting of many pages for which a consistent look/feel, navigation and layout scheme is required.

License:

The Apache Software License, Version 1.1: https://raw.githubusercontent.com/sitemesh/sitemesh2/master/LICENSE.txt
File Path: /home/jenkins/.m2/repository/opensymphony/sitemesh/2.5.0/sitemesh-2.5.0.jar
MD5: b5440899b65cf71abec65951d0390910
SHA1: 3a68a575d04e46c0aebab8f8348a0584a3c341c2
SHA256:2ff69371a6af9016965dd78d19dc63286c512c53ec76aa7d53e1250e3f349c84
Referenced In Project/Scope: Gemma Web:runtime
sitemesh-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

slack-api-client-1.39.2.jar

File Path: /home/jenkins/.m2/repository/com/slack/api/slack-api-client/1.39.2/slack-api-client-1.39.2.jar
MD5: 2110ed1a270873a0303b366205ddc3c4
SHA1: 1fef9798893464bc1fc8ce2767d7af808a598b27
SHA256:bdbcd8f06737232078ab83cf6bb2b90f270fb3650b228ee2753c35089ccb43d9
Referenced In Project/Scope: Gemma Web:compile
slack-api-client-1.39.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

slack-api-model-1.39.2.jar

File Path: /home/jenkins/.m2/repository/com/slack/api/slack-api-model/1.39.2/slack-api-model-1.39.2.jar
MD5: e8f65040a716d1ae942c00cbf1965790
SHA1: 52d66fb21b762c1d52c7a18cc9314638aaadf33b
SHA256:714c13445c855d67ef5676272ce62e4ccd82630015887413253c60dc9d65315e
Referenced In Project/Scope: Gemma Web:compile
slack-api-model-1.39.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

Identifiers

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/jenkins/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/org.apache.velocity/velocity-engine-core@2.3
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/io.swagger.core.v3/swagger-core@2.2.22
  • pkg:maven/baseCode/baseCode@1.1.23
  • pkg:maven/org.quartz-scheduler/quartz@1.8.6

Identifiers

snakeyaml-2.2.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Projects/Scopes:
  • Gemma Groovy Support:compile
  • Gemma REST:compile
  • Gemma Web:compile

snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-rest@1.31.6
  • pkg:maven/org.apache.groovy/groovy-all@4.0.21
  • pkg:maven/io.swagger.core.v3/swagger-core@2.2.22

Identifiers

solr-core-3.6.2.jar

Description:

Apache Solr Core

File Path: /home/jenkins/.m2/repository/org/apache/solr/solr-core/3.6.2/solr-core-3.6.2.jar
MD5: 5c1ed4b8c48a422451f4566bc1a60d3a
SHA1: 6a7fd7092ba403e9002dd935bbf6a42141a80c8c
SHA256:4369b38e5f600c81653f221776d7087aa7428084795d5fe7bf9896fd3ac83377
Referenced In Projects/Scopes:

  • Gemma Groovy Support:compile
  • Gemma Core:compile
  • Gemma CLI:compile
  • Gemma REST:compile
  • Gemma Web:compile

solr-core-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/gemma/gemma-core@1.31.6
  • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final

Identifiers

CVE-2021-27905  

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2021-44548  

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-20 Improper Input Validation, CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2021-29943  

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
CWE-863 Incorrect Authorization

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2020-13941  

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2012-6612  

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-3163  

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

    Vulnerable Software & Versions: (show all)

    CVE-2017-3164  

    Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
    CWE-918 Server-Side Request Forgery (SSRF)

    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-1308  

    This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
    CWE-611 Improper Restriction of XML External Entity Reference

    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-12401  

    Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it���s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
    CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-29262  

    When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
    CWE-522 Insufficiently Protected Credentials

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2023-44487  

    CISA Known Exploited Vulnerability:
    • Product: IETF HTTP/2
    • Name: HTTP/2 Rapid Reset Attack Vulnerability
    • Date Added: 2023-10-10
    • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
    • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    • Due Date: 2023-10-31
    • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    CWE-400 Uncontrolled Resource Consumption

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-0193  

    CISA Known Exploited Vulnerability:
    • Product: Apache Solr
    • Name: Apache Solr DataImportHandler Code Injection Vulnerability
    • Date Added: 2021-12-10
    • Description: The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
    • Required Action: Apply updates per vendor instructions.
    • Due Date: 2022-06-10

    In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
    CWE-94 Improper Control of Generation of Code ('Code Injection')

    CVSSv2:
    • Base Score: HIGH (9.0)
    • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
    CVSSv3:
    • Base Score: HIGH (7.2)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2013-6407  

    The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
    NVD-CWE-noinfo

    CVSSv2:
    • Base Score: MEDIUM (6.4)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2013-6408  

    The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.
    NVD-CWE-noinfo

    CVSSv2:
    • Base Score: MEDIUM (6.4)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2015-8795  

    Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
    CVSSv3:
    • Base Score: MEDIUM (6.1)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2015-8796  

    Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
    CVSSv3:
    • Base Score: MEDIUM (6.1)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2015-8797  

    Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
    CVSSv3:
    • Base Score: MEDIUM (6.1)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-8026 (OSSINDEX)  

    This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.
    CWE-611 Improper Restriction of XML External Entity Reference

    CVSSv3:
    • Base Score: MEDIUM (5.5)
    • Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    References:

    Vulnerable Software & Versions (OSSINDEX):

    • cpe:2.3:a:org.apache.solr:solr-core:3.6.2:*:*:*:*:*:*:*

    CVE-2013-6397  

    Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2018-11802  

    In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
    CWE-863 Incorrect Authorization

    CVSSv2:
    • Base Score: MEDIUM (4.0)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    solr-solrj-3.6.2.jar

    Description:

    Apache Solr Solrj

    File Path: /home/jenkins/.m2/repository/org/apache/solr/solr-solrj/3.6.2/solr-solrj-3.6.2.jar
    MD5: 34df7ce752a336588fc80f4f67926e46
    SHA1: 7f7e4dc77f72b86eb198fb9199f8e1eebf800ba8
    SHA256:135f76fb0c12ef41fad818b7a4be6595400e1481258c460e809079bc2393819b
    Referenced In Projects/Scopes:

    • Gemma Groovy Support:compile
    • Gemma Core:compile
    • Gemma CLI:compile
    • Gemma REST:compile
    • Gemma Web:compile

    solr-solrj-3.6.2.jar is in the transitive dependency tree of the listed items.Included by:
    • pkg:maven/gemma/gemma-core@1.31.6
    • pkg:maven/gemma/gemma-core@1.31.6
    • pkg:maven/gemma/gemma-core@1.31.6
    • pkg:maven/org.hibernate/hibernate-search-orm@4.4.6.Final
    • pkg:maven/gemma/gemma-core@1.31.6

    Identifiers

    CVE-2021-27905  

    The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
    CWE-918 Server-Side Request Forgery (SSRF)

    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2021-44548  

    An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-20 Improper Input Validation, CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

    CVSSv2:
    • Base Score: MEDIUM (6.8)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2021-29943  

    When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
    CWE-863 Incorrect Authorization

    CVSSv2:
    • Base Score: MEDIUM (6.4)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2020-13941  

    Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
    CWE-20 Improper Input Validation

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2012-6612  

    The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
    NVD-CWE-noinfo

    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2017-3163  

    When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

      Vulnerable Software & Versions: (show all)

      CVE-2017-3164  

      Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
      CWE-918 Server-Side Request Forgery (SSRF)

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      CVE-2018-1308  

      This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
      CWE-611 Improper Restriction of XML External Entity Reference

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2019-12401  

      Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it���s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
      CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-29262  

      When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
      CWE-522 Insufficiently Protected Credentials

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      CVE-2023-44487  

      CISA Known Exploited Vulnerability:
      • Product: IETF HTTP/2
      • Name: HTTP/2 Rapid Reset Attack Vulnerability
      • Date Added: 2023-10-10
      • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
      • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
      • Due Date: 2023-10-31
      • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

      The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
      CWE-400 Uncontrolled Resource Consumption

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2019-0193  

      CISA Known Exploited Vulnerability:
      • Product: Apache Solr
      • Name: Apache Solr DataImportHandler Code Injection Vulnerability
      • Date Added: 2021-12-10
      • Description: The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
      • Required Action: Apply updates per vendor instructions.
      • Due Date: 2022-06-10

      In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
      CWE-94 Improper Control of Generation of Code ('Code Injection')

      CVSSv2:
      • Base Score: HIGH (9.0)
      • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
      CVSSv3:
      • Base Score: HIGH (7.2)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      CVE-2013-6407  

      The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: MEDIUM (6.4)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2013-6408  

      The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: MEDIUM (6.4)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2015-8795  

      Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
      CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      CVE-2015-8796  

      Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
      CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      CVE-2015-8797  

      Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
      CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      CVE-2013-6397  

      Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
      CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-11802  

      In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
      CWE-863 Incorrect Authorization

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
      CVSSv3:
      • Base Score: MEDIUM (4.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      spring-bridge-2.5.0-b32.jar

      Description:

      ${project.name}

      License:

      https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
      File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/spring-bridge/2.5.0-b32/spring-bridge-2.5.0-b32.jar
      MD5: 6ae9e7388f599d06bb76539c4a5e2755
      SHA1: f38ecef23edc769942a95c062efd63541044de42
      SHA256:44f5a5f44d1b52e8cd252ee160b900b079d4ec273cfaffb329e8a986a65d3b70
      Referenced In Projects/Scopes:
      • Gemma REST:compile
      • Gemma Web:compile

      spring-bridge-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by:
      • pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1
      • pkg:maven/gemma/gemma-rest@1.31.6

      Identifiers

      spring-core-3.2.18.RELEASE.jar

      Description:

      Spring Core

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/jenkins/.m2/repository/org/springframework/spring-core/3.2.18.RELEASE/spring-core-3.2.18.RELEASE.jar
      MD5: 635537b54653d8155b107630ae41599e
      SHA1: 0e2bd9c162280cd79c2ea0f67f174ee5d7b84ddd
      SHA256:5c7ab868509a6b1214ebe557bfcf489cfac6e1ae4c4a39181b0fe66621fbe32e
      Referenced In Projects/Scopes:
      • Gemma Groovy Support:compile
      • Gemma Core:compile
      • Gemma:compile
      • Gemma CLI:compile
      • Gemma REST:compile
      • Gemma Web:compile

      spring-core-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items.Included by:
      • pkg:maven/gemma/gemma-rest@1.31.6
      • pkg:maven/gemma/gemma-web@1.31.6
      • pkg:maven/gemma/gemma-groovy-support@1.31.6
      • pkg:maven/gemma/gemma-core@1.31.6
      • pkg:maven/gemma/gemma@1.31.6
      • pkg:maven/gemma/gemma-cli@1.31.6

      Identifiers

      CVE-2018-1270  

      Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
      CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')

      CVSSv2:
      • Base Score: HIGH (7.5)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22965  

      CISA Known Exploited Vulnerability:
      • Product: VMware Spring Framework
      • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
      • Date Added: 2022-04-04
      • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
      • Required Action: Apply updates per vendor instructions.
      • Due Date: 2022-04-25

      A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
      CWE-94 Improper Control of Generation of Code ('Code Injection')

      CVSSv2:
      • Base Score: HIGH (7.5)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2016-5007  

      Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
      CWE-264 Permissions, Privileges, and Access Controls

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-11040  

      Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
      CWE-829 Inclusion of Functionality from Untrusted Control Sphere

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-1257  

      Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-5421  

      In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: LOW (3.6)
      • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N
      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22950  

      n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
      CWE-770 Allocation of Resources Without Limits or Throttling

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-20861  

      In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-11039  

      Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22968  

      In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
      CWE-178 Improper Handling of Case Sensitivity

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22970  

      In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
      CWE-770 Allocation of Resources Without Limits or Throttling

      CVSSv2:
      • Base Score: LOW (3.5)
      • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      spring-expression-3.2.18.RELEASE.jar

      Description:

      Spring Expression Language (SpEL)

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/jenkins/.m2/repository/org/springframework/spring-expression/3.2.18.RELEASE/spring-expression-3.2.18.RELEASE.jar
      MD5: 7e5fbe8696a4e71dc310c1ff9f8286e1
      SHA1: 070c1fb9f2111601193e01a8d0c3ccbca1bf3706
      SHA256:cde7eda6cc2270ab726f963aeb546c3f4db76746c661c247fbfb5d2a4d2f4411
      Referenced In Projects/Scopes:
      • Gemma CLI:runtime
      • Gemma Core:runtime
      • Gemma Groovy Support:runtime
      • Gemma:runtime
      • Gemma Web:runtime
      • Gemma REST:runtime

      spring-expression-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items.Included by:
      • pkg:maven/gemma/gemma-web@1.31.6
      • pkg:maven/gemma/gemma-core@1.31.6
      • pkg:maven/gemma/gemma@1.31.6
      • pkg:maven/gemma/gemma-rest@1.31.6
      • pkg:maven/gemma/gemma-groovy-support@1.31.6
      • pkg:maven/gemma/gemma-cli@1.31.6

      Identifiers

      CVE-2018-1270  

      Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
      CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')

      CVSSv2:
      • Base Score: HIGH (7.5)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22965  

      CISA Known Exploited Vulnerability:
      • Product: VMware Spring Framework
      • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
      • Date Added: 2022-04-04
      • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
      • Required Action: Apply updates per vendor instructions.
      • Due Date: 2022-04-25

      A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
      CWE-94 Improper Control of Generation of Code ('Code Injection')

      CVSSv2:
      • Base Score: HIGH (7.5)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2016-5007  

      Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
      CWE-264 Permissions, Privileges, and Access Controls

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-11040  

      Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
      CWE-829 Inclusion of Functionality from Untrusted Control Sphere

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-1257  

      Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-5421  

      In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: LOW (3.6)
      • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N
      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22950  

      n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
      CWE-770 Allocation of Resources Without Limits or Throttling

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-20861  

      In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-20863 (OSSINDEX)  

      In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
      CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

      References:

      Vulnerable Software & Versions (OSSINDEX):

      • cpe:2.3:a:org.springframework:spring-expression:3.2.18.RELEASE:*:*:*:*:*:*:*

      CVE-2018-11039  

      Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22968  

      In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
      CWE-178 Improper Handling of Case Sensitivity

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22970  

      In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
      CWE-770 Allocation of Resources Without Limits or Throttling

      CVSSv2:
      • Base Score: LOW (3.5)
      • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      spring-oxm-3.2.4.RELEASE.jar

      Description:

      Spring Object/XML Marshalling

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/jenkins/.m2/repository/org/springframework/spring-oxm/3.2.4.RELEASE/spring-oxm-3.2.4.RELEASE.jar
      MD5: 2abb980787ce24a67a9496172cef65cf
      SHA1: 1de9e0537d7ea233668540577e72d86ff6df6d8b
      SHA256:fc259b1b0946c862527c5714dca66f6e884ce8249b35d146bed0fa66d553b1e8
      Referenced In Project/Scope: Gemma Web:compile
      spring-oxm-3.2.4.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASE

      Identifiers

      CVE-2018-1270  

      Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
      CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')

      CVSSv2:
      • Base Score: HIGH (7.5)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22965  

      CISA Known Exploited Vulnerability:
      • Product: VMware Spring Framework
      • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
      • Date Added: 2022-04-04
      • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
      • Required Action: Apply updates per vendor instructions.
      • Due Date: 2022-04-25

      A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
      CWE-94 Improper Control of Generation of Code ('Code Injection')

      CVSSv2:
      • Base Score: HIGH (7.5)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2015-5211  

      Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
      CWE-552 Files or Directories Accessible to External Parties

      CVSSv2:
      • Base Score: HIGH (9.3)
      • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C
      CVSSv3:
      • Base Score: CRITICAL (9.6)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2014-0225  

      When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
      CWE-611 Improper Restriction of XML External Entity Reference

      CVSSv2:
      • Base Score: MEDIUM (6.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
      CVSSv3:
      • Base Score: HIGH (8.8)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2016-5007  

      Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
      CWE-264 Permissions, Privileges, and Access Controls

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2016-9878  

      An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
      CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-11040  

      Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
      CWE-829 Inclusion of Functionality from Untrusted Control Sphere

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2013-6429  

      The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
      CWE-611 Improper Restriction of XML External Entity Reference, CWE-352 Cross-Site Request Forgery (CSRF)

      CVSSv2:
      • Base Score: MEDIUM (6.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2014-0054  

      The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
      CWE-352 Cross-Site Request Forgery (CSRF)

      CVSSv2:
      • Base Score: MEDIUM (6.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-1257  

      Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-5421  

      In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: LOW (3.6)
      • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N
      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22950  

      n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
      CWE-770 Allocation of Resources Without Limits or Throttling

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-20861  

      In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-11039  

      Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
      NVD-CWE-noinfo

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2015-3192  

      Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
      CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (5.5)
      • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22968  

      In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
      CWE-178 Improper Handling of Case Sensitivity

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-22970  

      In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
      CWE-770 Allocation of Resources Without Limits or Throttling

      CVSSv2:
      • Base Score: LOW (3.5)
      • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P
      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2014-3578  

      Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
      CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2014-3625  

      Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
      CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2014-1904  

      Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
      CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      spring-retry-1.0.3.RELEASE.jar

      Description:

      Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize.  For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff.

      License:

      Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/jenkins/.m2/repository/org/springframework/retry/spring-retry/1.0.3.RELEASE/spring-retry-1.0.3.RELEASE.jar
      MD5: 5d5f5046b698320b27d4f86285928a34
      SHA1: 33b967f6abaa0a496318bff2ce96e6da6285a54d
      SHA256:d8f2fd2339e794f4dd78e29d44b33f1f0b5fa687525abee8e7246f61d9cd9fca
      Referenced In Projects/Scopes:
      • Gemma Groovy Support:compile
      • Gemma Core:compile
      • Gemma CLI:compile
      • Gemma REST:compile
      • Gemma Web:compile

      spring-retry-1.0.3.RELEASE.jar is in the transitive dependency tree of the listed items.Included by:
      • pkg:maven/gemma/gemma-core@1.31.6
      • pkg:maven/gemma/gemma-core@1.31.6
      • pkg:maven/gemma/gemma-core@1.31.6
      • pkg:maven/gemma/gemma-core@1.31.6
      • pkg:maven/gemma/gemma-core@1.31.6

      Identifiers

      spring-security-acl-3.2.10.RELEASE.jar

      Description:

      spring-security-acl

      License:

      The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-acl/3.2.10.RELEASE/spring-security-acl-3.2.10.RELEASE.jar
      MD5: f87a9ef5d7952bc6f8096b3223d67e19
      SHA1: 0417714b1b6c7f11cb6c2a5ee4c3738d43353928
      SHA256:7916014dbd3c61585d92aeb14e4c74584c60b7858bfb8e63b2af4560d1955315
      Referenced In Projects/Scopes:
      • Gemma Groovy Support:compile
      • Gemma Core:compile
      • Gemma:compile
      • Gemma CLI:compile
      • Gemma REST:compile
      • Gemma Web:compile

      spring-security-acl-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by:
      • pkg:maven/gemma/gemma-core@1.31.6
      • pkg:maven/gemma/gemma-cli@1.31.6
      • pkg:maven/gemma/gemma-web@1.31.6
      • pkg:maven/gemma/gemma@1.31.6
      • pkg:maven/gemma/gemma-groovy-support@1.31.6
      • pkg:maven/gemma/gemma-rest@1.31.6

      Identifiers

      CVE-2022-22978  

      In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
      CWE-863 Incorrect Authorization

      CVSSv2:
      • Base Score: HIGH (7.5)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

      References:

        Vulnerable Software & Versions: (show all)

        CVE-2021-22112  

        Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: HIGH (9.0)
        • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
        CVSSv3:
        • Base Score: HIGH (8.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2016-5007  

        Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2022-22976  

        Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
        CWE-190 Integer Overflow or Wraparound

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        spring-security-config-3.2.10.RELEASE.jar

        Description:

        spring-security-config

        License:

        The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-config/3.2.10.RELEASE/spring-security-config-3.2.10.RELEASE.jar
        MD5: 8c8534526c1ed31e3cdc65523e782e3c
        SHA1: c8c9c742067d5a4879bf8db289cb48b60262056a
        SHA256:f8849bb9e245423924ccdaee6693d497f1b4d2dd2069e7695d4fdd2b82a2f5b3
        Referenced In Projects/Scopes:
        • Gemma CLI:runtime
        • Gemma Core:runtime
        • Gemma Groovy Support:runtime
        • Gemma:runtime
        • Gemma Web:runtime
        • Gemma REST:runtime

        spring-security-config-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-groovy-support@1.31.6
        • pkg:maven/gemma/gemma-core@1.31.6
        • pkg:maven/gemma/gemma-cli@1.31.6
        • pkg:maven/gemma/gemma@1.31.6
        • pkg:maven/gemma/gemma-rest@1.31.6
        • pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        CVE-2022-22978  

        In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
        CWE-863 Incorrect Authorization

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: CRITICAL (9.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2021-22112  

        Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: HIGH (9.0)
        • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
        CVSSv3:
        • Base Score: HIGH (8.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2016-5007  

        Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2023-20862 (OSSINDEX)  

        In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-20862 for details
        CWE-459 Incomplete Cleanup

        CVSSv3:
        • Base Score: MEDIUM (6.300000190734863)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework.security:spring-security-config:3.2.10.RELEASE:*:*:*:*:*:*:*

        CVE-2018-1199 (OSSINDEX)  

        Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.
        CWE-20 Improper Input Validation

        CVSSv3:
        • Base Score: MEDIUM (5.300000190734863)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework.security:spring-security-config:3.2.10.RELEASE:*:*:*:*:*:*:*

        CVE-2022-22976  

        Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
        CWE-190 Integer Overflow or Wraparound

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        spring-security-core-3.2.10.RELEASE.jar

        Description:

        spring-security-core

        License:

        The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-core/3.2.10.RELEASE/spring-security-core-3.2.10.RELEASE.jar
        MD5: 86427a3f1e565f975b48cb8b9be4649d
        SHA1: e8018fab2ada266288d1db83cc4e452de1e2ed1c
        SHA256:10443ef19e3cbe2b82197983d7fa0dec5bebd40dc3ca2c0cf02864359cdc2c93
        Referenced In Projects/Scopes:
        • Gemma Groovy Support:compile
        • Gemma Core:compile
        • Gemma:compile
        • Gemma CLI:compile
        • Gemma REST:compile
        • Gemma Web:compile

        spring-security-core-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma@1.31.6
        • pkg:maven/gemma/gemma-core@1.31.6
        • pkg:maven/gemma/gemma-web@1.31.6
        • pkg:maven/gemma/gemma-cli@1.31.6
        • pkg:maven/gemma/gemma-rest@1.31.6
        • pkg:maven/gemma/gemma-groovy-support@1.31.6

        Identifiers

        CVE-2022-22978  

        In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
        CWE-863 Incorrect Authorization

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: CRITICAL (9.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2021-22112  

        Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: HIGH (9.0)
        • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
        CVSSv3:
        • Base Score: HIGH (8.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2024-22257 (OSSINDEX)  

        In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, 
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to 
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
        CWE-1390 Weak Authentication

        CVSSv3:
        • Base Score: HIGH (8.199999809265137)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework.security:spring-security-core:3.2.10.RELEASE:*:*:*:*:*:*:*

        CVE-2016-5007  

        Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2019-11272 (OSSINDEX)  

        Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
        CWE-522 Insufficiently Protected Credentials

        CVSSv3:
        • Base Score: HIGH (7.300000190734863)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework.security:spring-security-core:3.2.10.RELEASE:*:*:*:*:*:*:*

        CVE-2019-3795 (OSSINDEX)  

        Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2019-3795 for details
        CWE-330 Use of Insufficiently Random Values

        CVSSv3:
        • Base Score: MEDIUM (5.300000190734863)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework.security:spring-security-core:3.2.10.RELEASE:*:*:*:*:*:*:*

        CVE-2022-22976  

        Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
        CWE-190 Integer Overflow or Wraparound

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        spring-security-web-3.2.10.RELEASE.jar

        Description:

        spring-security-web

        License:

        The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-web/3.2.10.RELEASE/spring-security-web-3.2.10.RELEASE.jar
        MD5: 22b94b4f676727805952091f92cd60f5
        SHA1: b925996ca5a7310e3315705cd2b69a15214ee3e1
        SHA256:84b59931956693916e744977cec02db88fcd17eb11f47081d46b7fdc5196b1dd
        Referenced In Projects/Scopes:
        • Gemma REST:compile
        • Gemma Web:compile

        spring-security-web-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-rest@1.31.6
        • pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        CVE-2022-22978  

        In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
        CWE-863 Incorrect Authorization

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: CRITICAL (9.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2021-22112  

        Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: HIGH (9.0)
        • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
        CVSSv3:
        • Base Score: HIGH (8.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2016-5007  

        Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2016-9879 (OSSINDEX)  

        An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.
        CWE-417 Communication Channel Errors

        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework.security:spring-security-web:3.2.10.RELEASE:*:*:*:*:*:*:*

        CVE-2023-20862 (OSSINDEX)  

        In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-20862 for details
        CWE-459 Incomplete Cleanup

        CVSSv3:
        • Base Score: MEDIUM (6.300000190734863)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework.security:spring-security-web:3.2.10.RELEASE:*:*:*:*:*:*:*

        CVE-2018-1199 (OSSINDEX)  

        Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.
        CWE-20 Improper Input Validation

        CVSSv3:
        • Base Score: MEDIUM (5.300000190734863)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework.security:spring-security-web:3.2.10.RELEASE:*:*:*:*:*:*:*

        CVE-2022-22976  

        Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
        CWE-190 Integer Overflow or Wraparound

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        spring-social-core-1.0.3.RELEASE.jar

        Description:

        Foundational module containing the ServiceProvider Connect Framework and Service API invocation support.

        License:

        The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/springframework/social/spring-social-core/1.0.3.RELEASE/spring-social-core-1.0.3.RELEASE.jar
        MD5: 5e3390fe11574f09c63be485eea284c7
        SHA1: 44e648f23b45162c698e255a16759832dfcfc004
        SHA256:07729c0ba458698cd1047a017894c5084d79aaf5cf1ccafb75710ad6e0c230c1
        Referenced In Project/Scope: Gemma Web:runtime
        spring-social-core-1.0.3.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        CVE-2015-5258  

        Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
        CWE-352 Cross-Site Request Forgery (CSRF)

        CVSSv2:
        • Base Score: MEDIUM (6.8)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: HIGH (8.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions:

        spring-web-3.2.18.RELEASE.jar

        Description:

        Spring Web

        License:

        The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/springframework/spring-web/3.2.18.RELEASE/spring-web-3.2.18.RELEASE.jar
        MD5: c3435c31fea5f1e479b4bb5eba32133d
        SHA1: bc0bdade0a7a52b8fae88e1febc8479383a2acad
        SHA256:0aa220d3703eaf6eff670423978566a2af506fb9ea8bb728fa05bb16bdc74e9c
        Referenced In Projects/Scopes:
        • Gemma REST:compile
        • Gemma Web:compile

        spring-web-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-web@1.31.6
        • pkg:maven/org.springframework/spring-webmvc@3.2.18.RELEASE

        Identifiers

        CVE-2016-1000027  

        Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
        CWE-502 Deserialization of Untrusted Data

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: CRITICAL (9.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions:

        CVE-2018-1270  

        Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
        CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: CRITICAL (9.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2022-22965  

        CISA Known Exploited Vulnerability:
        • Product: VMware Spring Framework
        • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
        • Date Added: 2022-04-04
        • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
        • Required Action: Apply updates per vendor instructions.
        • Due Date: 2022-04-25

        A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
        CWE-94 Improper Control of Generation of Code ('Code Injection')

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: CRITICAL (9.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2024-22243 (OSSINDEX)  

        Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.


Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-22243 for details
        CWE-20 Improper Input Validation

        CVSSv3:
        • Base Score: HIGH (8.100000381469727)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework:spring-web:3.2.18.RELEASE:*:*:*:*:*:*:*

        CVE-2024-22262 (OSSINDEX)  

        Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22259 https://spring.io/security/cve-2024-22259  and  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
        CWE-20 Improper Input Validation

        CVSSv3:
        • Base Score: HIGH (8.100000381469727)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework:spring-web:3.2.18.RELEASE:*:*:*:*:*:*:*

        CVE-2016-5007  

        Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2018-11040  

        Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
        CWE-829 Inclusion of Functionality from Untrusted Control Sphere

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2018-1272 (OSSINDEX)  

        Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework:spring-web:3.2.18.RELEASE:*:*:*:*:*:*:*

        CVE-2018-1257  

        Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: MEDIUM (4.0)
        • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
        CVSSv3:
        • Base Score: MEDIUM (6.5)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2020-5421  

        In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: LOW (3.6)
        • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N
        CVSSv3:
        • Base Score: MEDIUM (6.5)
        • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2022-22950  

        n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
        CWE-770 Allocation of Resources Without Limits or Throttling

        CVSSv2:
        • Base Score: MEDIUM (4.0)
        • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
        CVSSv3:
        • Base Score: MEDIUM (6.5)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2023-20861  

        In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
        NVD-CWE-noinfo

        CVSSv3:
        • Base Score: MEDIUM (6.5)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2018-11039  

        Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.9)
        • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2022-22968  

        In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
        CWE-178 Improper Handling of Case Sensitivity

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2022-22970  

        In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
        CWE-770 Allocation of Resources Without Limits or Throttling

        CVSSv2:
        • Base Score: LOW (3.5)
        • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        spring-webmvc-3.2.18.RELEASE.jar

        Description:

        Spring Web MVC

        License:

        The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/springframework/spring-webmvc/3.2.18.RELEASE/spring-webmvc-3.2.18.RELEASE.jar
        MD5: 2cb8a9569b95a76a0485d71c913c1819
        SHA1: 60e5bb3dc9cb83d6cc53628082ec89a57d4832b2
        SHA256:effcce98fd4e9fa95c9a53e49db801f1e2d011ee6dcbb7a7eb1a3ca3bcb2cfd5
        Referenced In Projects/Scopes:
        • Gemma REST:compile
        • Gemma Web:compile

        spring-webmvc-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-rest@1.31.6
        • pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        CVE-2018-1270  

        Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
        CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: CRITICAL (9.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2022-22965  

        CISA Known Exploited Vulnerability:
        • Product: VMware Spring Framework
        • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
        • Date Added: 2022-04-04
        • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
        • Required Action: Apply updates per vendor instructions.
        • Due Date: 2022-04-25

        A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
        CWE-94 Improper Control of Generation of Code ('Code Injection')

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: CRITICAL (9.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2016-5007  

        Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2018-11040  

        Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
        CWE-829 Inclusion of Functionality from Untrusted Control Sphere

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: HIGH (7.5)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2018-1257  

        Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: MEDIUM (4.0)
        • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
        CVSSv3:
        • Base Score: MEDIUM (6.5)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2020-5421  

        In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: LOW (3.6)
        • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N
        CVSSv3:
        • Base Score: MEDIUM (6.5)
        • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2022-22950  

        n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
        CWE-770 Allocation of Resources Without Limits or Throttling

        CVSSv2:
        • Base Score: MEDIUM (4.0)
        • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
        CVSSv3:
        • Base Score: MEDIUM (6.5)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2023-20861  

        In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
        NVD-CWE-noinfo

        CVSSv3:
        • Base Score: MEDIUM (6.5)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2018-1271 (OSSINDEX)  

        Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
        CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

        CVSSv3:
        • Base Score: MEDIUM (5.900000095367432)
        • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework:spring-webmvc:3.2.18.RELEASE:*:*:*:*:*:*:*

        CVE-2018-11039  

        Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.9)
        • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2022-22968  

        In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
        CWE-178 Improper Handling of Case Sensitivity

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2022-22970  

        In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
        CWE-770 Allocation of Resources Without Limits or Throttling

        CVSSv2:
        • Base Score: LOW (3.5)
        • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2021-22060 (OSSINDEX)  

        In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
        CWE-117 Improper Output Neutralization for Logs

        CVSSv3:
        • Base Score: MEDIUM (4.300000190734863)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:org.springframework:spring-webmvc:3.2.18.RELEASE:*:*:*:*:*:*:*

        spring-ws-core-2.1.4.RELEASE.jar

        Description:

        Spring Web Services Core package.

        File Path: /home/jenkins/.m2/repository/org/springframework/ws/spring-ws-core/2.1.4.RELEASE/spring-ws-core-2.1.4.RELEASE.jar
        MD5: 3af5370615b2816ef898934d4d666039
        SHA1: 136d082e0aa7f43edee019f0779a2555b1c72fd4
        SHA256:8782c0b394ada40448ad5ace1914f4a88d3ebe79c92fa79bd3d816fd86222365
        Referenced In Project/Scope: Gemma Web:compile
        spring-ws-core-2.1.4.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        CVE-2019-3773  

        Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
        CWE-611 Improper Restriction of XML External Entity Reference

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
        CVSSv3:
        • Base Score: CRITICAL (9.8)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        sprintf.js

        File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/sprintf.js
        MD5: 0c3e73c7b1e5cca8a023069e95a425f7
        SHA1: a6cbfbb143b37bc96018ba2f30c5cb9726365968
        SHA256:43f65740b06335358f30a556015d0116778974813b8d9060f9a5b775e9a1f9ce
        Referenced In Project/Scope: Gemma Web

        Identifiers

        • None

        stax-api-1.0-2.jar

        Description:

            StAX is a standard XML processing API that allows you to stream XML data from and to your application.

        License:

        GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
        File Path: /home/jenkins/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar
        MD5: 7d18b63063580284c3f5734081fdc99f
        SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
        SHA256:e8c70ebd76f982c9582a82ef82cf6ce14a7d58a4a4dca5cb7b7fc988c80089b7
        Referenced In Project/Scope: Gemma Web:compile
        stax-api-1.0-2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASE

        Identifiers

        stax-ex-1.8.3.jar

        Description:

        Extensions to JSR-173 StAX API.

        License:

        Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
        File Path: /home/jenkins/.m2/repository/org/jvnet/staxex/stax-ex/1.8.3/stax-ex-1.8.3.jar
        MD5: f6d943e74064cc1e7986236699d6cd04
        SHA1: 4d69b68ee007aa15238cd4477392068b32747df3
        SHA256:bee08da10bbc481418a1af70b9e9a80321b745bfb4dbdebbe98c1aa17c45caf8
        Referenced In Project/Scope: Gemma Web:runtime
        stax-ex-1.8.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3

        Identifiers

        swagger-core-2.2.22.jar

        Description:

        swagger-core

        License:

        "Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html"
        File Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-core/2.2.22/swagger-core-2.2.22.jar
        MD5: 03ddcaa6a062b05e648920c5349325bb
        SHA1: bda27a7291d01e96eb4b33bab33ca44f323becaf
        SHA256:8a8753f2425304fa7001eb79064bbba5949a2ab3c096c48096c07a5acea95b9f
        Referenced In Projects/Scopes:
        • Gemma REST:compile
        • Gemma Web:compile

        swagger-core-2.2.22.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-rest@1.31.6
        • pkg:maven/gemma/gemma-rest@1.31.6

        Identifiers

        swagger-jaxrs2-servlet-initializer-v2-2.2.22.jar

        Description:

        swagger-servlet-initializer-v2

        License:

        "Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html"
        File Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-jaxrs2-servlet-initializer-v2/2.2.22/swagger-jaxrs2-servlet-initializer-v2-2.2.22.jar
        MD5: 3d281b49e5133881a0dbc19caefd29e6
        SHA1: 0aa29d99663edc8e6b370be19dbe1d1c99d6a081
        SHA256:92883aab52b4631dcbbc0c43fe50de3f5e4ac65ef9ea7d1df50534c98070b125
        Referenced In Projects/Scopes:
        • Gemma Web:runtime
        • Gemma REST:runtime

        swagger-jaxrs2-servlet-initializer-v2-2.2.22.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-rest@1.31.6
        • pkg:maven/gemma/gemma-rest@1.31.6

        Identifiers

        swagger-ui-bundle.js

        File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-rest/target/classes/restapidocs/swagger-ui-bundle.js
        MD5: 56af2cfa879107ba286dc4b47cd3aac7
        SHA1: 4bce1f94eaf4e61f4ea48d884a0e8a3bcbe01166
        SHA256:a973bd4c447fcc6cc1210dae81b7ec6001048fa59a0a24c231ff316728ff1255
        Referenced In Projects/Scopes:

        • Gemma REST
        • Gemma Web:compile

        swagger-ui-bundle.js is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        taglibs-standard-impl-1.2.5.jar

        Description:

                An implementation of the JSP Standard Tag Library (JSTL).

        License:

        http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/apache/taglibs/taglibs-standard-impl/1.2.5/taglibs-standard-impl-1.2.5.jar
        MD5: 8e5c8db242fbef3db1acfcbb3bc8ec8b
        SHA1: 9b9783ccb2a323383e6e20e36d368f8997b71967
        SHA256:d075cb77d94e2d115b4d90a897b57d65cc31ed8e1b95d65361da324642705728
        Referenced In Project/Scope: Gemma Web:runtime
        taglibs-standard-impl-1.2.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        tiger-types-1.4.jar

        File Path: /home/jenkins/.m2/repository/org/jvnet/tiger-types/1.4/tiger-types-1.4.jar
        MD5: 51f3d145cf8ff9ee5af99f58c1cc7930
        SHA1: 09f75db7dea926f497e76eae2cea36eca74ea508
        SHA256:0dd463a62f6417d7da60dad0613f2e14d598aa2fa93fe535de7142ae19cdfbe5
        Referenced In Projects/Scopes:

        • Gemma REST:compile
        • Gemma Web:compile

        tiger-types-1.4.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-rest@1.31.6
        • pkg:maven/org.glassfish.jersey.ext/jersey-spring3@2.25.1

        Identifiers

        tomcat-el-api-8.5.100.jar

        Description:

        Expression language package

        License:

        Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/apache/tomcat/tomcat-el-api/8.5.100/tomcat-el-api-8.5.100.jar
        MD5: 3772bab0c4b0f526a4899fce6ff1180b
        SHA1: 6b68b9ab1ba410470b3c736a5308bfe0ee1a343e
        SHA256:b0ad398943452ec46044a7f56f47e2804c20b4c77ab1ea2045b075058b2f91ed
        Referenced In Project/Scope: Gemma Web:provided
        tomcat-el-api-8.5.100.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-jsp-api@8.5.100

        Identifiers

        tomcat-jsp-api-8.5.100.jar

        Description:

        JSP package

        License:

        Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/apache/tomcat/tomcat-jsp-api/8.5.100/tomcat-jsp-api-8.5.100.jar
        MD5: 51aba47f8aa48dace992786794e25424
        SHA1: 0a3faf3871fe08dbc21e4bd822e081d3e091d502
        SHA256:2db4a0aef16c947cef0b07f55526d5d5fca78501ab0218e9473face754dbfd9f
        Referenced In Project/Scope: Gemma Web:provided
        tomcat-jsp-api-8.5.100.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        CVE-2020-8022  

        A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
        CWE-276 Incorrect Default Permissions

        CVSSv2:
        • Base Score: HIGH (7.2)
        • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
        CVSSv3:
        • Base Score: HIGH (7.8)
        • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        tomcat-servlet-api-8.5.100.jar

        Description:

        javax.servlet package

        License:

                Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt
        File Path: /home/jenkins/.m2/repository/org/apache/tomcat/tomcat-servlet-api/8.5.100/tomcat-servlet-api-8.5.100.jar
        MD5: 99277a4e6c494366b9727ede06a026fa
        SHA1: 22cd16d8a163746c340b6dda941a921781c87492
        SHA256:e7b1f8ea8081d2ae1da52c082a993b840fdcda9774264565818a5cf27b9a4f08
        Referenced In Project/Scope: Gemma Web:provided
        tomcat-servlet-api-8.5.100.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        userHelpMessages.js

        File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/userHelpMessages.js
        MD5: a40f8b83106fd753b79e3788bf6c9599
        SHA1: 110b84c00cadb1f6f8e662c74cbe5030b7da92f6
        SHA256:a0e97a60cca412a8e6302edb1353d12d3afce09fb8d57c16bc8e3a3c13a95a13
        Referenced In Project/Scope: Gemma Web

        Identifiers

        • None

        userManager.js

        File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/userManager.js
        MD5: 19df7363d048b40fe6c4a2717aca001d
        SHA1: 3fcbd9f5765fb0e4d44b07c7d47137650a84ab85
        SHA256:e68358d02fa480e739df86637fd43375d9df794607d922a90200fe1f60210ae9
        Referenced In Project/Scope: Gemma Web

        Identifiers

        • None

        validation-api-1.1.0.Final.jar

        Description:

                Bean Validation API

        License:

        The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
        MD5: 4c257f52462860b62ab3cdab45f53082
        SHA1: 8613ae82954779d518631e05daa73a6a954817d5
        SHA256:f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
        Referenced In Projects/Scopes:
        • Gemma REST:compile
        • Gemma Web:compile

        validation-api-1.1.0.Final.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1
        • pkg:maven/gemma/gemma-rest@1.31.6

        Identifiers

        valueObjectsInheritanceStructure.js

        File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/valueObjectsInheritanceStructure.js
        MD5: ba6f864034a66a00bffbf44bc81b75d9
        SHA1: df873fa990570dfd28683b926ee6f83196ba29b4
        SHA256:f9d5fed68c1bbc2115a8092c71c59104681c6591b674d78065b970bcf0404697
        Referenced In Project/Scope: Gemma Web

        Identifiers

        • None

        velocity-engine-core-2.3.jar (shaded: commons-io:commons-io:2.8.0)

        Description:

        The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

        File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-engine-core/2.3/velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml
        MD5: bde9745d9cea5e45d720cb5a860f1fc6
        SHA1: 9bde4473ef8c6f2e5aef5bc5fbf357663a90834e
        SHA256:d7c8641a37d6e76f36fb9e81fc1420e26a09d63fa32f00f74764de067ca8347d
        Referenced In Projects/Scopes:

        • Gemma Groovy Support:compile
        • Gemma Core:compile
        • Gemma CLI:compile
        • Gemma REST:compile
        • Gemma Web:compile

        Identifiers

        velocity-engine-core-2.3.jar

        Description:

        Apache Velocity is a general purpose template engine.

        License:

        https://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-engine-core/2.3/velocity-engine-core-2.3.jar
        MD5: e761e6088b946b42289c5d676a515581
        SHA1: e2133b723d0e42be74880d34de6bf6538ea7f915
        SHA256:b086cee8fd8183e240b4afcf54fe38ec33dd8eb0da414636e5bf7aa4d9856629
        Referenced In Projects/Scopes:
        • Gemma Groovy Support:compile
        • Gemma Core:compile
        • Gemma CLI:compile
        • Gemma REST:compile
        • Gemma Web:compile

        velocity-engine-core-2.3.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-core@1.31.6
        • pkg:maven/gemma/gemma-core@1.31.6
        • pkg:maven/gemma/gemma-core@1.31.6
        • pkg:maven/gemma/gemma-core@1.31.6
        • pkg:maven/gemma/gemma-core@1.31.6

        Identifiers

        wsdl4j-1.6.1.jar

        Description:

        Java stub generator for WSDL

        License:

        CPL: http://www.opensource.org/licenses/cpl1.0.txt
        File Path: /home/jenkins/.m2/repository/wsdl4j/wsdl4j/1.6.1/wsdl4j-1.6.1.jar
        MD5: 333331aee2e0f65e846b9ef0e20432e5
        SHA1: 9e9cee064ec2c9c01e0cd6b8bffd1a7013d81f65
        SHA256:0d712ccfd0f0edbf9b0e6793c9562d8c2037bfd8878e9d46f476a68d6f83c11e
        Referenced In Project/Scope: Gemma Web:compile
        wsdl4j-1.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASE

        Identifiers

        xalan-2.7.3.jar (shaded: org.apache.bcel:bcel:6.7.0)

        Description:

        Apache Commons Bytecode Engineering Library

        File Path: /home/jenkins/.m2/repository/xalan/xalan/2.7.3/xalan-2.7.3.jar/META-INF/maven/org.apache.bcel/bcel/pom.xml
        MD5: d295c30370ff8cf96227ecff62fcb78d
        SHA1: 38983d16d320ff710f8898e2dd342299d76939a7
        SHA256:b0a59c14c26bdb4c7a5a2b13b8dcbd9acebf55e67fe91497140d8894de2fdeae
        Referenced In Project/Scope: Gemma Web:runtime

        Identifiers

        xalan-2.7.3.jar

        File Path: /home/jenkins/.m2/repository/xalan/xalan/2.7.3/xalan-2.7.3.jar
        MD5: e384223db0825925765f2bf66839d26d
        SHA1: 5095bedf29e73756fb5729f2241fd5ffa33d87e0
        SHA256:febd48bb133a96c447282213951a6b74ea7fb45c0d896121296c014316bda6b0
        Referenced In Project/Scope: Gemma Web:runtime
        xalan-2.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        xercesImpl-2.12.2.jar

        Description:

              Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

      The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.

      Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.

      Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.

      Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.

        License:

        The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
        File Path: /home/jenkins/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar
        MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9
        SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2
        SHA256:6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16
        Referenced In Projects/Scopes:
        • Gemma Groovy Support:compile
        • Gemma Core:compile
        • Gemma:compile
        • Gemma CLI:compile
        • Gemma REST:compile
        • Gemma Web:compile

        xercesImpl-2.12.2.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-cli@1.31.6
        • pkg:maven/gemma/gemma@1.31.6
        • pkg:maven/gemma/gemma-rest@1.31.6
        • pkg:maven/gemma/gemma-core@1.31.6
        • pkg:maven/gemma/gemma-groovy-support@1.31.6
        • pkg:maven/gemma/gemma-web@1.31.6

        Identifiers

        • pkg:maven/xerces/xercesImpl@2.12.2  (Confidence:High)
        • cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*  (Confidence:Low)  
        • cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*  (Confidence:Low)  

        CVE-2017-10355 (OSSINDEX)  

        sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)

The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
        CWE-833 Deadlock

        CVSSv3:
        • Base Score: MEDIUM (5.900000095367432)
        • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

        References:

        Vulnerable Software & Versions (OSSINDEX):

        • cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:*

        xml-apis-1.4.01.jar

        Description:

        xml-commons provides an Apache-hosted set of DOM, SAX, and 
    JAXP interfaces for use in other xml-based projects. Our hope is that we 
    can standardize on both a common version and packaging scheme for these 
    critical XML standards interfaces to make the lives of both our developers 
    and users easier. The External Components portion of xml-commons contains 
    interfaces that are defined by external standards organizations. For DOM, 
    that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for 
    JAXP it's Sun.

        License:

        The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip
        File Path: /home/jenkins/.m2/repository/xml-apis/xml-apis/1.4.01/xml-apis-1.4.01.jar
        MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
        SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
        SHA256:a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad
        Referenced In Projects/Scopes:
        • Gemma Groovy Support:compile
        • Gemma Core:compile
        • Gemma:compile
        • Gemma CLI:compile
        • Gemma REST:compile
        • Gemma Web:compile

        xml-apis-1.4.01.jar is in the transitive dependency tree of the listed items.Included by:
        • pkg:maven/gemma/gemma-groovy-support@1.31.6
        • pkg:maven/gemma/gemma-rest@1.31.6
        • pkg:maven/gemma/gemma-cli@1.31.6
        • pkg:maven/gemma/gemma-core@1.31.6
        • pkg:maven/gemma/gemma-web@1.31.6
        • pkg:maven/gemma/gemma@1.31.6

        Identifiers



        This report contains data retrieved from the National Vulnerability Database.
        This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
        This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
        This report may contain data retrieved from RetireJS.
        This report may contain data retrieved from the Sonatype OSS Index.