Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 7.1.2Report Generated On : Fri, 3 Feb 2023 11:24:37 GMTDependencies Scanned : 313 (259 unique)Vulnerable Dependencies : 69 Vulnerabilities Found : 195Vulnerabilities Suppressed : 0... NVD CVE Checked : 2023-02-03T11:22:58NVD CVE Modified : 2023-02-03T11:00:04VersionCheckOn : 2023-02-03T11:22:58Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
Open Source implementation of the Fast Infoset Standard for Binary XML (http://www.itu.int/ITU-T/asn1/). License:
http://www.opensource.org/licenses/apache2.0.php File Path: /home/grprdist/.m2/repository/com/sun/xml/fastinfoset/FastInfoset/1.2.15/FastInfoset-1.2.15.jar
MD5: 57f3894ad7e069ae740b277d92d10fa0
SHA1: bb7b7ec0379982b97c62cd17465cb6d9155f68e8
SHA256: 785861db11ca1bd0d1956682b974ad73eb19cd3e01a4b3fa82d62eca97210aec
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name FastInfoset High Vendor jar package name fastinfoset Highest Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname com.sun.xml.fastinfoset.FastInfoset Medium Vendor Manifest extension-name com.sun.xml.fastinfoset Medium Vendor Manifest implementation-build-id ${scmBranch}-${buildNumber}, ${timestamp} Low Vendor Manifest implementation-url http://fi.java.net Low Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Vendor Manifest url http://fi.java.net Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid FastInfoset Highest Vendor pom artifactid FastInfoset Low Vendor pom groupid com.sun.xml.fastinfoset Highest Vendor pom name fastinfoset High Vendor pom parent-artifactid fastinfoset-project Low Vendor pom url http://fi.java.net Highest Product file name FastInfoset High Product jar package name fastinfoset Highest Product jar package name sun Highest Product jar package name xml Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name fastinfoset Medium Product Manifest bundle-symbolicname com.sun.xml.fastinfoset.FastInfoset Medium Product Manifest extension-name com.sun.xml.fastinfoset Medium Product Manifest implementation-build-id ${scmBranch}-${buildNumber}, ${timestamp} Low Product Manifest Implementation-Title Fast Infoset Implementation High Product Manifest implementation-url http://fi.java.net Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Product Manifest specification-title ITU-T Rec. X.891 | ISO/IEC 24824-1 (Fast Infoset) Medium Product Manifest url http://fi.java.net Low Product pom artifactid FastInfoset Highest Product pom groupid com.sun.xml.fastinfoset Highest Product pom name fastinfoset High Product pom parent-artifactid fastinfoset-project Medium Product pom url http://fi.java.net Medium Version file version 1.2.15 High Version Manifest Bundle-Version 1.2.15 High Version Manifest Implementation-Version 1.2.15 High Version pom version 1.2.15 Highest
Description:
Commons XMLSchema is a light weight schema object model that can be used to manipulate or
generate a schema. It has a clean, easy to use API and can easily be integrated into an existing project
since it has almost no dependencies on third party libraries. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/ws/commons/schema/XmlSchema/1.4.7/XmlSchema-1.4.7.jar
MD5: e3dce6afd6690efc9436f0b2147cc584
SHA1: a667ab231d6333105db86efe4a96724f50913e1f
SHA256: aae47bc270758cc6c641b624e670c6702ded4f6cd5e452298ad28bc65c14e00d
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name XmlSchema High Vendor hint analyzer vendor web services Medium Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name schema Highest Vendor jar package name ws Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.ws.commons.schema.XmlSchema Medium Vendor pom artifactid XmlSchema Highest Vendor pom artifactid XmlSchema Low Vendor pom groupid org.apache.ws.commons.schema Highest Vendor pom name XmlSchema High Vendor pom organization name The Apache Software Foundation High Vendor pom organization url http://www.apache.org/ Medium Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://ws.apache.org/commons/XmlSchema Highest Product file name XmlSchema High Product hint analyzer product web services Medium Product jar package name apache Highest Product jar package name commons Highest Product jar package name schema Highest Product jar package name ws Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name XmlSchema Medium Product Manifest bundle-symbolicname org.apache.ws.commons.schema.XmlSchema Medium Product pom artifactid XmlSchema Highest Product pom groupid org.apache.ws.commons.schema Highest Product pom name XmlSchema High Product pom organization name The Apache Software Foundation Low Product pom organization url http://www.apache.org/ Low Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://ws.apache.org/commons/XmlSchema Medium Version file version 1.4.7 High Version Manifest Bundle-Version 1.4.7 High Version pom parent-version 1.4.7 Low Version pom version 1.4.7 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/net/minidev/accessors-smart/2.4.8/accessors-smart-2.4.8.jar
MD5: e5761631acc11ded0255af1249937e85
SHA1: 6e1bee5a530caba91893604d6ab41d0edcecca9a
SHA256: 7dd705aa1ac0e030f8ee2624e8e77239ae1eef6ccc2621c0b8c189866ee1c42c
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name accessors-smart High Vendor jar package name asm Highest Vendor jar package name minidev Highest Vendor jar package name net Highest Vendor Manifest bundle-docurl https://urielch.github.io/ Low Vendor Manifest bundle-symbolicname net.minidev.accessors-smart Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid accessors-smart Highest Vendor pom artifactid accessors-smart Low Vendor pom developer email shoothzj@gmail.com Low Vendor pom developer email uchemouni@gmail.com Low Vendor pom developer id Shoothzj Medium Vendor pom developer id uriel Medium Vendor pom developer name Uriel Chemouni Medium Vendor pom developer name ZhangJian He Medium Vendor pom groupid net.minidev Highest Vendor pom name ASM based accessors helper used by json-smart High Vendor pom organization name Chemouni Uriel High Vendor pom organization url https://urielch.github.io/ Medium Vendor pom url https://urielch.github.io/ Highest Product file name accessors-smart High Product jar package name asm Highest Product jar package name minidev Highest Product jar package name net Highest Product Manifest bundle-docurl https://urielch.github.io/ Low Product Manifest Bundle-Name accessors-smart Medium Product Manifest bundle-symbolicname net.minidev.accessors-smart Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid accessors-smart Highest Product pom developer email shoothzj@gmail.com Low Product pom developer email uchemouni@gmail.com Low Product pom developer id Shoothzj Low Product pom developer id uriel Low Product pom developer name Uriel Chemouni Low Product pom developer name ZhangJian He Low Product pom groupid net.minidev Highest Product pom name ASM based accessors helper used by json-smart High Product pom organization name Chemouni Uriel Low Product pom organization url https://urielch.github.io/ Low Product pom url https://urielch.github.io/ Medium Version file version 2.4.8 High Version Manifest Bundle-Version 2.4.8 High Version pom version 2.4.8 Highest
Description:
The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html File Path: /home/grprdist/.m2/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar
MD5: 46a37512971d8eca81c3fcf245bf07d2
SHA1: 485de3a253e23f645037828c07f1d7f1af40763a
SHA256: ae475120e9fcd99b4b00b38329bd61cdc5eb754eee03fe66c01f50e137724f99
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name activation High Vendor jar package name activation Highest Vendor jar package name javax Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest extension-name javax.activation Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid activation Highest Vendor pom artifactid activation Low Vendor pom groupid javax.activation Highest Vendor pom name JavaBeans(TM) Activation Framework High Vendor pom url http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp Highest Product file name activation High Product jar package name activation Highest Product jar package name javax Highest Product Manifest extension-name javax.activation Medium Product Manifest specification-title JavaBeans(TM) Activation Framework Specification Medium Product pom artifactid activation Highest Product pom groupid javax.activation Highest Product pom name JavaBeans(TM) Activation Framework High Product pom url http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp Medium Version file version 1.1.1 High Version Manifest Implementation-Version 1.1.1 High Version pom version 1.1.1 Highest
Description:
The ActiveMQ Message Broker and Client implementations License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/activemq/activemq-core/5.7.0/activemq-core-5.7.0.jar
MD5: 479f0354e80231c6895d8862e179ef2c
SHA1: 1e07c5849fbb28bac3bf2528a801758fc58db6af
SHA256: 8cb0bbdbd65afa23b55cc2c4b5c5e21c2da4b2534d57374a7fe52b9d1142c362
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name activemq-core High Vendor jar package name activemq Highest Vendor jar package name apache Highest Vendor jar package name broker Highest Vendor jar package name message Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.activemq.activemq-core Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.activemq Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid activemq-core Highest Vendor pom artifactid activemq-core Low Vendor pom groupid org.apache.activemq Highest Vendor pom name ActiveMQ :: Core High Vendor pom parent-artifactid activemq-parent Low Product file name activemq-core High Product jar package name activemq Highest Product jar package name apache Highest Product jar package name broker Highest Product jar package name message Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name activemq-core Medium Product Manifest bundle-symbolicname org.apache.activemq.activemq-core Medium Product Manifest Implementation-Title ActiveMQ :: Core High Product Manifest specification-title ActiveMQ :: Core Medium Product pom artifactid activemq-core Highest Product pom groupid org.apache.activemq Highest Product pom name ActiveMQ :: Core High Product pom parent-artifactid activemq-parent Medium Version file version 5.7.0 High Version Manifest Bundle-Version 5.7.0 High Version Manifest Implementation-Version 5.7.0 High Version pom version 5.7.0 Highest
CVE-2014-3600 suppress
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2015-3208 (OSSINDEX)suppress
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.activemq:activemq-core:5.7.0:*:*:*:*:*:*:* CVE-2015-5254 suppress
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2016-3088 suppress
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
CVE-2014-3576 suppress
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2014-3612 suppress
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames. CWE-287 Improper Authentication
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2019-0222 suppress
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-11775 suppress
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.4) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-3060 suppress
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. CWE-287 Improper Authentication
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2016-0734 suppress
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. CWE-254 7PK - Security Features
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2016-6810 suppress
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2018-8006 suppress
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-13947 suppress
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1941 suppress
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-13920 suppress
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. CWE-306 Missing Authentication for Critical Function
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2012-5784 suppress
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2016-0782 suppress
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.4) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2012-6551 suppress
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests. CWE-399 Resource Management Errors
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2015-1830 suppress
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2015-6524 suppress
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. CWE-255 Credentials Management
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2015-7559 suppress
It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2012-6092 suppress
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-1879 suppress
Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message." CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-1880 suppress
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2014-8110 suppress
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
Description:
A Simpler Protocol Buffer Java API. Includes a Proto to Java compiler.
File Path: /home/grprdist/.m2/repository/org/apache/activemq/protobuf/activemq-protobuf/1.1/activemq-protobuf-1.1.jarMD5: 38add15a7775073053fe3aa81979336cSHA1: 26682eb801f70563511f7c424dc10e8b3e66340eSHA256: 8323444e48a1920afe37b5f24b6dc139f35793e8a87fa178f6d9c8f92a6f39d1Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name activemq-protobuf High Vendor jar package name activemq Highest Vendor jar package name apache Highest Vendor jar package name buffer Highest Vendor jar package name compiler Highest Vendor jar package name protobuf Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.activemq.protobuf Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid activemq-protobuf Highest Vendor pom artifactid activemq-protobuf Low Vendor pom groupid org.apache.activemq.protobuf Highest Vendor pom name ActiveMQ Protocol Buffers Implementation and Compiler High Vendor pom parent-artifactid activemq-protobuf-pom Low Product file name activemq-protobuf High Product jar package name activemq Highest Product jar package name apache Highest Product jar package name buffer Highest Product jar package name compiler Highest Product jar package name protobuf Highest Product Manifest Implementation-Title ActiveMQ Protocol Buffers Implementation and Compiler High Product Manifest specification-title ActiveMQ Protocol Buffers Implementation and Compiler Medium Product pom artifactid activemq-protobuf Highest Product pom groupid org.apache.activemq.protobuf Highest Product pom name ActiveMQ Protocol Buffers Implementation and Compiler High Product pom parent-artifactid activemq-protobuf-pom Medium Version file version 1.1 High Version Manifest Implementation-Version 1.1 High Version pom version 1.1 Highest
Description:
The RabbitMQ Java client library allows Java applications to interface with RabbitMQ. License:
ASL 2.0: https://www.apache.org/licenses/LICENSE-2.0.html
GPL v2: https://www.gnu.org/licenses/gpl-2.0.txt
MPL 1.1: https://www.mozilla.org/MPL/MPL-1.1.txt File Path: /home/grprdist/.m2/repository/com/rabbitmq/amqp-client/4.12.0/amqp-client-4.12.0.jar
MD5: 906413fa9389eb87762d1913b1d342f0
SHA1: eb4cdaae6f0bca1f038524aa1cb23e9919d4d49b
SHA256: fa7ccfd324d53be9d5d98689beb33c286de0fe504febe5f1854a3a2369627b9c
Referenced In Project/Scope: Grouper Rabbitmq:compile
Evidence Type Source Name Value Confidence Vendor file name amqp-client High Vendor jar package name amqp Highest Vendor jar package name client Highest Vendor jar package name rabbitmq Highest Vendor Manifest automatic-module-name com.rabbitmq.client Medium Vendor Manifest bundle-docurl https://www.rabbitmq.com Low Vendor Manifest bundle-symbolicname com.rabbitmq.client Medium Vendor Manifest implementation-url https://www.rabbitmq.com Low Vendor Manifest Implementation-Vendor VMware, Inc. or its affiliates. High Vendor Manifest specification-vendor AMQP Working Group (www.amqp.org) Low Vendor pom artifactid amqp-client Highest Vendor pom artifactid amqp-client Low Vendor pom developer email info@rabbitmq.com Low Vendor pom developer name Team RabbitMQ Medium Vendor pom developer org VMware, Inc. or its affiliates. Medium Vendor pom developer org URL https://rabbitmq.com Medium Vendor pom groupid com.rabbitmq Highest Vendor pom name RabbitMQ Java Client High Vendor pom organization name VMware, Inc. or its affiliates. High Vendor pom organization url https://www.rabbitmq.com Medium Vendor pom url https://www.rabbitmq.com Highest Product file name amqp-client High Product jar package name amqp Highest Product jar package name client Highest Product jar package name rabbitmq Highest Product Manifest automatic-module-name com.rabbitmq.client Medium Product Manifest bundle-docurl https://www.rabbitmq.com Low Product Manifest Bundle-Name RabbitMQ Java Client Medium Product Manifest bundle-symbolicname com.rabbitmq.client Medium Product Manifest Implementation-Title RabbitMQ Java Client High Product Manifest implementation-url https://www.rabbitmq.com Low Product Manifest specification-title AMQP Medium Product pom artifactid amqp-client Highest Product pom developer email info@rabbitmq.com Low Product pom developer name Team RabbitMQ Low Product pom developer org VMware, Inc. or its affiliates. Low Product pom developer org URL https://rabbitmq.com Low Product pom groupid com.rabbitmq Highest Product pom name RabbitMQ Java Client High Product pom organization name VMware, Inc. or its affiliates. Low Product pom organization url https://www.rabbitmq.com Low Product pom url https://www.rabbitmq.com Medium Version file version 4.12.0 High Version Manifest Bundle-Version 4.12.0 High Version Manifest Implementation-Version 4.12.0 High Version pom version 4.12.0 Highest
File Path: /home/grprdist/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.9/animal-sniffer-annotations-1.9.jarMD5: 41f47a4c81b5a9f76bc7f12af69e4fbeSHA1: c29299253a087898aaff7f4eac57effa46b1910aSHA256: cd96feeb47f34b2559704715db7b179a03a3721f9dc4092c345c718e29b42de4Referenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name animal-sniffer-annotations High Vendor jar package name animal_sniffer Low Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name mojo Highest Vendor jar package name mojo Low Vendor pom artifactid animal-sniffer-annotations Highest Vendor pom artifactid animal-sniffer-annotations Low Vendor pom groupid org.codehaus.mojo Highest Vendor pom name Animal Sniffer Annotations High Vendor pom parent-artifactid animal-sniffer-parent Low Product file name animal-sniffer-annotations High Product jar package name animal_sniffer Low Product jar package name codehaus Highest Product jar package name ignorejrerequirement Low Product jar package name mojo Highest Product jar package name mojo Low Product pom artifactid animal-sniffer-annotations Highest Product pom groupid org.codehaus.mojo Highest Product pom name Animal Sniffer Annotations High Product pom parent-artifactid animal-sniffer-parent Medium Version file version 1.9 High Version pom version 1.9 Highest
Description:
Annotation supports the FindBugs tool License:
GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.html File Path: /home/grprdist/.m2/repository/com/google/code/findbugs/annotations/2.0.1/annotations-2.0.1.jar
MD5: 35ef911c85603829ded63f211feb2d68
SHA1: 9ef6656259841cebfb9fb0697bb122ada4485498
SHA256: 893b2203a27e4a8ba9d16cd6ed6e9f730736b4878a6bfffeff06861f32e6631b
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name annotations High Vendor jar package name annotation Highest Vendor jar package name annotations Highest Vendor jar package name findbugs Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname findbugsAnnotations Medium Vendor pom artifactid annotations Highest Vendor pom artifactid annotations Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-Annotations High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name annotations High Product jar package name annotation Highest Product jar package name annotations Highest Product jar package name findbugs Highest Product Manifest Bundle-Name FindbugsAnnotations Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname findbugsAnnotations Medium Product pom artifactid annotations Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-Annotations High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 2.0.1 High Version pom version 2.0.1 Highest
File Path: /home/grprdist/.m2/repository/org/apache/ant/ant/1.10.12/ant-1.10.12.jarMD5: f5b97fb267862b35d1eb398defe1831aSHA1: be08c4f63e92e03bac761404cf77bc270928b6c5SHA256: 5c6a438c3ebe7a306eba452b09fa307b0e60314926177920bca896c4a504eaf6Referenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ant High Vendor jar package name ant Highest Vendor jar package name apache Highest Vendor manifest: org/apache/tools/ant/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid ant Highest Vendor pom artifactid ant Low Vendor pom groupid org.apache.ant Highest Vendor pom name Apache Ant Core High Vendor pom parent-artifactid ant-parent Low Vendor pom url https://ant.apache.org/ Highest Product file name ant High Product jar package name ant Highest Product jar package name apache Highest Product jar package name tools Highest Product manifest: org/apache/tools/ant/ Implementation-Title org.apache.tools.ant Medium Product manifest: org/apache/tools/ant/ Specification-Title Apache Ant Medium Product pom artifactid ant Highest Product pom groupid org.apache.ant Highest Product pom name Apache Ant Core High Product pom parent-artifactid ant-parent Medium Product pom url https://ant.apache.org/ Medium Version file version 1.10.12 High Version manifest: org/apache/tools/ant/ Implementation-Version 1.10.12 Medium Version pom version 1.10.12 Highest
Related Dependencies ant-launcher-1.10.12.jarFile Path: /home/grprdist/.m2/repository/org/apache/ant/ant-launcher/1.10.12/ant-launcher-1.10.12.jar MD5: 709ed15ea16a95903e7b3e8be130fa1e SHA1: e090b4f9d3ecf45491cc16e759f1e843a1a224c0 SHA256: 42a7ca7e7bb777fe7ee75a5ed4cc529c766bc43486367fdaad0ab4a32ee9c249 pkg:maven/org.apache.ant/ant-launcher@1.10.12 Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html File Path: /home/grprdist/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256: 88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name antlr High Vendor jar package name actions Highest Vendor jar package name antlr Highest Vendor jar package name antlr Low Vendor jar package name java Highest Vendor jar package name parser Highest Vendor jar package name python Highest Vendor pom artifactid antlr Highest Vendor pom artifactid antlr Low Vendor pom groupid antlr Highest Vendor pom name AntLR Parser Generator High Vendor pom url http://www.antlr.org/ Highest Product file name antlr High Product jar package name actions Highest Product jar package name antlr Highest Product jar package name java Highest Product jar package name parser Highest Product jar package name python Highest Product pom artifactid antlr Highest Product pom groupid antlr Highest Product pom name AntLR Parser Generator High Product pom url http://www.antlr.org/ Medium Version file version 2.7.7 High Version pom version 2.7.7 Highest
Description:
The ANTLR 4 Runtime License:
http://www.antlr.org/license.html File Path: /home/grprdist/.m2/repository/org/antlr/antlr4-runtime/4.7.1/antlr4-runtime-4.7.1.jar
MD5: 0223e36b3a3fadd05a52221828a4fcf1
SHA1: 946f8aa9daa917dd81a8b818111bec7e288f821a
SHA256: 43516d19beae35909e04d06af6c0c58c17bc94e0070c85e8dc9929ca640dc91d
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name antlr4-runtime High Vendor jar package name antlr Highest Vendor jar package name runtime Highest Vendor Manifest bundle-docurl http://www.antlr.org Low Vendor Manifest bundle-symbolicname org.antlr.antlr4-runtime Medium Vendor Manifest implementation-url http://www.antlr.org/runtime/antlr4-runtime Low Vendor Manifest Implementation-Vendor ANTLR High Vendor Manifest Implementation-Vendor-Id org.antlr Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid antlr4-runtime Highest Vendor pom artifactid antlr4-runtime Low Vendor pom groupid org.antlr Highest Vendor pom name ANTLR 4 Runtime High Vendor pom parent-artifactid antlr4-master Low Product file name antlr4-runtime High Product jar package name antlr Highest Product jar package name runtime Highest Product Manifest bundle-docurl http://www.antlr.org Low Product Manifest Bundle-Name ANTLR 4 Runtime Medium Product Manifest bundle-symbolicname org.antlr.antlr4-runtime Medium Product Manifest Implementation-Title ANTLR 4 Runtime High Product Manifest implementation-url http://www.antlr.org/runtime/antlr4-runtime Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid antlr4-runtime Highest Product pom groupid org.antlr Highest Product pom name ANTLR 4 Runtime High Product pom parent-artifactid antlr4-master Medium Version file version 4.7.1 High Version Manifest Bundle-Version 4.7.1 High Version Manifest Implementation-Version 4.7.1 High Version pom version 4.7.1 Highest
Description:
AOP Alliance License:
Public Domain File Path: /home/grprdist/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256: 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name aopalliance High Vendor jar package name aop Highest Vendor jar package name aopalliance Highest Vendor jar package name aopalliance Low Vendor jar package name intercept Low Vendor pom artifactid aopalliance Highest Vendor pom artifactid aopalliance Low Vendor pom groupid aopalliance Highest Vendor pom name AOP alliance High Vendor pom url http://aopalliance.sourceforge.net Highest Product file name aopalliance High Product jar package name aop Highest Product jar package name aopalliance Highest Product jar package name intercept Low Product pom artifactid aopalliance Highest Product pom groupid aopalliance Highest Product pom name AOP alliance High Product pom url http://aopalliance.sourceforge.net Medium Version file version 1.0 High Version pom version 1.0 Highest
Description:
Dependency Injection Kernel License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.6.1/aopalliance-repackaged-2.6.1.jar
MD5: 0237846ebdaa7db36b356044a373ffba
SHA1: b2eb0a83bcbb44cc5d25f8b18f23be116313a638
SHA256: bad77f9278d753406360af9e4747bd9b3161554ea9cd3d62411a0ae1f2c141fd
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name aopalliance-repackaged High Vendor jar package name aopalliance Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid aopalliance-repackaged Highest Vendor pom artifactid aopalliance-repackaged Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom name aopalliance version ${aopalliance.version} repackaged as a module High Vendor pom parent-artifactid external Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name aopalliance-repackaged High Product jar package name aopalliance Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name aopalliance version 1.0 repackaged as a module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid aopalliance-repackaged Highest Product pom groupid org.glassfish.hk2.external Highest Product pom name aopalliance version ${aopalliance.version} repackaged as a module High Product pom parent-artifactid external Medium Product pom parent-groupid org.glassfish.hk2 Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
Description:
Java stream based MIME message parser License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/james/apache-mime4j-core/0.7.2/apache-mime4j-core-0.7.2.jar
MD5: 88f799546eca803c53eee01a4ce5edcd
SHA1: a81264fe0265ebe8fd1d8128aad06dc320de6eef
SHA256: 4d7434c68f94b81a253c12f28e6bbb4d6239c361d6086a46e22e594bb43ac660
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name apache-mime4j-core High Vendor jar package name apache Highest Vendor jar package name james Highest Vendor jar package name mime4j Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.james.apache-mime4j-core Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest url http://james.apache.org/mime4j/apache-mime4j-core Low Vendor pom artifactid apache-mime4j-core Highest Vendor pom artifactid apache-mime4j-core Low Vendor pom groupid org.apache.james Highest Vendor pom name Apache JAMES Mime4j (Core) High Vendor pom parent-artifactid apache-mime4j-project Low Product file name apache-mime4j-core High Product jar package name apache Highest Product jar package name james Highest Product jar package name mime4j Highest Product jar package name parser Highest Product jar package name stream Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache JAMES Mime4j (Core) Medium Product Manifest bundle-symbolicname org.apache.james.apache-mime4j-core Medium Product Manifest Implementation-Title Apache Mime4j High Product Manifest specification-title Apache Mime4j Medium Product Manifest url http://james.apache.org/mime4j/apache-mime4j-core Low Product pom artifactid apache-mime4j-core Highest Product pom groupid org.apache.james Highest Product pom name Apache JAMES Mime4j (Core) High Product pom parent-artifactid apache-mime4j-project Medium Version file version 0.7.2 High Version Manifest Bundle-Version 0.7.2 High Version Manifest Implementation-Version 0.7.2 High Version pom version 0.7.2 Highest
Description:
ASM, a very small and fast Java bytecode manipulation framework License:
BSD: http://asm.ow2.org/license.html File Path: /home/grprdist/.m2/repository/org/ow2/asm/asm/7.1/asm-7.1.jar
MD5: 04fc92647ce25b41121683674a50dfdf
SHA1: fa29aa438674ff19d5e1386d2c3527a0267f291e
SHA256: 4ab2fa2b6d2cc9ccb1eaa05ea329c407b47b13ed2915f62f8c4b8cc96258d4de
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name asm High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Vendor pom artifactid asm Highest Vendor pom artifactid asm Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.org/ Highest Product file name asm High Product jar package name asm Highest Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm Medium Product Manifest Implementation-Title ASM, a very small and fast Java bytecode manipulation framework High Product pom artifactid asm Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.org/ Medium Version file version 7.1 High Version Manifest Implementation-Version 7.1 High Version pom parent-version 7.1 Low Version pom version 7.1 Highest
Description:
The AWS SDK for Java - Core module holds the classes that are used by the individual service clients to interact with Amazon Web Services. Users need to depend on aws-java-sdk artifact for accessing individual client classes. File Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-core/1.12.267/aws-java-sdk-core-1.12.267.jarMD5: e6f847980566ec95e838933ab1609c69SHA1: 2562b87f3af418751c2d0bcbe4209dbefa263484SHA256: 0f06b44909ff2d30b2a61229839e3619fe2ac7bc4c5f52536299a8cc8a1ffd51Referenced In Projects/Scopes:
Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name aws-java-sdk-core High Vendor jar package name amazonaws Highest Vendor jar package name amazonaws Low Vendor jar package name classes Highest Vendor jar package name service Highest Vendor pom artifactid aws-java-sdk-core Highest Vendor pom artifactid aws-java-sdk-core Low Vendor pom groupid com.amazonaws Highest Vendor pom name AWS SDK for Java - Core High Vendor pom parent-artifactid aws-java-sdk-pom Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name aws-java-sdk-core High Product jar package name amazonaws Highest Product jar package name classes Highest Product jar package name service Highest Product pom artifactid aws-java-sdk-core Highest Product pom groupid com.amazonaws Highest Product pom name AWS SDK for Java - Core High Product pom parent-artifactid aws-java-sdk-pom Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 1.12.267 High Version pom version 1.12.267 Highest
Related Dependencies aws-java-sdk-kms-1.12.267.jarFile Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-kms/1.12.267/aws-java-sdk-kms-1.12.267.jar MD5: 3bf011570a41c049b8d4a44a8e5acd7e SHA1: 9a455e0b78a09ead7bcdc5f78d5d1cf7a46033cb SHA256: c940996cc7c59ce4de9a7b2512f5d02d60b1f0534dd44a1473efa97560d43c3c pkg:maven/com.amazonaws/aws-java-sdk-kms@1.12.267 aws-java-sdk-s3-1.12.267.jarFile Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-s3/1.12.267/aws-java-sdk-s3-1.12.267.jar MD5: 749c01430f199169fdbcc55452ac1cd3 SHA1: 50da19ab860e1c674d1ac0dacbfbd36028c4c5f2 SHA256: bc93d6a5b6d118ddccdd7e81417a334ded1ccd8b293d986b15e6ce55ebeb9f2a pkg:maven/com.amazonaws/aws-java-sdk-s3@1.12.267 aws-java-sdk-sns-1.12.267.jarFile Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-sns/1.12.267/aws-java-sdk-sns-1.12.267.jar MD5: 5796d324fc5cd6557733951151f544c8 SHA1: 7a821b706ec981b27f593c69a11595f50f63e3a8 SHA256: 50524010b41b9dba6390a94b5293f740ed021a5f687f460d9f76201f7e14120e pkg:maven/com.amazonaws/aws-java-sdk-sns@1.12.267 aws-java-sdk-sqs-1.12.267.jarFile Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-sqs/1.12.267/aws-java-sdk-sqs-1.12.267.jar MD5: 8eadeaf9be30a520e95aaf6fb50fbc93 SHA1: 2467b659958c99f6823780ad8bc50501db14afe6 SHA256: 7e2f34911635da698b27b95e353a6b40127aa3892e80a7e4a5beb671354de61a pkg:maven/com.amazonaws/aws-java-sdk-sqs@1.12.267 Description:
The Axiom API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-api/1.2.11/axiom-api-1.2.11.jar
MD5: d94103a1ad757d694e01cdbe93e579b6
SHA1: b24f205af38900582b397e3a808d5e249c828e87
SHA256: 5b43bb2e100961229730c69217aac08f772e53eef8275e71c9d77976285d621d
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name axiom-api High Vendor hint analyzer vendor web services Medium Vendor jar package name apache Highest Vendor jar package name axiom Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.ws.commons.axiom Medium Vendor Manifest service-component OSGI-INF/serviceComponents.xml Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid axiom-api Highest Vendor pom artifactid axiom-api Low Vendor pom groupid org.apache.ws.commons.axiom Highest Vendor pom name Axiom API High Vendor pom parent-artifactid axiom-parent Low Vendor pom url http://ws.apache.org/axiom/ Highest Product file name axiom-api High Product hint analyzer product web services Medium Product jar package name apache Highest Product jar package name axiom Highest Product jar package name osgi Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Axiom API Medium Product Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-api Medium Product Manifest Implementation-Title Axiom API High Product Manifest service-component OSGI-INF/serviceComponents.xml Low Product Manifest specification-title Axiom API Medium Product pom artifactid axiom-api Highest Product pom groupid org.apache.ws.commons.axiom Highest Product pom name Axiom API High Product pom parent-artifactid axiom-parent Medium Product pom url http://ws.apache.org/axiom/ Medium Version file version 1.2.11 High Version Manifest Bundle-Version 1.2.11 High Version Manifest Implementation-Version 1.2.11 High Version pom version 1.2.11 Highest
Related Dependencies axiom-impl-1.2.11.jarFile Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-impl/1.2.11/axiom-impl-1.2.11.jar MD5: 2e7347710238627c9fa3a7a3455c132b SHA1: cc7172e28bf4fb4381459e492cc49f71a3d987ae SHA256: d4c2a52a28d189682d7882d9b809a0ee59fdabe04d36624152ae834c877e3b69 pkg:maven/org.apache.ws.commons.axiom/axiom-impl@1.2.11 CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Axiom API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-api/1.2.15/axiom-api-1.2.15.jar
MD5: 56b93a28558783f249d4f1b18629fdf0
SHA1: e5f4f2a8ba280e0cee2029f8dbf4ac3856281bbd
SHA256: 7b1000806a83240e370d852f53071bdc4b247dfe240aa1bc8ae91e439215cc12
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name axiom-api High Vendor hint analyzer vendor web services Medium Vendor jar package name apache Highest Vendor jar package name axiom Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.ws.commons.axiom Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid axiom-api Highest Vendor pom artifactid axiom-api Low Vendor pom groupid org.apache.ws.commons.axiom Highest Vendor pom name Axiom API High Vendor pom parent-artifactid axiom Low Vendor pom url http://ws.apache.org/axiom/ Highest Product file name axiom-api High Product hint analyzer product web services Medium Product jar package name apache Highest Product jar package name axiom Highest Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Axiom API Medium Product Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-api Medium Product Manifest Implementation-Title Axiom API High Product Manifest specification-title Axiom API Medium Product pom artifactid axiom-api Highest Product pom groupid org.apache.ws.commons.axiom Highest Product pom name Axiom API High Product pom parent-artifactid axiom Medium Product pom url http://ws.apache.org/axiom/ Medium Version file version 1.2.15 High Version Manifest Bundle-Version 1.2.15 High Version Manifest Implementation-Version 1.2.15 High Version pom version 1.2.15 Highest
Related Dependencies axiom-compat-1.2.15.jarFile Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-compat/1.2.15/axiom-compat-1.2.15.jar MD5: 1602399b79b277087e34dd132e3aa1a8 SHA1: 6e285f9c244713707b74893053b5d5fc9ffa3cab SHA256: 48029f43d6ff7a48e7f257b890e55b8262cc14bb84e39b2de56990c5ed1e29de pkg:maven/org.apache.ws.commons.axiom/axiom-compat@1.2.15 axiom-impl-1.2.15.jarFile Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-impl/1.2.15/axiom-impl-1.2.15.jar MD5: f3d10d2bbdc5db7c3cda46824c7fb53a SHA1: aeb896d8bedff92506da76f69ff0d63032a80e57 SHA256: e23504779aa147e924d47069fe7e81fa6386d63d10ff4365f229d2664fe66222 pkg:maven/org.apache.ws.commons.axiom/axiom-impl@1.2.15 CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Contains implementation classes shared by LLOM and DOOM. File Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-dom/1.2.14/axiom-dom-1.2.14.jar/META-INF/maven/org.apache.ws.commons.axiom/axiom-common-impl/pom.xmlMD5: 2bdf56db06a2eadf10c2dfb68be7e6efSHA1: 41758129abfa2f6e871b468d2bcc78a541bd8952SHA256: d33a322665052f8ddf9c2fa62cae421c673bea9bbec2c21674582e9d971caa0dReferenced In Projects/Scopes:
Grouper WS:runtime Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor hint analyzer vendor web services Medium Vendor pom artifactid axiom-common-impl Low Vendor pom groupid org.apache.ws.commons.axiom Highest Vendor pom name Axiom Common Implementation Classes High Vendor pom parent-artifactid axiom-parent Low Vendor pom url http://ws.apache.org/axiom/ Highest Product hint analyzer product web services Medium Product pom artifactid axiom-common-impl Highest Product pom groupid org.apache.ws.commons.axiom Highest Product pom name Axiom Common Implementation Classes High Product pom parent-artifactid axiom-parent Medium Product pom url http://ws.apache.org/axiom/ Medium Version pom version 1.2.14 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Axiom DOM implementation. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-dom/1.2.14/axiom-dom-1.2.14.jar
MD5: 0a769345ff3aa13e1348a64a069bf4e5
SHA1: e56bb2b1e532967818cfcb0c3d17922380db24c2
SHA256: 7f3aaf83dfbcfbec5d5ad915f77349d884323f6a28134e1a11e28de0d1792bb1
Referenced In Projects/Scopes: Grouper WS:runtime Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name axiom-dom High Vendor hint analyzer vendor web services Medium Vendor jar package name apache Highest Vendor jar package name axiom Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-dom Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.ws.commons.axiom Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid axiom-dom Highest Vendor pom artifactid axiom-dom Low Vendor pom groupid org.apache.ws.commons.axiom Highest Vendor pom name Axiom DOM High Vendor pom parent-artifactid axiom-parent Low Vendor pom url http://ws.apache.org/axiom/ Highest Product file name axiom-dom High Product hint analyzer product web services Medium Product jar package name apache Highest Product jar package name axiom Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Axiom DOM Medium Product Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-dom Medium Product Manifest Implementation-Title Axiom DOM High Product Manifest specification-title Axiom DOM Medium Product pom artifactid axiom-dom Highest Product pom groupid org.apache.ws.commons.axiom Highest Product pom name Axiom DOM High Product pom parent-artifactid axiom-parent Medium Product pom url http://ws.apache.org/axiom/ Medium Version file version 1.2.14 High Version Manifest Bundle-Version 1.2.14 High Version Manifest Implementation-Version 1.2.14 High Version pom version 1.2.14 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
File Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-impl/1.2.15/axiom-impl-1.2.15.jar/META-INF/maven/org.apache.ws.commons.axiom/core-aspects/pom.xmlMD5: 4447f584852d04df2322dbcddbe25f58SHA1: 060acec50c33e97c9b9c1d6837dc52494644273aSHA256: 635931a703e4fbf361b3752c0250b35f51a4df226df29d2226c47e7bad0f2330Referenced In Projects/Scopes:
Grouper WS Generated Client:runtime Grouper WS:runtime Grouper WS Test:runtime Evidence Type Source Name Value Confidence Vendor hint analyzer vendor web services Medium Vendor pom artifactid core-aspects Low Vendor pom groupid org.apache.ws.commons.axiom Highest Vendor pom name Core Aspects High Vendor pom parent-artifactid aspects Low Vendor pom url http://ws.apache.org/axiom/ Highest Product hint analyzer product web services Medium Product pom artifactid core-aspects Highest Product pom groupid org.apache.ws.commons.axiom Highest Product pom name Core Aspects High Product pom parent-artifactid aspects Medium Product pom url http://ws.apache.org/axiom/ Medium Version pom version 1.2.15 Highest
Related Dependencies axiom-impl-1.2.15.jar (shaded: org.apache.ws.commons.axiom:om-aspects:1.2.15)File Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-impl/1.2.15/axiom-impl-1.2.15.jar/META-INF/maven/org.apache.ws.commons.axiom/om-aspects/pom.xml MD5: b683dfd57f192f84a46b0291497f72f1 SHA1: 65a9b1b140f26e278c7ec854b031e8321613f277 SHA256: 66cb85760391b6c438fb9fde229597f0024b1064f0f098636d21433fb173fb10 pkg:maven/org.apache.ws.commons.axiom/om-aspects@1.2.15 CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Axis2 Data Binding module File Path: /home/grprdist/.m2/repository/org/apache/axis2/axis2-adb/1.6.1/axis2-adb-1.6.1.jarMD5: 23ee2609a2f6d28e7f83b79b17b40b77SHA1: 4b97034369d6d94bda9c98d7445d93e548f39ba5SHA256: fbf32fb63dd4f58395e988ab1f48504612713b25b0eb5a5ebf7d90865fa52090Referenced In Projects/Scopes:
Grouper WS:runtime Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name axis2-adb High Vendor jar package name apache Highest Vendor jar package name axis2 Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.axis2 Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid axis2-adb Highest Vendor pom artifactid axis2-adb Low Vendor pom groupid org.apache.axis2 Highest Vendor pom name Apache Axis2 - Data Binding High Vendor pom parent-artifactid axis2-parent Low Vendor pom url http://axis.apache.org/axis2/java/core/ Highest Product file name axis2-adb High Product jar package name apache Highest Product jar package name axis2 Highest Product Manifest Implementation-Title Apache Axis2 - Data Binding High Product Manifest specification-title Apache Axis2 - Data Binding Medium Product pom artifactid axis2-adb Highest Product pom groupid org.apache.axis2 Highest Product pom name Apache Axis2 - Data Binding High Product pom parent-artifactid axis2-parent Medium Product pom url http://axis.apache.org/axis2/java/core/ Medium Version file version 1.6.1 High Version Manifest Implementation-Version 1.6.1 High Version pom version 1.6.1 Highest
Related Dependencies axis2-transport-local-1.6.1.jarFile Path: /home/grprdist/.m2/repository/org/apache/axis2/axis2-transport-local/1.6.1/axis2-transport-local-1.6.1.jar MD5: c4c67c96559c3a45a84af7c86464bc15 SHA1: 6c6cf1e8666bf047dc3ae5a4400ab27ff83270e5 SHA256: 3940176c49d9f03a7710b14c6dfe1a622cfede78dc75bc824b1acd38db756fd7 pkg:maven/org.apache.axis2/axis2-transport-local@1.6.1 CVE-2012-5785 suppress
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Core Parts of Axis2. This includes Axis2 engine, Client API, Addressing support, etc.,
File Path: /home/grprdist/.m2/repository/org/apache/axis2/axis2-kernel/1.6.4/axis2-kernel-1.6.4.jarMD5: 6feb481699a3da0605e90a376236fb6aSHA1: 10c0675d66fa311c29a879bcaaa5d202802f7d2eSHA256: 5a0e236e0aba70b31166accd09af7714ab4c7d76f94555887527a3789d4fdb07Referenced In Projects/Scopes:
Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name axis2-kernel High Vendor jar package name addressing Highest Vendor jar package name apache Highest Vendor jar package name axis2 Highest Vendor jar package name client Highest Vendor jar package name engine Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.axis2 Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid axis2-kernel Highest Vendor pom artifactid axis2-kernel Low Vendor pom groupid org.apache.axis2 Highest Vendor pom name Apache Axis2 - Kernel High Vendor pom parent-artifactid axis2 Low Vendor pom url http://axis.apache.org/axis2/java/core/ Highest Product file name axis2-kernel High Product jar package name addressing Highest Product jar package name apache Highest Product jar package name axis2 Highest Product jar package name client Highest Product jar package name engine Highest Product Manifest Implementation-Title Apache Axis2 - Kernel High Product Manifest specification-title Apache Axis2 - Kernel Medium Product pom artifactid axis2-kernel Highest Product pom groupid org.apache.axis2 Highest Product pom name Apache Axis2 - Kernel High Product pom parent-artifactid axis2 Medium Product pom url http://axis.apache.org/axis2/java/core/ Medium Version file version 1.6.4 High Version Manifest Implementation-Version 1.6.4 High Version pom version 1.6.4 Highest
Related Dependencies axis2-adb-1.6.4.jarFile Path: /home/grprdist/.m2/repository/org/apache/axis2/axis2-adb/1.6.4/axis2-adb-1.6.4.jar MD5: aab5ca2fb3fda5f3e15011d244e9546d SHA1: 621f527dd8c48d3bd890087ab4def72a16c0d6db SHA256: bfca6cc32bc3557153ad124b700335887941076fd718865a284a004b95509ece pkg:maven/org.apache.axis2/axis2-adb@1.6.4 axis2-transport-http-1.6.4.jarFile Path: /home/grprdist/.m2/repository/org/apache/axis2/axis2-transport-http/1.6.4/axis2-transport-http-1.6.4.jar MD5: c6934899e943a39f59253f0cfbd95f33 SHA1: 9a33e1ec359e5d9136416c8e35675454d4aa7970 SHA256: 641f92434f72cb4ddd9456441efe0b0d5639aa311fcd7c6c28fbc5e9533a0f31 pkg:maven/org.apache.axis2/axis2-transport-http@1.6.4 axis2-transport-local-1.6.4.jarFile Path: /home/grprdist/.m2/repository/org/apache/axis2/axis2-transport-local/1.6.4/axis2-transport-local-1.6.4.jar MD5: d0d5e340acb1710d23c85d8f28118148 SHA1: 2bd871f87ab872c781075b6f1895a2aa66e66c2d SHA256: d7f4667b8072af9e3bbf3f6c25211c24cf98c713c55bb3ddc79f7efb54e5300c pkg:maven/org.apache.axis2/axis2-transport-local@1.6.4 Description:
Axis2 : MTOM Policy File Path: /home/grprdist/.m2/repository/org/apache/axis2/axis2-mtompolicy/1.6.3/axis2-mtompolicy-1.6.3.jarMD5: 1b36029c6d4a0db8c3c6b8c97cd8d99cSHA1: 5ac00ff3025f6ae62f51b0e303124b55af9f8a73SHA256: 3312c4e17aa01e2bd0dcf4bd3378ab2c7c5e054d4a61f37807c260666f6cf505Referenced In Projects/Scopes:
Grouper WS:runtime Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name axis2-mtompolicy High Vendor jar package name apache Highest Vendor jar package name axis2 Highest Vendor jar package name policy Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.axis2 Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid axis2-mtompolicy Highest Vendor pom artifactid axis2-mtompolicy Low Vendor pom groupid org.apache.axis2 Highest Vendor pom name Apache Axis2 - MTOM Policy High Vendor pom parent-artifactid axis2-parent Low Vendor pom url http://axis.apache.org/axis2/java/core/ Highest Product file name axis2-mtompolicy High Product jar package name apache Highest Product jar package name axis2 Highest Product jar package name policy Highest Product Manifest Implementation-Title Apache Axis2 - MTOM Policy High Product Manifest specification-title Apache Axis2 - MTOM Policy Medium Product pom artifactid axis2-mtompolicy Highest Product pom groupid org.apache.axis2 Highest Product pom name Apache Axis2 - MTOM Policy High Product pom parent-artifactid axis2-parent Medium Product pom url http://axis.apache.org/axis2/java/core/ Medium Version file version 1.6.3 High Version Manifest Implementation-Version 1.6.3 High Version pom version 1.6.3 Highest
Description:
Dawid Kurzyniec's backport of JSR 166 License:
Public Domain: http://creativecommons.org/licenses/publicdomain File Path: /home/grprdist/.m2/repository/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b
SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name backport-util-concurrent High Vendor jar package name backport Highest Vendor jar package name edu Low Vendor jar package name emory Low Vendor jar package name mathcs Low Vendor pom artifactid backport-util-concurrent Highest Vendor pom artifactid backport-util-concurrent Low Vendor pom groupid backport-util-concurrent Highest Vendor pom name Backport of JSR 166 High Vendor pom organization name Dawid Kurzyniec High Vendor pom organization url http://www.mathcs.emory.edu/~dawidk/ Medium Vendor pom url http://backport-jsr166.sourceforge.net/ Highest Product file name backport-util-concurrent High Product jar package name backport Highest Product jar package name backport Low Product jar package name emory Low Product jar package name mathcs Low Product pom artifactid backport-util-concurrent Highest Product pom groupid backport-util-concurrent Highest Product pom name Backport of JSR 166 High Product pom organization name Dawid Kurzyniec Low Product pom organization url http://www.mathcs.emory.edu/~dawidk/ Low Product pom url http://backport-jsr166.sourceforge.net/ Medium Version file version 3.1 High Version pom version 3.1 Highest
Description:
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar
MD5: 72104264eec0fd299cca4b07eada5d5b
SHA1: b8ffac2bbc6626f86909589c8cc63637cc936504
SHA256: 8e8e9ac258051ec8d6f7f1128d0ddec800ed87b14e7a55023d0f2850b8049615
Referenced In Project/Scope: Grouper Box:compile
Evidence Type Source Name Value Confidence Vendor file name bcpkix-jdk15on High Vendor jar package name bouncycastle Highest Vendor jar package name cmp Highest Vendor jar package name cms Highest Vendor jar package name crmf Highest Vendor jar package name eac Highest Vendor jar package name ocsp Highest Vendor jar package name pkcs Highest Vendor jar package name pkix Highest Vendor jar package name tsp Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle PKIX API Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Vendor Manifest bundle-symbolicname bcpkix Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcpkix Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest originally-created-by 24.75-b04 (Oracle Corporation) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcpkix-jdk15on Highest Vendor pom artifactid bcpkix-jdk15on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Vendor pom url http://www.bouncycastle.org/java.html Highest Product file name bcpkix-jdk15on High Product jar package name bouncycastle Highest Product jar package name cmp Highest Product jar package name cms Highest Product jar package name crmf Highest Product jar package name eac Highest Product jar package name ocsp Highest Product jar package name pkcs Highest Product jar package name pkix Highest Product jar package name tsp Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle PKIX API Medium Product Manifest Bundle-Name bcpkix Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Product Manifest bundle-symbolicname bcpkix Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcpkix Medium Product Manifest originally-created-by 24.75-b04 (Oracle Corporation) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcpkix-jdk15on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Product pom url http://www.bouncycastle.org/java.html Medium Version file version 1.52 High Version Manifest Bundle-Version 1.52 High Version pom version 1.52 Highest
CVE-2020-26939 suppress
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. CWE-203 Information Exposure Through Discrepancy
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcpkix-jdk18on/1.72/bcpkix-jdk18on-1.72.jar
MD5: 4bb2ace2ca16e7fd42a0a0c13d017464
SHA1: bb3fdb5162ccd5085e8d7e57fada4d8eaa571f5a
SHA256: 56a054cb170d41fb1f8ba0b29568806258b7ffefdc5e98b77ef96d4740f3d6bc
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name bcpkix-jdk18on High Vendor jar package name bouncycastle Highest Vendor jar package name cmp Highest Vendor jar package name cms Highest Vendor jar package name crmf Highest Vendor jar package name eac Highest Vendor jar package name ocsp Highest Vendor jar package name pkcs Highest Vendor jar package name pkix Highest Vendor jar package name tsp Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle PKIX API Medium Vendor Manifest automatic-module-name org.bouncycastle.pkix Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcpkix Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcpkix Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.342-b07 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcpkix-jdk18on Highest Vendor pom artifactid bcpkix-jdk18on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcpkix-jdk18on High Product jar package name bouncycastle Highest Product jar package name cmp Highest Product jar package name cms Highest Product jar package name crmf Highest Product jar package name eac Highest Product jar package name ocsp Highest Product jar package name pkcs Highest Product jar package name pkix Highest Product jar package name tsp Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle PKIX API Medium Product Manifest automatic-module-name org.bouncycastle.pkix Medium Product Manifest Bundle-Name bcpkix Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcpkix Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcpkix Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.342-b07 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcpkix-jdk18on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.72 High Version Manifest Bundle-Version 1.72 High Version pom version 1.72 Highest
Description:
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8. License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar
MD5: 873ac611cb0d7160c0a3d30eee964454
SHA1: 88a941faf9819d371e3174b5ed56a3f3f7d73269
SHA256: 0dc4d181e4d347893c2ddbd2e6cd5d7287fc651c03648fa64b2341c7366b1773
Referenced In Project/Scope: Grouper Box:compile
Evidence Type Source Name Value Confidence Vendor file name bcprov-jdk15on High Vendor jar package name bouncycastle Highest Vendor jar package name crypto Highest Vendor jar package name jce Highest Vendor jar package name provider Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Provider Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Vendor Manifest bundle-symbolicname bcprov Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcprovider Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest originally-created-by 24.75-b04 (Oracle Corporation) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcprov-jdk15on Highest Vendor pom artifactid bcprov-jdk15on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle Provider High Vendor pom url http://www.bouncycastle.org/java.html Highest Product file name bcprov-jdk15on High Product hint analyzer product legion-of-the-bouncy-castle-java-crytography-api High Product hint analyzer product the_bouncy_castle_crypto_package_for_java High Product jar package name bouncycastle Highest Product jar package name crypto Highest Product jar package name jce Highest Product jar package name provider Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Provider Medium Product Manifest Bundle-Name bcprov Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Product Manifest bundle-symbolicname bcprov Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcprovider Medium Product Manifest originally-created-by 24.75-b04 (Oracle Corporation) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcprov-jdk15on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle Provider High Product pom url http://www.bouncycastle.org/java.html Medium Version file version 1.52 High Version Manifest Bundle-Version 1.52 High Version pom version 1.52 Highest
pkg:maven/org.bouncycastle/bcprov-jdk15on@1.52 (Confidence :High)cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.52:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.52:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.52:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.52:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.52:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2016-1000338 suppress
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. CWE-347 Improper Verification of Cryptographic Signature
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000340 suppress
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. CWE-19 Data Processing Errors
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000342 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. CWE-347 Improper Verification of Cryptographic Signature
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000343 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000344 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.4) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000352 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.4) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000341 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well. CWE-361 7PK - Time and State
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000345 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding. CWE-361 7PK - Time and State
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2017-13098 suppress
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." CWE-203 Information Exposure Through Discrepancy
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2020-15522 suppress
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-0187 (OSSINDEX)suppress
In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383 CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.5) Vector: /AV:L/AC:L/Au:/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.52:*:*:*:*:*:*:* CVE-2016-1000339 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2020-26939 suppress
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. CWE-203 Information Exposure Through Discrepancy
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2016-1000346 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation. CWE-320 Key Management Errors
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.7) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2015-6644 (OSSINDEX)suppress
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. CWE-200 Information Exposure
CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.52:*:*:*:*:*:*:* Description:
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8. License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.59/bcprov-jdk15on-1.59.jar
MD5: 7c7e9a51e0c86e26e3cc39b2ed678c4f
SHA1: 2507204241ab450456bdb8e8c0a8f986e418bd99
SHA256: 1c31e44e331d25e46d293b3e8ee2d07028a67db011e74cb2443285aed1d59c85
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name bcprov-jdk15on High Vendor jar package name bouncycastle Highest Vendor jar package name crypto Highest Vendor jar package name jce Highest Vendor jar package name provider Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Provider Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcprov Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcprovider Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest originally-created-by 25.151-b12 (Oracle Corporation) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcprov-jdk15on Highest Vendor pom artifactid bcprov-jdk15on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle Provider High Vendor pom url http://www.bouncycastle.org/java.html Highest Product file name bcprov-jdk15on High Product hint analyzer product legion-of-the-bouncy-castle-java-crytography-api High Product hint analyzer product the_bouncy_castle_crypto_package_for_java High Product jar package name bouncycastle Highest Product jar package name crypto Highest Product jar package name jce Highest Product jar package name provider Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Provider Medium Product Manifest Bundle-Name bcprov Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcprov Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcprovider Medium Product Manifest originally-created-by 25.151-b12 (Oracle Corporation) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcprov-jdk15on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle Provider High Product pom url http://www.bouncycastle.org/java.html Medium Version file version 1.59 High Version Manifest Bundle-Version 1.59 High Version pom version 1.59 Highest
pkg:maven/org.bouncycastle/bcprov-jdk15on@1.59 (Confidence :High)cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.59:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.59:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.59:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.59:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.59:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2018-1000613 suppress
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. CWE-502 Deserialization of Untrusted Data, CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1000180 suppress
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-15522 suppress
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-0187 (OSSINDEX)suppress
In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383 CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.5) Vector: /AV:L/AC:L/Au:/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.59:*:*:*:*:*:*:* CVE-2020-26939 suppress
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. CWE-203 Information Exposure Through Discrepancy
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.70/bcprov-jdk15on-1.70.jar
MD5: 1809d0449a6374279c01fdd3be26cd92
SHA1: 4636a0d01f74acaf28082fb62b317f1080118371
SHA256: 8f3c20e3e2d565d26f33e8d4857a37d0d7f8ac39b62a7026496fcab1bdac30d4
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name bcprov-jdk15on High Vendor jar package name bouncycastle Highest Vendor jar package name crypto Highest Vendor jar package name jce Highest Vendor jar package name org Highest Vendor jar package name provider Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Provider Medium Vendor Manifest automatic-module-name org.bouncycastle.provider Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcprov Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcprovider Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.292-b10 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcprov-jdk15on Highest Vendor pom artifactid bcprov-jdk15on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle Provider High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcprov-jdk15on High Product hint analyzer product legion-of-the-bouncy-castle-java-crytography-api High Product hint analyzer product the_bouncy_castle_crypto_package_for_java High Product jar package name bouncycastle Highest Product jar package name crypto Highest Product jar package name jce Highest Product jar package name org Highest Product jar package name provider Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Provider Medium Product Manifest automatic-module-name org.bouncycastle.provider Medium Product Manifest Bundle-Name bcprov Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcprov Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcprovider Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.292-b10 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcprov-jdk15on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle Provider High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.70 High Version Manifest Bundle-Version 1.70 High Version pom version 1.70 Highest
pkg:maven/org.bouncycastle/bcprov-jdk15on@1.70 (Confidence :High)cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.72/bcprov-jdk18on-1.72.jar
MD5: eb4ed3b81359fb50a828723a4a9ab0b6
SHA1: d8dc62c28a3497d29c93fee3e71c00b27dff41b4
SHA256: 39287f2208a753db419f5ca529d6c80f094614aa74d790331126b3c9c6b85fda
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name bcprov-jdk18on High Vendor jar package name bouncycastle Highest Vendor jar package name crypto Highest Vendor jar package name jce Highest Vendor jar package name org Highest Vendor jar package name provider Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Provider Medium Vendor Manifest automatic-module-name org.bouncycastle.provider Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcprov Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcprovider Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.342-b07 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcprov-jdk18on Highest Vendor pom artifactid bcprov-jdk18on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle Provider High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcprov-jdk18on High Product hint analyzer product legion-of-the-bouncy-castle-java-crytography-api High Product hint analyzer product the_bouncy_castle_crypto_package_for_java High Product jar package name bouncycastle Highest Product jar package name crypto Highest Product jar package name jce Highest Product jar package name org Highest Product jar package name provider Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Provider Medium Product Manifest automatic-module-name org.bouncycastle.provider Medium Product Manifest Bundle-Name bcprov Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcprov Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcprovider Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.342-b07 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcprov-jdk18on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle Provider High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.72 High Version Manifest Bundle-Version 1.72 High Version pom version 1.72 Highest
pkg:maven/org.bouncycastle/bcprov-jdk18on@1.72 (Confidence :High)cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.72:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.72:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.72:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.72:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.72:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcutil-jdk18on/1.72/bcutil-jdk18on-1.72.jar
MD5: cade3651656670f716a430c4e3899d93
SHA1: 41f19a69ada3b06fa48781120d8bebe1ba955c77
SHA256: 45377fdb6560a971eea725f507d91fd6b8fbd0797d61bfc86f2cb653c58186a4
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name bcutil-jdk18on High Vendor jar package name bouncycastle Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Utility APIs Medium Vendor Manifest automatic-module-name org.bouncycastle.util Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcutil Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcutil Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.342-b07 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcutil-jdk18on Highest Vendor pom artifactid bcutil-jdk18on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle ASN.1 Extension and Utility APIs High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcutil-jdk18on High Product jar package name bouncycastle Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Utility APIs Medium Product Manifest automatic-module-name org.bouncycastle.util Medium Product Manifest Bundle-Name bcutil Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcutil Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcutil Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.342-b07 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcutil-jdk18on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle ASN.1 Extension and Utility APIs High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.72 High Version Manifest Bundle-Version 1.72 High Version pom version 1.72 Highest
Description:
The Box SDK for Java. License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/box/box-java-sdk/2.17.0/box-java-sdk-2.17.0.jar
MD5: ab2a3990bf5cbf6fd54a3333ecfda14f
SHA1: b6e3c0f009f8da7c116635d1813c5788e8cbc7c2
SHA256: 77c8802185398f38dc0e8e91f86672d34817fa21410abcb97b1db88bd8e49e8e
Referenced In Project/Scope: Grouper Box:compile
Evidence Type Source Name Value Confidence Vendor file name box-java-sdk High Vendor jar package name box Highest Vendor jar package name box Low Vendor jar package name sdk Highest Vendor jar package name sdk Low Vendor pom artifactid box-java-sdk Highest Vendor pom artifactid box-java-sdk Low Vendor pom developer email gcurtis@box.com Low Vendor pom developer id gcurtis Medium Vendor pom developer name Greg Curtis Medium Vendor pom groupid com.box Highest Vendor pom name Box Java SDK High Vendor pom url http://opensource.box.com/box-java-sdk/ Highest Product file name box-java-sdk High Product jar package name box Highest Product jar package name sdk Highest Product jar package name sdk Low Product pom artifactid box-java-sdk Highest Product pom developer email gcurtis@box.com Low Product pom developer id gcurtis Low Product pom developer name Greg Curtis Low Product pom groupid com.box Highest Product pom name Box Java SDK High Product pom url http://opensource.box.com/box-java-sdk/ Medium Version file version 2.17.0 High Version pom version 2.17.0 Highest
Description:
BeanShell is a small, free, embeddable Java source interpreter with object scripting language features,
written in Java. BeanShell dynamically executes standard Java syntax and extends it with common scripting
conveniences such as loose types, commands, and method closures like those in Perl and JavaScript.
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/copyleft/lesser.html File Path: /home/grprdist/.m2/repository/org/beanshell/bsh/2.0b5/bsh-2.0b5.jar
MD5: 02f72336919d06a8491e82346e10b4d5
SHA1: fdc2ab6ae8b53e0d4761b296c116df747cd85199
SHA256: 6232199563807354b3bcb5aceb3dc136502f022c6b0ef743987a83f66fee5a5c
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name bsh High Vendor hint analyzer vendor beanshell_project Highest Vendor jar package name bsh Highest Vendor jar package name interpreter Highest Vendor jar package name org Highest Vendor Manifest Implementation-Vendor Pat Niemeyer (pat@pat.net) High Vendor Manifest specification-vendor http://www.beanshell.org/ Low Vendor pom artifactid bsh Highest Vendor pom artifactid bsh Low Vendor pom developer id pat Medium Vendor pom developer name Pat Niemeyer Medium Vendor pom groupid org.beanshell Highest Vendor pom name BeanShell High Vendor pom url http://www.beanshell.org/ Highest Product file name bsh High Product hint analyzer product beanshell Highest Product jar package name bsh Highest Product jar package name interpreter Highest Product jar package name org Highest Product Manifest specification-title BeanShell Medium Product pom artifactid bsh Highest Product pom developer id pat Low Product pom developer name Pat Niemeyer Low Product pom groupid org.beanshell Highest Product pom name BeanShell High Product pom url http://www.beanshell.org/ Medium Version pom version 2.0b5 Highest
CVE-2016-2510 suppress
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. CWE-19 Data Processing Errors
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with a remaining dependency onto ASM.
You should never depend on this module without repackaging Byte Buddy and ASM into your own namespace.
File Path: /home/grprdist/.m2/repository/net/bytebuddy/byte-buddy/1.12.9/byte-buddy-1.12.9.jar/META-INF/maven/net.bytebuddy/byte-buddy-dep/pom.xmlMD5: f252b6a3ad73a2fe8b82d4e5e252b6e7SHA1: bd386dc86918b6f7769ad855aa2636b40b639c76SHA256: 71c523053fd9cd841080a5bc89a4740b49f5dedd648e8de0ab064456e3113c14Referenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor pom artifactid byte-buddy-dep Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (with dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product pom artifactid byte-buddy-dep Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (with dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version pom version 1.12.9 Highest
Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/net/bytebuddy/byte-buddy/1.12.9/byte-buddy-1.12.9.jar
MD5: a120a37aba17a10766b9bc869f90fd2b
SHA1: 424ded9ef3496b0d997ce066f2166a4f7ec7b07a
SHA256: e305b6b5bdf8602bc5012efaa50c96b0fb922a3c60308ee1af85605b74d82710
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Highest Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.12.9 High Version Manifest Bundle-Version 1.12.9 High Version pom version 1.12.9 Highest
Description:
a JDBC Connection pooling / Statement caching library License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/grprdist/.m2/repository/com/mchange/c3p0/0.9.5.4/c3p0-0.9.5.4.jar
MD5: 45fd4a89c9fd671a0d1dc97c0ec77abe
SHA1: a21a1d37ae0b59efce99671544f51c34ed1e8def
SHA256: 60cf2906cd6ad6771f514a3e848b74b3e3da99c1806f2a63c38e2dd8da5ef11f
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name c3p0 High Vendor jar package name c3p0 Highest Vendor jar package name mchange Highest Vendor jar package name v2 Highest Vendor Manifest extension-name com.mchange.v2.c3p0 Medium Vendor Manifest Implementation-Vendor Machinery For Change, Inc. High Vendor Manifest Implementation-Vendor-Id com.mchange Medium Vendor Manifest specification-vendor Machinery For Change, Inc. Low Vendor pom artifactid c3p0 Highest Vendor pom artifactid c3p0 Low Vendor pom developer email swaldman@mchange.com Low Vendor pom developer id swaldman Medium Vendor pom developer name Steve Waldman Medium Vendor pom groupid com.mchange Highest Vendor pom name c3p0 High Vendor pom url swaldman/c3p0 Highest Product file name c3p0 High Product jar package name c3p0 Highest Product jar package name mchange Highest Product jar package name v2 Highest Product Manifest extension-name com.mchange.v2.c3p0 Medium Product pom artifactid c3p0 Highest Product pom developer email swaldman@mchange.com Low Product pom developer id swaldman Low Product pom developer name Steve Waldman Low Product pom groupid com.mchange Highest Product pom name c3p0 High Product pom url swaldman/c3p0 High Version file version 0.9.5.4 High Version Manifest Implementation-Version 0.9.5.4 High Version pom version 0.9.5.4 Highest
Description:
a JDBC Connection pooling / Statement caching library License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/grprdist/.m2/repository/com/google/code/maven-play-plugin/com/mchange/c3p0-oracle-thin-extras/0.9.5/c3p0-oracle-thin-extras-0.9.5.jar
MD5: 06b6bb3df31e56a391a5815d0f132715
SHA1: ae706b22bae360f5d360b2a5d207f804a3729ec2
SHA256: d185e4fb6a0165a39a2b85650efa18722ca9b4badef52a7701f081d9ae5ac321
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name c3p0-oracle-thin-extras High Vendor jar package name c3p0 Highest Vendor jar package name c3p0 Low Vendor jar package name mchange Highest Vendor jar package name mchange Low Vendor jar package name v2 Low Vendor pom artifactid c3p0-oracle-thin-extras Highest Vendor pom artifactid c3p0-oracle-thin-extras Low Vendor pom developer email swaldman@mchange.com Low Vendor pom developer id swaldman Medium Vendor pom developer name Steve Waldman Medium Vendor pom groupid com.google.code.maven-play-plugin.com.mchange Highest Vendor pom name c3p0-oracle-thin-extras High Vendor pom url swaldman/c3p0 Highest Product file name c3p0-oracle-thin-extras High Product jar package name c3p0 Highest Product jar package name c3p0 Low Product jar package name dbms Low Product jar package name mchange Highest Product jar package name v2 Low Product pom artifactid c3p0-oracle-thin-extras Highest Product pom developer email swaldman@mchange.com Low Product pom developer id swaldman Low Product pom developer name Steve Waldman Low Product pom groupid com.google.code.maven-play-plugin.com.mchange Highest Product pom name c3p0-oracle-thin-extras High Product pom url swaldman/c3p0 High Version file version 0.9.5 High Version pom version 0.9.5 Highest
CVE-2019-5427 suppress
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
File Path: /home/grprdist/.m2/repository/cglib/cglib/3.3.0/cglib-3.3.0.jarMD5: 6ff304cc2874dd20277a8206fee5fd9aSHA1: c956b9f9708af5901e9cf05701e9b2b1c25027ccSHA256: 9fe0c26d7464140ccdfe019ac687be1fb906122b508ab54beb810db0f09a9212Referenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name cglib High Vendor jar package name cglib Highest Vendor jar package name cglib Low Vendor jar package name net Low Vendor jar package name sf Low Vendor pom artifactid cglib Highest Vendor pom artifactid cglib Low Vendor pom groupid cglib Highest Vendor pom parent-artifactid cglib-parent Low Product file name cglib High Product jar package name cglib Highest Product jar package name cglib Low Product jar package name sf Low Product pom artifactid cglib Highest Product pom groupid cglib Highest Product pom parent-artifactid cglib-parent Medium Version file version 3.3.0 High Version pom version 3.3.0 Highest
Description:
Checker Qual is the set of annotations (qualifiers) and supporting classes
used by the Checker Framework to type check Java source code.
Please
see artifact:
org.checkerframework:checker
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/grprdist/.m2/repository/org/checkerframework/checker-qual/3.5.0/checker-qual-3.5.0.jar
MD5: 4464def1ed5c10f248ebfe1bccbedf1a
SHA1: 2f50520c8abea66fbd8d26e481d3aef5c673b510
SHA256: 729990b3f18a95606fc2573836b6958bcdb44cb52bfbd1b7aa9c339cff35a5a4
Referenced In Projects/Scopes: Grouper Duo:runtime Grouper ActiveMQ Messaging:runtime Grouper PSP-NG:runtime Grouper WS:runtime Grouper WS Test:runtime Grouper Office365 and Azure Provisioner:runtime Grouper AWS Messaging:runtime Grouper Rabbitmq:runtime Grouper Google Apps Provisioner:runtime Grouper UI:runtime Grouper API:runtime Grouper WS Generated Client:runtime Grouper AMQ:runtime Grouper WS SCIM:runtime Grouper SCIM:runtime Grouper Box:runtime Grouper UI webapp:runtime Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest automatic-module-name org.checkerframework.checker.qual Medium Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer email wdietl@uwaterloo.ca Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer id wmdietl Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer name Werner M. Dietl Medium Vendor pom developer org University of Washington Medium Vendor pom developer org University of Waterloo Medium Vendor pom developer org URL http://uwaterloo.ca/ Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom developer org URL https://www.cs.washington.edu/research/plse/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest automatic-module-name org.checkerframework.checker.qual Medium Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer email wdietl@uwaterloo.ca Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer id wmdietl Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer name Werner M. Dietl Low Product pom developer org University of Washington Low Product pom developer org University of Waterloo Low Product pom developer org URL http://uwaterloo.ca/ Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom developer org URL https://www.cs.washington.edu/research/plse/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org Medium Version file version 3.5.0 High Version Manifest Bundle-Version 3.5.0 High Version Manifest Implementation-Version 3.5.0 High Version pom version 3.5.0 Highest
Description:
Library for introspecting types with full generic information
including resolving of field and method types.
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256: aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name classmate High Vendor jar package name classmate Highest Vendor jar package name fasterxml Highest Vendor jar package name types Highest Vendor Manifest automatic-module-name com.fasterxml.classmate Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Vendor Manifest bundle-symbolicname com.fasterxml.classmate Medium Vendor Manifest implementation-build-date 2019-10-19 22:46:35+0000 Low Vendor Manifest Implementation-Vendor fasterxml.com High Vendor Manifest Implementation-Vendor-Id com.fasterxml Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor fasterxml.com Low Vendor pom artifactid classmate Highest Vendor pom artifactid classmate Low Vendor pom developer email blangel@ocheyedan.net Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id blangel Medium Vendor pom developer id tatu Medium Vendor pom developer name Brian Langel Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid com.fasterxml Highest Vendor pom name ClassMate High Vendor pom organization name fasterxml.com High Vendor pom organization url https://fasterxml.com Medium Vendor pom parent-artifactid oss-parent Low Vendor pom url FasterXML/java-classmate Highest Product file name classmate High Product jar package name classmate Highest Product jar package name fasterxml Highest Product jar package name filter Highest Product jar package name types Highest Product Manifest automatic-module-name com.fasterxml.classmate Medium Product Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Product Manifest Bundle-Name ClassMate Medium Product Manifest bundle-symbolicname com.fasterxml.classmate Medium Product Manifest implementation-build-date 2019-10-19 22:46:35+0000 Low Product Manifest Implementation-Title ClassMate High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title ClassMate Medium Product pom artifactid classmate Highest Product pom developer email blangel@ocheyedan.net Low Product pom developer email tatu@fasterxml.com Low Product pom developer id blangel Low Product pom developer id tatu Low Product pom developer name Brian Langel Low Product pom developer name Tatu Saloranta Low Product pom groupid com.fasterxml Highest Product pom name ClassMate High Product pom organization name fasterxml.com Low Product pom organization url https://fasterxml.com Low Product pom parent-artifactid oss-parent Medium Product pom url FasterXML/java-classmate High Version file version 1.5.1 High Version Manifest Bundle-Version 1.5.1 High Version Manifest Implementation-Version 1.5.1 High Version pom parent-version 1.5.1 Low Version pom version 1.5.1 Highest
Description:
Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256: 7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-beanutils High Vendor jar package name apache Highest Vendor jar package name beanutils Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Vendor Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-beanutils Highest Vendor pom artifactid commons-beanutils Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email epugh@apache.org Low Vendor pom developer email geirm@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email jconlon@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email mvdb@apache.org Low Vendor pom developer email niallp@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email scolebourne@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email stain@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer email yoavs@apache.org Low Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dion Medium Vendor pom developer id epugh Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id jconlon Medium Vendor pom developer id jstrachan Medium Vendor pom developer id morgand Medium Vendor pom developer id mvdb Medium Vendor pom developer id niallp Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer id skitching Medium Vendor pom developer id stain Medium Vendor pom developer id tobrien Medium Vendor pom developer id yoavs Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Eric Pugh Medium Vendor pom developer name Dion Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Jr. Medium Vendor pom developer name James Carman Medium Vendor pom developer name James Strachan Medium Vendor pom developer name John E. Conlon Medium Vendor pom developer name Martin van den Bemt Medium Vendor pom developer name Morgan James Delagrange Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Stian Soiland-Reyes Medium Vendor pom developer name Tim O'Brien Medium Vendor pom developer name Yoav Shapira Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-beanutils Highest Vendor pom name Apache Commons BeanUtils High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-beanutils/ Highest Product file name commons-beanutils High Product jar package name apache Highest Product jar package name beanutils Highest Product jar package name commons Highest Product Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest Bundle-Name Apache Commons BeanUtils Medium Product Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Product Manifest Implementation-Title Apache Commons BeanUtils High Product Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons BeanUtils Medium Product pom artifactid commons-beanutils Highest Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email epugh@apache.org Low Product pom developer email geirm@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email jconlon@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email mvdb@apache.org Low Product pom developer email niallp@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email scolebourne@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email stain@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer email yoavs@apache.org Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id craigmcc Low Product pom developer id dion Low Product pom developer id epugh Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id jconlon Low Product pom developer id jstrachan Low Product pom developer id morgand Low Product pom developer id mvdb Low Product pom developer id niallp Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer id skitching Low Product pom developer id stain Low Product pom developer id tobrien Low Product pom developer id yoavs Low Product pom developer name Benedikt Ritter Low Product pom developer name Craig McClanahan Low Product pom developer name David Eric Pugh Low Product pom developer name Dion Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Jr. Low Product pom developer name James Carman Low Product pom developer name James Strachan Low Product pom developer name John E. Conlon Low Product pom developer name Martin van den Bemt Low Product pom developer name Morgan James Delagrange Low Product pom developer name Niall Pemberton Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Stephen Colebourne Low Product pom developer name Stian Soiland-Reyes Low Product pom developer name Tim O'Brien Low Product pom developer name Yoav Shapira Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-beanutils Highest Product pom name Apache Commons BeanUtils High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-beanutils/ Medium Version file version 1.9.4 High Version Manifest Bundle-Version 1.9.4 High Version Manifest Implementation-Version 1.9.4 High Version pom parent-version 1.9.4 Low Version pom version 1.9.4 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-cli/commons-cli/1.4/commons-cli-1.4.jar
MD5: c966d7e03507c834d5b09b848560174e
SHA1: c51c00206bb913cd8612b24abd9fa98ae89719b1
SHA256: fd3c7c9545a9cdb2051d1f9155c4f76b1e4ac5a57304404a6eedb578ffba7328
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-cli High Vendor jar package name apache Highest Vendor jar package name cli Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-cli/ Low Vendor Manifest bundle-symbolicname org.apache.commons.cli Medium Vendor Manifest implementation-build tags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-cli/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-cli Highest Vendor pom artifactid commons-cli Low Vendor pom developer email bob@werken.com Low Vendor pom developer email ebourg@apache.org Low Vendor pom developer email jbjk@mac.com Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email roxspring@imapmail.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id bob Medium Vendor pom developer id ebourg Medium Vendor pom developer id jkeyes Medium Vendor pom developer id jstrachan Medium Vendor pom developer id roxspring Medium Vendor pom developer id tn Medium Vendor pom developer name Bob McWhirter Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name James Strachan Medium Vendor pom developer name John Keyes Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Ariane Software Medium Vendor pom developer org Indigo Stone Medium Vendor pom developer org integral Source Medium Vendor pom developer org SpiritSoft, Inc. Medium Vendor pom developer org Werken Medium Vendor pom groupid commons-cli Highest Vendor pom name Apache Commons CLI High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-cli/ Highest Product file name commons-cli High Product jar package name apache Highest Product jar package name cli Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-cli/ Low Product Manifest Bundle-Name Apache Commons CLI Medium Product Manifest bundle-symbolicname org.apache.commons.cli Medium Product Manifest implementation-build tags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000 Low Product Manifest Implementation-Title Apache Commons CLI High Product Manifest implementation-url http://commons.apache.org/proper/commons-cli/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest specification-title Apache Commons CLI Medium Product pom artifactid commons-cli Highest Product pom developer email bob@werken.com Low Product pom developer email ebourg@apache.org Low Product pom developer email jbjk@mac.com Low Product pom developer email jstrachan@apache.org Low Product pom developer email roxspring@imapmail.org Low Product pom developer email tn@apache.org Low Product pom developer id bob Low Product pom developer id ebourg Low Product pom developer id jkeyes Low Product pom developer id jstrachan Low Product pom developer id roxspring Low Product pom developer id tn Low Product pom developer name Bob McWhirter Low Product pom developer name Emmanuel Bourg Low Product pom developer name James Strachan Low Product pom developer name John Keyes Low Product pom developer name Rob Oxspring Low Product pom developer name Thomas Neidhart Low Product pom developer org Ariane Software Low Product pom developer org Indigo Stone Low Product pom developer org integral Source Low Product pom developer org SpiritSoft, Inc. Low Product pom developer org Werken Low Product pom groupid commons-cli Highest Product pom name Apache Commons CLI High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-cli/ Medium Version file version 1.4 High Version Manifest Implementation-Version 1.4 High Version pom parent-version 1.4 Low Version pom version 1.4 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar
MD5: 303baf002ce6d382198090aedd9d79a2
SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d
SHA256: b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63
Referenced In Projects/Scopes: Grouper PSP-NG:compile Grouper WS Test:compile Grouper Client:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper WS Manual Client:compile Grouper Duo:compile Grouper Google Apps Provisioner:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-codec High Vendor jar package name apache Highest Vendor jar package name codec Highest Vendor jar package name commons Highest Vendor jar package name encoder Highest Vendor Manifest automatic-module-name org.apache.commons.codec Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-codec Highest Vendor pom artifactid commons-codec Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jon@collab.net Low Vendor pom developer email julius@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email tn@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id chtompki Medium Vendor pom developer id dgraham Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jon Medium Vendor pom developer id julius Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name David Graham Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jon S. Stevens Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org URL http://juliusdavies.ca/ Medium Vendor pom groupid commons-codec Highest Vendor pom name Apache Commons Codec High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-codec/ Highest Product file name commons-codec High Product jar package name apache Highest Product jar package name codec Highest Product jar package name commons Highest Product jar package name encoder Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Product Manifest Implementation-Title Apache Commons Codec High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Apache Commons Codec Medium Product pom artifactid commons-codec Highest Product pom developer email bayard@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jon@collab.net Low Product pom developer email julius@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email tn@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id bayard Low Product pom developer id chtompki Low Product pom developer id dgraham Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jon Low Product pom developer id julius Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Daniel Rall Low Product pom developer name David Graham Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jon S. Stevens Low Product pom developer name Julius Davies Low Product pom developer name Rob Tompkins Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim OBrien Low Product pom developer org URL http://juliusdavies.ca/ Low Product pom groupid commons-codec Highest Product pom name Apache Commons Codec High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-codec/ Medium Version file version 1.15 High Version Manifest Implementation-Version 1.15 High Version pom parent-version 1.15 Low Version pom version 1.15 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-collections High Vendor jar package name apache Highest Vendor jar package name collections Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-collections Highest Vendor pom artifactid commons-collections Low Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id craigmcc Medium Vendor pom developer id geirm Medium Vendor pom developer id jcarman Medium Vendor pom developer id matth Medium Vendor pom developer id morgand Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid commons-collections Highest Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/collections/ Highest Product file name commons-collections High Product jar package name apache Highest Product jar package name collections Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product Manifest Implementation-Title Apache Commons Collections High Product Manifest implementation-url http://commons.apache.org/collections/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections Highest Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id craigmcc Low Product pom developer id geirm Low Product pom developer id jcarman Low Product pom developer id matth Low Product pom developer id morgand Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom groupid commons-collections Highest Product pom name Apache Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/collections/ Medium Version file version 3.2.2 High Version Manifest Bundle-Version 3.2.2 High Version Manifest Implementation-Version 3.2.2 High Version pom parent-version 3.2.2 Low Version pom version 3.2.2 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-collections4/4.0/commons-collections4-4.0.jar
MD5: a18f2d0153b5607dff8c5becbdd76dd1
SHA1: da217367fd25e88df52ba79e47658d4cf928b0d1
SHA256: 93f8dfcd20831a28d092427723f696bceb70b28e7fb89d7914f14d5ea492ce5a
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name commons-collections4 High Vendor jar package name apache Highest Vendor jar package name collections4 Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.collections4 Medium Vendor Manifest implementation-build tags/COLLECTIONS_4_0_RC5@r1543977; 2013-11-20 23:44:45+0100 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-collections4 Highest Vendor pom artifactid commons-collections4 Low Vendor pom developer id adriannistor Medium Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id craigmcc Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id luc Medium Vendor pom developer id matth Medium Vendor pom developer id mbenson Medium Vendor pom developer id morgand Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer id tn Medium Vendor pom developer name Adrian Nistor Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Luc Maisonobe Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-collections/ Highest Product file name commons-collections4 High Product jar package name apache Highest Product jar package name collections4 Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.collections4 Medium Product Manifest implementation-build tags/COLLECTIONS_4_0_RC5@r1543977; 2013-11-20 23:44:45+0100 Low Product Manifest Implementation-Title Apache Commons Collections High Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections4 Highest Product pom developer id adriannistor Low Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id craigmcc Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id luc Low Product pom developer id matth Low Product pom developer id mbenson Low Product pom developer id morgand Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer id tn Low Product pom developer name Adrian Nistor Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Gary D. Gregory Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Luc Maisonobe Low Product pom developer name Matt Benson Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom developer name Thomas Neidhart Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-collections/ Medium Version file version 4.0 High Version Manifest Implementation-Version 4.0 High Version pom parent-version 4.0 Low Version pom version 4.0 Highest
CVE-2015-6420 suppress
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
Description:
The Apache Commons CSV library provides a simple interface for reading and writing
CSV files of various types.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-csv/1.6/commons-csv-1.6.jar
MD5: 6a0c53855ceb8fb376635e9a05fb8cb6
SHA1: 22b3c2f901af973a8ec4f24e80c8c0c77a600b79
SHA256: 7d1560fe2c3564128f2ff3f7c0fc9f0666738aa0e704f3d78b8954f9e0ec3adf
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-csv High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name csv Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-csv/ Low Vendor Manifest bundle-symbolicname org.apache.commons.csv Medium Vendor Manifest implementation-build release@r2596fdeebcab53fe459c481990bf1dec838128a5; 2018-09-19 11:49:19+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-csv/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-csv Highest Vendor pom artifactid commons-csv Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email ebourg@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email mvdb@apache.org Low Vendor pom developer email yonik@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id ebourg Medium Vendor pom developer id ggregory Medium Vendor pom developer id mvdb Medium Vendor pom developer id yonik Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Martin van den Bemt Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Yonik Seeley Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons CSV High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-csv/ Highest Product file name commons-csv High Product jar package name apache Highest Product jar package name commons Highest Product jar package name csv Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-csv/ Low Product Manifest Bundle-Name Apache Commons CSV Medium Product Manifest bundle-symbolicname org.apache.commons.csv Medium Product Manifest implementation-build release@r2596fdeebcab53fe459c481990bf1dec838128a5; 2018-09-19 11:49:19+0000 Low Product Manifest Implementation-Title Apache Commons CSV High Product Manifest implementation-url http://commons.apache.org/proper/commons-csv/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Apache Commons CSV Medium Product pom artifactid commons-csv Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email ebourg@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email mvdb@apache.org Low Product pom developer email yonik@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id ebourg Low Product pom developer id ggregory Low Product pom developer id mvdb Low Product pom developer id yonik Low Product pom developer name Benedikt Ritter Low Product pom developer name Emmanuel Bourg Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Martin van den Bemt Low Product pom developer name Rob Tompkins Low Product pom developer name Yonik Seeley Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons CSV High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-csv/ Medium Version file version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom parent-version 1.6 Low Version pom version 1.6 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Commons Database Connection Pooling License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
SHA256: a6e2d83551d0e5b59aa942359f3010d35e79365e6552ad3dbaa6776e4851e4f6
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-dbcp High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name dbcp Highest Vendor Manifest bundle-docurl http://commons.apache.org/dbcp/ Low Vendor Manifest bundle-symbolicname org.apache.commons.dbcp Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-dbcp Highest Vendor pom artifactid commons-dbcp Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email markt@apache.org Low Vendor pom developer email mpoeschl@marmot.at Low Vendor pom developer email yoavs@apache.org Low Vendor pom developer id craigmcc Medium Vendor pom developer id dirkv Medium Vendor pom developer id dweinr1 Medium Vendor pom developer id geirm Medium Vendor pom developer id jmcnally Medium Vendor pom developer id joehni Medium Vendor pom developer id markt Medium Vendor pom developer id morgand Medium Vendor pom developer id mpoeschl Medium Vendor pom developer id psteitz Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id yoavs Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Weinrich Medium Vendor pom developer name Dirk Verbeeck Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Jörg Schaible Medium Vendor pom developer name John McNally Medium Vendor pom developer name Mark Thomas Medium Vendor pom developer name Martin Poeschl Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Yoav Shapira Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom developer org tucana.at Medium Vendor pom groupid commons-dbcp Highest Vendor pom name Commons DBCP High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/dbcp/ Highest Product file name commons-dbcp High Product jar package name apache Highest Product jar package name commons Highest Product jar package name dbcp Highest Product Manifest bundle-docurl http://commons.apache.org/dbcp/ Low Product Manifest Bundle-Name Commons DBCP Medium Product Manifest bundle-symbolicname org.apache.commons.dbcp Medium Product Manifest Implementation-Title Commons DBCP High Product Manifest specification-title Commons DBCP Medium Product pom artifactid commons-dbcp Highest Product pom developer email joerg.schaible@gmx.de Low Product pom developer email markt@apache.org Low Product pom developer email mpoeschl@marmot.at Low Product pom developer email yoavs@apache.org Low Product pom developer id craigmcc Low Product pom developer id dirkv Low Product pom developer id dweinr1 Low Product pom developer id geirm Low Product pom developer id jmcnally Low Product pom developer id joehni Low Product pom developer id markt Low Product pom developer id morgand Low Product pom developer id mpoeschl Low Product pom developer id psteitz Low Product pom developer id rwaldhoff Low Product pom developer id yoavs Low Product pom developer name Craig McClanahan Low Product pom developer name David Weinrich Low Product pom developer name Dirk Verbeeck Low Product pom developer name Geir Magnusson Low Product pom developer name Jörg Schaible Low Product pom developer name John McNally Low Product pom developer name Mark Thomas Low Product pom developer name Martin Poeschl Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Rodney Waldhoff Low Product pom developer name Yoav Shapira Low Product pom developer org Apache Software Foundation Low Product pom developer org tucana.at Low Product pom groupid commons-dbcp Highest Product pom name Commons DBCP High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/dbcp/ Medium Version file version 1.4 High Version Manifest Bundle-Version 1.4 High Version Manifest Implementation-Version 1.4 High Version pom parent-version 1.4 Low Version pom version 1.4 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-digester High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name digester Highest Vendor jar package name rules Highest Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-digester Highest Vendor pom artifactid commons-digester Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email jfarcand@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email jvanzyl@apache.org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email simonetripodi AT apache DOT org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id craigmcc Medium Vendor pom developer id jfarcand Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id rahul Medium Vendor pom developer id rdonkin Medium Vendor pom developer id sanders Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id skitching Medium Vendor pom developer id tobrien Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jean-Francois Arcand Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer name Tim OBrien Medium Vendor pom groupid commons-digester Highest Vendor pom name Commons Digester High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/digester/ Highest Product file name commons-digester High Product jar package name apache Highest Product jar package name commons Highest Product jar package name digester Highest Product jar package name rules Highest Product Manifest bundle-docurl http://commons.apache.org/digester/ Low Product Manifest Bundle-Name Commons Digester Medium Product Manifest bundle-symbolicname org.apache.commons.digester Medium Product Manifest Implementation-Title Commons Digester High Product Manifest specification-title Commons Digester Medium Product pom artifactid commons-digester Highest Product pom developer email craigmcc@apache.org Low Product pom developer email jfarcand@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email jvanzyl@apache.org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email simonetripodi AT apache DOT org Low Product pom developer email skitching@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id craigmcc Low Product pom developer id jfarcand Low Product pom developer id jstrachan Low Product pom developer id jvanzyl Low Product pom developer id rahul Low Product pom developer id rdonkin Low Product pom developer id sanders Low Product pom developer id simonetripodi Low Product pom developer id skitching Low Product pom developer id tobrien Low Product pom developer name Craig McClanahan Low Product pom developer name James Strachan Low Product pom developer name Jason van Zyl Low Product pom developer name Jean-Francois Arcand Low Product pom developer name Rahul Akolkar Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Simone Tripodi Low Product pom developer name Tim OBrien Low Product pom groupid commons-digester Highest Product pom name Commons Digester High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/digester/ Medium Version file version 2.1 High Version Manifest Bundle-Version 2.1 High Version Manifest Implementation-Version 2.1 High Version pom parent-version 2.1 Low Version pom version 2.1 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Apache Commons Digester package lets you configure an XML to Java
object mapping module which triggers certain actions called rules whenever
a particular pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar
MD5: 41d2c62c7aedafa7a3627794abc83f71
SHA1: c3f68c5ff25ec5204470fd8fdf4cb8feff5e8a79
SHA256: 1c150e3d2df4b4237b47e28fea2079fb0da324578d5cca6a5fed2e37a62082ec
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-digester3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name digester Highest Vendor jar package name digester3 Highest Vendor jar package name rules Highest Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium Vendor Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-digester3 Highest Vendor pom artifactid commons-digester3 Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email jfarcand@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email jvanzyl@apache.org Low Vendor pom developer email mbenson AT apache DOT org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email simonetripodi AT apache DOT org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id craigmcc Medium Vendor pom developer id jfarcand Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id mbenson Medium Vendor pom developer id rahul Medium Vendor pom developer id rdonkin Medium Vendor pom developer id sanders Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id skitching Medium Vendor pom developer id tobrien Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jean-Francois Arcand Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer name Tim OBrien Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Digester High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/digester/ Highest Product file name commons-digester3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name digester Highest Product jar package name digester3 Highest Product jar package name rules Highest Product Manifest bundle-docurl http://commons.apache.org/digester/ Low Product Manifest Bundle-Name Apache Commons Digester Medium Product Manifest bundle-symbolicname org.apache.commons.digester Medium Product Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Product Manifest Implementation-Title Apache Commons Digester High Product Manifest specification-title Apache Commons Digester Medium Product pom artifactid commons-digester3 Highest Product pom developer email craigmcc@apache.org Low Product pom developer email jfarcand@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email jvanzyl@apache.org Low Product pom developer email mbenson AT apache DOT org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email simonetripodi AT apache DOT org Low Product pom developer email skitching@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id craigmcc Low Product pom developer id jfarcand Low Product pom developer id jstrachan Low Product pom developer id jvanzyl Low Product pom developer id mbenson Low Product pom developer id rahul Low Product pom developer id rdonkin Low Product pom developer id sanders Low Product pom developer id simonetripodi Low Product pom developer id skitching Low Product pom developer id tobrien Low Product pom developer name Craig McClanahan Low Product pom developer name James Strachan Low Product pom developer name Jason van Zyl Low Product pom developer name Jean-Francois Arcand Low Product pom developer name Matt Benson Low Product pom developer name Rahul Akolkar Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Simone Tripodi Low Product pom developer name Tim OBrien Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Digester High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/digester/ Medium Version file version 3.2 High Version Manifest Implementation-Version 3.2 High Version pom parent-version 3.2 Low Version pom version 3.2 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Exec is a library to reliably execute external processes from within the JVM. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256: cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-exec High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name exec Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.exec Medium Vendor Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-exec Highest Vendor pom artifactid commons-exec Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer id brett Medium Vendor pom developer id ggregory Medium Vendor pom developer id sebb Medium Vendor pom developer id sgoeschl Medium Vendor pom developer id trygvis Medium Vendor pom developer name Brett Porter Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Siegfried Goeschl Medium Vendor pom developer name Trygve Laugstøl Medium Vendor pom developer org Apache Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Exec High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-exec/ Highest Product file name commons-exec High Product jar package name apache Highest Product jar package name commons Highest Product jar package name exec Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low Product Manifest Bundle-Name Apache Commons Exec Medium Product Manifest bundle-symbolicname org.apache.commons.exec Medium Product Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low Product Manifest Implementation-Title Apache Commons Exec High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest specification-title Apache Commons Exec Medium Product pom artifactid commons-exec Highest Product pom developer email ggregory@apache.org Low Product pom developer id brett Low Product pom developer id ggregory Low Product pom developer id sebb Low Product pom developer id sgoeschl Low Product pom developer id trygvis Low Product pom developer name Brett Porter Low Product pom developer name Gary Gregory Low Product pom developer name Sebastian Bazley Low Product pom developer name Siegfried Goeschl Low Product pom developer name Trygve Laugstøl Low Product pom developer org Apache Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Exec High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-exec/ Medium Version file version 1.3 High Version Manifest Implementation-Version 1.3 High Version pom parent-version 1.3 Low Version pom version 1.3 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256: a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-fileupload High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name fileupload Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Vendor Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-fileupload Highest Vendor pom artifactid commons-fileupload Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jason@zenplex.com Low Vendor pom developer email jmcnally@collab.net Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sean |at| seansullivan |dot| com Low Vendor pom developer email simonetripodi@apache.org Low Vendor pom developer id chtompki Medium Vendor pom developer id dion Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jmcnally Medium Vendor pom developer id jochen Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id martinc Medium Vendor pom developer id rdonkin Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id sullis Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name John McNally Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Sean C. Sullivan Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer org Adobe Medium Vendor pom developer org CollabNet Medium Vendor pom developer org Multitask Consulting Medium Vendor pom developer org Yahoo! Medium Vendor pom developer org Zenplex Medium Vendor pom groupid commons-fileupload Highest Vendor pom name Apache Commons FileUpload High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest Product file name commons-fileupload High Product jar package name apache Highest Product jar package name commons Highest Product jar package name fileupload Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Product Manifest Bundle-Name Apache Commons FileUpload Medium Product Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Product Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Product Manifest Implementation-Title Apache Commons FileUpload High Product Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons FileUpload Medium Product pom artifactid commons-fileupload Highest Product pom developer email chtompki@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jason@zenplex.com Low Product pom developer email jmcnally@collab.net Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email martinc@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sean |at| seansullivan |dot| com Low Product pom developer email simonetripodi@apache.org Low Product pom developer id chtompki Low Product pom developer id dion Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jmcnally Low Product pom developer id jochen Low Product pom developer id jvanzyl Low Product pom developer id martinc Low Product pom developer id rdonkin Low Product pom developer id simonetripodi Low Product pom developer id sullis Low Product pom developer name Daniel Rall Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Jason van Zyl Low Product pom developer name Jochen Wiedmann Low Product pom developer name John McNally Low Product pom developer name Martin Cooper Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Sean C. Sullivan Low Product pom developer name Simone Tripodi Low Product pom developer org Adobe Low Product pom developer org CollabNet Low Product pom developer org Multitask Consulting Low Product pom developer org Yahoo! Low Product pom developer org Zenplex Low Product pom groupid commons-fileupload Highest Product pom name Apache Commons FileUpload High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium Version file version 1.4 High Version Manifest Implementation-Version 1.4 High Version pom parent-version 1.4 Low Version pom version 1.4 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/grprdist/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper Client:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper WS Manual Client:compile Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-httpclient High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name httpclient Highest Vendor jar package name methods Highest Vendor manifest: org/apache/commons/httpclient Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid commons-httpclient Highest Vendor pom artifactid commons-httpclient Low Vendor pom developer email adrian.sutton -at- ephox.com Low Vendor pom developer email dion -at- apache.org Low Vendor pom developer email jericho -at- apache.org Low Vendor pom developer email jsdever -at- apache.org Low Vendor pom developer email mbecke -at- apache.org Low Vendor pom developer email oglueck -at- apache.org Low Vendor pom developer email olegk -at- apache.org Low Vendor pom developer email rwaldhoff -at- apache Low Vendor pom developer email sullis -at- apache.org Low Vendor pom developer id adrian Medium Vendor pom developer id dion Medium Vendor pom developer id jericho Medium Vendor pom developer id jsdever Medium Vendor pom developer id mbecke Medium Vendor pom developer id oglueck Medium Vendor pom developer id olegk Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sullis Medium Vendor pom developer name Adrian Sutton Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Jeff Dever Medium Vendor pom developer name Michael Becke Medium Vendor pom developer name Oleg Kalnichevski Medium Vendor pom developer name Ortwin Glueck Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sean C. Sullivan Medium Vendor pom developer name Sung-Gu Medium Vendor pom developer org Britannica Medium Vendor pom developer org Independent consultant Medium Vendor pom developer org Intencha Medium Vendor pom developer org Multitask Consulting Medium Vendor pom groupid commons-httpclient Highest Vendor pom name HttpClient High Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://jakarta.apache.org/ Medium Vendor pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Highest Product file name commons-httpclient High Product jar package name apache Highest Product jar package name commons Highest Product jar package name httpclient Highest Product jar package name methods Highest Product manifest: org/apache/commons/httpclient Implementation-Title org.apache.commons.httpclient Medium Product manifest: org/apache/commons/httpclient Specification-Title Jakarta Commons HttpClient Medium Product pom artifactid commons-httpclient Highest Product pom developer email adrian.sutton -at- ephox.com Low Product pom developer email dion -at- apache.org Low Product pom developer email jericho -at- apache.org Low Product pom developer email jsdever -at- apache.org Low Product pom developer email mbecke -at- apache.org Low Product pom developer email oglueck -at- apache.org Low Product pom developer email olegk -at- apache.org Low Product pom developer email rwaldhoff -at- apache Low Product pom developer email sullis -at- apache.org Low Product pom developer id adrian Low Product pom developer id dion Low Product pom developer id jericho Low Product pom developer id jsdever Low Product pom developer id mbecke Low Product pom developer id oglueck Low Product pom developer id olegk Low Product pom developer id rwaldhoff Low Product pom developer id sullis Low Product pom developer name Adrian Sutton Low Product pom developer name dIon Gillard Low Product pom developer name Jeff Dever Low Product pom developer name Michael Becke Low Product pom developer name Oleg Kalnichevski Low Product pom developer name Ortwin Glueck Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sean C. Sullivan Low Product pom developer name Sung-Gu Low Product pom developer org Britannica Low Product pom developer org Independent consultant Low Product pom developer org Intencha Low Product pom developer org Multitask Consulting Low Product pom groupid commons-httpclient Highest Product pom name HttpClient High Product pom organization name Apache Software Foundation Low Product pom organization url http://jakarta.apache.org/ Low Product pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Medium Version file version 3.1 High Version manifest: org/apache/commons/httpclient Implementation-Version 3.1 Medium Version pom version 3.1 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2012-5783 suppress
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions:
CVE-2020-13956 suppress
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256: 961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-io High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name file Highest Vendor jar package name io Highest Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-io Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-io Highest Vendor pom artifactid commons-io Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jeremias@apache.org Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email krosenvold@apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email matth@apache.org Low Vendor pom developer email nicolaken@apache.org Low Vendor pom developer email roxspring@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dion Medium Vendor pom developer id ggregory Medium Vendor pom developer id jeremias Medium Vendor pom developer id jochen Medium Vendor pom developer id jukka Medium Vendor pom developer id krosenvold Medium Vendor pom developer id martinc Medium Vendor pom developer id matth Medium Vendor pom developer id niallp Medium Vendor pom developer id nicolaken Medium Vendor pom developer id roxspring Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jeremias Maerki Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name Jukka Zitting Medium Vendor pom developer name Kristian Rosenvold Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nicola Ken Barozzi Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-io Highest Vendor pom name Apache Commons IO High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-io/ Highest Product file name commons-io High Product jar package name apache Highest Product jar package name commons Highest Product jar package name file Highest Product jar package name io Highest Product Manifest automatic-module-name org.apache.commons.io Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest bundle-symbolicname org.apache.commons.commons-io Medium Product Manifest Implementation-Title Apache Commons IO High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons IO Medium Product pom artifactid commons-io Highest Product pom developer email bayard@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email jeremias@apache.org Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email krosenvold@apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email matth@apache.org Low Product pom developer email nicolaken@apache.org Low Product pom developer email roxspring@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer id bayard Low Product pom developer id dion Low Product pom developer id ggregory Low Product pom developer id jeremias Low Product pom developer id jochen Low Product pom developer id jukka Low Product pom developer id krosenvold Low Product pom developer id martinc Low Product pom developer id matth Low Product pom developer id niallp Low Product pom developer id nicolaken Low Product pom developer id roxspring Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jeremias Maerki Low Product pom developer name Jochen Wiedmann Low Product pom developer name Jukka Zitting Low Product pom developer name Kristian Rosenvold Low Product pom developer name Martin Cooper Low Product pom developer name Matthew Hawthorne Low Product pom developer name Niall Pemberton Low Product pom developer name Nicola Ken Barozzi Low Product pom developer name Rob Oxspring Low Product pom developer name Scott Sanders Low Product pom developer name Stephen Colebourne Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-io Highest Product pom name Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-io/ Medium Version file version 2.11.0 High Version Manifest Bundle-Version 2.11.0 High Version Manifest Implementation-Version 2.11.0 High Version pom parent-version 2.11.0 Low Version pom version 2.11.0 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Common classes to make creating REST services more consistent. License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/edu/psu/swe/commons/commons-jaxrs/1.30/commons-jaxrs-1.30.jar
MD5: 28ddd7d7e6076992b76b74847bc449b0
SHA1: 808318f583518b6e4f0caef590cd77a6faa42b3f
SHA256: 0dc28a13f8b9e8e5544dc64085c299dbc2309c63e8158c1103f62f3bfb245cb2
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name commons-jaxrs High Vendor jar package name commons Highest Vendor jar package name edu Highest Vendor jar package name edu Low Vendor jar package name psu Highest Vendor jar package name psu Low Vendor jar package name swe Highest Vendor jar package name swe Low Vendor pom artifactid commons-jaxrs Highest Vendor pom artifactid commons-jaxrs Low Vendor pom developer email bhoman@psu.edu Low Vendor pom developer email crh5255@psu.edu Low Vendor pom developer email mat21@psu.edu Low Vendor pom developer email nur1@psu.edu Low Vendor pom developer email ses44@psu.edu Low Vendor pom developer email smoyer@psu.edu Low Vendor pom developer id bhoman127 Medium Vendor pom developer id chrisharm Medium Vendor pom developer id mat328 Medium Vendor pom developer id nur1 Medium Vendor pom developer id smoyer64 Medium Vendor pom developer id ussmith Medium Vendor pom developer name Ben Homan Medium Vendor pom developer name Christopher Harm Medium Vendor pom developer name Matt Teeter Medium Vendor pom developer name Niraja Ramesh Medium Vendor pom developer name Shawn Smith Medium Vendor pom developer name Steve Moyer Medium Vendor pom developer org The Pennsylvania State University Medium Vendor pom developer org URL https://www.psu.edu Medium Vendor pom groupid edu.psu.swe.commons Highest Vendor pom name Common JAXRS Libraries High Vendor pom url PennState/commons-jaxrs Highest Product file name commons-jaxrs High Product jar package name commons Highest Product jar package name commons Low Product jar package name edu Highest Product jar package name psu Highest Product jar package name psu Low Product jar package name swe Highest Product jar package name swe Low Product pom artifactid commons-jaxrs Highest Product pom developer email bhoman@psu.edu Low Product pom developer email crh5255@psu.edu Low Product pom developer email mat21@psu.edu Low Product pom developer email nur1@psu.edu Low Product pom developer email ses44@psu.edu Low Product pom developer email smoyer@psu.edu Low Product pom developer id bhoman127 Low Product pom developer id chrisharm Low Product pom developer id mat328 Low Product pom developer id nur1 Low Product pom developer id smoyer64 Low Product pom developer id ussmith Low Product pom developer name Ben Homan Low Product pom developer name Christopher Harm Low Product pom developer name Matt Teeter Low Product pom developer name Niraja Ramesh Low Product pom developer name Shawn Smith Low Product pom developer name Steve Moyer Low Product pom developer org The Pennsylvania State University Low Product pom developer org URL https://www.psu.edu Low Product pom groupid edu.psu.swe.commons Highest Product pom name Common JAXRS Libraries High Product pom url PennState/commons-jaxrs High Version file version 1.30 High Version pom version 1.30 Highest
Description:
The Commons Jexl library is an implementation of the JSTL Expression Language with extensions. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-jexl/2.1.1/commons-jexl-2.1.1.jar
MD5: 4ad8f5c161dd3a50e190334555675db9
SHA1: 6ecc181debade00230aa1e17666c4ea0371beaaa
SHA256: 03c9a9fae5da78ce52c0bf24467cc37355b7e23196dff4839e2c0ff018a01306
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Office365 and Azure Provisioner:compile Grouper Google Apps Provisioner:provided Grouper Client:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-jexl High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name expression Highest Vendor Manifest bundle-docurl http://commons.apache.org/jexl/ Low Vendor Manifest bundle-symbolicname org.apache.commons.jexl Medium Vendor Manifest implementation-build COMMONS_JEXL_2_1_1-RC1@r1220732; 2011-12-19 14:53:11+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-jexl Highest Vendor pom artifactid commons-jexl Low Vendor pom developer email dion AT apache DOT org Low Vendor pom developer email geirm AT apache DOT org Low Vendor pom developer email henrib AT apache DOT org Low Vendor pom developer email jstrachan AT apache DOT org Low Vendor pom developer email proyal AT apache DOT org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email sebb AT apache DOT org Low Vendor pom developer email tobrien AT apache DOT org Low Vendor pom developer id dion Medium Vendor pom developer id geirm Medium Vendor pom developer id henrib Medium Vendor pom developer id jstrachan Medium Vendor pom developer id proyal Medium Vendor pom developer id rahul Medium Vendor pom developer id sebb Medium Vendor pom developer id tobrien Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Geir Magnusson Jr. Medium Vendor pom developer name Henri Biestro Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Peter Royal Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Tim O'Brien Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom developer org independent Medium Vendor pom developer org SpiritSoft, Inc. Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Commons JEXL High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/jexl/ Highest Product file name commons-jexl High Product jar package name apache Highest Product jar package name commons Highest Product jar package name expression Highest Product Manifest bundle-docurl http://commons.apache.org/jexl/ Low Product Manifest Bundle-Name Commons JEXL Medium Product Manifest bundle-symbolicname org.apache.commons.jexl Medium Product Manifest implementation-build COMMONS_JEXL_2_1_1-RC1@r1220732; 2011-12-19 14:53:11+0000 Low Product Manifest Implementation-Title Commons JEXL High Product Manifest specification-title Commons JEXL Medium Product pom artifactid commons-jexl Highest Product pom developer email dion AT apache DOT org Low Product pom developer email geirm AT apache DOT org Low Product pom developer email henrib AT apache DOT org Low Product pom developer email jstrachan AT apache DOT org Low Product pom developer email proyal AT apache DOT org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email sebb AT apache DOT org Low Product pom developer email tobrien AT apache DOT org Low Product pom developer id dion Low Product pom developer id geirm Low Product pom developer id henrib Low Product pom developer id jstrachan Low Product pom developer id proyal Low Product pom developer id rahul Low Product pom developer id sebb Low Product pom developer id tobrien Low Product pom developer name dIon Gillard Low Product pom developer name Geir Magnusson Jr. Low Product pom developer name Henri Biestro Low Product pom developer name James Strachan Low Product pom developer name Peter Royal Low Product pom developer name Rahul Akolkar Low Product pom developer name Sebastian Bazley Low Product pom developer name Tim O'Brien Low Product pom developer org Apache Software Foundation Low Product pom developer org independent Low Product pom developer org SpiritSoft, Inc. Low Product pom groupid org.apache.commons Highest Product pom name Commons JEXL High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/jexl/ Medium Version file version 2.1.1 High Version Manifest Bundle-Version 2.1.1 High Version Manifest Implementation-Version 2.1.1 High Version pom parent-version 2.1.1 Low Version pom version 2.1.1 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Apache Commons JEXL library is an implementation of the JSTL Expression Language with extensions. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-jexl3/3.0/commons-jexl3-3.0.jar
MD5: 81041b5b058a2ccff0046386bc7e23f8
SHA1: 75aba6fe6659500bc7fcd420adca9c04ec9a379a
SHA256: 79b0aecbe5d851ccf919ba3f5ec3ee333e011f46a24713cb2099e3968a5b9884
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-jexl3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name jexl3 Highest Vendor Manifest bundle-docurl http://commons.apache.org/jexl/ Low Vendor Manifest bundle-symbolicname org.apache.commons.jexl Medium Vendor Manifest implementation-build tags/COMMONS_JEXL_3_0-RC2@r1720787; 2015-12-18 14:09:43+0000 Low Vendor Manifest implementation-url http://commons.apache.org/jexl/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-jexl3 Highest Vendor pom artifactid commons-jexl3 Low Vendor pom developer email dion AT apache DOT org Low Vendor pom developer email geirm AT apache DOT org Low Vendor pom developer email henrib AT apache DOT org Low Vendor pom developer email jstrachan AT apache DOT org Low Vendor pom developer email proyal AT apache DOT org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email sebb AT apache DOT org Low Vendor pom developer email tobrien AT apache DOT org Low Vendor pom developer id dion Medium Vendor pom developer id geirm Medium Vendor pom developer id henrib Medium Vendor pom developer id jstrachan Medium Vendor pom developer id proyal Medium Vendor pom developer id rahul Medium Vendor pom developer id sebb Medium Vendor pom developer id tobrien Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Geir Magnusson Jr. Medium Vendor pom developer name Henri Biestro Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Peter Royal Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Tim O'Brien Medium Vendor pom developer org independent Medium Vendor pom developer org SpiritSoft, Inc. Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons JEXL High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/jexl/ Highest Product file name commons-jexl3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name jexl3 Highest Product Manifest bundle-docurl http://commons.apache.org/jexl/ Low Product Manifest Bundle-Name Apache Commons JEXL Medium Product Manifest bundle-symbolicname org.apache.commons.jexl Medium Product Manifest implementation-build tags/COMMONS_JEXL_3_0-RC2@r1720787; 2015-12-18 14:09:43+0000 Low Product Manifest Implementation-Title Apache Commons JEXL High Product Manifest implementation-url http://commons.apache.org/jexl/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons JEXL Medium Product pom artifactid commons-jexl3 Highest Product pom developer email dion AT apache DOT org Low Product pom developer email geirm AT apache DOT org Low Product pom developer email henrib AT apache DOT org Low Product pom developer email jstrachan AT apache DOT org Low Product pom developer email proyal AT apache DOT org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email sebb AT apache DOT org Low Product pom developer email tobrien AT apache DOT org Low Product pom developer id dion Low Product pom developer id geirm Low Product pom developer id henrib Low Product pom developer id jstrachan Low Product pom developer id proyal Low Product pom developer id rahul Low Product pom developer id sebb Low Product pom developer id tobrien Low Product pom developer name dIon Gillard Low Product pom developer name Geir Magnusson Jr. Low Product pom developer name Henri Biestro Low Product pom developer name James Strachan Low Product pom developer name Peter Royal Low Product pom developer name Rahul Akolkar Low Product pom developer name Sebastian Bazley Low Product pom developer name Tim O'Brien Low Product pom developer org independent Low Product pom developer org SpiritSoft, Inc. Low Product pom developer org The Apache Software Foundation Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons JEXL High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/jexl/ Medium Version file version 3.0 High Version Manifest Implementation-Version 3.0 High Version pom parent-version 3.0 Low Version pom version 3.0 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256: 50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-lang High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang Highest Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang Highest Vendor pom artifactid commons-lang Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@seagullsw.com Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email phil@steitz.com Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org Seagull Software Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom groupid commons-lang Highest Vendor pom name Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/lang/ Highest Product file name commons-lang High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang Highest Product Manifest bundle-docurl http://commons.apache.org/lang/ Low Product Manifest Bundle-Name Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang Medium Product Manifest Implementation-Title Commons Lang High Product Manifest specification-title Commons Lang Medium Product pom artifactid commons-lang Highest Product pom developer email bayard@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@seagullsw.com Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email phil@steitz.com Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Daniel Rall Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary D. Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org Seagull Software Low Product pom developer org SITA ATS Ltd Low Product pom groupid commons-lang Highest Product pom name Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/lang/ Medium Version file version 2.6 High Version Manifest Bundle-Version 2.6 High Version Manifest Implementation-Version 2.6 High Version pom parent-version 2.6 Low Version pom version 2.6 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar
MD5: 19fe50567358922bdad277959ea69545
SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
SHA256: d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e
Referenced In Projects/Scopes: Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper Client:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-lang3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang3 Highest Vendor pom artifactid commons-lang3 Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email lguibert@apache.org Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id lguibert Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Loic Guibert Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Product file name commons-lang3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang3 Highest Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Lang Medium Product pom artifactid commons-lang3 Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email lguibert@apache.org Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id lguibert Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Benedikt Ritter Low Product pom developer name Daniel Rall Low Product pom developer name Duncan Jones Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary D. Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Loic Guibert Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org SITA ATS Ltd Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.12.0 High Version Manifest Bundle-Version 3.12.0 High Version Manifest Implementation-Version 3.12.0 High Version pom parent-version 3.12.0 Low Version pom version 3.12.0 Highest
Description:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Projects/Scopes: Grouper PSP-NG:compile Grouper WS Test:compile Grouper Office365 and Azure Provisioner:compile Grouper Client:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper WS SCIM:compile Grouper SCIM:compile Grouper Rabbitmq:provided Grouper Box:compile Grouper API:compile Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper WS Manual Client:compile Grouper Duo:compile Grouper Google Apps Provisioner:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-logging High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Highest Vendor pom artifactid commons-logging Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rsitze@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer id tn Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-logging Highest Vendor pom name Apache Commons Logging High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Product file name commons-logging High Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest Implementation-Title Apache Commons Logging High Product Manifest specification-title Apache Commons Logging Medium Product pom artifactid commons-logging Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rsitze@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email tn@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer id tn Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Thomas Neidhart Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-logging Highest Product pom name Apache Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-logging/ Medium Version file version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-math/commons-math/1.2/commons-math-1.2.jar
MD5: 5d3ce091a67e863549de4493e19df069
SHA1: 3955b41fe9f3c0469bd873331940674812d09bd2
SHA256: 429ad6e1a650bc924a3e26fafc8ef703147375d8dd6d02b710c655071cc82270
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-math High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name math Highest Vendor Manifest bundle-symbolicname org.apache.commons.math Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-math Highest Vendor pom artifactid commons-math Low Vendor pom developer email achou at apache dot org Low Vendor pom developer email brentworden at apache dot org Low Vendor pom developer email j3322ptm at yahoo dot de Low Vendor pom developer email luc at apache dot org Low Vendor pom developer email mdiggory at apache dot org Low Vendor pom developer email psteitz at apache dot org Low Vendor pom developer email rdonkin at apache dot org Low Vendor pom developer email tobrien at apache dot org Low Vendor pom developer id achou Medium Vendor pom developer id brentworden Medium Vendor pom developer id luc Medium Vendor pom developer id mdiggory Medium Vendor pom developer id pietsch Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id tobrien Medium Vendor pom developer name Albert Davidson Chou Medium Vendor pom developer name Brent Worden Medium Vendor pom developer name J. Pietschmann Medium Vendor pom developer name Luc Maisonobe Medium Vendor pom developer name Mark Diggory Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Tim O'Brien Medium Vendor pom groupid commons-math Highest Vendor pom name Commons Math High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/math/ Highest Product file name commons-math High Product jar package name apache Highest Product jar package name commons Highest Product jar package name math Highest Product Manifest Bundle-Name Apache Commons Math Bundle Medium Product Manifest bundle-symbolicname org.apache.commons.math Medium Product Manifest Implementation-Title Commons Math High Product Manifest specification-title Commons Math Medium Product pom artifactid commons-math Highest Product pom developer email achou at apache dot org Low Product pom developer email brentworden at apache dot org Low Product pom developer email j3322ptm at yahoo dot de Low Product pom developer email luc at apache dot org Low Product pom developer email mdiggory at apache dot org Low Product pom developer email psteitz at apache dot org Low Product pom developer email rdonkin at apache dot org Low Product pom developer email tobrien at apache dot org Low Product pom developer id achou Low Product pom developer id brentworden Low Product pom developer id luc Low Product pom developer id mdiggory Low Product pom developer id pietsch Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id tobrien Low Product pom developer name Albert Davidson Chou Low Product pom developer name Brent Worden Low Product pom developer name J. Pietschmann Low Product pom developer name Luc Maisonobe Low Product pom developer name Mark Diggory Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Tim O'Brien Low Product pom groupid commons-math Highest Product pom name Commons Math High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/math/ Medium Version file version 1.2 High Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-net/commons-net/3.6/commons-net-3.6.jar
MD5: b46661b01cc7aeec501f1cd3775509f1
SHA1: b71de00508dcb078d2b24b5fa7e538636de9b3da
SHA256: d3b3866c61a47ba3bf040ab98e60c3010d027da0e7a99e1755e407dd47bc2702
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper AMQ:compile Grouper WS SCIM:compile Evidence Type Source Name Value Confidence Vendor file name commons-net High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name echo Highest Vendor jar package name finger Highest Vendor jar package name ftp Highest Vendor jar package name net Highest Vendor jar package name nntp Highest Vendor jar package name pop3 Highest Vendor jar package name smtp Highest Vendor jar package name telnet Highest Vendor jar package name whois Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-net/ Low Vendor Manifest bundle-symbolicname org.apache.commons.net Medium Vendor Manifest implementation-build tags/NET_3_6_RC1@r1782607; 2017-02-11 15:16:26+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-net/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-net Highest Vendor pom artifactid commons-net Low Vendor pom developer email bruno.davanzo@hp.com Low Vendor pom developer email dfs@apache.org Low Vendor pom developer email Jeff.Brekke@qg.com Low Vendor pom developer email rwinston@apache.org Low Vendor pom developer email rwinston@checkfree.com Low Vendor pom developer email scohen@apache.org Low Vendor pom developer id brekke Medium Vendor pom developer id brudav Medium Vendor pom developer id dfs Medium Vendor pom developer id rwinston Medium Vendor pom developer id scohen Medium Vendor pom developer name Bruno D'Avanzo Medium Vendor pom developer name Daniel F. Savarese Medium Vendor pom developer name Jeffrey D. Brekke Medium Vendor pom developer name Rory Winston Medium Vendor pom developer name Steve Cohen Medium Vendor pom developer org
<a href="http://www.savarese.com/">Savarese Software Research</a>
Medium Vendor pom developer org Hewlett-Packard Medium Vendor pom developer org javactivity.org Medium Vendor pom developer org Quad/Graphics, Inc. Medium Vendor pom groupid commons-net Highest Vendor pom name Apache Commons Net High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-net/ Highest Product file name commons-net High Product jar package name apache Highest Product jar package name commons Highest Product jar package name echo Highest Product jar package name finger Highest Product jar package name ftp Highest Product jar package name net Highest Product jar package name nntp Highest Product jar package name pop3 Highest Product jar package name smtp Highest Product jar package name telnet Highest Product jar package name whois Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-net/ Low Product Manifest Bundle-Name Apache Commons Net Medium Product Manifest bundle-symbolicname org.apache.commons.net Medium Product Manifest implementation-build tags/NET_3_6_RC1@r1782607; 2017-02-11 15:16:26+0000 Low Product Manifest Implementation-Title Apache Commons Net High Product Manifest implementation-url http://commons.apache.org/proper/commons-net/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons Net Medium Product pom artifactid commons-net Highest Product pom developer email bruno.davanzo@hp.com Low Product pom developer email dfs@apache.org Low Product pom developer email Jeff.Brekke@qg.com Low Product pom developer email rwinston@apache.org Low Product pom developer email rwinston@checkfree.com Low Product pom developer email scohen@apache.org Low Product pom developer id brekke Low Product pom developer id brudav Low Product pom developer id dfs Low Product pom developer id rwinston Low Product pom developer id scohen Low Product pom developer name Bruno D'Avanzo Low Product pom developer name Daniel F. Savarese Low Product pom developer name Jeffrey D. Brekke Low Product pom developer name Rory Winston Low Product pom developer name Steve Cohen Low Product pom developer org
<a href="http://www.savarese.com/">Savarese Software Research</a>
Low Product pom developer org Hewlett-Packard Low Product pom developer org javactivity.org Low Product pom developer org Quad/Graphics, Inc. Low Product pom groupid commons-net Highest Product pom name Apache Commons Net High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-net/ Medium Version file version 3.6 High Version Manifest Implementation-Version 3.6 High Version pom parent-version 3.6 Low Version pom version 3.6 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Commons Object Pooling Library License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
SHA256: 46c42b4a38dc6b2db53a9ee5c92c63db103665d56694e2cfce2c95d51a6860cc
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-pool High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name pool Highest Vendor Manifest bundle-docurl http://commons.apache.org/pool/ Low Vendor Manifest bundle-symbolicname org.apache.commons.pool Medium Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-pool Highest Vendor pom artifactid commons-pool Low Vendor pom developer id craigmcc Medium Vendor pom developer id dirkv Medium Vendor pom developer id dweinr1 Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sandymac Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Weinrich Medium Vendor pom developer name Dirk Verbeeck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sandy McArthur Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom groupid commons-pool Highest Vendor pom name Commons Pool High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/pool/ Highest Product file name commons-pool High Product jar package name apache Highest Product jar package name commons Highest Product jar package name pool Highest Product Manifest bundle-docurl http://commons.apache.org/pool/ Low Product Manifest Bundle-Name Commons Pool Medium Product Manifest bundle-symbolicname org.apache.commons.pool Medium Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low Product Manifest Implementation-Title Commons Pool High Product Manifest specification-title Commons Pool Medium Product pom artifactid commons-pool Highest Product pom developer id craigmcc Low Product pom developer id dirkv Low Product pom developer id dweinr1 Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sandymac Low Product pom developer name Craig McClanahan Low Product pom developer name David Weinrich Low Product pom developer name Dirk Verbeeck Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Low Product pom developer name Morgan Delagrange Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sandy McArthur Low Product pom developer org Apache Software Foundation Low Product pom groupid commons-pool Highest Product pom name Commons Pool High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/pool/ Medium Version file version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom parent-version 1.6 Low Version pom version 1.6 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Text is a library focused on algorithms working on strings. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-text/1.10.0/commons-text-1.10.0.jar
MD5: 4afc9bfa2d31dbf7330c98fcc954b892
SHA1: 3363381aef8cef2dbc1023b3e3a9433b08b64e01
SHA256: 770cd903fa7b604d1f7ef7ba17f84108667294b2b478be8ed1af3bffb4ae0018
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-text High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name text Highest Vendor Manifest automatic-module-name org.apache.commons.text Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-text Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-text Highest Vendor pom artifactid commons-text Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email kinow@apache.org Low Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id ggregory Medium Vendor pom developer id kinow Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Bruno P. Kinoshita Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Text High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-text Highest Product file name commons-text High Product jar package name apache Highest Product jar package name commons Highest Product jar package name text Highest Product Manifest automatic-module-name org.apache.commons.text Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Product Manifest Bundle-Name Apache Commons Text Medium Product Manifest bundle-symbolicname org.apache.commons.commons-text Medium Product Manifest Implementation-Title Apache Commons Text High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Text Medium Product pom artifactid commons-text Highest Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email kinow@apache.org Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id ggregory Low Product pom developer id kinow Low Product pom developer name Benedikt Ritter Low Product pom developer name Bruno P. Kinoshita Low Product pom developer name Duncan Jones Low Product pom developer name Gary Gregory Low Product pom developer name Rob Tompkins Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Text High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-text Medium Version file version 1.10.0 High Version Manifest Bundle-Version 1.10.0 High Version Manifest Implementation-Version 1.10.0 High Version pom parent-version 1.10.0 Low Version pom version 1.10.0 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
It may be used standalone or with a framework like Struts.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-validator/commons-validator/1.6/commons-validator-1.6.jar
MD5: 3fd5efd8dcdd601035c123638a897833
SHA1: e989d1e87cdd60575df0765ed5bac65c905d7908
SHA256: bd62795d7068a69cbea333f6dbf9c9c1a6ad7521443fb57202a44874f240ba25
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-validator High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name validator Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-validator/ Low Vendor Manifest bundle-symbolicname org.apache.commons.validator Medium Vendor Manifest implementation-build tags/VALIDATOR_1_6_RC1@r1783233; 2017-02-16 15:10:22+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-validator/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-validator Highest Vendor pom artifactid commons-validator Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dwinterfeldt@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email husted@apache.org Low Vendor pom developer email jmitchell NOSPAM apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email mrdon@apache.org Low Vendor pom developer email rleland at apache.org Low Vendor pom developer email turner@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id bspeakmon Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dgraham Medium Vendor pom developer id dwinterfeldt Medium Vendor pom developer id ggregory Medium Vendor pom developer id husted Medium Vendor pom developer id jmitchell Medium Vendor pom developer id martinc Medium Vendor pom developer id mrdon Medium Vendor pom developer id niallp Medium Vendor pom developer id nick Medium Vendor pom developer id rleland Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id turner Medium Vendor pom developer name Ben Speakmon Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Graham Medium Vendor pom developer name David Winterfeldt Medium Vendor pom developer name Don Brown Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Mitchell Medium Vendor pom developer name James Turner Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nick Burch Medium Vendor pom developer name Rob Leland Medium Vendor pom developer name SimoneTripodi Medium Vendor pom developer name Ted Husted Medium Vendor pom developer org EdgeTech, Inc Medium Vendor pom groupid commons-validator Highest Vendor pom name Apache Commons Validator High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-validator/ Highest Product file name commons-validator High Product jar package name apache Highest Product jar package name commons Highest Product jar package name validator Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-validator/ Low Product Manifest Bundle-Name Apache Commons Validator Medium Product Manifest bundle-symbolicname org.apache.commons.validator Medium Product Manifest implementation-build tags/VALIDATOR_1_6_RC1@r1783233; 2017-02-16 15:10:22+0000 Low Product Manifest Implementation-Title Apache Commons Validator High Product Manifest implementation-url http://commons.apache.org/proper/commons-validator/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons Validator Medium Product pom artifactid commons-validator Highest Product pom developer email craigmcc@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dwinterfeldt@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email husted@apache.org Low Product pom developer email jmitchell NOSPAM apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email mrdon@apache.org Low Product pom developer email rleland at apache.org Low Product pom developer email turner@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id bspeakmon Low Product pom developer id craigmcc Low Product pom developer id dgraham Low Product pom developer id dwinterfeldt Low Product pom developer id ggregory Low Product pom developer id husted Low Product pom developer id jmitchell Low Product pom developer id martinc Low Product pom developer id mrdon Low Product pom developer id niallp Low Product pom developer id nick Low Product pom developer id rleland Low Product pom developer id simonetripodi Low Product pom developer id turner Low Product pom developer name Ben Speakmon Low Product pom developer name Benedikt Ritter Low Product pom developer name Craig McClanahan Low Product pom developer name David Graham Low Product pom developer name David Winterfeldt Low Product pom developer name Don Brown Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Mitchell Low Product pom developer name James Turner Low Product pom developer name Martin Cooper Low Product pom developer name Niall Pemberton Low Product pom developer name Nick Burch Low Product pom developer name Rob Leland Low Product pom developer name SimoneTripodi Low Product pom developer name Ted Husted Low Product pom developer org EdgeTech, Inc Low Product pom groupid commons-validator Highest Product pom name Apache Commons Validator High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-validator/ Medium Version file version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom parent-version 1.6 Low Version pom version 1.6 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons VFS is a Virtual File System library. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-vfs2/2.4.1/commons-vfs2-2.4.1.jar
MD5: 3689ad3e33c2455c033c7062f583c49f
SHA1: 2b041628c3cb436d8eee25f78603f04eb5e817a5
SHA256: 1d518e883bb4e9a791c2bb48c76ed7b8879708b312ed955854e50b831e23ed35
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-vfs2 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name vfs Highest Vendor jar package name vfs2 Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-vfs/ Low Vendor Manifest bundle-symbolicname org.apache.commons.vfs2 Medium Vendor Manifest implementation-build release@reabdee306d5b0a73859a0aa841a5c0ccfe8b337a; 2019-08-11 00:23:00+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-vfs/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-vfs2 Highest Vendor pom artifactid commons-vfs2 Low Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons VFS High Vendor pom parent-artifactid commons-vfs2-project Low Vendor pom url http://commons.apache.org/proper/commons-vfs/ Highest Product file name commons-vfs2 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name filter Highest Product jar package name vfs Highest Product jar package name vfs2 Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-vfs/ Low Product Manifest Bundle-Name Apache Commons VFS Medium Product Manifest bundle-symbolicname org.apache.commons.vfs2 Medium Product Manifest implementation-build release@reabdee306d5b0a73859a0aa841a5c0ccfe8b337a; 2019-08-11 00:23:00+0000 Low Product Manifest Implementation-Title Apache Commons VFS High Product Manifest implementation-url http://commons.apache.org/proper/commons-vfs/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons VFS Medium Product pom artifactid commons-vfs2 Highest Product pom groupid org.apache.commons Highest Product pom name Apache Commons VFS High Product pom parent-artifactid commons-vfs2-project Medium Product pom url http://commons.apache.org/proper/commons-vfs/ Medium Version file version 2.4.1 High Version Manifest Bundle-Version 2.4.1 High Version Manifest Implementation-Version 2.4.1 High Version pom version 2.4.1 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Java library for Content (Media) Type representation License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/nimbusds/content-type/2.2/content-type-2.2.jar
MD5: 135aaa5ebcc12a45f4b3ff08cb6fa46a
SHA1: 9a894bce7646dd4086652d85b88013229f23724b
SHA256: 730f1816196145e88275093c147f2e6da3c3e541207acd3503a1b06129b9bea9
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name content-type High Vendor jar package name nimbusds Highest Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest build-number ${buildNumber} Low Vendor Manifest build-tag 2.2 Low Vendor Manifest bundle-docurl https://connect2id.com Low Vendor Manifest bundle-symbolicname com.nimbusds.content-type Medium Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest Implementation-Vendor-Id com.nimbusds Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid content-type Highest Vendor pom artifactid content-type Low Vendor pom developer email vladimir@dzhuvinov.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name Nimbus Content Type High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com Medium Vendor pom url https://bitbucket.org/connect2id/nimbus-content-type Highest Product file name content-type High Product jar package name nimbusds Highest Product Manifest build-date ${timestamp} Low Product Manifest build-jdk-spec 1.8 Low Product Manifest build-number ${buildNumber} Low Product Manifest build-tag 2.2 Low Product Manifest bundle-docurl https://connect2id.com Low Product Manifest Bundle-Name Nimbus Content Type Medium Product Manifest bundle-symbolicname com.nimbusds.content-type Medium Product Manifest Implementation-Title Nimbus Content Type High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Nimbus Content Type Medium Product pom artifactid content-type Highest Product pom developer email vladimir@dzhuvinov.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name Nimbus Content Type High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com Low Product pom url https://bitbucket.org/connect2id/nimbus-content-type Medium Version file version 2.2 High Version Manifest build-tag 2.2 Low Version Manifest Implementation-Version 2.2 High Version pom version 2.2 Highest
File Path: /home/grprdist/.m2/repository/com/squareup/retrofit2/converter-moshi/2.7.2/converter-moshi-2.7.2.jarMD5: 0393c9af8a3f4d02d8e743c1d25de8f8SHA1: c1c9f754062b7bfc5fba46e0f6015af2fa171617SHA256: a77fb00f3a8c975bd0962404c51c73e737904b06f1e83aa2d74d9fa71ba3f6bdReferenced In Project/Scope: Grouper Office365 and Azure Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name converter-moshi High Vendor jar package name converter Highest Vendor jar package name moshi Highest Vendor jar package name retrofit2 Highest Vendor Manifest automatic-module-name retrofit2.converter.moshi Medium Vendor pom artifactid converter-moshi Highest Vendor pom artifactid converter-moshi Low Vendor pom groupid com.squareup.retrofit2 Highest Vendor pom name Converter: Moshi High Vendor pom parent-artifactid retrofit-converters Low Product file name converter-moshi High Product jar package name converter Highest Product jar package name moshi Highest Product jar package name retrofit2 Highest Product Manifest automatic-module-name retrofit2.converter.moshi Medium Product pom artifactid converter-moshi Highest Product pom groupid com.squareup.retrofit2 Highest Product pom name Converter: Moshi High Product pom parent-artifactid retrofit-converters Medium Version file version 2.7.2 High Version pom version 2.7.2 Highest
File Path: /home/grprdist/.m2/repository/net/redhogs/cronparser/cron-parser-core/3.4/cron-parser-core-3.4.jarMD5: 984e308161cecec9ca9ca7ab34257c1eSHA1: f4b72519661bd9879803b82ac19eab1269bbcdf9SHA256: caece60f6f9305eb0ff54b9558ef014a7c076bb9ecec609006983794c0ced2eeReferenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name cron-parser-core High Vendor jar package name cronparser Highest Vendor jar package name cronparser Low Vendor jar package name net Highest Vendor jar package name net Low Vendor jar package name redhogs Highest Vendor jar package name redhogs Low Vendor pom artifactid cron-parser-core Highest Vendor pom artifactid cron-parser-core Low Vendor pom groupid net.redhogs.cronparser Highest Vendor pom name cron-parser-core High Vendor pom parent-artifactid cron-parser Low Product file name cron-parser-core High Product jar package name cronparser Highest Product jar package name cronparser Low Product jar package name net Highest Product jar package name redhogs Highest Product jar package name redhogs Low Product pom artifactid cron-parser-core Highest Product pom groupid net.redhogs.cronparser Highest Product pom name cron-parser-core High Product pom parent-artifactid cron-parser Medium Version file version 3.4 High Version pom version 3.4 Highest
Description:
OWASP CSRFGuard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks. File Path: /home/grprdist/.m2/repository/org/owasp/csrfguard/4.1.4/csrfguard-4.1.4.jarMD5: 7a8913a0d0cb554bb84ef0871716db3dSHA1: 8590d9f54d2179ff2af16f718e9f22abdeb6f317SHA256: 5de5e1df57b5c54a84b2c59adde4b51bf8b1735165feb5bec3cfb84f8b37b366Referenced In Projects/Scopes:
Grouper UI webapp:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name csrfguard High Vendor jar package name csrfguard Highest Vendor jar package name owasp Highest Vendor jar package name token Highest Vendor Manifest build-jdk-spec 18 Low Vendor Manifest Implementation-Vendor OWASP High Vendor Manifest url https://owasp.org/www-project-csrfguard/csrfguard/ Low Vendor pom artifactid csrfguard Highest Vendor pom artifactid csrfguard Low Vendor pom groupid org.owasp Highest Vendor pom name OWASP CSRFGuard High Vendor pom parent-artifactid csrfguard-parent Low Product file name csrfguard High Product jar package name csrfguard Highest Product jar package name owasp Highest Product jar package name token Highest Product Manifest build-jdk-spec 18 Low Product Manifest Implementation-Title OWASP CSRFGuard High Product Manifest url https://owasp.org/www-project-csrfguard/csrfguard/ Low Product pom artifactid csrfguard Highest Product pom groupid org.owasp Highest Product pom name OWASP CSRFGuard High Product pom parent-artifactid csrfguard-parent Medium Version file version 4.1.4 High Version Manifest Implementation-Version 4.1.4 High Version pom version 4.1.4 Highest
CVE-2021-28490 (OSSINDEX)suppress
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-28490 for details CWE-352 Cross-Site Request Forgery (CSRF)
CVSSv2:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/Au:/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.owasp:csrfguard:4.1.4:*:*:*:*:*:*:* File Path: /home/grprdist/.m2/repository/org/owasp/csrfguard/4.1.4/csrfguard-4.1.4.jar/META-INF/csrfguard.jsMD5: 0e05e024b3f928ae41163059e9280a15SHA1: b542548435de656da7eb06a730e44dcd4049b983SHA256: 258e9c1e8b113bb34f0494c2aab8fc5a0c7bd33de82cc63a8fb40ee10523893bReferenced In Projects/Scopes:
Grouper UI webapp:compile Grouper UI:compile Evidence Type Source Name Value Confidence
Description:
JSP Tag support File Path: /home/grprdist/.m2/repository/org/owasp/csrfguard-jsp-tags/4.1.4/csrfguard-jsp-tags-4.1.4.jarMD5: 74cf22e7e48742a8f238a665129be835SHA1: 7111cf78de80dcce8357b8db9cc908870c2873b7SHA256: 75d6a3c1d77ababd448b9ef9fc17e0d765315847bdf68c741e485232d3c65b1cReferenced In Projects/Scopes:
Grouper UI webapp:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name csrfguard-jsp-tags High Vendor jar package name csrfguard Highest Vendor jar package name owasp Highest Vendor jar package name tag Highest Vendor Manifest build-jdk-spec 18 Low Vendor Manifest Implementation-Vendor OWASP High Vendor Manifest url https://owasp.org/www-project-csrfguard/csrfguard-extensions/csrfguard-jsp-tags/ Low Vendor pom artifactid csrfguard-jsp-tags Highest Vendor pom artifactid csrfguard-jsp-tags Low Vendor pom groupid org.owasp Highest Vendor pom name OWASP CSRFGuard JSP Tags extension High Vendor pom parent-artifactid csrfguard-extensions Low Product file name csrfguard-jsp-tags High Product jar package name csrfguard Highest Product jar package name owasp Highest Product jar package name tag Highest Product Manifest build-jdk-spec 18 Low Product Manifest Implementation-Title OWASP CSRFGuard JSP Tags extension High Product Manifest url https://owasp.org/www-project-csrfguard/csrfguard-extensions/csrfguard-jsp-tags/ Low Product pom artifactid csrfguard-jsp-tags Highest Product pom groupid org.owasp Highest Product pom name OWASP CSRFGuard JSP Tags extension High Product pom parent-artifactid csrfguard-extensions Medium Version file version 4.1.4 High Version Manifest Implementation-Version 4.1.4 High Version pom version 4.1.4 Highest
Related Dependencies csrfguard-extension-session-4.1.4.jarFile Path: /home/grprdist/.m2/repository/org/owasp/csrfguard-extension-session/4.1.4/csrfguard-extension-session-4.1.4.jar MD5: 9d50c25332c317272ec01ee4162fcffc SHA1: 7a8d9cdd27f68e31a642065e0746343018ee8fbd SHA256: b3ba19e22808a66ae8045337600e5d93049995a8f689f780cb8c88f7641a6a30 pkg:maven/org.owasp/csrfguard-extension-session@4.1.4 Description:
flexible XML framework for Java License:
BSD 3-clause New License: https://github.com/dom4j/dom4j/blob/master/LICENSE File Path: /home/grprdist/.m2/repository/org/dom4j/dom4j/2.1.3/dom4j-2.1.3.jar
MD5: 41efcf234c5a05a8c590f9b51d53ca66
SHA1: a75914155a9f5808963170ec20653668a2ffd2fd
SHA256: 549f3007c6290f6a901e57d1d331b4ed0e6bf7384f78bf10316ffceeca834de6
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name dom4j High Vendor jar package name dom4j Highest Vendor jar package name dom4j Low Vendor pom artifactid dom4j Highest Vendor pom artifactid dom4j Low Vendor pom developer email filip@jirsak.org Low Vendor pom developer name Filip Jirsák Medium Vendor pom groupid org.dom4j Highest Vendor pom name dom4j High Vendor pom url http://dom4j.github.io/ Highest Product file name dom4j High Product jar package name dom4j Highest Product pom artifactid dom4j Highest Product pom developer email filip@jirsak.org Low Product pom developer name Filip Jirsák Low Product pom groupid org.dom4j Highest Product pom name dom4j High Product pom url http://dom4j.github.io/ Medium Version file version 2.1.3 High Version pom version 2.1.3 Highest
Description:
Two Factor Authentication API Client License:
BSD: https://opensource.org/licenses/BSD-3-Clause File Path: /home/grprdist/.m2/repository/com/duosecurity/duo-client/0.3.0/duo-client-0.3.0.jar
MD5: 738de692e3292ad5880112e0a666ddd9
SHA1: 2c71c5e8b9993c8f605974321c228ac6d3e0c999
SHA256: 0114f73d21eb725c1d9539d1fc166c78e029c4fedf6ea565a6b122e012b65084
Referenced In Project/Scope: Grouper Duo:compile
Evidence Type Source Name Value Confidence Vendor file name duo-client High Vendor jar package name client Highest Vendor jar package name client Low Vendor jar package name duosecurity Highest Vendor jar package name duosecurity Low Vendor pom artifactid duo-client Highest Vendor pom artifactid duo-client Low Vendor pom developer email support@duosecurity.com Low Vendor pom developer name Duo Security Medium Vendor pom developer org Duo Security Inc. Medium Vendor pom developer org URL https://duo.com/docs/#api Medium Vendor pom groupid com.duosecurity Highest Vendor pom name Duo Security API client High Vendor pom url duosecurity/duo_client_java Highest Product file name duo-client High Product jar package name client Highest Product jar package name client Low Product jar package name duosecurity Highest Product pom artifactid duo-client Highest Product pom developer email support@duosecurity.com Low Product pom developer name Duo Security Low Product pom developer org Duo Security Inc. Low Product pom developer org URL https://duo.com/docs/#api Low Product pom groupid com.duosecurity Highest Product pom name Duo Security API client High Product pom url duosecurity/duo_client_java High Version file version 0.3.0 High Version pom version 0.3.0 Highest
Description:
Internet2 Groups Management User Interface License:
Apache 2 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /var/grouper-docs/git/grouper/grouper-ui/pom.xml
Referenced In Project/Scope: Grouper UI webapp
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid grouper-ui Low Vendor project groupid edu.internet2.middleware.grouper Highest Product file name pom High Product project artifactid grouper-ui Highest Product project groupid edu.internet2.middleware.grouper Low
Description:
Internet2 Groups Management WS Generated Client License:
Apache 2 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /var/grouper-docs/git/grouper/grouper-ws/grouper-ws-java-generated-client/pom.xml
Referenced In Project/Scope: Grouper WS Test
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid grouper-ws-java-generated-client Low Vendor project groupid edu.internet2.middleware.grouper Highest Product file name pom High Product project artifactid grouper-ws-java-generated-client Highest Product project groupid edu.internet2.middleware.grouper Low
Description:
Internet2 Groups Management WS Core License:
Apache 2 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /var/grouper-docs/git/grouper/grouper-ws/grouper-ws/pom.xml
Referenced In Project/Scope: Grouper WS Test
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid grouper-ws Low Vendor project groupid edu.internet2.middleware.grouper Highest Product file name pom High Product project artifactid grouper-ws Highest Product project groupid edu.internet2.middleware.grouper Low
Description:
Internet2 Groups Management Toolkit License:
Apache 2 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /var/grouper-docs/git/grouper/grouper/pom.xml
Referenced In Projects/Scopes: Grouper UI webapp Grouper WS Grouper AWS Messaging Grouper WS Generated Client Grouper Google Apps Provisioner Grouper Duo Grouper Rabbitmq Grouper WS SCIM Grouper ActiveMQ Messaging Grouper SCIM Grouper AMQ Grouper WS Test Grouper Box Grouper Office365 and Azure Provisioner Grouper PSP-NG Grouper UI Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid grouper Low Vendor project groupid edu.internet2.middleware.grouper Highest Product file name pom High Product project artifactid grouper Highest Product project groupid edu.internet2.middleware.grouper Low
Description:
Client for Grouper LDAP and Web Services License:
Apache 2 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /var/grouper-docs/git/grouper/grouper-misc/grouperClient/pom.xml
Referenced In Projects/Scopes: Grouper UI webapp Grouper WS Grouper API Grouper AWS Messaging Grouper WS Generated Client Grouper Google Apps Provisioner Grouper Duo Grouper Rabbitmq Grouper WS SCIM Grouper ActiveMQ Messaging Grouper SCIM Grouper AMQ Grouper WS Test Grouper Box Grouper Office365 and Azure Provisioner Grouper PSP-NG Grouper UI Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid grouperClient Low Vendor project groupid edu.internet2.middleware.grouper Highest Product file name pom High Product project artifactid grouperClient Highest Product project groupid edu.internet2.middleware.grouper Low
Description:
This is the ehcache core module. Pair it with other modules for added functionality. License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt File Path: /home/grprdist/.m2/repository/net/sf/ehcache/ehcache-core/2.6.10/ehcache-core-2.6.10.jar
MD5: 206e69dbe0f3454dceee5acf71b64823
SHA1: 8e567a024e27e11b961ca068c5c367f845e21a9b
SHA256: 53733a580faad03c8433a6a9f0067040f7ace569f4adeaf71f8aa46e1037e3c9
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ehcache-core High Vendor jar package name ehcache Highest Vendor jar package name net Highest Vendor jar package name sf Highest Vendor pom artifactid ehcache-core Highest Vendor pom artifactid ehcache-core Low Vendor pom groupid net.sf.ehcache Highest Vendor pom name Ehcache Core High Vendor pom parent-artifactid ehcache-parent Low Vendor pom url http://ehcache.org Highest Product file name ehcache-core High Product jar package name ehcache Highest Product jar package name net Highest Product jar package name sf Highest Product pom artifactid ehcache-core Highest Product pom groupid net.sf.ehcache Highest Product pom name Ehcache Core High Product pom parent-artifactid ehcache-parent Medium Product pom url http://ehcache.org Medium Version file version 2.6.10 High Version pom parent-version 2.6.10 Low Version pom version 2.6.10 Highest
File Path: /home/grprdist/.m2/repository/net/sf/ehcache/ehcache-core/2.6.10/ehcache-core-2.6.10.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jarMD5: 5ad919b3ac0516897bdca079c9a222a8SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571cSHA256: 3bcd560ca5f05248db9b689244b043e9c7549e3791281631a64e5dfff15870d2Referenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name sizeof-agent High Vendor jar package name ehcache Highest Vendor jar package name net Highest Vendor jar package name sf Highest Vendor Manifest hudson-build-number 6 Low Vendor Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Vendor Manifest jenkins-build-number 6 Low Vendor Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Vendor pom artifactid sizeof-agent Low Vendor pom groupid net.sf.ehcache Highest Vendor pom name Ehcache Size-Of Agent High Vendor pom parent-artifactid ehcache-parent Low Vendor pom url http://www.ehcache.org Highest Product file name sizeof-agent High Product jar package name ehcache Highest Product jar package name net Highest Product jar package name sf Highest Product Manifest hudson-build-number 6 Low Product Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Product Manifest jenkins-build-number 6 Low Product Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Product pom artifactid sizeof-agent Highest Product pom groupid net.sf.ehcache Highest Product pom name Ehcache Size-Of Agent High Product pom parent-artifactid ehcache-parent Medium Product pom url http://www.ehcache.org Medium Version pom parent-version 1.0.1 Low Version pom version 1.0.1 Highest
Description:
Simple java library for transforming an Object to another Object.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/net/sf/ezmorph/ezmorph/1.0.6/ezmorph-1.0.6.jar
MD5: 1fa113c6aacf3a01af1449df77acd474
SHA1: 01e55d2a0253ea37745d33062852fd2c90027432
SHA256: 2be06a2380f8656426b5c610db694bbd75314caf3e9191affcd7942721398ed7
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ezmorph High Vendor jar package name ezmorph Highest Vendor jar package name ezmorph Low Vendor jar package name net Highest Vendor jar package name net Low Vendor jar package name object Highest Vendor jar package name sf Highest Vendor jar package name sf Low Vendor pom artifactid ezmorph Highest Vendor pom artifactid ezmorph Low Vendor pom developer email aalmiray@users.sourceforge.net Low Vendor pom developer id aalmiray Medium Vendor pom developer name Andres Almiray Medium Vendor pom groupid net.sf.ezmorph Highest Vendor pom name ezmorph High Vendor pom url http://ezmorph.sourceforge.net Highest Product file name ezmorph High Product jar package name ezmorph Highest Product jar package name ezmorph Low Product jar package name net Highest Product jar package name object Highest Product jar package name sf Highest Product jar package name sf Low Product pom artifactid ezmorph Highest Product pom developer email aalmiray@users.sourceforge.net Low Product pom developer id aalmiray Low Product pom developer name Andres Almiray Low Product pom groupid net.sf.ezmorph Highest Product pom name ezmorph High Product pom url http://ezmorph.sourceforge.net Medium Version file version 1.0.6 High Version pom version 1.0.6 Highest
Description:
Provides open-source implementations of Sun specifications. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-activation_1.1_spec/1.0.2/geronimo-activation_1.1_spec-1.0.2.jar
MD5: 9759ed85c6e767bf3dc00c4cf635c4e2
SHA1: 3efc3aadfaf8878060167e492c03fdafb905ae01
SHA256: eead654df3a0e1405314eb0578e32c53267872dfbb1250b2fd6f3a9629c57fa4
Referenced In Projects/Scopes: Grouper SCIM:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name geronimo-activation_1.1_spec-1.0.2 High Vendor jar package name activation Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-activation_1.1_spec Medium Vendor pom artifactid geronimo-activation_1.1_spec Highest Vendor pom artifactid geronimo-activation_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Activation 1.1 High Vendor pom parent-artifactid specs Low Product file name geronimo-activation_1.1_spec-1.0.2 High Product jar package name activation Highest Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name geronimo-activation_1.1_spec Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-activation_1.1_spec Medium Product Manifest Implementation-Title Apache Geronimo High Product pom artifactid geronimo-activation_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Activation 1.1 High Product pom parent-artifactid specs Medium Version Manifest Bundle-Version 1.0.2 High Version Manifest Implementation-Version 1.0.2 High Version pom parent-version 1.0.2 Low Version pom version 1.0.2 Highest
Description:
Annotation spec 1.1 API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-annotation_1.1_spec/1.0/geronimo-annotation_1.1_spec-1.0.jar
MD5: 49744ebcc93e58a1dec259997b8bf686
SHA1: 145b78b5d1dc9021594cccbd9482b51fe412a8a4
SHA256: 6d2d296d01540201bca6e7175bf900f6df0be605e29bdaf822df516f40235ff9
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-annotation_1.1_spec-1.0 High Vendor jar package name annotation Highest Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-annotation_1.1_spec/1.0 Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-annotation_1.1_spec;singleton=true Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid geronimo-annotation_1.1_spec Highest Vendor pom artifactid geronimo-annotation_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Annotation 1.1 High Vendor pom parent-artifactid genesis-java5-flava Low Vendor pom parent-groupid org.apache.geronimo.genesis Medium Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest Vendor pom url http://geronimo.apache.org/maven/${siteId}/1.0 Highest Product file name geronimo-annotation_1.1_spec-1.0 High Product jar package name annotation Highest Product Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-annotation_1.1_spec/1.0 Low Product Manifest Bundle-Name Annotation 1.1 Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-annotation_1.1_spec;singleton=true Medium Product Manifest Implementation-Title Annotation 1.1 High Product Manifest specification-title JSR-250 Common Annotations 1.1 Medium Product pom artifactid geronimo-annotation_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Annotation 1.1 High Product pom parent-artifactid genesis-java5-flava Medium Product pom parent-groupid org.apache.geronimo.genesis Medium Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium Product pom url http://geronimo.apache.org/maven/${siteId}/1.0 Medium Version Manifest Bundle-Version 1.0 High Version Manifest Implementation-Version 1.0 High Version pom parent-version 1.0 Low Version pom version 1.0 Highest
Description:
Provides open-source implementations of Sun specifications. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-j2ee-management_1.1_spec/1.0.1/geronimo-j2ee-management_1.1_spec-1.0.1.jar
MD5: 7e1708a3b808e9749b5789668fd9ca8b
SHA1: 5372615b0c04c1913c95c34a0414cef720ca2855
SHA256: 7ad780c72a92039bc07cbc09b6ee8d06571a1fbd92d4361a19a433d783b6e221
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-j2ee-management_1.1_spec-1.0.1 High Vendor jar package name j2ee Highest Vendor jar package name management Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-j2ee-management_1.1_spec Medium Vendor pom artifactid geronimo-j2ee-management_1.1_spec Highest Vendor pom artifactid geronimo-j2ee-management_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name J2EE Management 1.1 High Vendor pom parent-artifactid specs Low Product file name geronimo-j2ee-management_1.1_spec-1.0.1 High Product jar package name j2ee Highest Product jar package name management Highest Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name geronimo-j2ee-management_1.1_spec Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-j2ee-management_1.1_spec Medium Product Manifest Implementation-Title Apache Geronimo High Product pom artifactid geronimo-j2ee-management_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name J2EE Management 1.1 High Product pom parent-artifactid specs Medium Version Manifest Bundle-Version 1.0.1 High Version Manifest Implementation-Version 1.0.1 High Version pom parent-version 1.0.1 Low Version pom version 1.0.1 Highest
Description:
Javamail 1.4 Specification License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-javamail_1.4_spec/1.6/geronimo-javamail_1.4_spec-1.6.jar
MD5: 2bcb3208c8e0c8e9713d8222abb33788
SHA1: 815bcb854f72622fa00d5d119175ed252127af4f
SHA256: b30feea0591af150709d4c57c2885ccf382bff100891f6b35605d50a851a2238
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-javamail_1.4_spec-1.6 High Vendor jar package name apache Highest Vendor jar package name geronimo Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-javamail_1.4_spec Medium Vendor pom artifactid geronimo-javamail_1.4_spec Highest Vendor pom artifactid geronimo-javamail_1.4_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name JavaMail 1.4 High Vendor pom parent-artifactid specs-parent Low Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest Vendor pom url http://geronimo.apache.org/maven/${siteId}/1.6 Highest Product file name geronimo-javamail_1.4_spec-1.6 High Product jar package name apache Highest Product jar package name geronimo Highest Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name geronimo-javamail_1.4_spec Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-javamail_1.4_spec Medium Product Manifest Implementation-Title Apache Geronimo High Product pom artifactid geronimo-javamail_1.4_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name JavaMail 1.4 High Product pom parent-artifactid specs-parent Medium Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium Product pom url http://geronimo.apache.org/maven/${siteId}/1.6 Medium Version Manifest Bundle-Version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom version 1.6 Highest
Description:
Javamail 1.4 Specification License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-javamail_1.4_spec/1.7.1/geronimo-javamail_1.4_spec-1.7.1.jar
MD5: f3b9d8c9a79eefdc0ebe07c34612646d
SHA1: 43ad4090b1a07a11c82ac40c01fc4e2fbad20013
SHA256: 6f1e85d9c66135f5a9dbc9f78cbf8132e52f8a85884d618ccf0dbe9344c5a330
Referenced In Project/Scope: Grouper WS Generated Client:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-javamail_1.4_spec-1.7.1 High Vendor jar package name apache Highest Vendor jar package name geronimo Highest Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-javamail_1.4_spec/1.7.1 Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-javamail_1.4_spec;singleton=true Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid geronimo-javamail_1.4_spec Highest Vendor pom artifactid geronimo-javamail_1.4_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name JavaMail 1.4 High Vendor pom parent-artifactid genesis-java5-flava Low Vendor pom parent-groupid org.apache.geronimo.genesis Medium Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest Vendor pom url http://geronimo.apache.org/maven/${siteId}/1.7.1 Highest Product file name geronimo-javamail_1.4_spec-1.7.1 High Product jar package name apache Highest Product jar package name geronimo Highest Product Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-javamail_1.4_spec/1.7.1 Low Product Manifest Bundle-Name JavaMail 1.4 Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-javamail_1.4_spec;singleton=true Medium Product Manifest Implementation-Title JavaMail 1.4 High Product Manifest specification-title JSR-919 Javamail API 1.4 Medium Product pom artifactid geronimo-javamail_1.4_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name JavaMail 1.4 High Product pom parent-artifactid genesis-java5-flava Medium Product pom parent-groupid org.apache.geronimo.genesis Medium Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium Product pom url http://geronimo.apache.org/maven/${siteId}/1.7.1 Medium Version Manifest Bundle-Version 1.7.1 High Version Manifest Implementation-Version 1.7.1 High Version pom parent-version 1.7.1 Low Version pom version 1.7.1 Highest
Description:
Java API for RESTful Web Services 1.1 License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-jaxrs_1.1_spec/1.0/geronimo-jaxrs_1.1_spec-1.0.jar
MD5: 33ad0e4d15950960c57a50e01f68d382
SHA1: 6f4c71cbff6a7725e393a74b9e3680d2685ddac7
SHA256: 21051161452bff4b076e2fc148add1bb398c3f2e44649c440d80025ef4d861a9
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-jaxrs_1.1_spec-1.0 High Vendor jar package name apache Highest Vendor jar package name geronimo Highest Vendor jar package name rs Highest Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-jaxrs_1.1_spec/1.0 Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jaxrs_1.1_spec;singleton=true Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid geronimo-jaxrs_1.1_spec Highest Vendor pom artifactid geronimo-jaxrs_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Apache Geronimo JAX-RS 1.1 API High Vendor pom parent-artifactid genesis-java5-flava Low Vendor pom parent-groupid org.apache.geronimo.genesis Medium Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest Vendor pom url http://geronimo.apache.org/maven/${siteId}/1.0 Highest Product file name geronimo-jaxrs_1.1_spec-1.0 High Product jar package name apache Highest Product jar package name geronimo Highest Product jar package name rs Highest Product Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-jaxrs_1.1_spec/1.0 Low Product Manifest Bundle-Name Apache Geronimo JAX-RS 1.1 API Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jaxrs_1.1_spec;singleton=true Medium Product Manifest Implementation-Title Apache Geronimo JAX-RS 1.1 API High Product Manifest specification-title JSR-311 Java RESTful Web Services 1.1 Medium Product pom artifactid geronimo-jaxrs_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Apache Geronimo JAX-RS 1.1 API High Product pom parent-artifactid genesis-java5-flava Medium Product pom parent-groupid org.apache.geronimo.genesis Medium Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium Product pom url http://geronimo.apache.org/maven/${siteId}/1.0 Medium Version Manifest Bundle-Version 1.0 High Version Manifest Implementation-Version 1.0 High Version pom parent-version 1.0 Low Version pom version 1.0 Highest
Description:
Provides open-source implementations of Sun specifications. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-jms_1.1_spec/1.1.1/geronimo-jms_1.1_spec-1.1.1.jar
MD5: d80ce71285696d36c1add1989b94f084
SHA1: c872b46c601d8dc03633288b81269f9e42762cea
SHA256: 18d9ff7b9066aa99cf89843f5055d2fe58b1abe4346ee9df0daf4ac18ca232d7
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-jms_1.1_spec-1.1.1 High Vendor jar package name jms Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jms_1.1_spec Medium Vendor pom artifactid geronimo-jms_1.1_spec Highest Vendor pom artifactid geronimo-jms_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name JMS 1.1 High Vendor pom parent-artifactid specs Low Product file name geronimo-jms_1.1_spec-1.1.1 High Product jar package name jms Highest Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name geronimo-jms_1.1_spec Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jms_1.1_spec Medium Product Manifest Implementation-Title Apache Geronimo High Product pom artifactid geronimo-jms_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name JMS 1.1 High Product pom parent-artifactid specs Medium Version Manifest Bundle-Version 1.1.1 High Version Manifest Implementation-Version 1.1.1 High Version pom parent-version 1.1.1 Low Version pom version 1.1.1 Highest
File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-jms_1.1_spec/1.1/geronimo-jms_1.1_spec-1.1.jarMD5: 10e163bdd905d1c16d7e1c48427b5853SHA1: bbd68f90d445de37050b1e9fb9d7114e83757e73SHA256: 0fe8cfc0154855316054162a9b355f66a43d7e65fc71886e6d12c37d3aa5a5fcReferenced In Project/Scope: Grouper ActiveMQ Messaging:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-jms_1.1_spec-1.1 High Vendor jar package name javax Low Vendor jar package name jms Highest Vendor jar package name jms Low Vendor pom artifactid geronimo-jms_1.1_spec Highest Vendor pom artifactid geronimo-jms_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name JMS 1.1 High Vendor pom parent-artifactid specs Low Product file name geronimo-jms_1.1_spec-1.1 High Product jar package name jms Highest Product jar package name jms Low Product pom artifactid geronimo-jms_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name JMS 1.1 High Product pom parent-artifactid specs Medium Version pom parent-version 1.1 Low Version pom version 1.1 Highest
Description:
Java Message Service 2.0 API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-jms_2.0_spec/1.0-alpha-2/geronimo-jms_2.0_spec-1.0-alpha-2.jar
MD5: bd94cfcc9f711642d280681330b14844
SHA1: 8d8a4d5a80138ba4ebc7b5509989e3d7013c7e74
SHA256: 62a109edef3de718b0cb600bf040b4be5e32c683a57ee16f9f8a89537bf5da51
Referenced In Project/Scope: Grouper ActiveMQ Messaging:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-jms_2.0_spec-1.0-alpha-2 High Vendor jar package name jms Highest Vendor jar package name message Highest Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-jms_2.0_spec/1.0-alpha-2 Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jms_2.0_spec Medium Vendor pom artifactid geronimo-jms_2.0_spec Highest Vendor pom artifactid geronimo-jms_2.0_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Apache Geronimo JMS Spec 2.0 High Vendor pom parent-artifactid genesis-java6-flava Low Vendor pom parent-groupid org.apache.geronimo.genesis Medium Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest Vendor pom url http://geronimo.apache.org/maven/${siteId}/1.0-alpha-2 Highest Product file name geronimo-jms_2.0_spec-1.0-alpha-2 High Product jar package name jms Highest Product jar package name message Highest Product Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-jms_2.0_spec/1.0-alpha-2 Low Product Manifest Bundle-Name Apache Geronimo JMS Spec 2.0 Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jms_2.0_spec Medium Product Manifest Implementation-Title Apache Geronimo JMS Spec 2.0 High Product pom artifactid geronimo-jms_2.0_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Apache Geronimo JMS Spec 2.0 High Product pom parent-artifactid genesis-java6-flava Medium Product pom parent-groupid org.apache.geronimo.genesis Medium Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium Product pom url http://geronimo.apache.org/maven/${siteId}/1.0-alpha-2 Medium Version Manifest Implementation-Version 1.0-alpha-2 High Version pom parent-version 1.0-alpha-2 Low Version pom version 1.0-alpha-2 Highest
File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-jta_1.1_spec/1.1/geronimo-jta_1.1_spec-1.1.jarMD5: 25b479710f7ac269c6bf5bf016345ad9SHA1: fe8d9046737540d728e4b82cf26dcdd8bf4b0eb1SHA256: 186d94eaf931e434c6858d5f255c808f22a5de72cda8106ca34fe003d3e015bbReferenced In Project/Scope: Grouper WS Generated Client:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-jta_1.1_spec-1.1 High Vendor jar package name javax Low Vendor jar package name transaction Low Vendor pom artifactid geronimo-jta_1.1_spec Highest Vendor pom artifactid geronimo-jta_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name JTA 1.1 High Vendor pom parent-artifactid specs Low Product file name geronimo-jta_1.1_spec-1.1 High Product jar package name transaction Low Product pom artifactid geronimo-jta_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name JTA 1.1 High Product pom parent-artifactid specs Medium Version pom parent-version 1.1 Low Version pom version 1.1 Highest
Description:
Provides open-source implementations of Sun specifications. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-stax-api_1.0_spec/1.0.1/geronimo-stax-api_1.0_spec-1.0.1.jar
MD5: b7c2a715cd3d1c43dc4ccfae426e8e2e
SHA1: 1c171093a8b43aa550c6050ac441abe713ebb4f2
SHA256: 124235815fba376b0c20ed37f79d691fa26b4e00297a4ab27b6ca05ceb591348
Referenced In Projects/Scopes: Grouper SCIM:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name geronimo-stax-api_1.0_spec-1.0.1 High Vendor jar package name xml Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-stax-api_1.0_spec Medium Vendor pom artifactid geronimo-stax-api_1.0_spec Highest Vendor pom artifactid geronimo-stax-api_1.0_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Streaming API for XML (STAX API 1.0) High Vendor pom parent-artifactid specs Low Product file name geronimo-stax-api_1.0_spec-1.0.1 High Product jar package name xml Highest Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name geronimo-stax-api_1.0_spec Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-stax-api_1.0_spec Medium Product Manifest Implementation-Title Apache Geronimo High Product pom artifactid geronimo-stax-api_1.0_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Streaming API for XML (STAX API 1.0) High Product pom parent-artifactid specs Medium Version Manifest Bundle-Version 1.0.1 High Version Manifest Implementation-Version 1.0.1 High Version pom parent-version 1.0.1 Low Version pom version 1.0.1 Highest
Description:
Provides open-source implementations of Sun specifications. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-ws-metadata_2.0_spec/1.1.2/geronimo-ws-metadata_2.0_spec-1.1.2.jar
MD5: 3d0fbbca45e8877dee74e83bc83317d5
SHA1: 7be9f049b4f0f0cf045675be5a0ff709d57cbc6a
SHA256: 94820ccdb04c7c64290938f16cc577cdd8ded6a4d12ed2fbfd03318feff97579
Referenced In Project/Scope: Grouper WS Generated Client:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-ws-metadata_2.0_spec-1.1.2 High Vendor hint analyzer vendor web services Medium Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-ws-metadata_2.0_spec Medium Vendor pom artifactid geronimo-ws-metadata_2.0_spec Highest Vendor pom artifactid geronimo-ws-metadata_2.0_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Web Services Metadata 2.0 High Vendor pom parent-artifactid specs Low Product file name geronimo-ws-metadata_2.0_spec-1.1.2 High Product hint analyzer product web services Medium Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name geronimo-ws-metadata_2.0_spec Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-ws-metadata_2.0_spec Medium Product Manifest Implementation-Title Apache Geronimo High Product pom artifactid geronimo-ws-metadata_2.0_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Web Services Metadata 2.0 High Product pom parent-artifactid specs Medium Version Manifest Bundle-Version 1.1.2 High Version Manifest Implementation-Version 1.1.2 High Version pom parent-version 1.1.2 Low Version pom version 1.1.2 Highest
Description:
The Google API Client Library for Java provides functionality common to all Google APIs; for example HTTP transport, error handling, authentication, JSON parsing, media download/upload, and batching. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/api-client/google-api-client/1.25.0/google-api-client-1.25.0.jar
MD5: dbeddb59844ea8fbd9416a0c017a627f
SHA1: e7ff725e89ff5dcbed107be1a24e8102ae2441ee
SHA256: 24e1a69d6c04e6e72e3e16757d46d32daa7dd43cb32c3895f832f25358be1402
Referenced In Project/Scope: Grouper Google Apps Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name google-api-client High Vendor jar package name api Highest Vendor jar package name client Highest Vendor jar package name google Highest Vendor jar package name googleapis Highest Vendor Manifest bundle-docurl https://developers.google.com/api-client-library/java/ Low Vendor Manifest bundle-symbolicname com.google.api.client.googleapis Medium Vendor Manifest Implementation-Vendor Google High Vendor Manifest Implementation-Vendor-Id com.google.api-client Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid google-api-client Highest Vendor pom artifactid google-api-client Low Vendor pom groupid com.google.api-client Highest Vendor pom name Google APIs Client Library for Java High Vendor pom parent-artifactid google-api-client-parent Low Product file name google-api-client High Product jar package name api Highest Product jar package name client Highest Product jar package name google Highest Product jar package name googleapis Highest Product Manifest bundle-docurl https://developers.google.com/api-client-library/java/ Low Product Manifest Bundle-Name Google APIs Client Library for Java Medium Product Manifest bundle-symbolicname com.google.api.client.googleapis Medium Product Manifest Implementation-Title Google APIs Client Library for Java High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid google-api-client Highest Product pom groupid com.google.api-client Highest Product pom name Google APIs Client Library for Java High Product pom parent-artifactid google-api-client-parent Medium Version file version 1.25.0 High Version Manifest Bundle-Version 1.25.0 High Version Manifest Implementation-Version 1.25.0 High Version pom version 1.25.0 Highest
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/apis/google-api-services-admin-directory/directory_v1-rev118-1.25.0/google-api-services-admin-directory-directory_v1-rev118-1.25.0.jar
MD5: 093bffe6a1b932e74232d16f654ddc1e
SHA1: cb4be66bd057795f15773450d89a38036c39b44a
SHA256: e4e39591006de30a5949b75665aadd003267f49c1595946b7f855b9a62b155e3
Referenced In Project/Scope: Grouper Google Apps Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name google-api-services-admin-directory-directory_v1-rev118 High Vendor jar package name admin Highest Vendor jar package name api Highest Vendor jar package name api Low Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name services Highest Vendor jar package name services Low Vendor pom artifactid google-api-services-admin-directory Highest Vendor pom artifactid google-api-services-admin-directory Low Vendor pom groupid com.google.apis Highest Vendor pom name Admin Directory API directory_v1-rev118-1.25.0 High Vendor pom organization name Google High Vendor pom organization url http://www.google.com/ Medium Product file name google-api-services-admin-directory-directory_v1-rev118 High Product jar package name admin Highest Product jar package name admin Low Product jar package name api Highest Product jar package name api Low Product jar package name google Highest Product jar package name services Highest Product jar package name services Low Product pom artifactid google-api-services-admin-directory Highest Product pom groupid com.google.apis Highest Product pom name Admin Directory API directory_v1-rev118-1.25.0 High Product pom organization name Google Low Product pom organization url http://www.google.com/ Low Version pom version directory_v1-rev118-1.25.0 Highest
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/apis/google-api-services-groupssettings/v1-rev82-1.25.0/google-api-services-groupssettings-v1-rev82-1.25.0.jar
MD5: e1791393caa9941e855ca0210ad0137d
SHA1: 5337b0fa1813cf3e8f40afc7039c9b952a792170
SHA256: 4155714fb255173943c60182f5796ed16a5efce7cd9abb547933f6c6bfe04e87
Referenced In Project/Scope: Grouper Google Apps Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name google-api-services-groupssettings-v1-rev82 High Vendor jar package name api Highest Vendor jar package name api Low Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name groupssettings Highest Vendor jar package name services Highest Vendor jar package name services Low Vendor pom artifactid google-api-services-groupssettings Highest Vendor pom artifactid google-api-services-groupssettings Low Vendor pom groupid com.google.apis Highest Vendor pom name Groups Settings API v1-rev82-1.25.0 High Vendor pom organization name Google High Vendor pom organization url http://www.google.com/ Medium Product file name google-api-services-groupssettings-v1-rev82 High Product jar package name api Highest Product jar package name api Low Product jar package name google Highest Product jar package name groupssettings Highest Product jar package name groupssettings Low Product jar package name services Highest Product jar package name services Low Product pom artifactid google-api-services-groupssettings Highest Product pom groupid com.google.apis Highest Product pom name Groups Settings API v1-rev82-1.25.0 High Product pom organization name Google Low Product pom organization url http://www.google.com/ Low Version pom version v1-rev82-1.25.0 Highest
Description:
Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/http-client/google-http-client/1.25.0/google-http-client-1.25.0.jar
MD5: d28fdd84656ffe586d56ab6492509dd6
SHA1: 5fb16523c393bfe0210c29db44742bd308311841
SHA256: fb7d80a515da4618e2b402e1fef96999e07621b381a5889ef091482c5a3e961d
Referenced In Project/Scope: Grouper Google Apps Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name google-http-client High Vendor jar package name client Highest Vendor jar package name google Highest Vendor jar package name http Highest Vendor Manifest bundle-docurl http://www.google.com/ Low Vendor Manifest bundle-symbolicname com.google.http-client.google-http-client Medium Vendor Manifest Implementation-Vendor Google High Vendor Manifest Implementation-Vendor-Id com.google.http-client Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid google-http-client Highest Vendor pom artifactid google-http-client Low Vendor pom groupid com.google.http-client Highest Vendor pom name Google HTTP Client Library for Java High Vendor pom parent-artifactid google-http-client-parent Low Product file name google-http-client High Product jar package name client Highest Product jar package name google Highest Product jar package name http Highest Product Manifest bundle-docurl http://www.google.com/ Low Product Manifest Bundle-Name Google HTTP Client Library for Java Medium Product Manifest bundle-symbolicname com.google.http-client.google-http-client Medium Product Manifest Implementation-Title Google HTTP Client Library for Java High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid google-http-client Highest Product pom groupid com.google.http-client Highest Product pom name Google HTTP Client Library for Java High Product pom parent-artifactid google-http-client-parent Medium Version file version 1.25.0 High Version Manifest Bundle-Version 1.25.0 High Version Manifest Implementation-Version 1.25.0 High Version pom version 1.25.0 Highest
File Path: /home/grprdist/.m2/repository/com/google/http-client/google-http-client-jackson2/1.25.0/google-http-client-jackson2-1.25.0.jarMD5: 5e7de7ec9216d4747dcbdc5b6d08d560SHA1: 7c5c89bd4d0d34d9f1cb3396e8da6233e5074b5cSHA256: f9e7e0d318860a2092d70b56331976280c4e9348a065ede3b99c92aa032fd853Referenced In Project/Scope: Grouper Google Apps Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name google-http-client-jackson2 High Vendor jar package name client Highest Vendor jar package name google Highest Vendor Manifest Implementation-Vendor Google High Vendor Manifest Implementation-Vendor-Id com.google.http-client Medium Vendor pom artifactid google-http-client-jackson2 Highest Vendor pom artifactid google-http-client-jackson2 Low Vendor pom groupid com.google.http-client Highest Vendor pom name Jackson 2 extensions to the Google HTTP Client Library for Java. High Vendor pom parent-artifactid google-http-client-parent Low Product file name google-http-client-jackson2 High Product jar package name client Highest Product jar package name google Highest Product Manifest Implementation-Title Jackson 2 extensions to the Google HTTP Client Library for Java. High Product pom artifactid google-http-client-jackson2 Highest Product pom groupid com.google.http-client Highest Product pom name Jackson 2 extensions to the Google HTTP Client Library for Java. High Product pom parent-artifactid google-http-client-parent Medium Version file version 1.25.0 High Version Manifest Implementation-Version 1.25.0 High Version pom version 1.25.0 Highest
Description:
Google OAuth Client Library for Java. Functionality that works on all supported Java platforms,
including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/oauth-client/google-oauth-client/1.25.0/google-oauth-client-1.25.0.jar
MD5: 6fd6dc606bb8c17c9a6d61e21533f010
SHA1: c9ee14e8b095b4b301b28d57755cc482b8d6f39f
SHA256: 7e2929133d4231e702b5956a7e5dc8347a352acc1e97082b40c3585b81cd3501
Referenced In Project/Scope: Grouper Google Apps Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name google-oauth-client High Vendor jar package name client Highest Vendor jar package name google Highest Vendor Manifest bundle-docurl http://www.google.com/ Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.google.oauth-client Medium Vendor Manifest Implementation-Vendor Google High Vendor Manifest Implementation-Vendor-Id com.google.oauth-client Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid google-oauth-client Highest Vendor pom artifactid google-oauth-client Low Vendor pom groupid com.google.oauth-client Highest Vendor pom name Google OAuth Client Library for Java High Vendor pom parent-artifactid google-oauth-client-parent Low Product file name google-oauth-client High Product jar package name client Highest Product jar package name google Highest Product Manifest bundle-docurl http://www.google.com/ Low Product Manifest Bundle-Name Google OAuth Client Library for Java Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.google.oauth-client Medium Product Manifest Implementation-Title Google OAuth Client Library for Java High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid google-oauth-client Highest Product pom groupid com.google.oauth-client Highest Product pom name Google OAuth Client Library for Java High Product pom parent-artifactid google-oauth-client-parent Medium Version file version 1.25.0 High Version Manifest Bundle-Version 1.25.0 High Version Manifest Implementation-Version 1.25.0 High Version pom version 1.25.0 Highest
CVE-2020-7692 suppress
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2021-22573 suppress
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above CWE-347 Improper Verification of Cryptographic Signature
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
Description:
Groovy: A powerful, dynamic language for the JVM License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy/2.5.18/groovy-2.5.18.jar
MD5: f3de969ce974116e3e262c591dfc8ef2
SHA1: 798c6b66235338deeab9ecffa8942c67a0357abe
SHA256: ce352918c7fc06c700bc7f13cbd00226042bc146a899eb52ff5b522a092a309c
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name groovy High Vendor jar package name apache Highest Vendor jar package name codehaus Highest Vendor jar package name groovy Highest Vendor Manifest automatic-module-name org.codehaus.groovy Medium Vendor Manifest bundle-symbolicname groovy Medium Vendor Manifest eclipse-buddypolicy dependent Low Vendor Manifest eclipse-extensibleapi true Low Vendor Manifest extension-name groovy Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid groovy Highest Vendor pom artifactid groovy Low Vendor pom developer email aalmiray@users.sourceforge.net Low Vendor pom developer email b55r@sina.com Low Vendor pom developer email blackdrag@gmx.org Low Vendor pom developer email bob@werken.com Low Vendor pom developer email cedric.champeau@gmail.com Low Vendor pom developer email ckl@dacelo.nl Low Vendor pom developer email cpoirier@dreaming.org Low Vendor pom developer email goetze@dovetail.com Low Vendor pom developer email guillaume.alleon@gmail.com Low Vendor pom developer email hamletdrc@gmail.com Low Vendor pom developer email james@coredevelopers.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email jeremy.rayner@gmail.com Low Vendor pom developer email jim@pagesmiths.com Low Vendor pom developer email johnstump2@yahoo.com Low Vendor pom developer email mguillemot@yahoo.fr Low Vendor pom developer email paulk@asert.com.au Low Vendor pom developer email phkim@cluecom.co.kr Low Vendor pom developer email pniederw@gmail.com Low Vendor pom developer email russel@winder.org.uk Low Vendor pom developer email sam@sampullara.com Low Vendor pom developer email sormuras@gmx.de Low Vendor pom developer email tug@wilson.co.uk Low Vendor pom developer id aalmiray Medium Vendor pom developer id alextkachman Medium Vendor pom developer id andresteingress Medium Vendor pom developer id blackdrag Medium Vendor pom developer id bob Medium Vendor pom developer id bran Medium Vendor pom developer id ckl Medium Vendor pom developer id cpoirier Medium Vendor pom developer id cstein Medium Vendor pom developer id emilles Medium Vendor pom developer id galleon Medium Vendor pom developer id glaforge Medium Vendor pom developer id goetze Medium Vendor pom developer id grocher Medium Vendor pom developer id hamletdrc Medium Vendor pom developer id jamiemc Medium Vendor pom developer id jez Medium Vendor pom developer id jimwhite Medium Vendor pom developer id joe Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jstump Medium Vendor pom developer id jwill Medium Vendor pom developer id jwilson Medium Vendor pom developer id kasper Medium Vendor pom developer id mattf Medium Vendor pom developer id melix Medium Vendor pom developer id mguillem Medium Vendor pom developer id mittie Medium Vendor pom developer id pascalschumacher Medium Vendor pom developer id paulk Medium Vendor pom developer id phk Medium Vendor pom developer id pniederw Medium Vendor pom developer id roshandawrani Medium Vendor pom developer id rpopma Medium Vendor pom developer id russel Medium Vendor pom developer id shemnon Medium Vendor pom developer id skizz Medium Vendor pom developer id spullara Medium Vendor pom developer id sunlan Medium Vendor pom developer id timyates Medium Vendor pom developer id travis Medium Vendor pom developer id user57 Medium Vendor pom developer id zohar Medium Vendor pom developer name Alex Tkachman Medium Vendor pom developer name Andre Steingress Medium Vendor pom developer name Andres Almiray Medium Vendor pom developer name Bing Ran Medium Vendor pom developer name bob mcwhirter Medium Vendor pom developer name Cedric Champeau Medium Vendor pom developer name Chris Poirier Medium Vendor pom developer name Chris Stevenson Medium Vendor pom developer name Christiaan ten Klooster Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Daniel Sun Medium Vendor pom developer name Danno Ferrin Medium Vendor pom developer name Dierk Koenig Medium Vendor pom developer name Eric Milles Medium Vendor pom developer name Graeme Rocher Medium Vendor pom developer name Guillaume Alleon Medium Vendor pom developer name Guillaume Laforge Medium Vendor pom developer name Hamlet D'Arcy Medium Vendor pom developer name James Strachan Medium Vendor pom developer name James Williams Medium Vendor pom developer name Jamie McCrindle Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Jeremy Rayner Medium Vendor pom developer name Jim White Medium Vendor pom developer name Jochen Theodorou Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name John Stump Medium Vendor pom developer name John Wilson Medium Vendor pom developer name Kasper Nielsen Medium Vendor pom developer name Marc Guillemot Medium Vendor pom developer name Matt Foemmel Medium Vendor pom developer name Pascal Schumacher Medium Vendor pom developer name Paul King Medium Vendor pom developer name Peter Niederwieser Medium Vendor pom developer name Pilho Kim Medium Vendor pom developer name Remko Popma Medium Vendor pom developer name Roshan Dawrani Medium Vendor pom developer name Russel Winder Medium Vendor pom developer name Sam Pullara Medium Vendor pom developer name Steve Goetze Medium Vendor pom developer name Tim Yates Medium Vendor pom developer name Travis Kay Medium Vendor pom developer name Zohar Melamed Medium Vendor pom developer org Concertant LLP & It'z Interactive Ltd Medium Vendor pom developer org Core Developers Network Medium Vendor pom developer org CTSR.de Medium Vendor pom developer org Dacelo WebDevelopment Medium Vendor pom developer org Dovetailed Technologies, LLC Medium Vendor pom developer org Google Medium Vendor pom developer org IFCX.org Medium Vendor pom developer org javanicus Medium Vendor pom developer org Karakun AG Medium Vendor pom developer org Leadingcare Medium Vendor pom developer org OCI, Australia Medium Vendor pom developer org The Werken Company Medium Vendor pom developer org The Wilson Partnership Medium Vendor pom developer org Thomson Reuters Medium Vendor pom developer org ThoughtWorks Medium Vendor pom developer org Three Medium Vendor pom groupid org.codehaus.groovy Highest Vendor pom name Apache Groovy High Vendor pom organization name Apache Software Foundation High Vendor pom organization url https://apache.org Medium Vendor pom url https://groovy-lang.org Highest Product file name groovy High Product jar package name apache Highest Product jar package name codehaus Highest Product jar package name groovy Highest Product jar package name runtime Highest Product jar package name version Highest Product Manifest automatic-module-name org.codehaus.groovy Medium Product Manifest Bundle-Name Groovy Runtime Medium Product Manifest bundle-symbolicname groovy Medium Product Manifest eclipse-buddypolicy dependent Low Product Manifest eclipse-extensibleapi true Low Product Manifest extension-name groovy Medium Product Manifest Implementation-Title Groovy: a powerful, dynamic language for the JVM High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Groovy: a powerful, dynamic language for the JVM Medium Product pom artifactid groovy Highest Product pom developer email aalmiray@users.sourceforge.net Low Product pom developer email b55r@sina.com Low Product pom developer email blackdrag@gmx.org Low Product pom developer email bob@werken.com Low Product pom developer email cedric.champeau@gmail.com Low Product pom developer email ckl@dacelo.nl Low Product pom developer email cpoirier@dreaming.org Low Product pom developer email goetze@dovetail.com Low Product pom developer email guillaume.alleon@gmail.com Low Product pom developer email hamletdrc@gmail.com Low Product pom developer email james@coredevelopers.com Low Product pom developer email jason@planet57.com Low Product pom developer email jeremy.rayner@gmail.com Low Product pom developer email jim@pagesmiths.com Low Product pom developer email johnstump2@yahoo.com Low Product pom developer email mguillemot@yahoo.fr Low Product pom developer email paulk@asert.com.au Low Product pom developer email phkim@cluecom.co.kr Low Product pom developer email pniederw@gmail.com Low Product pom developer email russel@winder.org.uk Low Product pom developer email sam@sampullara.com Low Product pom developer email sormuras@gmx.de Low Product pom developer email tug@wilson.co.uk Low Product pom developer id aalmiray Low Product pom developer id alextkachman Low Product pom developer id andresteingress Low Product pom developer id blackdrag Low Product pom developer id bob Low Product pom developer id bran Low Product pom developer id ckl Low Product pom developer id cpoirier Low Product pom developer id cstein Low Product pom developer id emilles Low Product pom developer id galleon Low Product pom developer id glaforge Low Product pom developer id goetze Low Product pom developer id grocher Low Product pom developer id hamletdrc Low Product pom developer id jamiemc Low Product pom developer id jez Low Product pom developer id jimwhite Low Product pom developer id joe Low Product pom developer id jstrachan Low Product pom developer id jstump Low Product pom developer id jwill Low Product pom developer id jwilson Low Product pom developer id kasper Low Product pom developer id mattf Low Product pom developer id melix Low Product pom developer id mguillem Low Product pom developer id mittie Low Product pom developer id pascalschumacher Low Product pom developer id paulk Low Product pom developer id phk Low Product pom developer id pniederw Low Product pom developer id roshandawrani Low Product pom developer id rpopma Low Product pom developer id russel Low Product pom developer id shemnon Low Product pom developer id skizz Low Product pom developer id spullara Low Product pom developer id sunlan Low Product pom developer id timyates Low Product pom developer id travis Low Product pom developer id user57 Low Product pom developer id zohar Low Product pom developer name Alex Tkachman Low Product pom developer name Andre Steingress Low Product pom developer name Andres Almiray Low Product pom developer name Bing Ran Low Product pom developer name bob mcwhirter Low Product pom developer name Cedric Champeau Low Product pom developer name Chris Poirier Low Product pom developer name Chris Stevenson Low Product pom developer name Christiaan ten Klooster Low Product pom developer name Christian Stein Low Product pom developer name Daniel Sun Low Product pom developer name Danno Ferrin Low Product pom developer name Dierk Koenig Low Product pom developer name Eric Milles Low Product pom developer name Graeme Rocher Low Product pom developer name Guillaume Alleon Low Product pom developer name Guillaume Laforge Low Product pom developer name Hamlet D'Arcy Low Product pom developer name James Strachan Low Product pom developer name James Williams Low Product pom developer name Jamie McCrindle Low Product pom developer name Jason Dillon Low Product pom developer name Jeremy Rayner Low Product pom developer name Jim White Low Product pom developer name Jochen Theodorou Low Product pom developer name Joe Walnes Low Product pom developer name John Stump Low Product pom developer name John Wilson Low Product pom developer name Kasper Nielsen Low Product pom developer name Marc Guillemot Low Product pom developer name Matt Foemmel Low Product pom developer name Pascal Schumacher Low Product pom developer name Paul King Low Product pom developer name Peter Niederwieser Low Product pom developer name Pilho Kim Low Product pom developer name Remko Popma Low Product pom developer name Roshan Dawrani Low Product pom developer name Russel Winder Low Product pom developer name Sam Pullara Low Product pom developer name Steve Goetze Low Product pom developer name Tim Yates Low Product pom developer name Travis Kay Low Product pom developer name Zohar Melamed Low Product pom developer org Concertant LLP & It'z Interactive Ltd Low Product pom developer org Core Developers Network Low Product pom developer org CTSR.de Low Product pom developer org Dacelo WebDevelopment Low Product pom developer org Dovetailed Technologies, LLC Low Product pom developer org Google Low Product pom developer org IFCX.org Low Product pom developer org javanicus Low Product pom developer org Karakun AG Low Product pom developer org Leadingcare Low Product pom developer org OCI, Australia Low Product pom developer org The Werken Company Low Product pom developer org The Wilson Partnership Low Product pom developer org Thomson Reuters Low Product pom developer org ThoughtWorks Low Product pom developer org Three Low Product pom groupid org.codehaus.groovy Highest Product pom name Apache Groovy High Product pom organization name Apache Software Foundation Low Product pom organization url https://apache.org Low Product pom url https://groovy-lang.org Medium Version file version 2.5.18 High Version Manifest Bundle-Version 2.5.18 High Version Manifest Implementation-Version 2.5.18 High Version pom version 2.5.18 Highest
Description:
Groovy: A powerful, dynamic language for the JVM License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-xml/2.5.18/groovy-xml-2.5.18.jar
MD5: f6c37df32d9c4837944d07f775f5d51e
SHA1: 42e42df001f431da9ca965495d56cdaad93a2f0b
SHA256: a474f0f15088281be9e94639be4c1aa873d40fdb8e540220f17c071ae1490673
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name groovy-xml High Vendor jar package name codehaus Highest Vendor jar package name groovy Highest Vendor jar package name xml Highest Vendor Manifest automatic-module-name org.codehaus.groovy.xml Medium Vendor Manifest bundle-symbolicname groovy-xml Medium Vendor Manifest eclipse-buddypolicy dependent Low Vendor Manifest fragment-host groovy Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid groovy-xml Highest Vendor pom artifactid groovy-xml Low Vendor pom developer email aalmiray@users.sourceforge.net Low Vendor pom developer email b55r@sina.com Low Vendor pom developer email blackdrag@gmx.org Low Vendor pom developer email bob@werken.com Low Vendor pom developer email cedric.champeau@gmail.com Low Vendor pom developer email ckl@dacelo.nl Low Vendor pom developer email cpoirier@dreaming.org Low Vendor pom developer email goetze@dovetail.com Low Vendor pom developer email guillaume.alleon@gmail.com Low Vendor pom developer email hamletdrc@gmail.com Low Vendor pom developer email james@coredevelopers.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email jeremy.rayner@gmail.com Low Vendor pom developer email jim@pagesmiths.com Low Vendor pom developer email johnstump2@yahoo.com Low Vendor pom developer email mguillemot@yahoo.fr Low Vendor pom developer email paulk@asert.com.au Low Vendor pom developer email phkim@cluecom.co.kr Low Vendor pom developer email pniederw@gmail.com Low Vendor pom developer email russel@winder.org.uk Low Vendor pom developer email sam@sampullara.com Low Vendor pom developer email sormuras@gmx.de Low Vendor pom developer email tug@wilson.co.uk Low Vendor pom developer id aalmiray Medium Vendor pom developer id alextkachman Medium Vendor pom developer id andresteingress Medium Vendor pom developer id blackdrag Medium Vendor pom developer id bob Medium Vendor pom developer id bran Medium Vendor pom developer id ckl Medium Vendor pom developer id cpoirier Medium Vendor pom developer id cstein Medium Vendor pom developer id emilles Medium Vendor pom developer id galleon Medium Vendor pom developer id glaforge Medium Vendor pom developer id goetze Medium Vendor pom developer id grocher Medium Vendor pom developer id hamletdrc Medium Vendor pom developer id jamiemc Medium Vendor pom developer id jez Medium Vendor pom developer id jimwhite Medium Vendor pom developer id joe Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jstump Medium Vendor pom developer id jwill Medium Vendor pom developer id jwilson Medium Vendor pom developer id kasper Medium Vendor pom developer id mattf Medium Vendor pom developer id melix Medium Vendor pom developer id mguillem Medium Vendor pom developer id mittie Medium Vendor pom developer id pascalschumacher Medium Vendor pom developer id paulk Medium Vendor pom developer id phk Medium Vendor pom developer id pniederw Medium Vendor pom developer id roshandawrani Medium Vendor pom developer id rpopma Medium Vendor pom developer id russel Medium Vendor pom developer id shemnon Medium Vendor pom developer id skizz Medium Vendor pom developer id spullara Medium Vendor pom developer id sunlan Medium Vendor pom developer id timyates Medium Vendor pom developer id travis Medium Vendor pom developer id user57 Medium Vendor pom developer id zohar Medium Vendor pom developer name Alex Tkachman Medium Vendor pom developer name Andre Steingress Medium Vendor pom developer name Andres Almiray Medium Vendor pom developer name Bing Ran Medium Vendor pom developer name bob mcwhirter Medium Vendor pom developer name Cedric Champeau Medium Vendor pom developer name Chris Poirier Medium Vendor pom developer name Chris Stevenson Medium Vendor pom developer name Christiaan ten Klooster Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Daniel Sun Medium Vendor pom developer name Danno Ferrin Medium Vendor pom developer name Dierk Koenig Medium Vendor pom developer name Eric Milles Medium Vendor pom developer name Graeme Rocher Medium Vendor pom developer name Guillaume Alleon Medium Vendor pom developer name Guillaume Laforge Medium Vendor pom developer name Hamlet D'Arcy Medium Vendor pom developer name James Strachan Medium Vendor pom developer name James Williams Medium Vendor pom developer name Jamie McCrindle Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Jeremy Rayner Medium Vendor pom developer name Jim White Medium Vendor pom developer name Jochen Theodorou Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name John Stump Medium Vendor pom developer name John Wilson Medium Vendor pom developer name Kasper Nielsen Medium Vendor pom developer name Marc Guillemot Medium Vendor pom developer name Matt Foemmel Medium Vendor pom developer name Pascal Schumacher Medium Vendor pom developer name Paul King Medium Vendor pom developer name Peter Niederwieser Medium Vendor pom developer name Pilho Kim Medium Vendor pom developer name Remko Popma Medium Vendor pom developer name Roshan Dawrani Medium Vendor pom developer name Russel Winder Medium Vendor pom developer name Sam Pullara Medium Vendor pom developer name Steve Goetze Medium Vendor pom developer name Tim Yates Medium Vendor pom developer name Travis Kay Medium Vendor pom developer name Zohar Melamed Medium Vendor pom developer org Concertant LLP & It'z Interactive Ltd Medium Vendor pom developer org Core Developers Network Medium Vendor pom developer org CTSR.de Medium Vendor pom developer org Dacelo WebDevelopment Medium Vendor pom developer org Dovetailed Technologies, LLC Medium Vendor pom developer org Google Medium Vendor pom developer org IFCX.org Medium Vendor pom developer org javanicus Medium Vendor pom developer org Karakun AG Medium Vendor pom developer org Leadingcare Medium Vendor pom developer org OCI, Australia Medium Vendor pom developer org The Werken Company Medium Vendor pom developer org The Wilson Partnership Medium Vendor pom developer org Thomson Reuters Medium Vendor pom developer org ThoughtWorks Medium Vendor pom developer org Three Medium Vendor pom groupid org.codehaus.groovy Highest Vendor pom name Apache Groovy High Vendor pom organization name Apache Software Foundation High Vendor pom organization url https://apache.org Medium Vendor pom url https://groovy-lang.org Highest Product file name groovy-xml High Product jar package name codehaus Highest Product jar package name groovy Highest Product jar package name xml Highest Product Manifest automatic-module-name org.codehaus.groovy.xml Medium Product Manifest bundle-symbolicname groovy-xml Medium Product Manifest eclipse-buddypolicy dependent Low Product Manifest fragment-host groovy Low Product Manifest Implementation-Title Groovy: a powerful, dynamic language for the JVM High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Groovy: a powerful, dynamic language for the JVM Medium Product pom artifactid groovy-xml Highest Product pom developer email aalmiray@users.sourceforge.net Low Product pom developer email b55r@sina.com Low Product pom developer email blackdrag@gmx.org Low Product pom developer email bob@werken.com Low Product pom developer email cedric.champeau@gmail.com Low Product pom developer email ckl@dacelo.nl Low Product pom developer email cpoirier@dreaming.org Low Product pom developer email goetze@dovetail.com Low Product pom developer email guillaume.alleon@gmail.com Low Product pom developer email hamletdrc@gmail.com Low Product pom developer email james@coredevelopers.com Low Product pom developer email jason@planet57.com Low Product pom developer email jeremy.rayner@gmail.com Low Product pom developer email jim@pagesmiths.com Low Product pom developer email johnstump2@yahoo.com Low Product pom developer email mguillemot@yahoo.fr Low Product pom developer email paulk@asert.com.au Low Product pom developer email phkim@cluecom.co.kr Low Product pom developer email pniederw@gmail.com Low Product pom developer email russel@winder.org.uk Low Product pom developer email sam@sampullara.com Low Product pom developer email sormuras@gmx.de Low Product pom developer email tug@wilson.co.uk Low Product pom developer id aalmiray Low Product pom developer id alextkachman Low Product pom developer id andresteingress Low Product pom developer id blackdrag Low Product pom developer id bob Low Product pom developer id bran Low Product pom developer id ckl Low Product pom developer id cpoirier Low Product pom developer id cstein Low Product pom developer id emilles Low Product pom developer id galleon Low Product pom developer id glaforge Low Product pom developer id goetze Low Product pom developer id grocher Low Product pom developer id hamletdrc Low Product pom developer id jamiemc Low Product pom developer id jez Low Product pom developer id jimwhite Low Product pom developer id joe Low Product pom developer id jstrachan Low Product pom developer id jstump Low Product pom developer id jwill Low Product pom developer id jwilson Low Product pom developer id kasper Low Product pom developer id mattf Low Product pom developer id melix Low Product pom developer id mguillem Low Product pom developer id mittie Low Product pom developer id pascalschumacher Low Product pom developer id paulk Low Product pom developer id phk Low Product pom developer id pniederw Low Product pom developer id roshandawrani Low Product pom developer id rpopma Low Product pom developer id russel Low Product pom developer id shemnon Low Product pom developer id skizz Low Product pom developer id spullara Low Product pom developer id sunlan Low Product pom developer id timyates Low Product pom developer id travis Low Product pom developer id user57 Low Product pom developer id zohar Low Product pom developer name Alex Tkachman Low Product pom developer name Andre Steingress Low Product pom developer name Andres Almiray Low Product pom developer name Bing Ran Low Product pom developer name bob mcwhirter Low Product pom developer name Cedric Champeau Low Product pom developer name Chris Poirier Low Product pom developer name Chris Stevenson Low Product pom developer name Christiaan ten Klooster Low Product pom developer name Christian Stein Low Product pom developer name Daniel Sun Low Product pom developer name Danno Ferrin Low Product pom developer name Dierk Koenig Low Product pom developer name Eric Milles Low Product pom developer name Graeme Rocher Low Product pom developer name Guillaume Alleon Low Product pom developer name Guillaume Laforge Low Product pom developer name Hamlet D'Arcy Low Product pom developer name James Strachan Low Product pom developer name James Williams Low Product pom developer name Jamie McCrindle Low Product pom developer name Jason Dillon Low Product pom developer name Jeremy Rayner Low Product pom developer name Jim White Low Product pom developer name Jochen Theodorou Low Product pom developer name Joe Walnes Low Product pom developer name John Stump Low Product pom developer name John Wilson Low Product pom developer name Kasper Nielsen Low Product pom developer name Marc Guillemot Low Product pom developer name Matt Foemmel Low Product pom developer name Pascal Schumacher Low Product pom developer name Paul King Low Product pom developer name Peter Niederwieser Low Product pom developer name Pilho Kim Low Product pom developer name Remko Popma Low Product pom developer name Roshan Dawrani Low Product pom developer name Russel Winder Low Product pom developer name Sam Pullara Low Product pom developer name Steve Goetze Low Product pom developer name Tim Yates Low Product pom developer name Travis Kay Low Product pom developer name Zohar Melamed Low Product pom developer org Concertant LLP & It'z Interactive Ltd Low Product pom developer org Core Developers Network Low Product pom developer org CTSR.de Low Product pom developer org Dacelo WebDevelopment Low Product pom developer org Dovetailed Technologies, LLC Low Product pom developer org Google Low Product pom developer org IFCX.org Low Product pom developer org javanicus Low Product pom developer org Karakun AG Low Product pom developer org Leadingcare Low Product pom developer org OCI, Australia Low Product pom developer org The Werken Company Low Product pom developer org The Wilson Partnership Low Product pom developer org Thomson Reuters Low Product pom developer org ThoughtWorks Low Product pom developer org Three Low Product pom groupid org.codehaus.groovy Highest Product pom name Apache Groovy High Product pom organization name Apache Software Foundation Low Product pom organization url https://apache.org Low Product pom url https://groovy-lang.org Medium Version file version 2.5.18 High Version Manifest Bundle-Version 2.5.18 High Version Manifest Implementation-Version 2.5.18 High Version pom version 2.5.18 Highest
Related Dependencies groovy-cli-picocli-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-cli-picocli/2.5.18/groovy-cli-picocli-2.5.18.jar MD5: 9e2881fd02755e2dca877af20be272af SHA1: b630c15141f09a034d80e2b419e77f93a58febed SHA256: ce99225534b8ebfd8ceba00ff18ce84a40144da38a92b3e6f36c96602302d090 pkg:maven/org.codehaus.groovy/groovy-cli-picocli@2.5.18 groovy-console-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-console/2.5.18/groovy-console-2.5.18.jar MD5: adeefc339808d50a5c6d5500421549fc SHA1: 724e91113829e73a87c3931279705e54fa896796 SHA256: c81c73a5b3b6906122072d8478de8795d07f4df6b47290e59bdccf9bf05bbff4 pkg:maven/org.codehaus.groovy/groovy-console@2.5.18 groovy-groovysh-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-groovysh/2.5.18/groovy-groovysh-2.5.18.jar MD5: 887c33764a5479be42e0114b27ecd488 SHA1: 22aaf5e1849bf2ac6a1f36b5528040bff3e5fee8 SHA256: 02328ed516035a31eb8061e50e8ebfb883b557d5a2baed3deb45abc174e54333 pkg:maven/org.codehaus.groovy/groovy-groovysh@2.5.18 groovy-jsr223-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-jsr223/2.5.18/groovy-jsr223-2.5.18.jar MD5: 9181a6a9b721051d840be820a001de0e SHA1: e65d3c2c32352583939adb7a16e8802626f8899a SHA256: 2a5d25d90b89a22cbeeb83495c4d6b7cd76ac75f4078beb841a6732258a92a26 pkg:maven/org.codehaus.groovy/groovy-jsr223@2.5.18 groovy-swing-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-swing/2.5.18/groovy-swing-2.5.18.jar MD5: 9dd23e929a171e2fa656224ab5d64367 SHA1: 4a98d780762efe1fbc777d353a3406b1cbe884ec SHA256: 41f51592241acb04d97ef3c62827b8eff8a747cec34fd7419adca62816aec862 pkg:maven/org.codehaus.groovy/groovy-swing@2.5.18 groovy-templates-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-templates/2.5.18/groovy-templates-2.5.18.jar MD5: ec20cce24dc773f21594406c8257f6d7 SHA1: fc465a955137ff128fa41ec2d9d371c799b2c041 SHA256: 769644776fe2be28dfc2e21d34ad3af41667b7f7e18db00e28bcb7b76b46e25f pkg:maven/org.codehaus.groovy/groovy-templates@2.5.18 Description:
Gson JSON library License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar
MD5: 53fa3e6753e90d931d62cb89580fde2f
SHA1: 8a1167e089096758b49f9b34066ef98b2f4b37aa
SHA256: c96d60551331a196dac54b745aa642cd078ef89b6f267146b705f2c2cbef052d
Referenced In Projects/Scopes: Grouper Office365 and Azure Provisioner:compile Grouper UI webapp:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name gson High Vendor jar package name google Highest Vendor jar package name gson Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-contactaddress https://github.com/google/gson Low Vendor Manifest bundle-docurl https://github.com/google/gson/gson Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Vendor Manifest bundle-symbolicname com.google.gson Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid gson Highest Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product file name gson High Product jar package name google Highest Product jar package name gson Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-contactaddress https://github.com/google/gson Low Product Manifest bundle-docurl https://github.com/google/gson/gson Low Product Manifest Bundle-Name Gson Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Product Manifest bundle-symbolicname com.google.gson Medium Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version file version 2.9.0 High Version Manifest Bundle-Version 2.9.0 High Version pom version 2.9.0 Highest
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar
MD5: 947641f6bb535b1d942d1bc387c45290
SHA1: cce0823396aa693798f8882e64213b1772032b09
SHA256: d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name guava High Vendor jar package name google Highest Vendor Manifest bundle-docurl https://guava-libraries.googlecode.com/ Low Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom artifactid guava Highest Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product file name guava High Product jar package name google Highest Product Manifest bundle-docurl https://guava-libraries.googlecode.com/ Low Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product Manifest bundle-symbolicname com.google.guava Medium Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Version file version 18.0 High Version pom version 18.0 Highest
CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion CONFIRM - https://security.netapp.com/advisory/ntap-20220629-0008/ MISC - https://www.oracle.com/security-alerts/cpujan2021.html MISC - https://www.oracle.com/security-alerts/cpujul2020.html MISC - https://www.oracle.com/security-alerts/cpuoct2021.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities MLIST - [samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes MLIST - [storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] CWE-770: Allocation of Resources Without Limits or Throttling OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10237 OSSIndex - https://blog.sonatype.com/2018/11/welcome-back-to-nexus-intelligence-insights/ OSSIndex - https://github.com/google/guava/wiki/CVE-2018-10237 OSSIndex - https://www.securityfocus.com/bid/104133/references REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/guava/guava/20.0/guava-20.0.jar
MD5: f32a8a2524620dbecc9f6bf6a20c293f
SHA1: 89507701249388e1ed5ddcf8c41f4ce1be7831ef
SHA256: 36a666e3b71ae7f0f0dca23654b67e086e6c93d192f60ba5dfd5519db6c288c8
Referenced In Project/Scope: Grouper Google Apps Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name guava High Vendor jar package name google Highest Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid guava Highest Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product file name guava High Product jar package name google Highest Product Manifest bundle-docurl https://github.com/google/guava/ Low Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product Manifest bundle-symbolicname com.google.guava Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Version file version 20.0 High Version pom version 20.0 Highest
CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion CONFIRM - https://security.netapp.com/advisory/ntap-20220629-0008/ MISC - https://www.oracle.com/security-alerts/cpujan2021.html MISC - https://www.oracle.com/security-alerts/cpujul2020.html MISC - https://www.oracle.com/security-alerts/cpuoct2021.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities MLIST - [samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes MLIST - [storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] CWE-770: Allocation of Resources Without Limits or Throttling OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10237 OSSIndex - https://blog.sonatype.com/2018/11/welcome-back-to-nexus-intelligence-insights/ OSSIndex - https://github.com/google/guava/wiki/CVE-2018-10237 OSSIndex - https://www.securityfocus.com/bid/104133/references REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
HawtBuf: a rich byte buffer library License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/fusesource/hawtbuf/hawtbuf/1.9/hawtbuf-1.9.jar
MD5: f02d55780c4f2280b58528a76b5c0286
SHA1: 4a42b835d1df77db8c9a144a11ebb4600a372f5f
SHA256: a057c86610e9ebdd7eef79c4b277c71126507bc9a2b685d7b5848bf7e5360d86
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name hawtbuf High Vendor jar package name fusesource Highest Vendor jar package name hawtbuf Highest Vendor Manifest bundle-docurl http://fusesource.com/ Low Vendor Manifest bundle-symbolicname org.fusesource.hawtbuf.hawtbuf Medium Vendor Manifest Implementation-Vendor FuseSource, Corp. High Vendor Manifest Implementation-Vendor-Id org.fusesource.hawtbuf Medium Vendor pom artifactid hawtbuf Highest Vendor pom artifactid hawtbuf Low Vendor pom groupid org.fusesource.hawtbuf Highest Vendor pom name ${project.artifactId} High Vendor pom parent-artifactid hawtbuf-project Low Product file name hawtbuf High Product jar package name buffer Highest Product jar package name fusesource Highest Product jar package name hawtbuf Highest Product Manifest bundle-docurl http://fusesource.com/ Low Product Manifest Bundle-Name hawtbuf Medium Product Manifest bundle-symbolicname org.fusesource.hawtbuf.hawtbuf Medium Product Manifest Implementation-Title hawtbuf High Product Manifest specification-title hawtbuf Medium Product pom artifactid hawtbuf Highest Product pom groupid org.fusesource.hawtbuf Highest Product pom name ${project.artifactId} High Product pom parent-artifactid hawtbuf-project Medium Version file version 1.9 High Version Manifest Implementation-Version 1.9 High Version pom version 1.9 Highest
Description:
HawtDispatch: The libdispatch style API for Java License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/fusesource/hawtdispatch/hawtdispatch/1.11/hawtdispatch-1.11.jar
MD5: d89ede049421a92e93e4d110c37fdd1d
SHA1: 01fefb873b3046944dd8af2fb2be6dab4ef76057
SHA256: 8de17bc829c4cf5df97d6b71e598bfcd7460d001dbea133bc1d6ba53541e62a8
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name hawtdispatch High Vendor jar package name fusesource Highest Vendor jar package name hawtdispatch Highest Vendor Manifest bundle-docurl http://fusesource.com/ Low Vendor Manifest bundle-symbolicname org.fusesource.hawtdispatch.hawtdispatch Medium Vendor pom artifactid hawtdispatch Highest Vendor pom artifactid hawtdispatch Low Vendor pom groupid org.fusesource.hawtdispatch Highest Vendor pom parent-artifactid hawtdispatch-project Low Product file name hawtdispatch High Product jar package name fusesource Highest Product jar package name hawtdispatch Highest Product Manifest bundle-docurl http://fusesource.com/ Low Product Manifest Bundle-Name hawtdispatch Medium Product Manifest bundle-symbolicname org.fusesource.hawtdispatch.hawtdispatch Medium Product Manifest Implementation-Title HawtDispatch: The libdispatch style API for Java High Product pom artifactid hawtdispatch Highest Product pom groupid org.fusesource.hawtdispatch Highest Product pom parent-artifactid hawtdispatch-project Medium Version file version 1.11 High Version Manifest Implementation-Version 1.11 High Version pom version 1.11 Highest
Description:
HawtDispatch Transport: Transport abstractions for HawtDispatch License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/fusesource/hawtdispatch/hawtdispatch-transport/1.11/hawtdispatch-transport-1.11.jar
MD5: aa237af24f64f14578ef92d6eaff5850
SHA1: f930133932548bba115b00a2a166613c15fe0ba7
SHA256: 762930df50903ec68551641c1583080b2a1da359ad9aaaeb1917c2516741183b
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name hawtdispatch-transport High Vendor jar package name fusesource Highest Vendor jar package name hawtdispatch Highest Vendor jar package name transport Highest Vendor Manifest bundle-docurl http://fusesource.com/ Low Vendor Manifest bundle-symbolicname org.fusesource.hawtdispatch.hawtdispatch-transport Medium Vendor pom artifactid hawtdispatch-transport Highest Vendor pom artifactid hawtdispatch-transport Low Vendor pom groupid org.fusesource.hawtdispatch Highest Vendor pom parent-artifactid hawtdispatch-project Low Product file name hawtdispatch-transport High Product jar package name fusesource Highest Product jar package name hawtdispatch Highest Product jar package name transport Highest Product Manifest bundle-docurl http://fusesource.com/ Low Product Manifest Bundle-Name hawtdispatch-transport Medium Product Manifest bundle-symbolicname org.fusesource.hawtdispatch.hawtdispatch-transport Medium Product Manifest Implementation-Title HawtDispatch Transport: Transport abstractions for HawtDispatch High Product pom artifactid hawtdispatch-transport Highest Product pom groupid org.fusesource.hawtdispatch Highest Product pom parent-artifactid hawtdispatch-project Medium Version file version 1.11 High Version Manifest Implementation-Version 1.11 High Version pom version 1.11 Highest
Description:
Common reflection code used in support of annotation processing License:
GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1 File Path: /home/grprdist/.m2/repository/org/hibernate/common/hibernate-commons-annotations/5.1.2.Final/hibernate-commons-annotations-5.1.2.Final.jar
MD5: 2a2490b3eb8e7585a6a899d27d7ed43f
SHA1: e59ffdbc6ad09eeb33507b39ffcf287679a498c8
SHA256: 1c7ce712b2679fea0a5441eb02a04144297125b768944819be0765befb996275
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name hibernate-commons-annotations High Vendor hint analyzer vendor redhat Highest Vendor jar package name annotations Highest Vendor jar package name common Highest Vendor jar package name hibernate Highest Vendor jar package name reflection Highest Vendor Manifest automatic-module-name org.hibernate.commons.annotations Medium Vendor Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium Vendor Manifest implementation-url http://hibernate.org Low Vendor Manifest Implementation-Vendor Hibernate.org High Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid hibernate-commons-annotations Highest Vendor pom artifactid hibernate-commons-annotations Low Vendor pom developer id hibernate-team Medium Vendor pom developer name The Hibernate Development Team Medium Vendor pom developer org Hibernate.org Medium Vendor pom developer org URL http://hibernate.org Medium Vendor pom groupid org.hibernate.common Highest Vendor pom name Hibernate Commons Annotations High Vendor pom organization name Hibernate.org High Vendor pom organization url http://hibernate.org Medium Vendor pom url http://hibernate.org Highest Product file name hibernate-commons-annotations High Product jar package name annotations Highest Product jar package name common Highest Product jar package name hibernate Highest Product jar package name reflection Highest Product jar package name version Highest Product Manifest automatic-module-name org.hibernate.commons.annotations Medium Product Manifest Bundle-Name hibernate-commons-annotations Medium Product Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium Product Manifest implementation-url http://hibernate.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid hibernate-commons-annotations Highest Product pom developer id hibernate-team Low Product pom developer name The Hibernate Development Team Low Product pom developer org Hibernate.org Low Product pom developer org URL http://hibernate.org Low Product pom groupid org.hibernate.common Highest Product pom name Hibernate Commons Annotations High Product pom organization name Hibernate.org Low Product pom organization url http://hibernate.org Low Product pom url http://hibernate.org Medium Version Manifest Bundle-Version 5.1.2.Final High Version Manifest Implementation-Version 5.1.2.Final High Version pom version 5.1.2.Final Highest
Description:
Hibernate's core ORM functionality License:
GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1 File Path: /home/grprdist/.m2/repository/org/hibernate/hibernate-core/5.6.10.Final/hibernate-core-5.6.10.Final.jar
MD5: 9c4f43fc5936b6d6555ff6ece7865220
SHA1: 408fd5802391d8e6f619db9d7c6c0e27d49118c2
SHA256: ed3693a0ae288dafff6155b03b7d743fdb9c9f432de37d7b894f44d92e3a85c4
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name hibernate-core High Vendor hint analyzer vendor redhat Highest Vendor jar package name hibernate Highest Vendor Manifest automatic-module-name org.hibernate.orm.core Medium Vendor Manifest bundle-docurl https://hibernate.org/orm/5.6 Low Vendor Manifest bundle-symbolicname org.hibernate.orm.core Medium Vendor Manifest implementation-url https://hibernate.org/orm Low Vendor Manifest Implementation-Vendor Hibernate.org High Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Hibernate.org Low Vendor pom artifactid hibernate-core Highest Vendor pom artifactid hibernate-core Low Vendor pom developer id hibernate-team Medium Vendor pom developer name The Hibernate Development Team Medium Vendor pom developer org Hibernate.org Medium Vendor pom developer org URL https://hibernate.org Medium Vendor pom groupid org.hibernate Highest Vendor pom name Hibernate ORM - hibernate-core High Vendor pom organization name Hibernate.org High Vendor pom organization url https://hibernate.org Medium Vendor pom url https://hibernate.org/orm Highest Product file name hibernate-core High Product hint analyzer product orm Highest Product jar package name filter Highest Product jar package name hibernate Highest Product jar package name version Highest Product Manifest automatic-module-name org.hibernate.orm.core Medium Product Manifest bundle-docurl https://hibernate.org/orm/5.6 Low Product Manifest Bundle-Name hibernate-core Medium Product Manifest bundle-symbolicname org.hibernate.orm.core Medium Product Manifest Implementation-Title hibernate-core High Product Manifest implementation-url https://hibernate.org/orm Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title hibernate-core Medium Product pom artifactid hibernate-core Highest Product pom developer id hibernate-team Low Product pom developer name The Hibernate Development Team Low Product pom developer org Hibernate.org Low Product pom developer org URL https://hibernate.org Low Product pom groupid org.hibernate Highest Product pom name Hibernate ORM - hibernate-core High Product pom organization name Hibernate.org Low Product pom organization url https://hibernate.org Low Product pom url https://hibernate.org/orm Medium Version Manifest Bundle-Version 5.6.10.Final High Version Manifest Implementation-Version 5.6.10.Final High Version pom version 5.6.10.Final Highest
Related Dependencies hibernate-c3p0-5.6.10.Final.jarFile Path: /home/grprdist/.m2/repository/org/hibernate/hibernate-c3p0/5.6.10.Final/hibernate-c3p0-5.6.10.Final.jar MD5: acf28b651917e761001529a68c666c90 SHA1: 4d1e4a538e52da00775b677dcd60c8229f82bd7a SHA256: ab35d00196eb60e79c53f58b43f16bc0016269eee2d7df21c0797cf04014d10f pkg:maven/org.hibernate/hibernate-c3p0@5.6.10.Final hibernate-ehcache-5.6.10.Final.jarFile Path: /home/grprdist/.m2/repository/org/hibernate/hibernate-ehcache/5.6.10.Final/hibernate-ehcache-5.6.10.Final.jar MD5: 7ef9cf74d544524c2c0ed6c644806241 SHA1: c779f59ec928a761a17e742dc9e0d3116b1054e8 SHA256: f97158aeba95235531b23a7f750ed233dc201ee6fce469d1eb14cda1e5decce7 pkg:maven/org.hibernate/hibernate-ehcache@5.6.10.Final Description:
${project.name} License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/hk2-api/2.6.1/hk2-api-2.6.1.jar
MD5: 23e8c18dae0c7b776bed756763d5153f
SHA1: 114bd7afb4a1bd9993527f52a08a252b5d2acac5
SHA256: c2cb80a01e58440ae57d5ee59af4d4d94e5180e04aff112b0cb611c07d61e773
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name hk2-api High Vendor jar package name api Highest Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.api Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid hk2-api Highest Vendor pom artifactid hk2-api Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 API module High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-api High Product jar package name api Highest Product jar package name filter Highest Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 API module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.api Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid hk2-api Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 API module High Product pom parent-artifactid hk2-parent Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
Description:
${project.name} License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/hk2-locator/2.6.1/hk2-locator-2.6.1.jar
MD5: dfd358720393d83b01747928db6e3912
SHA1: 9dedf9d2022e38ec0743ed44c1ac94ad6149acdd
SHA256: febc668deb9f2000c76bd4918d8086c0a4c74d07bd0c60486b72c6bd38b62874
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name hk2-locator High Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid hk2-locator Highest Vendor pom artifactid hk2-locator Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name ServiceLocator Default Implementation High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-locator High Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name ServiceLocator Default Implementation Medium Product Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid hk2-locator Highest Product pom groupid org.glassfish.hk2 Highest Product pom name ServiceLocator Default Implementation High Product pom parent-artifactid hk2-parent Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
Description:
${project.name} License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/hk2-utils/2.6.1/hk2-utils-2.6.1.jar
MD5: 75ccb55538a77bf878996497ffeb86f3
SHA1: 396513aa96c1d5a10aa4f75c4dcbf259a698d62d
SHA256: 30727f79086452fdefdab08451d982c2082aa239d9f75cdeb1ba271e3c887036
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name hk2-utils High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor jar package name utilities Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest service foo Low Vendor pom artifactid hk2-utils Highest Vendor pom artifactid hk2-utils Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 Implementation Utilities High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-utils High Product jar package name glassfish Highest Product jar package name hk2 Highest Product jar package name utilities Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 Implementation Utilities Medium Product Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest service foo Low Product pom artifactid hk2-utils Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 Implementation Utilities High Product pom parent-artifactid hk2-parent Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
CVE-2021-4277 suppress
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability. CWE-330 Use of Insufficiently Random Values
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache HttpComponents Client
File Path: /home/grprdist/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jarMD5: 40d6b9075fbd28fa10292a45a0db9457SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cadaSHA256: 6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743Referenced In Projects/Scopes:
Grouper PSP-NG:compile Grouper WS Test:compile Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper Google Apps Provisioner:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name httpclient High Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name httpclient Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpclient Highest Vendor pom artifactid httpclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product file name httpclient High Product jar package name apache Highest Product jar package name client Highest Product jar package name http Highest Product jar package name httpclient Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Product Manifest Implementation-Title Apache HttpClient High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title Apache HttpClient Medium Product pom artifactid httpclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version file version 4.5.13 High Version Manifest Implementation-Version 4.5.13 High Version pom version 4.5.13 Highest
Description:
Apache HttpComponents Core (blocking I/O)
File Path: /home/grprdist/.m2/repository/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jarMD5: 2b3991eda121042765a5ee299556c200SHA1: 9dd1a631c082d92ecd4bd8fd4cf55026c720a8c1SHA256: f956209e450cb1d0c51776dfbd23e53e9dd8db9a1298ed62b70bf0944ba63b28Referenced In Projects/Scopes:
Grouper PSP-NG:compile Grouper WS Test:compile Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper Google Apps Provisioner:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name httpcore High Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-11-26 19:07:01+0000 Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom artifactid httpcore Highest Vendor pom artifactid httpcore Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore High Product jar package name apache Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-11-26 19:07:01+0000 Low Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title HttpComponents Apache HttpCore Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom artifactid httpcore Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.14 High Version Manifest Implementation-Version 4.4.14 High Version pom version 4.4.14 Highest
Description:
Apache HttpComponents HttpClient - MIME coded entities
File Path: /home/grprdist/.m2/repository/org/apache/httpcomponents/httpmime/4.5.13/httpmime-4.5.13.jarMD5: 3f0c1ef2c9dc47b62b780192f54b0c18SHA1: efc110bad4a0d45cda7858e6beee1d8a8313da5aSHA256: 06e754d99245b98dcc2860dcb43d20e737d650da2bf2077a105f68accbd5c5ccReferenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name httpmime High Vendor jar package name apache Highest Vendor jar package name mime Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpmime Highest Vendor pom artifactid httpmime Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient Mime High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product file name httpmime High Product jar package name apache Highest Product jar package name http Highest Product jar package name mime Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Product Manifest Implementation-Title Apache HttpClient Mime High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title Apache HttpClient Mime Medium Product pom artifactid httpmime Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient Mime High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version file version 4.5.13 High Version Manifest Implementation-Version 4.5.13 High Version pom version 4.5.13 Highest
Description:
A Java implementation of the Amazon Ion data notation.
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/software/amazon/ion/ion-java/1.0.2/ion-java-1.0.2.jar
MD5: 3f07f5df418af9ea2ebe80c3d6eccac4
SHA1: ee9dacea7726e495f8352b81c12c23834ffbc564
SHA256: 0d127b205a1fce0abc2a3757a041748651bc66c15cf4c059bac5833b27d471a5
Referenced In Projects/Scopes: Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ion-java High Vendor jar package name amazon Highest Vendor jar package name ion Highest Vendor jar package name software Highest Vendor Manifest bundle-symbolicname software.amazon.ion.java Medium Vendor Manifest ion-java-build-time 2017-02-07T23:59:25Z Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom artifactid ion-java Highest Vendor pom artifactid ion-java Low Vendor pom developer email ion-team@amazon.com Low Vendor pom developer name Amazon Ion Team Medium Vendor pom developer org Amazon Labs Medium Vendor pom developer org URL https://github.com/amznlabs Medium Vendor pom groupid software.amazon.ion Highest Vendor pom url amznlabs/ion-java/ Highest Product file name ion-java High Product jar package name amazon Highest Product jar package name ion Highest Product jar package name software Highest Product Manifest Bundle-Name software.amazon.ion:ion-java Medium Product Manifest bundle-symbolicname software.amazon.ion.java Medium Product Manifest ion-java-build-time 2017-02-07T23:59:25Z Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom artifactid ion-java Highest Product pom developer email ion-team@amazon.com Low Product pom developer name Amazon Ion Team Low Product pom developer org Amazon Labs Low Product pom developer org URL https://github.com/amznlabs Low Product pom groupid software.amazon.ion Highest Product pom url amznlabs/ion-java/ High Version file version 1.0.2 High Version Manifest Bundle-Version 1.0.2 High Version Manifest ion-java-project-version 1.0.2 Medium Version pom version 1.0.2 Highest
Description:
istack common utility code License:
https://glassfish.java.net/public/CDDL+GPL_1_1.html, https://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/grprdist/.m2/repository/com/sun/istack/istack-commons-runtime/3.0.7/istack-commons-runtime-3.0.7.jar
MD5: 83e9617b86023b91bd54f65c09838f4b
SHA1: c197c86ceec7318b1284bffb49b54226ca774003
SHA256: 6443e10ba2e259fb821d9b6becf10db5316285fc30c53cec9d7b19a3877e7fdf
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name istack-commons-runtime High Vendor jar package name istack Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Vendor Manifest implementation-build-id 3.0.7-c8b5e20894f565780625d6f9b018ef7c458cd688, 2018-08-29T05:23:37-0700 Low Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest Implementation-Vendor-Id com.sun.istack Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid istack-commons-runtime Highest Vendor pom artifactid istack-commons-runtime Low Vendor pom groupid com.sun.istack Highest Vendor pom name istack common utility code runtime High Vendor pom parent-artifactid istack-commons Low Product file name istack-commons-runtime High Product jar package name istack Highest Product jar package name sun Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name istack common utility code runtime Medium Product Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Product Manifest implementation-build-id 3.0.7-c8b5e20894f565780625d6f9b018ef7c458cd688, 2018-08-29T05:23:37-0700 Low Product Manifest Implementation-Title istack common utility code runtime High Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid istack-commons-runtime Highest Product pom groupid com.sun.istack Highest Product pom name istack common utility code runtime High Product pom parent-artifactid istack-commons Medium Version file version 3.0.7 High Version Manifest Bundle-Version 3.0.7 High Version Manifest Implementation-Version 3.0.7 High Version pom version 3.0.7 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
SHA256: 2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6
Referenced In Project/Scope: Grouper Google Apps Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name j2objc-annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name j2objc Highest Vendor jar package name j2objc Low Vendor pom artifactid j2objc-annotations Highest Vendor pom artifactid j2objc-annotations Low Vendor pom groupid com.google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor pom url google/j2objc/ Highest Product file name j2objc-annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name google Highest Product jar package name j2objc Highest Product jar package name j2objc Low Product pom artifactid j2objc-annotations Highest Product pom groupid com.google.j2objc Highest Product pom name J2ObjC Annotations High Product pom url google/j2objc/ High Version file version 1.1 High Version pom version 1.1 Highest
Description:
Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.9.0/jackson-annotations-2.9.0.jar
MD5: c09faa1b063681cf45706c6df50685b6
SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701
SHA256: 45d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457a
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest implementation-build-date 2017-07-30 03:53:23+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Highest Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://github.com/FasterXML/jackson Highest Product file name jackson-annotations High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest implementation-build-date 2017-07-30 03:53:23+0000 Low Product Manifest Implementation-Title Jackson-annotations High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://github.com/FasterXML/jackson Medium Version file version 2.9.0 High Version Manifest Bundle-Version 2.9.0 High Version Manifest Implementation-Version 2.9.0 High Version pom version 2.9.0 Highest
CVE-2018-1000873 suppress
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.3/jackson-core-2.13.3.jar
MD5: 9a6679e6a2f7d601a9f212576fda550c
SHA1: a27014716e4421684416e5fa83d896ddb87002da
SHA256: ab119a8ea3cc69472ebc0e870b849bfbbe536ad57d613dc38453ccd592ca6a3d
Referenced In Project/Scope: Grouper Client:provided
Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest implementation-build-date 2022-05-14 14:38:40+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name filter Highest Product jar package name jackson Highest Product jar package name json Highest Product jar package name version Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest implementation-build-date 2022-05-14 14:38:40+0000 Low Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.13.3 High Version Manifest Bundle-Version 2.13.3 High Version Manifest Implementation-Version 2.13.3 High Version pom version 2.13.3 Highest
Related Dependencies jackson-annotations-2.13.3.jarFile Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3.jar MD5: 3fb8ee542a62a113fa7474fe88bb97e8 SHA1: 7198b3aac15285a49e218e08441c5f70af00fc51 SHA256: 5326a6fbcde7cf8817f36c254101cd45f6acea4258518cd3c80ee5b89f4e4b9b pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.13.3 Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.14.0/jackson-core-2.14.0.jar
MD5: 88988c4b941b1f4c6637af5218b26f87
SHA1: 49d219171d6af643e061e9e1baaaf6a6a067918d
SHA256: ab4793e5df4fbfae445ca55e9e1439311c80fa8b34fc13162c1260902b4dbea0
Referenced In Projects/Scopes: Grouper PSP-NG:compile Grouper WS Test:compile Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper Google Apps Provisioner:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name filter Highest Product jar package name jackson Highest Product jar package name json Highest Product jar package name version Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
Related Dependencies jackson-annotations-2.14.0.jarFile Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.14.0/jackson-annotations-2.14.0.jar MD5: 9dd0a11ebc38409f2e6ae5bc4c7b6aa4 SHA1: fb7afb3c9c8ea363a9c88ea9c0a7177cf2fbd369 SHA256: efaff8693acbae673468d251b5e5ea8fc7ce1b852327bccf1cce72244c2e5f1c pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.14.0 jackson-datatype-jdk8-2.14.0.jarFile Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.14.0/jackson-datatype-jdk8-2.14.0.jar MD5: a362e2ad9670db73581fc869fe302eb4 SHA1: 6b8da24a0da4266ed7ddea7ea46594fd50900323 SHA256: 6ee335065c05047f673edfaa3c1f96d88827772ce56b0755abd9c3534c63731b pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.14.0 jackson-datatype-jsr310-2.14.0.jarFile Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.14.0/jackson-datatype-jsr310-2.14.0.jar MD5: b82b78a35ac17003e9a71fa84c47c8ec SHA1: 171c5831341883b1cebbbf5aafba62c0fca33b95 SHA256: 1e2ed10509b17e3c67d1724540f7a446d5bea6c4c7596c396dc76413309e4ed2 pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.14.0 jackson-module-parameter-names-2.14.0.jarFile Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/module/jackson-module-parameter-names/2.14.0/jackson-module-parameter-names-2.14.0.jar MD5: a226084e2633f2d85e1bf5213e72f5aa SHA1: e17e2fdc2dbbe802d953686a9aa2c5257a2b2fd1 SHA256: 9022863dca199b2f30f8f684eeb049af8c60de5d9c8a04122d7b96f62f90681d pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.14.0 Description:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar
MD5: e35e2adf33b2eed8e9f538a911244175
SHA1: 56deb9ea2c93a7a556b3afbedd616d342963464e
SHA256: 6444bf08d8cd4629740afc3db1276938f494728deb663ce585c4e91f6b45eb84
Referenced In Project/Scope: Grouper Client:provided
Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest implementation-build-date 2022-05-14 14:56:14+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://github.com/FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest implementation-build-date 2022-05-14 14:56:14+0000 Low Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://github.com/FasterXML/jackson Medium Version file version 2.13.3 High Version Manifest Bundle-Version 2.13.3 High Version Manifest Implementation-Version 2.13.3 High Version pom version 2.13.3 Highest
CVE-2022-42003 suppress
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2022-42004 suppress
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
Description:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.14.0/jackson-databind-2.14.0.jar
MD5: f94ffc53b4062cae1f383a4482593020
SHA1: 513b8ca3fea0352ceebe4d0bbeea527ab343dc1a
SHA256: 54377fa855f52ed87e8f689b35249971840b16870dee76806d5d200cbcd66f27
Referenced In Projects/Scopes: Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
Description:
Support for reading and writing Concise Binary Object Representation
([CBOR](https://www.rfc-editor.org/info/rfc7049)
encoded data using Jackson abstractions (streaming API, data binding, tree model)
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.12.6/jackson-dataformat-cbor-2.12.6.jar
MD5: 2bef08f2597473f39e4d9c9de01d3dde
SHA1: 3cd2e6a538f73483c6c59c354ce2276bcdc5ba7b
SHA256: cfa008d15f052e69221e8c3193056ff95c3c594271321ccac8d72dc1a770619c
Referenced In Projects/Scopes: Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jackson-dataformat-cbor High Vendor jar package name cbor Highest Vendor jar package name dataformat Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson-dataformats-binary Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-cbor Medium Vendor Manifest implementation-build-date 2021-12-15 04:37:17+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-dataformat-cbor Highest Vendor pom artifactid jackson-dataformat-cbor Low Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor pom name Jackson dataformat: CBOR High Vendor pom parent-artifactid jackson-dataformats-binary Low Vendor pom url http://github.com/FasterXML/jackson-dataformats-binary Highest Product file name jackson-dataformat-cbor High Product jar package name cbor Highest Product jar package name dataformat Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://github.com/FasterXML/jackson-dataformats-binary Low Product Manifest Bundle-Name Jackson dataformat: CBOR Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-cbor Medium Product Manifest implementation-build-date 2021-12-15 04:37:17+0000 Low Product Manifest Implementation-Title Jackson dataformat: CBOR High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Jackson dataformat: CBOR Medium Product pom artifactid jackson-dataformat-cbor Highest Product pom groupid com.fasterxml.jackson.dataformat Highest Product pom name Jackson dataformat: CBOR High Product pom parent-artifactid jackson-dataformats-binary Medium Product pom url http://github.com/FasterXML/jackson-dataformats-binary Medium Version file version 2.12.6 High Version Manifest Bundle-Version 2.12.6 High Version Manifest Implementation-Version 2.12.6 High Version pom version 2.12.6 Highest
Description:
YAML 1.1 parser and emitter for Java License:
Apache License Version 2.0: LICENSE.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.4.2/jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/org.yaml/snakeyaml/pom.xml
MD5: d103ace8c756cc13661469b53cff1794
SHA1: c9dbe57a55450ef61cdb139c01a8edea9206949d
SHA256: 8e74df39a8ef592fb70464815ddc7ae244ec6ebfe5ba9a3203daa07275395160
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email py4fun@gmail.com Low Vendor pom developer id maslovalex Medium Vendor pom developer id py4fun Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url http://www.snakeyaml.org Highest Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email py4fun@gmail.com Low Product pom developer id maslovalex Low Product pom developer id py4fun Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url http://www.snakeyaml.org Medium Version pom version 1.12 Highest
CVE-2022-1471 (OSSINDEX)suppress
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (9.8) Vector: /AV:N/AC:L/Au:/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.yaml:snakeyaml:1.12:*:*:*:*:*:*:* CVE-2017-18640 suppress
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2022-25857 suppress
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-3064 suppress
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-38749 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-38751 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-38752 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-41854 suppress
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2021-4235 suppress
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-38750 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
Support for reading and writing YAML-encoded data via Jackson abstractions.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.4.2/jackson-dataformat-yaml-2.4.2.jar
MD5: 0284425f0cb4b9badc64c1455f7af053
SHA1: 7136d542ef2d5b9ace4bb9eb4bd43f8d410a55da
SHA256: f873a33cba87a937141e247cde7530682e90786ae5a38a1ca2d13662eca3219b
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jackson-dataformat-yaml High Vendor jar package name dataformat Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name yaml Highest Vendor Manifest bundle-docurl http://wiki.fasterxml.com/JacksonExtensionYAML Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-yaml Medium Vendor Manifest implementation-build-date 2014-08-15 18:38:55-0700 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-dataformat-yaml Highest Vendor pom artifactid jackson-dataformat-yaml Low Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor pom name Jackson-dataformat-YAML High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://wiki.fasterxml.com/JacksonExtensionYAML Highest Product file name jackson-dataformat-yaml High Product jar package name dataformat Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name yaml Highest Product Manifest bundle-docurl http://wiki.fasterxml.com/JacksonExtensionYAML Low Product Manifest Bundle-Name Jackson-dataformat-YAML Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-yaml Medium Product Manifest implementation-build-date 2014-08-15 18:38:55-0700 Low Product Manifest Implementation-Title Jackson-dataformat-YAML High Product Manifest specification-title Jackson-dataformat-YAML Medium Product pom artifactid jackson-dataformat-yaml Highest Product pom groupid com.fasterxml.jackson.dataformat Highest Product pom name Jackson-dataformat-YAML High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://wiki.fasterxml.com/JacksonExtensionYAML Medium Version file version 2.4.2 High Version Manifest Bundle-Version 2.4.2 High Version Manifest Implementation-Version 2.4.2 High Version pom parent-version 2.4.2 Low Version pom version 2.4.2 Highest
Description:
Add-on module for Jackson (http://jackson.codehaus.org) to support
Joda (http://joda-time.sourceforge.net/) data types.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-joda/2.4.2/jackson-datatype-joda-2.4.2.jar
MD5: 6e25c374cf329603f01710030195b8ae
SHA1: d826d1db3f9f2277576c524a71d03d1f1cbe462b
SHA256: aadc841436205f31d3947adf8579d8e5651bd4ef24dbf743327020128b7e2705
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jackson-datatype-joda High Vendor jar package name datatype Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name joda Highest Vendor Manifest bundle-docurl http://wiki.fasterxml.com/JacksonModuleJoda Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-joda Medium Vendor Manifest implementation-build-date 2014-08-15 19:15:49-0700 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.datatype Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-datatype-joda Highest Vendor pom artifactid jackson-datatype-joda Low Vendor pom groupid com.fasterxml.jackson.datatype Highest Vendor pom name Jackson-datatype-Joda High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://wiki.fasterxml.com/JacksonModuleJoda Highest Product file name jackson-datatype-joda High Product jar package name datatype Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name joda Highest Product Manifest bundle-docurl http://wiki.fasterxml.com/JacksonModuleJoda Low Product Manifest Bundle-Name Jackson-datatype-Joda Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-joda Medium Product Manifest implementation-build-date 2014-08-15 19:15:49-0700 Low Product Manifest Implementation-Title Jackson-datatype-Joda High Product Manifest specification-title Jackson-datatype-Joda Medium Product pom artifactid jackson-datatype-joda Highest Product pom groupid com.fasterxml.jackson.datatype Highest Product pom name Jackson-datatype-Joda High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://wiki.fasterxml.com/JacksonModuleJoda Medium Version file version 2.4.2 High Version Manifest Bundle-Version 2.4.2 High Version Manifest Implementation-Version 2.4.2 High Version pom parent-version 2.4.2 Low Version pom version 2.4.2 Highest
Description:
Pile of code that is shared by all Jackson-based JAX-RS
providers.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.14.0/jackson-jaxrs-base-2.14.0.jar
MD5: 95b3a4295287c202cf3556828bf4faf6
SHA1: f013209a02e9ed57d23e3d9bb1e05da6b0e4afba
SHA256: b2ba9f27eba41c580cb8958c6494e71efc7871bd68682f6363b2759945920451
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS SCIM:compile Evidence Type Source Name Value Confidence Vendor file name jackson-jaxrs-base High Vendor jar package name base Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jaxrs Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-jaxrs-base Highest Vendor pom artifactid jackson-jaxrs-base Low Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor pom name Jackson-JAXRS: base High Vendor pom parent-artifactid jackson-jaxrs-providers Low Product file name jackson-jaxrs-base High Product jar package name base Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jaxrs Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base Low Product Manifest Bundle-Name Jackson-JAXRS: base Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Product Manifest Implementation-Title Jackson-JAXRS: base High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackson-JAXRS: base Medium Product pom artifactid jackson-jaxrs-base Highest Product pom groupid com.fasterxml.jackson.jaxrs Highest Product pom name Jackson-JAXRS: base High Product pom parent-artifactid jackson-jaxrs-providers Medium Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
Description:
Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.14.0/jackson-jaxrs-json-provider-2.14.0.jar
MD5: c283b55e9b2ce98e0d8ad33429e2cd95
SHA1: 96f7f0f834f765aefeeb73e313001060f88fcd12
SHA256: 87465585a13d27491b774e077003d76ce859bffea574ac79bc10903527bd435e
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS SCIM:compile Evidence Type Source Name Value Confidence Vendor file name jackson-jaxrs-json-provider High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jaxrs Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-jaxrs-json-provider Highest Vendor pom artifactid jackson-jaxrs-json-provider Low Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor pom name Jackson-JAXRS: JSON High Vendor pom parent-artifactid jackson-jaxrs-providers Low Product file name jackson-jaxrs-json-provider High Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jaxrs Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider Low Product Manifest Bundle-Name Jackson-JAXRS: JSON Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Product Manifest Implementation-Title Jackson-JAXRS: JSON High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackson-JAXRS: JSON Medium Product pom artifactid jackson-jaxrs-json-provider Highest Product pom groupid com.fasterxml.jackson.jaxrs Highest Product pom name Jackson-JAXRS: JSON High Product pom parent-artifactid jackson-jaxrs-providers Medium Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
Description:
Support for using JAXB annotations as an alternative to "native" Jackson annotations,
for configuring data-binding.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.14.0/jackson-module-jaxb-annotations-2.14.0.jar
MD5: 7181cedd13c14dcbf8b4f55c347e0e6e
SHA1: d224162d974acebab7bb6fb7826a5fd319cebbf7
SHA256: 5ac9a0f78af0fdac22f5a4e25494bee2ed54bf1c760af63aa78a0147eb7f41d0
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS SCIM:compile Evidence Type Source Name Value Confidence Vendor file name jackson-module-jaxb-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jaxb Highest Vendor jar package name module Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-base Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.module Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-module-jaxb-annotations Highest Vendor pom artifactid jackson-module-jaxb-annotations Low Vendor pom groupid com.fasterxml.jackson.module Highest Vendor pom name Jackson module: Old JAXB Annotations (javax.xml.bind) High Vendor pom parent-artifactid jackson-modules-base Low Vendor pom url FasterXML/jackson-modules-base Highest Product file name jackson-module-jaxb-annotations High Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jaxb Highest Product jar package name module Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-base Low Product Manifest Bundle-Name Jackson module: Old JAXB Annotations (javax.xml.bind) Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Product Manifest Implementation-Title Jackson module: Old JAXB Annotations (javax.xml.bind) High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackson module: Old JAXB Annotations (javax.xml.bind) Medium Product pom artifactid jackson-module-jaxb-annotations Highest Product pom groupid com.fasterxml.jackson.module Highest Product pom name Jackson module: Old JAXB Annotations (javax.xml.bind) High Product pom parent-artifactid jackson-modules-base Medium Product pom url FasterXML/jackson-modules-base High Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
Description:
Jakarta Activation API jar License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/grprdist/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.2/jakarta.activation-api-1.2.2.jar
MD5: 1cbb480310fa1987f9db7a3ed7118af7
SHA1: 99f53adba383cb1bf7c3862844488574b559621f
SHA256: a187a939103aef5849a7af84bd7e27be2d120c410af291437375ffe061f4f09d
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS SCIM:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.activation-api High Vendor jar package name activation Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.activation-api Medium Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.activation-api Highest Vendor pom artifactid jakarta.activation-api Low Vendor pom groupid jakarta.activation Highest Vendor pom name Jakarta Activation API jar High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.activation Medium Product file name jakarta.activation-api High Product jar package name activation Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Activation API jar Medium Product Manifest bundle-symbolicname jakarta.activation-api Medium Product Manifest extension-name jakarta.activation Medium Product Manifest Implementation-Title jakarta.activation.jakarta.activation-api High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Product Manifest specification-title jakarta.activation.jakarta.activation-api Medium Product pom artifactid jakarta.activation-api Highest Product pom groupid jakarta.activation Highest Product pom name Jakarta Activation API jar High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.activation Medium Version file version 1.2.2 High Version Manifest Bundle-Version 1.2.2 High Version Manifest Implementation-Version 1.2.2 High Version pom version 1.2.2 Highest
Description:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256: 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Highest Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid ca-parent Low Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product Manifest automatic-module-name java.annotation Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.annotation-api Highest Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid ca-parent Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 1.3.5 High Version Manifest Bundle-Version 1.3.5 High Version Manifest Implementation-Version 1.3.5 High Version pom version 1.3.5 Highest
Description:
Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/external/jakarta.inject/2.6.1/jakarta.inject-2.6.1.jar
MD5: 4d7c80a1e3cd54531af03bef4537f7af
SHA1: 8096ebf722902e75fbd4f532a751e514f02e1eb7
SHA256: 5e88c123b3e41bca788b2683118867d9b6dec714247ea91c588aed46a36ee24f
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.inject High Vendor jar package name inject Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.jakarta.inject Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jakarta.inject Highest Vendor pom artifactid jakarta.inject Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom name javax.inject:${javax-inject.version} as OSGi bundle High Vendor pom parent-artifactid external Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name jakarta.inject High Product jar package name inject Highest Product jar package name javax Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name javax.inject:1 as OSGi bundle Medium Product Manifest bundle-symbolicname org.glassfish.hk2.external.jakarta.inject Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.inject Highest Product pom groupid org.glassfish.hk2.external Highest Product pom name javax.inject:${javax-inject.version} as OSGi bundle High Product pom parent-artifactid external Medium Product pom parent-groupid org.glassfish.hk2 Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
Description:
Jakarta Bean Validation API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2.jar
MD5: 77501d529c1928c9bac2500cc9f93fb0
SHA1: 5eacc6522521f7eacb081f95cee1e231648461e7
SHA256: b42d42428f3d922c892a909fa043287d577c0c5b165ad9b7d568cebf87fc9ea4
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.validation-api High Vendor jar package name validation Highest Vendor Manifest automatic-module-name java.validation Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jakarta.validation-api Highest Vendor pom artifactid jakarta.validation-api Low Vendor pom developer email emmanuel@hibernate.org Low Vendor pom developer email guillaume.smet@hibernate.org Low Vendor pom developer email gunnar@hibernate.org Low Vendor pom developer email hferents@redhat.com Low Vendor pom developer id emmanuelbernard Medium Vendor pom developer id epbernard Medium Vendor pom developer id guillaume.smet Medium Vendor pom developer id gunnar.morling Medium Vendor pom developer id hardy.ferentschik Medium Vendor pom developer name Emmanuel Bernard Medium Vendor pom developer name Guillaume Smet Medium Vendor pom developer name Gunnar Morling Medium Vendor pom developer name Hardy Ferentschik Medium Vendor pom developer org Red Hat, Inc. Medium Vendor pom groupid jakarta.validation Highest Vendor pom name Jakarta Bean Validation API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://beanvalidation.org Highest Product file name jakarta.validation-api High Product jar package name validation Highest Product Manifest automatic-module-name java.validation Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Bean Validation API Medium Product Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.validation-api Highest Product pom developer email emmanuel@hibernate.org Low Product pom developer email guillaume.smet@hibernate.org Low Product pom developer email gunnar@hibernate.org Low Product pom developer email hferents@redhat.com Low Product pom developer id emmanuelbernard Low Product pom developer id epbernard Low Product pom developer id guillaume.smet Low Product pom developer id gunnar.morling Low Product pom developer id hardy.ferentschik Low Product pom developer name Emmanuel Bernard Low Product pom developer name Guillaume Smet Low Product pom developer name Gunnar Morling Low Product pom developer name Hardy Ferentschik Low Product pom developer org Red Hat, Inc. Low Product pom groupid jakarta.validation Highest Product pom name Jakarta Bean Validation API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://beanvalidation.org Medium Version file version 2.0.2 High Version Manifest Bundle-Version 2.0.2 High Version pom parent-version 2.0.2 Low Version pom version 2.0.2 Highest
Description:
Jakarta RESTful Web Services API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/jakarta/ws/rs/jakarta.ws.rs-api/2.1.6/jakarta.ws.rs-api-2.1.6.jar
MD5: c3892382aeb5c54085b22b1890511d29
SHA1: 1dcb770bce80a490dff49729b99c7a60e9ecb122
SHA256: 4cea299c846c8a6e6470cbfc2f7c391bc29b9caa2f9264ac1064ba91691f4adf
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.ws.rs-api High Vendor hint analyzer vendor web services Medium Vendor jar package name javax Highest Vendor jar package name rs Highest Vendor jar package name ws Highest Vendor Manifest automatic-module-name java.ws.rs Medium Vendor Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Vendor Manifest bundle-symbolicname jakarta.ws.rs-api Medium Vendor Manifest extension-name javax.ws.rs Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jakarta.ws.rs-api Highest Vendor pom artifactid jakarta.ws.rs-api Low Vendor pom developer email jaxrs-dev@eclipse.org Low Vendor pom developer id developers Medium Vendor pom developer name API Developers Medium Vendor pom groupid jakarta.ws.rs Highest Vendor pom name jakarta.ws.rs-api High Vendor pom organization name Eclipse Foundation High Vendor pom organization url https://www.eclipse.org/org/foundation/ Medium Vendor pom url eclipse-ee4j/jaxrs-api Highest Product file name jakarta.ws.rs-api High Product hint analyzer product web services Medium Product jar package name javax Highest Product jar package name rs Highest Product jar package name ws Highest Product Manifest automatic-module-name java.ws.rs Medium Product Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Product Manifest Bundle-Name jakarta.ws.rs-api Medium Product Manifest bundle-symbolicname jakarta.ws.rs-api Medium Product Manifest extension-name javax.ws.rs Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.ws.rs-api Highest Product pom developer email jaxrs-dev@eclipse.org Low Product pom developer id developers Low Product pom developer name API Developers Low Product pom groupid jakarta.ws.rs Highest Product pom name jakarta.ws.rs-api High Product pom organization name Eclipse Foundation Low Product pom organization url https://www.eclipse.org/org/foundation/ Low Product pom url eclipse-ee4j/jaxrs-api High Version file version 2.1.6 High Version Manifest Bundle-Version 2.1.6 High Version Manifest Implementation-Version 2.1.6 High Version pom version 2.1.6 Highest
Description:
Jakarta XML Binding API 2.3 Design Specification License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/grprdist/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3.jar
MD5: 61286918ca0192e9f87d1358aef718dd
SHA1: 48e3b9cfc10752fba3521d6511f4165bea951801
SHA256: c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS SCIM:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.xml.bind-api High Vendor jar package name bind Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.xml.bind-api Medium Vendor Manifest extension-name jakarta.xml.bind Medium Vendor Manifest implementation-build-id 2.3.3-RELEASE-fd06b2b Low Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.xml.bind-api Highest Vendor pom artifactid jakarta.xml.bind-api Low Vendor pom groupid jakarta.xml.bind Highest Vendor pom name Jakarta XML Binding API High Vendor pom parent-artifactid jakarta.xml.bind-api-parent Low Product file name jakarta.xml.bind-api High Product jar package name bind Highest Product jar package name xml Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta XML Binding API Medium Product Manifest bundle-symbolicname jakarta.xml.bind-api Medium Product Manifest extension-name jakarta.xml.bind Medium Product Manifest implementation-build-id 2.3.3-RELEASE-fd06b2b Low Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.xml.bind-api Highest Product pom groupid jakarta.xml.bind Highest Product pom name Jakarta XML Binding API High Product pom parent-artifactid jakarta.xml.bind-api-parent Medium Version file version 2.3.3 High Version Manifest Bundle-Version 2.3.3 High Version Manifest Implementation-Version 2.3.3 High Version pom version 2.3.3 Highest
Description:
Parent POM for JBoss projects. Provides default project build configuration. License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/jboss/jandex/2.0.4.Final/jandex-2.0.4.Final.jar
MD5: 2938e9457bf0c1fba50d8b03a05218de
SHA1: 1796bb21a7a19a10caa7c555f81da66f4bf490cb
SHA256: f75da95aa66d841c5341480247a39a5c3c615aa6966058306d49a5d3db9b3b61
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jandex High Vendor hint analyzer vendor redhat Highest Vendor jar package name indexer Highest Vendor jar package name jandex Highest Vendor jar package name jboss Highest Vendor Manifest build-timestamp Mon, 23 Oct 2017 13:00:50 -0500 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.jandex Medium Vendor Manifest implementation-url http://www.jboss.org/jandex Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jandex Highest Vendor pom artifactid jandex Low Vendor pom groupid org.jboss Highest Vendor pom name Java Annotation Indexer High Vendor pom parent-artifactid jboss-parent Low Product file name jandex High Product jar package name indexer Highest Product jar package name jandex Highest Product jar package name jboss Highest Product Manifest build-timestamp Mon, 23 Oct 2017 13:00:50 -0500 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name Java Annotation Indexer Medium Product Manifest bundle-symbolicname org.jboss.jandex Medium Product Manifest Implementation-Title Java Annotation Indexer High Product Manifest implementation-url http://www.jboss.org/jandex Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title Java Annotation Indexer Medium Product pom artifactid jandex Highest Product pom groupid org.jboss Highest Product pom name Java Annotation Indexer High Product pom parent-artifactid jboss-parent Medium Version Manifest Bundle-Version 2.0.4.Final High Version Manifest Implementation-Version 2.0.4.Final High Version pom parent-version 2.0.4.Final Low Version pom version 2.0.4.Final Highest
Description:
Java library which enables encryption in java apps with minimum effort. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/jasypt/jasypt/1.9.0/jasypt-1.9.0.jar
MD5: ae3eb8eb393515846ff6703bccade8f9
SHA1: 0857a1a55a81641c31b2a9b4b292120c1d4432bd
SHA256: b5808493000ac2041a6fc5fcc448f52b5423ab1aec060f846379016e1fc16fc7
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name jasypt High Vendor jar package name encryption Highest Vendor jar package name jasypt Highest Vendor jar package name jasypt Low Vendor jar package name org Highest Vendor pom artifactid jasypt Highest Vendor pom artifactid jasypt Low Vendor pom developer email dfernandez AT users.sourceforge.net Low Vendor pom developer id dfernandez Medium Vendor pom developer name Daniel Fernandez Medium Vendor pom groupid org.jasypt Highest Vendor pom name JASYPT: Java Simplified Encryption High Vendor pom organization name The JASYPT team High Vendor pom organization url http://www.jasypt.org Medium Vendor pom url http://www.jasypt.org Highest Product file name jasypt High Product jar package name encryption Highest Product jar package name jasypt Highest Product jar package name org Highest Product pom artifactid jasypt Highest Product pom developer email dfernandez AT users.sourceforge.net Low Product pom developer id dfernandez Low Product pom developer name Daniel Fernandez Low Product pom groupid org.jasypt Highest Product pom name JASYPT: Java Simplified Encryption High Product pom organization name The JASYPT team Low Product pom organization url http://www.jasypt.org Low Product pom url http://www.jasypt.org Medium Version file version 1.9.0 High Version pom version 1.9.0 Highest
CVE-2014-9970 suppress
jasypt before 1.9.2 allows a timing attack against the password hash comparison. CWE-200 Information Exposure
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/googlecode/java-ipv6/java-ipv6/0.17/java-ipv6-0.17.jar
MD5: 7eab662f5ec5c0f1d964e1c551a5ac02
SHA1: 243426a162fa169ad40f5f59cb957321f00cba3f
SHA256: 37cf71baf707041cb494834c559ad12b631f5c7747c804ec19598bc0e0f01162
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name java-ipv6 High Vendor jar package name googlecode Highest Vendor jar package name googlecode Low Vendor jar package name ipv6 Highest Vendor jar package name ipv6 Low Vendor pom artifactid java-ipv6 Highest Vendor pom artifactid java-ipv6 Low Vendor pom groupid com.googlecode.java-ipv6 Highest Vendor pom name Java IPv6 Library High Vendor pom url janvanbesien/java-ipv6/ Highest Product file name java-ipv6 High Product jar package name googlecode Highest Product jar package name ipv6 Highest Product jar package name ipv6 Low Product pom artifactid java-ipv6 Highest Product pom groupid com.googlecode.java-ipv6 Highest Product pom name Java IPv6 Library High Product pom url janvanbesien/java-ipv6/ High Version file version 0.17 High Version pom version 0.17 Highest
Description:
Java implementation of JSON Web Token (JWT) License:
The MIT License (MIT): https://raw.githubusercontent.com/auth0/java-jwt/master/LICENSE File Path: /home/grprdist/.m2/repository/com/auth0/java-jwt/3.10.3/java-jwt-3.10.3.jar
MD5: 69ca7c81203e238a71437325580b3663
SHA1: 138b7ea9ca2c8c8e66acf5a70e809490bcf08955
SHA256: c5901a5dadf420867cd6cb598f7ae09b0cde7f7e46b7e1a70b56be8d5a5c64a6
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name java-jwt High Vendor jar package name auth0 Highest Vendor jar package name jwt Highest Vendor pom artifactid java-jwt Highest Vendor pom artifactid java-jwt Low Vendor pom developer email hernan@auth0.com Low Vendor pom developer email luciano.balmaceda@auth0.com Low Vendor pom developer email oss@auth0.com Low Vendor pom developer id auth0 Medium Vendor pom developer id hzalaz Medium Vendor pom developer id lbalmaceda Medium Vendor pom developer name Auth0 Medium Vendor pom developer name Hernan Zalazar Medium Vendor pom developer name Luciano Balmaceda Medium Vendor pom groupid com.auth0 Highest Vendor pom name java jwt High Vendor pom url auth0/java-jwt Highest Product file name java-jwt High Product jar package name auth0 Highest Product jar package name jwt Highest Product Manifest Implementation-Title java-jwt High Product pom artifactid java-jwt Highest Product pom developer email hernan@auth0.com Low Product pom developer email luciano.balmaceda@auth0.com Low Product pom developer email oss@auth0.com Low Product pom developer id auth0 Low Product pom developer id hzalaz Low Product pom developer id lbalmaceda Low Product pom developer name Auth0 Low Product pom developer name Hernan Zalazar Low Product pom developer name Luciano Balmaceda Low Product pom groupid com.auth0 Highest Product pom name java jwt High Product pom url auth0/java-jwt High Version file version 3.10.3 High Version Manifest Implementation-Version 3.10.3 High Version pom version 3.10.3 Highest
Description:
Java(TM) EE 7 Specification APIs License:
CDDL + GPLv2 with classpath exception: http://glassfish.java.net/nonav/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/javax/javaee-api/7.0/javaee-api-7.0.jar
MD5: 4574e0b1f14590cb3280d37a6cedc27d
SHA1: 51399f902cc27a808122edcbebfaa1ad989954ba
SHA256: 16e51bfb2a6ed95d600e7a541e53a42b8d39c87d23b5f0e6460dd0dffe84903e
Referenced In Projects/Scopes: Grouper WS SCIM:compile Grouper WS:provided Evidence Type Source Name Value Confidence Vendor file name javaee-api High Vendor jar package name api Highest Vendor jar package name javax Highest Vendor jar package name javax Low Vendor pom artifactid javaee-api Highest Vendor pom artifactid javaee-api Low Vendor pom developer id ldemichiel Medium Vendor pom developer id shannon Medium Vendor pom developer name Bill Shannon Medium Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid javax Highest Vendor pom groupid org.glassfish.main Highest Vendor pom name Java(TM) EE 7 Specification APIs High Vendor pom parent-artifactid javaee-api-parent Low Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Product file name javaee-api High Product jar package name api Highest Product jar package name javax Highest Product pom artifactid javaee-api Highest Product pom developer id ldemichiel Low Product pom developer id shannon Low Product pom developer name Bill Shannon Low Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid javax Highest Product pom groupid org.glassfish.main Highest Product pom name Java(TM) EE 7 Specification APIs High Product pom parent-artifactid javaee-api-parent Medium Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Version file version 7.0 High Version pom parent-version 7.0 Low Version pom version 7.0 Highest
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /home/grprdist/.m2/repository/org/javassist/javassist/3.22.0-GA/javassist-3.22.0-GA.jar
MD5: 69f277ed4c6631e45ec4cacd0e6e46c6
SHA1: 3e83394258ae2089be7219b971ec21a8288528ad
SHA256: 59531c00f3e3aa1ff48b3a8cf4ead47d203ab0e2fd9e0ad401f764e05947e252
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name javassist High Vendor jar package name bytecode Highest Vendor jar package name javassist Highest Vendor Manifest bundle-symbolicname javassist Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor pom artifactid javassist Highest Vendor pom artifactid javassist Low Vendor pom developer email adinn@redhat.com Low Vendor pom developer email chiba@javassist.org Low Vendor pom developer email kabir.khan@jboss.com Low Vendor pom developer email smarlow@redhat.com Low Vendor pom developer id adinn Medium Vendor pom developer id chiba Medium Vendor pom developer id kabir.khan@jboss.com Medium Vendor pom developer id scottmarlow Medium Vendor pom developer name Andrew Dinn Medium Vendor pom developer name Kabir Khan Medium Vendor pom developer name Scott Marlow Medium Vendor pom developer name Shigeru Chiba Medium Vendor pom developer org JBoss Medium Vendor pom developer org The Javassist Project Medium Vendor pom developer org URL http://www.javassist.org/ Medium Vendor pom developer org URL http://www.jboss.org/ Medium Vendor pom groupid org.javassist Highest Vendor pom name Javassist High Vendor pom organization name Shigeru Chiba, www.javassist.org High Vendor pom url http://www.javassist.org/ Highest Product file name javassist High Product jar package name bytecode Highest Product jar package name javassist Highest Product Manifest Bundle-Name Javassist Medium Product Manifest bundle-symbolicname javassist Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Javassist Medium Product pom artifactid javassist Highest Product pom developer email adinn@redhat.com Low Product pom developer email chiba@javassist.org Low Product pom developer email kabir.khan@jboss.com Low Product pom developer email smarlow@redhat.com Low Product pom developer id adinn Low Product pom developer id chiba Low Product pom developer id kabir.khan@jboss.com Low Product pom developer id scottmarlow Low Product pom developer name Andrew Dinn Low Product pom developer name Kabir Khan Low Product pom developer name Scott Marlow Low Product pom developer name Shigeru Chiba Low Product pom developer org JBoss Low Product pom developer org The Javassist Project Low Product pom developer org URL http://www.javassist.org/ Low Product pom developer org URL http://www.jboss.org/ Low Product pom groupid org.javassist Highest Product pom name Javassist High Product pom organization name Shigeru Chiba, www.javassist.org Low Product pom url http://www.javassist.org/ Medium Version Manifest specification-version 3.22.0-GA High Version pom version 3.22.0-GA Highest
Description:
JavaBeans Activation Framework API jar License:
https://github.com/javaee/activation/blob/master/LICENSE.txt File Path: /home/grprdist/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256: 43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name javax.activation-api High Vendor jar package name activation Highest Vendor jar package name javax Highest Vendor Manifest automatic-module-name java.activation Medium Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname javax.activation-api Medium Vendor Manifest extension-name javax.activation Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest originally-created-by 1.8.0_141 (Oracle Corporation) Low Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid javax.activation-api Highest Vendor pom artifactid javax.activation-api Low Vendor pom groupid javax.activation Highest Vendor pom name JavaBeans Activation Framework API jar High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.activation Medium Product file name javax.activation-api High Product jar package name activation Highest Product jar package name javax Highest Product Manifest automatic-module-name java.activation Medium Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JavaBeans Activation Framework API jar Medium Product Manifest bundle-symbolicname javax.activation-api Medium Product Manifest extension-name javax.activation Medium Product Manifest Implementation-Title javax.activation.javax.activation-api High Product Manifest originally-created-by 1.8.0_141 (Oracle Corporation) Low Product Manifest specification-title javax.activation.javax.activation-api Medium Product pom artifactid javax.activation-api Highest Product pom groupid javax.activation Highest Product pom name JavaBeans Activation Framework API jar High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.activation Medium Version file version 1.2.0 High Version Manifest Bundle-Version 1.2.0 High Version Manifest Implementation-Version 1.2.0 High Version pom version 1.2.0 Highest
Description:
JavaMail API License:
https://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/grprdist/.m2/repository/com/sun/mail/javax.mail/1.5.0/javax.mail-1.5.0.jar
MD5: dabf8c0f32c7f6eb5c87aebd53e07fce
SHA1: ec2410fdf7e0a3022e7c2a2e6241039d1abc1e98
SHA256: 9568765e086609fc4d511b27cb89b3351a40ebda0552852a7daf65b769a01511
Referenced In Projects/Scopes: Grouper WS SCIM:compile Grouper WS:provided Evidence Type Source Name Value Confidence Vendor file name javax.mail High Vendor jar package name javax Highest Vendor jar package name mail Highest Vendor jar package name provider Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname com.sun.mail.javax.mail Medium Vendor Manifest extension-name javax.mail Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid javax.mail Highest Vendor pom artifactid javax.mail Low Vendor pom groupid com.sun.mail Highest Vendor pom name JavaMail API High Vendor pom parent-artifactid all Low Product file name javax.mail High Product jar package name javax Highest Product jar package name mail Highest Product jar package name provider Highest Product jar package name sun Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JavaMail API Medium Product Manifest bundle-symbolicname com.sun.mail.javax.mail Medium Product Manifest extension-name javax.mail Medium Product Manifest Implementation-Title javax.mail High Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Product Manifest specification-title JavaMail(TM) API Design Specification Medium Product pom artifactid javax.mail Highest Product pom groupid com.sun.mail Highest Product pom name JavaMail API High Product pom parent-artifactid all Medium Version file version 1.5.0 High Version Manifest Bundle-Version 1.5.0 High Version Manifest Implementation-Version 1.5.0 High Version pom version 1.5.0 Highest
Description:
JavaMail API jar License:
https://javaee.github.io/javamail/LICENSE File Path: /home/grprdist/.m2/repository/javax/mail/javax.mail-api/1.6.0/javax.mail-api-1.6.0.jar
MD5: f641c3a2ad76a53acfbec7d7f5d8021d
SHA1: 1941270d3b04ded5bdc274351450b4afe47be080
SHA256: cddf58552871afe398061fffc36aec20899ad1f05a8141d90914e26d83980a66
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name javax.mail-api High Vendor jar package name javax Highest Vendor jar package name mail Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname javax.mail-api Medium Vendor Manifest extension-name javax.mail Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest originally-created-by 1.8.0_131 (Oracle Corporation) Low Vendor Manifest probe-provider-xml-file-names Medium Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid javax.mail-api Highest Vendor pom artifactid javax.mail-api Low Vendor pom groupid javax.mail Highest Vendor pom name JavaMail API jar High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.mail Medium Product file name javax.mail-api High Product jar package name javax Highest Product jar package name mail Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JavaMail API jar Medium Product Manifest bundle-symbolicname javax.mail-api Medium Product Manifest extension-name javax.mail Medium Product Manifest Implementation-Title javax.mail.javax.mail-api High Product Manifest originally-created-by 1.8.0_131 (Oracle Corporation) Low Product Manifest probe-provider-xml-file-names Medium Product Manifest specification-title javax.mail.javax.mail-api Medium Product pom artifactid javax.mail-api Highest Product pom groupid javax.mail Highest Product pom name JavaMail API jar High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.mail Medium Version file version 1.6.0 High Version Manifest Bundle-Version 1.6.0 High Version Manifest Implementation-Version 1.6.0 High Version pom version 1.6.0 Highest
Description:
Java(TM) Persistence API License:
Eclipse Public License v1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/grprdist/.m2/repository/javax/persistence/javax.persistence-api/2.2/javax.persistence-api-2.2.jar
MD5: e6520b3435f5b6d58eee415b5542abf8
SHA1: 25665ac8c0b62f50e6488173233239120fc52c96
SHA256: 5578b71b37999a5eaed3fea0d14aa61c60c6ec6328256f2b63472f336318baf4
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name javax.persistence-api High Vendor jar package name javax Highest Vendor jar package name persistence Highest Vendor Manifest automatic-module-name java.persistence Medium Vendor Manifest bundle-symbolicname javax.persistence-api Medium Vendor Manifest extension-name javax.persistence Medium Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.persistence-api Highest Vendor pom artifactid javax.persistence-api Low Vendor pom groupid javax.persistence Highest Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url javaee/jpa-spec Highest Product file name javax.persistence-api High Product jar package name javax Highest Product jar package name persistence Highest Product jar package name version Highest Product Manifest automatic-module-name java.persistence Medium Product Manifest Bundle-Name Java(TM) Persistence API jar Medium Product Manifest bundle-symbolicname javax.persistence-api Medium Product Manifest extension-name javax.persistence Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid javax.persistence-api Highest Product pom groupid javax.persistence Highest Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url javaee/jpa-spec High Version file version 2.2 High Version Manifest Bundle-Version 2.2 High Version Manifest Implementation-Version 2.2 High Version pom parent-version 2.2 Low Version pom version 2.2 Highest
Description:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Projects/Scopes: Grouper API:provided Grouper WS:provided Grouper UI:provided Evidence Type Source Name Value Confidence Vendor file name javax.servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor Manifest extension-name javax.servlet Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet-api Highest Vendor pom artifactid javax.servlet-api Low Vendor pom developer id mode Medium Vendor pom developer id swchan2 Medium Vendor pom developer name Rajiv Mordani Medium Vendor pom developer name Shing Wai Chan Medium Vendor pom developer org Oracle Medium Vendor pom groupid javax.servlet Highest Vendor pom name Java Servlet API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://glassfish.dev.java.net Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://servlet-spec.java.net Highest Vendor pom (hint) developer org sun Medium Product file name javax.servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product Manifest Bundle-Name Java Servlet API Medium Product Manifest bundle-symbolicname javax.servlet-api Medium Product Manifest extension-name javax.servlet Medium Product pom artifactid javax.servlet-api Highest Product pom developer id mode Low Product pom developer id swchan2 Low Product pom developer name Rajiv Mordani Low Product pom developer name Shing Wai Chan Low Product pom developer org Oracle Low Product pom groupid javax.servlet Highest Product pom name Java Servlet API High Product pom organization name GlassFish Community Low Product pom organization url https://glassfish.dev.java.net Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://servlet-spec.java.net Medium Version file version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom parent-version 3.1.0 Low Version pom version 3.1.0 Highest
Description:
Java.net - The Source for Java Technology Collaboration License:
CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/javax/servlet/jsp/javax.servlet.jsp-api/2.3.2-b02/javax.servlet.jsp-api-2.3.2-b02.jar
MD5: 5a0f2ffd45ce2722ab1c096571dbefc4
SHA1: 0287387015b38bb4fc5d5f085c938ab51bf82b00
SHA256: baf462a8b451bb2e00aebab92adc8005fa42f11b82b8e7335165842d80413d16
Referenced In Project/Scope: Grouper UI:provided
Evidence Type Source Name Value Confidence Vendor file name javax.servlet.jsp-api High Vendor jar package name javax Highest Vendor jar package name jsp Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl http://glassfish.org Low Vendor Manifest bundle-symbolicname javax.servlet.jsp-api Medium Vendor Manifest extension-name javax.servlet.jsp Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet.jsp-api Highest Vendor pom artifactid javax.servlet.jsp-api Low Vendor pom developer id kchung Medium Vendor pom developer name Kin-man Chung Medium Vendor pom developer org Oracle Corporation Medium Vendor pom groupid javax.servlet.jsp Highest Vendor pom name JavaServer Pages(TM) API High Vendor pom organization name GlassFish Community High Vendor pom organization url http://glassfish.org Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jsp.java.net Highest Product file name javax.servlet.jsp-api High Product jar package name javax Highest Product jar package name jsp Highest Product jar package name servlet Highest Product Manifest bundle-docurl http://glassfish.org Low Product Manifest Bundle-Name JavaServer Pages(TM) API Medium Product Manifest bundle-symbolicname javax.servlet.jsp-api Medium Product Manifest extension-name javax.servlet.jsp Medium Product pom artifactid javax.servlet.jsp-api Highest Product pom developer id kchung Low Product pom developer name Kin-man Chung Low Product pom developer org Oracle Corporation Low Product pom groupid javax.servlet.jsp Highest Product pom name JavaServer Pages(TM) API High Product pom organization name GlassFish Community Low Product pom organization url http://glassfish.org Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jsp.java.net Medium Version Manifest Implementation-Version 2.3.2-b02 High Version pom parent-version 2.3.2-b02 Low Version pom version 2.3.2-b02 Highest
Description:
Java.net - The Source for Java Technology Collaboration License:
CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/javax/servlet/jsp/jstl/javax.servlet.jsp.jstl-api/1.2.1/javax.servlet.jsp.jstl-api-1.2.1.jar
MD5: e81f03bad3a397e1a07561e4b00be00b
SHA1: f072f63ab1689e885ac40c221df3e6bb3e64a84a
SHA256: f8fe158caa6c220bbc2d94da08773af101909da02ff61725392b7c603dd693e0
Referenced In Projects/Scopes: Grouper UI webapp:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name javax.servlet.jsp.jstl-api High Vendor jar package name javax Highest Vendor jar package name jsp Highest Vendor jar package name jstl Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl http://glassfish.org Low Vendor Manifest bundle-symbolicname javax.servlet.jsp.jstl-api Medium Vendor Manifest extension-name javax.servlet.jsp.jstl Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet.jsp.jstl-api Highest Vendor pom artifactid javax.servlet.jsp.jstl-api Low Vendor pom developer id kchung Medium Vendor pom developer name Kin Man Chung Medium Vendor pom developer org Oracle Corporation Medium Vendor pom groupid javax.servlet.jsp.jstl Highest Vendor pom name JavaServer Pages(TM) Standard Tag Library API High Vendor pom organization name GlassFish Community High Vendor pom organization url http://glassfish.org Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jcp.org/en/jsr/detail?id=52 Highest Product file name javax.servlet.jsp.jstl-api High Product jar package name javax Highest Product jar package name jsp Highest Product jar package name jstl Highest Product jar package name servlet Highest Product Manifest bundle-docurl http://glassfish.org Low Product Manifest Bundle-Name JavaServer Pages(TM) Standard Tag Library API Medium Product Manifest bundle-symbolicname javax.servlet.jsp.jstl-api Medium Product Manifest extension-name javax.servlet.jsp.jstl Medium Product pom artifactid javax.servlet.jsp.jstl-api Highest Product pom developer id kchung Low Product pom developer name Kin Man Chung Low Product pom developer org Oracle Corporation Low Product pom groupid javax.servlet.jsp.jstl Highest Product pom name JavaServer Pages(TM) Standard Tag Library API High Product pom organization name GlassFish Community Low Product pom organization url http://glassfish.org Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jcp.org/en/jsr/detail?id=52 Medium Version file version 1.2.1 High Version Manifest Bundle-Version 1.2.1 High Version Manifest Implementation-Version 1.2.1 High Version pom parent-version 1.2.1 Low Version pom version 1.2.1 Highest
File Path: /home/grprdist/.m2/repository/javax/xml/bind/jaxb-api/2.2/jaxb-api-2.2.jarMD5: cc9e4d0fb397b4ab294a4bdde36177ebSHA1: bcf23b1d858c6f69d67c851d497984d25345d0b1SHA256: 34c022696b577e984d42641428e6e49a8afa0257c4ec96feff36e4b67c093390Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jaxb-api High Vendor jar package name bind Highest Vendor jar package name javax Highest Vendor jar package name jaxb Highest Vendor jar package name xml Highest Vendor Manifest extension-name javax.xml.bind Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jaxb-api Highest Vendor pom artifactid jaxb-api Low Vendor pom groupid javax.xml.bind Highest Product file name jaxb-api High Product jar package name bind Highest Product jar package name javax Highest Product jar package name jaxb Highest Product jar package name xml Highest Product Manifest extension-name javax.xml.bind Medium Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid jaxb-api Highest Product pom groupid javax.xml.bind Highest Version file version 2.2 High Version Manifest specification-version 2.2 High Version pom version 2.2 Highest
Description:
JAXB (JSR 222) API License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /home/grprdist/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256: 88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jaxb-api High Vendor jar package name bind Highest Vendor jar package name javax Highest Vendor jar package name jaxb Highest Vendor jar package name xml Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname jaxb-api Medium Vendor Manifest extension-name javax.xml.bind Medium Vendor Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jaxb-api Highest Vendor pom artifactid jaxb-api Low Vendor pom groupid javax.xml.bind Highest Vendor pom parent-artifactid jaxb-api-parent Low Product file name jaxb-api High Product jar package name bind Highest Product jar package name javax Highest Product jar package name jaxb Highest Product jar package name xml Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jaxb-api Medium Product Manifest bundle-symbolicname jaxb-api Medium Product Manifest extension-name javax.xml.bind Medium Product Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))" Low Product Manifest specification-title jaxb-api Medium Product pom artifactid jaxb-api Highest Product pom groupid javax.xml.bind Highest Product pom parent-artifactid jaxb-api-parent Medium Version file version 2.3.1 High Version Manifest Bundle-Version 2.3.1 High Version pom version 2.3.1 Highest
Description:
JAXB (JSR 222) reference implementation License:
CDDL 1.0: https://glassfish.dev.java.net/public/CDDL+GPL.html
GPL2 w/ CPE: https://glassfish.dev.java.net/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/com/sun/xml/bind/jaxb-impl/2.2.1.1/jaxb-impl-2.2.1.1.jar
MD5: dac518925b66b9e6c1a510179e5bd690
SHA1: 12b12db16f9f63f9e6b842a676d09a5c195d1dde
SHA256: f1a30f934a2dce2a68c30fbdfa2657cf24be774415df66f54fce5547015a781c
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jaxb-impl High Vendor jar package name bind Highest Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest extension-name com.sun.xml.bind Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jaxb-impl Highest Vendor pom artifactid jaxb-impl Low Vendor pom groupid com.sun.xml.bind Highest Vendor pom name JAXB RI High Vendor pom url https://jaxb.dev.java.net/ Highest Product file name jaxb-impl High Product jar package name bind Highest Product jar package name sun Highest Product jar package name xml Highest Product Manifest extension-name com.sun.xml.bind Medium Product Manifest Implementation-Title JAXB Reference Implementation High Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid jaxb-impl Highest Product pom groupid com.sun.xml.bind Highest Product pom name JAXB RI High Product pom url https://jaxb.dev.java.net/ Medium Version file version 2.2.1.1 High Version pom version 2.2.1.1 Highest
Description:
JAXB (JSR 222) Reference Implementation File Path: /home/grprdist/.m2/repository/org/glassfish/jaxb/jaxb-runtime/2.3.1/jaxb-runtime-2.3.1.jarMD5: 848098e3eda0d37738d51a7acacd8e95SHA1: dd6dda9da676a54c5b36ca2806ff95ee017d8738SHA256: 45fecfa5c8217ce1f3652ab95179790ec8cc0dec0384bca51cbeb94a293d9f2fReferenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jaxb-runtime High Vendor jar package name bind Highest Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest git-revision ad5fa4c697632694cbcfa80177707db908cd98b2 Low Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid jaxb-runtime Highest Vendor pom artifactid jaxb-runtime Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name JAXB Runtime High Vendor pom parent-artifactid jaxb-runtime-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Product file name jaxb-runtime High Product jar package name bind Highest Product jar package name sun Highest Product jar package name xml Highest Product Manifest git-revision ad5fa4c697632694cbcfa80177707db908cd98b2 Low Product Manifest Implementation-Title JAXB Implementation High Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid jaxb-runtime Highest Product pom groupid org.glassfish.jaxb Highest Product pom name JAXB Runtime High Product pom parent-artifactid jaxb-runtime-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Version file version 2.3.1 High Version Manifest build-id 2.3.1 Medium Version Manifest Implementation-Version 2.3.1 High Version Manifest major-version 2.3.1 Medium Version pom version 2.3.1 Highest
Description:
Jaxen is a universal Java XPath engine. File Path: /home/grprdist/.m2/repository/jaxen/jaxen/1.1.1/jaxen-1.1.1.jarMD5: 261d1aa59865842ecc32b3848b0c6538SHA1: 9f5d3c5974dbe5cf69c2c2ec7d8a4eb6e0fce7f9SHA256: 160958f42f60fff817d6c0b1b02fd9284b3f0fcb46e61d38866f65b7af4d329dReferenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jaxen High Vendor jar package name jaxen Highest Vendor jar package name xpath Highest Vendor Manifest extension-name jaxen Medium Vendor Manifest Implementation-Vendor Codehaus High Vendor Manifest specification-vendor Codehaus Low Vendor pom artifactid jaxen Highest Vendor pom artifactid jaxen Low Vendor pom developer email bob@eng.werken.com Low Vendor pom developer email brian.ewins@gmail.com Low Vendor pom developer email contact@megginson.com Low Vendor pom developer email elharo@metalab.unc.edu Low Vendor pom developer email erwin@klomp.org Low Vendor pom developer email james_strachan@yahoo.co.uk Low Vendor pom developer email jdvorak@users.sourceforge.net Low Vendor pom developer email mbelonga@users.sourceforge.net Low Vendor pom developer email peter.royal@pobox.com Low Vendor pom developer email purpletech@users.sourceforge.net Low Vendor pom developer email scott@dotnot.org Low Vendor pom developer email szegedia@users.sourceforge.net Low Vendor pom developer email xcut@users.sourceforge.net Low Vendor pom developer id bewins Medium Vendor pom developer id bob Medium Vendor pom developer id cnentwich Medium Vendor pom developer id dmegginson Medium Vendor pom developer id eboldwidt Medium Vendor pom developer id elharo Medium Vendor pom developer id jdvorak Medium Vendor pom developer id jstrachan Medium Vendor pom developer id mbelonga Medium Vendor pom developer id proyal Medium Vendor pom developer id purpletech Medium Vendor pom developer id ssanders Medium Vendor pom developer id szegedia Medium Vendor pom developer name Alexander Day Chaffee Medium Vendor pom developer name Attila Szegedi Medium Vendor pom developer name Bob McWhirter Medium Vendor pom developer name Brian Ewins Medium Vendor pom developer name Christian Nentwich Medium Vendor pom developer name David Megginson Medium Vendor pom developer name Elliotte Rusty Harold Medium Vendor pom developer name Erwin Bolwidt Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Jan Dvorak Medium Vendor pom developer name Mark A. Belonga Medium Vendor pom developer name Peter Royal Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer org Cafe au Lait Medium Vendor pom developer org dotnot Medium Vendor pom developer org Megginson Technologies Medium Vendor pom developer org Purple Technologies Medium Vendor pom developer org Spiritsoft Medium Vendor pom developer org The Werken Company Medium Vendor pom groupid jaxen Highest Vendor pom name jaxen High Vendor pom organization name Codehaus High Vendor pom organization url http://codehaus.org Medium Vendor pom url http://jaxen.codehaus.org/ Highest Product file name jaxen High Product jar package name jaxen Highest Product jar package name xpath Highest Product Manifest extension-name jaxen Medium Product Manifest Implementation-Title org.jaxen High Product Manifest specification-title Universal Java XPath Engine Medium Product pom artifactid jaxen Highest Product pom developer email bob@eng.werken.com Low Product pom developer email brian.ewins@gmail.com Low Product pom developer email contact@megginson.com Low Product pom developer email elharo@metalab.unc.edu Low Product pom developer email erwin@klomp.org Low Product pom developer email james_strachan@yahoo.co.uk Low Product pom developer email jdvorak@users.sourceforge.net Low Product pom developer email mbelonga@users.sourceforge.net Low Product pom developer email peter.royal@pobox.com Low Product pom developer email purpletech@users.sourceforge.net Low Product pom developer email scott@dotnot.org Low Product pom developer email szegedia@users.sourceforge.net Low Product pom developer email xcut@users.sourceforge.net Low Product pom developer id bewins Low Product pom developer id bob Low Product pom developer id cnentwich Low Product pom developer id dmegginson Low Product pom developer id eboldwidt Low Product pom developer id elharo Low Product pom developer id jdvorak Low Product pom developer id jstrachan Low Product pom developer id mbelonga Low Product pom developer id proyal Low Product pom developer id purpletech Low Product pom developer id ssanders Low Product pom developer id szegedia Low Product pom developer name Alexander Day Chaffee Low Product pom developer name Attila Szegedi Low Product pom developer name Bob McWhirter Low Product pom developer name Brian Ewins Low Product pom developer name Christian Nentwich Low Product pom developer name David Megginson Low Product pom developer name Elliotte Rusty Harold Low Product pom developer name Erwin Bolwidt Low Product pom developer name James Strachan Low Product pom developer name Jan Dvorak Low Product pom developer name Mark A. Belonga Low Product pom developer name Peter Royal Low Product pom developer name Scott Sanders Low Product pom developer org Cafe au Lait Low Product pom developer org dotnot Low Product pom developer org Megginson Technologies Low Product pom developer org Purple Technologies Low Product pom developer org Spiritsoft Low Product pom developer org The Werken Company Low Product pom groupid jaxen Highest Product pom name jaxen High Product pom organization name Codehaus Low Product pom organization url http://codehaus.org Low Product pom url http://jaxen.codehaus.org/ Medium Version file version 1.1.1 High Version Manifest Implementation-Version 1.1.1 High Version pom version 1.1.1 Highest
Description:
Jaxen is a universal Java XPath engine. License:
http://jaxen.codehaus.org/license.html File Path: /home/grprdist/.m2/repository/jaxen/jaxen/1.1.6/jaxen-1.1.6.jar
MD5: a140517286b56eea981e188dcc3a13f6
SHA1: 3f8c36d9a0578e8e98f030c662b69888b1430ac0
SHA256: 5ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3eb
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name jaxen High Vendor jar package name jaxen Highest Vendor jar package name xpath Highest Vendor Manifest bundle-docurl http://codehaus.org Low Vendor Manifest bundle-symbolicname jaxen Medium Vendor pom artifactid jaxen Highest Vendor pom artifactid jaxen Low Vendor pom developer email bob@eng.werken.com Low Vendor pom developer email brian.ewins@gmail.com Low Vendor pom developer email contact@megginson.com Low Vendor pom developer email elharo@ibiblio.org Low Vendor pom developer email erwin@klomp.org Low Vendor pom developer email james_strachan@yahoo.co.uk Low Vendor pom developer email jdvorak@users.sourceforge.net Low Vendor pom developer email mbelonga@users.sourceforge.net Low Vendor pom developer email peter.royal@pobox.com Low Vendor pom developer email purpletech@users.sourceforge.net Low Vendor pom developer email scott@dotnot.org Low Vendor pom developer email szegedia@users.sourceforge.net Low Vendor pom developer email xcut@users.sourceforge.net Low Vendor pom developer id bewins Medium Vendor pom developer id bob Medium Vendor pom developer id cnentwich Medium Vendor pom developer id dmegginson Medium Vendor pom developer id eboldwidt Medium Vendor pom developer id elharo Medium Vendor pom developer id jdvorak Medium Vendor pom developer id jstrachan Medium Vendor pom developer id mbelonga Medium Vendor pom developer id proyal Medium Vendor pom developer id purpletech Medium Vendor pom developer id ssanders Medium Vendor pom developer id szegedia Medium Vendor pom developer name Alexander Day Chaffee Medium Vendor pom developer name Attila Szegedi Medium Vendor pom developer name Bob McWhirter Medium Vendor pom developer name Brian Ewins Medium Vendor pom developer name Christian Nentwich Medium Vendor pom developer name David Megginson Medium Vendor pom developer name Elliotte Rusty Harold Medium Vendor pom developer name Erwin Bolwidt Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Jan Dvorak Medium Vendor pom developer name Mark A. Belonga Medium Vendor pom developer name Peter Royal Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer org Cafe au Lait Medium Vendor pom developer org dotnot Medium Vendor pom developer org Megginson Technologies Medium Vendor pom developer org Purple Technologies Medium Vendor pom developer org Spiritsoft Medium Vendor pom developer org The Werken Company Medium Vendor pom groupid jaxen Highest Vendor pom name jaxen High Vendor pom organization name Codehaus High Vendor pom organization url http://codehaus.org Medium Vendor pom url http://jaxen.codehaus.org/ Highest Product file name jaxen High Product jar package name jaxen Highest Product jar package name xpath Highest Product Manifest bundle-docurl http://codehaus.org Low Product Manifest Bundle-Name jaxen Medium Product Manifest bundle-symbolicname jaxen Medium Product pom artifactid jaxen Highest Product pom developer email bob@eng.werken.com Low Product pom developer email brian.ewins@gmail.com Low Product pom developer email contact@megginson.com Low Product pom developer email elharo@ibiblio.org Low Product pom developer email erwin@klomp.org Low Product pom developer email james_strachan@yahoo.co.uk Low Product pom developer email jdvorak@users.sourceforge.net Low Product pom developer email mbelonga@users.sourceforge.net Low Product pom developer email peter.royal@pobox.com Low Product pom developer email purpletech@users.sourceforge.net Low Product pom developer email scott@dotnot.org Low Product pom developer email szegedia@users.sourceforge.net Low Product pom developer email xcut@users.sourceforge.net Low Product pom developer id bewins Low Product pom developer id bob Low Product pom developer id cnentwich Low Product pom developer id dmegginson Low Product pom developer id eboldwidt Low Product pom developer id elharo Low Product pom developer id jdvorak Low Product pom developer id jstrachan Low Product pom developer id mbelonga Low Product pom developer id proyal Low Product pom developer id purpletech Low Product pom developer id ssanders Low Product pom developer id szegedia Low Product pom developer name Alexander Day Chaffee Low Product pom developer name Attila Szegedi Low Product pom developer name Bob McWhirter Low Product pom developer name Brian Ewins Low Product pom developer name Christian Nentwich Low Product pom developer name David Megginson Low Product pom developer name Elliotte Rusty Harold Low Product pom developer name Erwin Bolwidt Low Product pom developer name James Strachan Low Product pom developer name Jan Dvorak Low Product pom developer name Mark A. Belonga Low Product pom developer name Peter Royal Low Product pom developer name Scott Sanders Low Product pom developer org Cafe au Lait Low Product pom developer org dotnot Low Product pom developer org Megginson Technologies Low Product pom developer org Purple Technologies Low Product pom developer org Spiritsoft Low Product pom developer org The Werken Company Low Product pom groupid jaxen Highest Product pom name jaxen High Product pom organization name Codehaus Low Product pom organization url http://codehaus.org Low Product pom url http://jaxen.codehaus.org/ Medium Version file version 1.1.6 High Version Manifest Bundle-Version 1.1.6 High Version pom version 1.1.6 Highest
Description:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/jboss/logging/jboss-logging/3.3.1.Final/jboss-logging-3.3.1.Final.jar
MD5: 93cf8945ff84aaf9f0ed9a76991338fb
SHA1: c46217ab74b532568c0ed31dc599db3048bd1b67
SHA256: 9f7d8b884370763b131bf48a0fc91edec89ad80e0e40c47658098a686a905bb2
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jboss-logging High Vendor hint analyzer vendor redhat Highest Vendor jar package name jboss Highest Vendor jar package name logging Highest Vendor Manifest build-timestamp Wed, 15 Mar 2017 13:22:07 -0700 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jboss-logging Highest Vendor pom artifactid jboss-logging Low Vendor pom groupid org.jboss.logging Highest Vendor pom name JBoss Logging 3 High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Vendor pom url http://www.jboss.org Highest Product file name jboss-logging High Product jar package name jboss Highest Product jar package name logging Highest Product Manifest build-timestamp Wed, 15 Mar 2017 13:22:07 -0700 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest Implementation-Title JBoss Logging 3 High Product Manifest implementation-url http://www.jboss.org Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title JBoss Logging 3 Medium Product pom artifactid jboss-logging Highest Product pom groupid org.jboss.logging Highest Product pom name JBoss Logging 3 High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Product pom url http://www.jboss.org Medium Version Manifest Bundle-Version 3.3.1.Final High Version Manifest Implementation-Version 3.3.1.Final High Version pom parent-version 3.3.1.Final Low Version pom version 3.3.1.Final Highest
Description:
The Java Transaction 1.2 API classes License:
Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt File Path: /home/grprdist/.m2/repository/org/jboss/spec/javax/transaction/jboss-transaction-api_1.2_spec/1.1.1.Final/jboss-transaction-api_1.2_spec-1.1.1.Final.jar
MD5: 1e633c47138aba999d39692a31a1a124
SHA1: a8485cab9484dda36e9a8c319e76b5cc18797b58
SHA256: a310a50b9bdc44aaf36362dc9bb212235a147ffa8ef72dc9544a39c329eabbc3
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jboss-transaction-api_1.2_spec-1.1.1.Final High Vendor hint analyzer vendor redhat Highest Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest automatic-module-name java.transaction Medium Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.spec.javax.transaction.jboss-transaction-api_1.2_spec Medium Vendor Manifest implementation-url http://www.jboss.org/jboss-transaction-api_1.2_spec Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.transaction Medium Vendor Manifest os-arch x86 Low Vendor Manifest os-name Windows 10 Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid jboss-transaction-api_1.2_spec Highest Vendor pom artifactid jboss-transaction-api_1.2_spec Low Vendor pom groupid org.jboss.spec.javax.transaction Highest Vendor pom name Java Transaction API High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Product file name jboss-transaction-api_1.2_spec-1.1.1.Final High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest automatic-module-name java.transaction Medium Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name Java Transaction API Medium Product Manifest bundle-symbolicname org.jboss.spec.javax.transaction.jboss-transaction-api_1.2_spec Medium Product Manifest Implementation-Title Java Transaction API High Product Manifest implementation-url http://www.jboss.org/jboss-transaction-api_1.2_spec Low Product Manifest os-arch x86 Low Product Manifest os-name Windows 10 Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title JSR 907: Java Transaction API (JTA) Medium Product pom artifactid jboss-transaction-api_1.2_spec Highest Product pom groupid org.jboss.spec.javax.transaction Highest Product pom name Java Transaction API High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Version Manifest Bundle-Version 1.1.1.Final High Version Manifest Implementation-Version 1.1.1.Final High Version pom parent-version 1.1.1.Final Low Version pom version 1.1.1.Final Highest
Description:
A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256: 4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jcip-annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name jcip Highest Vendor jar package name jcip Low Vendor jar package name net Low Vendor pom artifactid jcip-annotations Highest Vendor pom artifactid jcip-annotations Low Vendor pom developer id stephenc Medium Vendor pom developer name Stephen Connolly Medium Vendor pom groupid com.github.stephenc.jcip Highest Vendor pom name JCIP Annotations under Apache License High Vendor pom url http://stephenc.github.com/jcip-annotations Highest Product file name jcip-annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name jcip Highest Product jar package name jcip Low Product pom artifactid jcip-annotations Highest Product pom developer id stephenc Low Product pom developer name Stephen Connolly Low Product pom groupid com.github.stephenc.jcip Highest Product pom name JCIP Annotations under Apache License High Product pom url http://stephenc.github.com/jcip-annotations Medium Version pom version 1.0-1 Highest
Description:
Jersey core server implementation License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
The GNU General Public License (GPL), Version 2, With Classpath Exception: https://www.gnu.org/software/classpath/license.html
Apache License, 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
Modified BSD: https://asm.ow2.io/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/jersey/core/jersey-server/2.36/jersey-server-2.36.jar
MD5: 8dd2bd5634c82b57eebb0fe35aaccee2
SHA1: 73cf67d0d761b60860b7721529503a121cfa9df4
SHA256: 2699758d1c33a9137363fd022d8c9c00423c800c4fde2b49d53530987e8da72d
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name jersey-server High Vendor jar package name glassfish Highest Vendor jar package name jersey Highest Vendor jar package name org Highest Vendor jar package name server Highest Vendor Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jersey-server Highest Vendor pom artifactid jersey-server Low Vendor pom groupid org.glassfish.jersey.core Highest Vendor pom name jersey-core-server High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.glassfish.jersey Medium Product file name jersey-server High Product jar package name filter Highest Product jar package name glassfish Highest Product jar package name jersey Highest Product jar package name org Highest Product jar package name server Highest Product Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Product Manifest Bundle-Name jersey-core-server Medium Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jersey-server Highest Product pom groupid org.glassfish.jersey.core Highest Product pom name jersey-core-server High Product pom parent-artifactid project Medium Product pom parent-groupid org.glassfish.jersey Medium Version file version 2.36 High Version pom version 2.36 Highest
Related Dependencies jersey-client-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/core/jersey-client/2.36/jersey-client-2.36.jar MD5: ee13f5ef0926cdbcb447415e0c5e2812 SHA1: 0755709fb31407d36c114afbe345b47cebf0fe60 SHA256: 027b7061001f186bd7a48bbe5f070e2774b108969776935fc9b55591a93f689d pkg:maven/org.glassfish.jersey.core/jersey-client@2.36 jersey-common-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/core/jersey-common/2.36/jersey-common-2.36.jar MD5: 4b155e7fd084ad25b5e836af5efbe4c8 SHA1: 5d259ea71ca3c1f4566ec5bfee7320e63d79673b SHA256: 543b8df0bfa07e54fe65e45b351088010a2a7079ac2564023761f8dfe8eb7b33 pkg:maven/org.glassfish.jersey.core/jersey-common@2.36 jersey-container-servlet-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/containers/jersey-container-servlet/2.36/jersey-container-servlet-2.36.jar MD5: 4571ad55cb3afc068f90ecc1d7c41a25 SHA1: fa6b0f7d47d5c3e054c71eea613a6bbe62b1b733 SHA256: 64f06051710734565486ab18910a4d3e2dbc1292a410146b66045dc1aea7cf1a pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.36 jersey-container-servlet-core-2.36.jar jersey-entity-filtering-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/ext/jersey-entity-filtering/2.36/jersey-entity-filtering-2.36.jar MD5: 92de2dfb2b8a82be5644df79a67e7ca9 SHA1: ae4e2601c0ece31d03a148391a201a2569524472 SHA256: e186ac37c5042e36cc96f7cdd394a792f3313de81bca746fc4906e0743acda0e pkg:maven/org.glassfish.jersey.ext/jersey-entity-filtering@2.36 jersey-hk2-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/inject/jersey-hk2/2.36/jersey-hk2-2.36.jar MD5: 11f928a24e0cb52fd8999cca0268b3b3 SHA1: 69a57963b35428a261ac4313cfa89f6b3dc255c6 SHA256: bdc4a8250be82943f7af1ccea4f58a92a8a73c15307ec4226fd60b8a455672f6 pkg:maven/org.glassfish.jersey.inject/jersey-hk2@2.36 jersey-media-json-jackson-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/media/jersey-media-json-jackson/2.36/jersey-media-json-jackson-2.36.jar MD5: dfea909ce709536a7fe319086e6124a6 SHA1: e83a57e43c4bd7b21d7921aa45a164555a5d1bea SHA256: ec49d0acae6cc9e82e8426afada26b4178929d47c66b108ae827f88f4c60609d pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.36 Description:
Jetty server core License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/grprdist/.m2/repository/org/mortbay/jetty/jetty/6.1.26/jetty-6.1.26.jar
MD5: 12b65438bbaf225102d0396c21236052
SHA1: 2f546e289fddd5b1fab1d4199fbb6e9ef43ee4b0
SHA256: 21091d3a9c1349f640fdc421504a604c040ed89087ecc12afbe32353326ed4e5
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper Office365 and Azure Provisioner:provided Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Evidence Type Source Name Value Confidence Vendor file name jetty High Vendor jar package name jetty Highest Vendor jar package name mortbay Highest Vendor jar package name server Highest Vendor Manifest bundle-docurl http://jetty.mortbay.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname org.mortbay.jetty.server Medium Vendor Manifest mode development Low Vendor Manifest originally-created-by 1.6.0_22 (Sun Microsystems Inc.) Low Vendor Manifest url http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty Low Vendor pom artifactid jetty Highest Vendor pom artifactid jetty Low Vendor pom groupid org.mortbay.jetty Highest Vendor pom name Jetty Server High Vendor pom parent-artifactid project Low Product file name jetty High Product jar package name jetty Highest Product jar package name mortbay Highest Product jar package name server Highest Product Manifest bundle-docurl http://jetty.mortbay.org Low Product Manifest Bundle-Name Jetty Server Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname org.mortbay.jetty.server Medium Product Manifest mode development Low Product Manifest originally-created-by 1.6.0_22 (Sun Microsystems Inc.) Low Product Manifest url http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty Low Product pom artifactid jetty Highest Product pom groupid org.mortbay.jetty Highest Product pom name Jetty Server High Product pom parent-artifactid project Medium Version file version 6.1.26 High Version Manifest Bundle-Version 6.1.26 High Version Manifest implementation-version 6.1.26 High Version pom version 6.1.26 Highest
Related Dependencies jetty-util-6.1.26.jarFile Path: /home/grprdist/.m2/repository/org/mortbay/jetty/jetty-util/6.1.26/jetty-util-6.1.26.jar MD5: 450fedce4f7f8ad3761577b10a664200 SHA1: e5642fe0399814e1687d55a3862aa5a3417226a9 SHA256: 9b974ce2b99f48254b76126337dc45b21226f383aaed616f59780adaf167c047 pkg:maven/org.mortbay.jetty/jetty-util@6.1.26 CVE-2011-4461 suppress
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L References:
Vulnerable Software & Versions: (show all )
CVE-2009-1523 suppress
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /home/grprdist/.m2/repository/jline/jline/2.14.5/jline-2.14.5.jar
MD5: 54de3b3c5a84e395d8066c143802985e
SHA1: fdedd5f2522122102f0b3db85fe7aa563a009926
SHA256: 4f347bc90d6f5ce61c0f8928d44a7b993275ceaa7d7f237714518a9bdd5003ce
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jline High Vendor jar package name jline Highest Vendor Manifest bundle-symbolicname jline Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom artifactid jline Highest Vendor pom artifactid jline Low Vendor pom developer email gnodet@gmail.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email mprudhom@gmail.com Low Vendor pom developer id gnodet Medium Vendor pom developer id jdillon Medium Vendor pom developer id mprudhom Medium Vendor pom developer name Guillaume Nodet Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Marc Prud'hommeaux Medium Vendor pom groupid jline Highest Vendor pom name JLine High Product file name jline High Product jar package name jline Highest Product Manifest Bundle-Name JLine Medium Product Manifest bundle-symbolicname jline Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom artifactid jline Highest Product pom developer email gnodet@gmail.com Low Product pom developer email jason@planet57.com Low Product pom developer email mprudhom@gmail.com Low Product pom developer id gnodet Low Product pom developer id jdillon Low Product pom developer id mprudhom Low Product pom developer name Guillaume Nodet Low Product pom developer name Jason Dillon Low Product pom developer name Marc Prud'hommeaux Low Product pom groupid jline Highest Product pom name JLine High Version file version 2.14.5 High Version Manifest Bundle-Version 2.14.5 High Version pom version 2.14.5 Highest
Description:
Implementation of the JMES Path JSON Query langauge for Java. License:
Apache License, Version 2.0: https://aws.amazon.com/apache2.0 File Path: /home/grprdist/.m2/repository/com/amazonaws/jmespath-java/1.12.267/jmespath-java-1.12.267.jar
MD5: e2a19172a5599b97ba09a270eac7acda
SHA1: 27260189acb9fbfc3a72c8f67dbdf4ce7d11276b
SHA256: dfa93938d0c40fd07e8e97fc0db2d9b062eb69d295e524c5dd614956bf13844e
Referenced In Projects/Scopes: Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jmespath-java High Vendor jar package name amazonaws Highest Vendor jar package name amazonaws Low Vendor jar package name jmespath Highest Vendor jar package name jmespath Low Vendor pom artifactid jmespath-java Highest Vendor pom artifactid jmespath-java Low Vendor pom developer id amazonwebservices Medium Vendor pom developer org Amazon Web Services Medium Vendor pom developer org URL https://aws.amazon.com Medium Vendor pom groupid com.amazonaws Highest Vendor pom name JMES Path Query library High Vendor pom parent-artifactid aws-java-sdk-pom Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name jmespath-java High Product jar package name amazonaws Highest Product jar package name jmespath Highest Product jar package name jmespath Low Product pom artifactid jmespath-java Highest Product pom developer id amazonwebservices Low Product pom developer org Amazon Web Services Low Product pom developer org URL https://aws.amazon.com Low Product pom groupid com.amazonaws Highest Product pom name JMES Path Query library High Product pom parent-artifactid aws-java-sdk-pom Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 1.12.267 High Version pom version 1.12.267 Highest
Description:
Date and time library to replace JDK date handling License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/joda-time/joda-time/2.9.9/joda-time-2.9.9.jar
MD5: eca438c8cc2b1de38e28d884b7f15dbc
SHA1: f7b520c458572890807d143670c9b24f4de90897
SHA256: b049a43c1057942e6acfbece008e4949b2e35d1658d0c8e06f4485397e2fa4e7
Referenced In Projects/Scopes: Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name joda-time High Vendor jar package name joda Highest Vendor jar package name time Highest Vendor Manifest bundle-docurl http://www.joda.org/joda-time/ Low Vendor Manifest bundle-symbolicname joda-time Medium Vendor Manifest extension-name joda-time Medium Vendor Manifest implementation-url http://www.joda.org/joda-time/ Low Vendor Manifest Implementation-Vendor Joda.org High Vendor Manifest Implementation-Vendor-Id org.joda Medium Vendor Manifest specification-vendor Joda.org Low Vendor pom artifactid joda-time Highest Vendor pom artifactid joda-time Low Vendor pom developer id broneill Medium Vendor pom developer id jodastephen Medium Vendor pom developer name Brian S O'Neill Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid joda-time Highest Vendor pom name Joda-Time High Vendor pom organization name Joda.org High Vendor pom organization url http://www.joda.org Medium Vendor pom url http://www.joda.org/joda-time/ Highest Product file name joda-time High Product jar package name joda Highest Product jar package name time Highest Product Manifest bundle-docurl http://www.joda.org/joda-time/ Low Product Manifest Bundle-Name Joda-Time Medium Product Manifest bundle-symbolicname joda-time Medium Product Manifest extension-name joda-time Medium Product Manifest Implementation-Title org.joda.time High Product Manifest implementation-url http://www.joda.org/joda-time/ Low Product Manifest specification-title Joda-Time Medium Product pom artifactid joda-time Highest Product pom developer id broneill Low Product pom developer id jodastephen Low Product pom developer name Brian S O'Neill Low Product pom developer name Stephen Colebourne Low Product pom groupid joda-time Highest Product pom name Joda-Time High Product pom organization name Joda.org Low Product pom organization url http://www.joda.org Low Product pom url http://www.joda.org/joda-time/ Medium Version file version 2.9.9 High Version Manifest Bundle-Version 2.9.9 High Version Manifest Implementation-Version 2.9.9 High Version pom version 2.9.9 Highest
Description:
The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).
It is written in Java and relies solely on the JCA APIs for cryptography.
Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/bitbucket/b_c/jose4j/0.4.4/jose4j-0.4.4.jar
MD5: 0b1441282db12afb083ed1362e26b5fa
SHA1: 82deffa5cab3871084b47c24b467745c881996f0
SHA256: ba3a665487af6671f70e1742b3a5a60b8e3f091317f1aa6cb85c77fa884a90a2
Referenced In Project/Scope: Grouper Box:compile
Evidence Type Source Name Value Confidence Vendor file name jose4j High Vendor jar package name jose4j Highest Vendor jar package name json Highest Vendor jar package name jwe Highest Vendor jar package name jwk Highest Vendor jar package name jws Highest Vendor jar package name jwt Highest Vendor jar package name use Highest Vendor Manifest bundle-symbolicname org.bitbucket.b_c.jose4j Medium Vendor pom artifactid jose4j Highest Vendor pom artifactid jose4j Low Vendor pom developer email brian.d.campbell@gmail.com Low Vendor pom developer name Brian Campbell Medium Vendor pom groupid org.bitbucket.b_c Highest Vendor pom name jose4j High Vendor pom url https://bitbucket.org/b_c/jose4j/ Highest Product file name jose4j High Product jar package name jose4j Highest Product jar package name json Highest Product jar package name jwe Highest Product jar package name jwk Highest Product jar package name jws Highest Product jar package name jwt Highest Product jar package name use Highest Product Manifest Bundle-Name jose4j Medium Product Manifest bundle-symbolicname org.bitbucket.b_c.jose4j Medium Product pom artifactid jose4j Highest Product pom developer email brian.d.campbell@gmail.com Low Product pom developer name Brian Campbell Low Product pom groupid org.bitbucket.b_c Highest Product pom name jose4j High Product pom url https://bitbucket.org/b_c/jose4j/ Medium Version file version 0.4.4 High Version Manifest Bundle-Version 0.4.4 High Version pom version 0.4.4 Highest
Description:
JSch is a pure Java implementation of SSH2 License:
Revised BSD: http://www.jcraft.com/jsch/LICENSE.txt File Path: /home/grprdist/.m2/repository/com/jcraft/jsch/0.1.55/jsch-0.1.55.jar
MD5: c395ada0fc012d66f11bd30246f6c84d
SHA1: bbd40e5aa7aa3cfad5db34965456cee738a42a50
SHA256: d492b15a6d2ea3f1cc39c422c953c40c12289073dbe8360d98c0f6f9ec74fc44
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jsch High Vendor jar package name jcraft Highest Vendor jar package name jcraft Low Vendor jar package name jsch Highest Vendor jar package name jsch Low Vendor pom artifactid jsch Highest Vendor pom artifactid jsch Low Vendor pom developer email ymnk at jcraft D0t com Low Vendor pom developer id ymnk Medium Vendor pom developer name Atsuhiko Yamanaka Medium Vendor pom developer org JCraft,Inc. Medium Vendor pom developer org URL http://www.jcraft.com/ Medium Vendor pom groupid com.jcraft Highest Vendor pom name JSch High Vendor pom organization name JCraft,Inc. High Vendor pom organization url http://www.jcraft.com/ Medium Vendor pom url http://www.jcraft.com/jsch/ Highest Product file name jsch High Product jar package name jcraft Highest Product jar package name jsch Highest Product jar package name jsch Low Product pom artifactid jsch Highest Product pom developer email ymnk at jcraft D0t com Low Product pom developer id ymnk Low Product pom developer name Atsuhiko Yamanaka Low Product pom developer org JCraft,Inc. Low Product pom developer org URL http://www.jcraft.com/ Low Product pom groupid com.jcraft Highest Product pom name JSch High Product pom organization name JCraft,Inc. Low Product pom organization url http://www.jcraft.com/ Low Product pom url http://www.jcraft.com/jsch/ Medium Version file version 0.1.55 High Version pom version 0.1.55 Highest
Description:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There is a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
The license includes this restriction: "The software shall be used for good,
not evil." If your conscience cannot live with that, then choose a different
package.
The package compiles on Java 1.2 thru Java 1.4.
License:
The JSON License: http://json.org/license.html File Path: /home/grprdist/.m2/repository/org/json/json/20140107/json-20140107.jar
MD5: 8ca2437d3dbbaa2e76195adedfd901f4
SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3
SHA256: 8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name json-20140107 High Vendor jar package name cdl Highest Vendor jar package name http Highest Vendor jar package name json Highest Vendor jar package name json Low Vendor jar package name xml Highest Vendor pom artifactid json Highest Vendor pom artifactid json Low Vendor pom developer email douglas@crockford.com Low Vendor pom developer name Douglas Crockford Medium Vendor pom groupid org.json Highest Vendor pom name JSON in Java High Vendor pom url douglascrockford/JSON-java Highest Product file name json-20140107 High Product jar package name cdl Highest Product jar package name http Highest Product jar package name json Highest Product jar package name xml Highest Product pom artifactid json Highest Product pom developer email douglas@crockford.com Low Product pom developer name Douglas Crockford Low Product pom groupid org.json Highest Product pom name JSON in Java High Product pom url douglascrockford/JSON-java High Version file version 20140107 Medium Version pom version 20140107 Highest
CVE-2022-45688 (OSSINDEX)suppress
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. CWE-787 Out-of-bounds Write
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.json:json:20140107:*:*:*:*:*:*:* File Path: /home/grprdist/.m2/repository/net/sf/json-lib/json-lib/2.4/json-lib-2.4-jdk15.jarMD5: f5db294d05b3d5a5bfb873455b0a8626SHA1: 136743e0d12df4e785e62b48618cee169b2ae546SHA256: 8290f8871ebd3db52e36c6fa844fe172895b2c714ea589cfed3d78ad9c01a924Referenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name json-lib High Vendor jar package name json Low Vendor jar package name net Low Vendor jar package name sf Low Vendor pom artifactid json-lib Highest Vendor pom groupid net.sf.json-lib Highest Product file name json-lib High Product jar package name json Low Product jar package name sf Low Product pom artifactid json-lib Highest Version file name json-lib Medium Version file version 2.4.jdk15 High Version pom version 2.4 Highest
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/net/minidev/json-smart/2.4.8/json-smart-2.4.8.jar
MD5: 20a8427206313ed3aa85cdc47f730415
SHA1: 7c62f5f72ab05eb54d40e2abf0360a2fe9ea477f
SHA256: 174a9ad578b56644e62b3965d8bf94ac3a76e707c6343b8abac9d3671438b4b2
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name json-smart High Vendor jar package name json Highest Vendor jar package name minidev Highest Vendor jar package name net Highest Vendor jar package name parser Highest Vendor Manifest bundle-docurl https://urielch.github.io/ Low Vendor Manifest bundle-symbolicname net.minidev.json-smart Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid json-smart Highest Vendor pom artifactid json-smart Low Vendor pom developer email adoneitan@gmail.com Low Vendor pom developer email shoothzj@gmail.com Low Vendor pom developer email uchemouni@gmail.com Low Vendor pom developer id erav Medium Vendor pom developer id Shoothzj Medium Vendor pom developer id uriel Medium Vendor pom developer name Eitan Raviv Medium Vendor pom developer name Uriel Chemouni Medium Vendor pom developer name ZhangJian He Medium Vendor pom groupid net.minidev Highest Vendor pom name JSON Small and Fast Parser High Vendor pom organization name Chemouni Uriel High Vendor pom organization url https://urielch.github.io/ Medium Vendor pom url https://urielch.github.io/ Highest Product file name json-smart High Product jar package name json Highest Product jar package name minidev Highest Product jar package name net Highest Product jar package name parser Highest Product Manifest bundle-docurl https://urielch.github.io/ Low Product Manifest Bundle-Name json-smart Medium Product Manifest bundle-symbolicname net.minidev.json-smart Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid json-smart Highest Product pom developer email adoneitan@gmail.com Low Product pom developer email shoothzj@gmail.com Low Product pom developer email uchemouni@gmail.com Low Product pom developer id erav Low Product pom developer id Shoothzj Low Product pom developer id uriel Low Product pom developer name Eitan Raviv Low Product pom developer name Uriel Chemouni Low Product pom developer name ZhangJian He Low Product pom groupid net.minidev Highest Product pom name JSON Small and Fast Parser High Product pom organization name Chemouni Uriel Low Product pom organization url https://urielch.github.io/ Low Product pom url https://urielch.github.io/ Medium Version file version 2.4.8 High Version Manifest Bundle-Version 2.4.8 High Version pom version 2.4.8 Highest
pkg:maven/net.minidev/json-smart@2.4.8 (Confidence :High)cpe:2.3:a:ini-parser_project:ini-parser:2.4.8:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:json-smart_project:json-smart-v2:2.4.8:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do. License:
The MIT License: https://jsoup.org/license File Path: /home/grprdist/.m2/repository/org/jsoup/jsoup/1.15.3/jsoup-1.15.3.jar
MD5: 4f16c3b17b8c1b0173b1ed9f99f2c27c
SHA1: f6e1d8a8819f854b681c8eaa57fd59a42329e10c
SHA256: e20a5e78b1372f2a4e620832db4442d5077e5cbde280b24c666a3770844999bc
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jsoup High Vendor jar package name jsoup Highest Vendor jar package name parser Highest Vendor Manifest automatic-module-name org.jsoup Medium Vendor Manifest build-jdk-spec 18 Low Vendor Manifest bundle-docurl https://jsoup.org/ Low Vendor Manifest bundle-symbolicname org.jsoup Medium Vendor Manifest Implementation-Vendor Jonathan Hedley High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jsoup Highest Vendor pom artifactid jsoup Low Vendor pom developer email jonathan@hedley.net Low Vendor pom developer id jhy Medium Vendor pom developer name Jonathan Hedley Medium Vendor pom groupid org.jsoup Highest Vendor pom name jsoup Java HTML Parser High Vendor pom organization name Jonathan Hedley High Vendor pom organization url https://jhy.io/ Medium Vendor pom url https://jsoup.org/ Highest Product file name jsoup High Product jar package name jsoup Highest Product jar package name parser Highest Product Manifest automatic-module-name org.jsoup Medium Product Manifest build-jdk-spec 18 Low Product Manifest bundle-docurl https://jsoup.org/ Low Product Manifest Bundle-Name jsoup Java HTML Parser Medium Product Manifest bundle-symbolicname org.jsoup Medium Product Manifest Implementation-Title jsoup Java HTML Parser High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jsoup Highest Product pom developer email jonathan@hedley.net Low Product pom developer id jhy Low Product pom developer name Jonathan Hedley Low Product pom groupid org.jsoup Highest Product pom name jsoup Java HTML Parser High Product pom organization name Jonathan Hedley Low Product pom organization url https://jhy.io/ Low Product pom url https://jsoup.org/ Medium Version file version 1.15.3 High Version Manifest Bundle-Version 1.15.3 High Version Manifest Implementation-Version 1.15.3 High Version pom version 1.15.3 Highest
Description:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: Grouper Google Apps Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Highest Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version pom version 3.0.2 Highest
License:
CDDL License
: http://www.opensource.org/licenses/cddl1.php File Path: /home/grprdist/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
SHA256: ab1534b73b5fa055808e6598a5e73b599ccda28c3159c3c0908977809422ee4a
Referenced In Projects/Scopes: Grouper SCIM:compile Grouper WS Generated Client:compile Grouper WS SCIM:compile Evidence Type Source Name Value Confidence Vendor file name jsr311-api High Vendor hint analyzer vendor web services Medium Vendor jar package name javax Highest Vendor jar package name rs Highest Vendor jar package name ws Highest Vendor Manifest bundle-docurl http://www.sun.com/ Low Vendor Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium Vendor Manifest extension-name javax.ws.rs Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jsr311-api Highest Vendor pom artifactid jsr311-api Low Vendor pom groupid javax.ws.rs Highest Vendor pom name jsr311-api High Vendor pom organization name Sun Microsystems, Inc High Vendor pom organization url http://www.sun.com/ Medium Vendor pom url https://jsr311.dev.java.net Highest Product file name jsr311-api High Product hint analyzer product web services Medium Product jar package name javax Highest Product jar package name rs Highest Product jar package name ws Highest Product Manifest bundle-docurl http://www.sun.com/ Low Product Manifest Bundle-Name jsr311-api Medium Product Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium Product Manifest extension-name javax.ws.rs Medium Product Manifest specification-title JAX-RS: Java API for RESTful Web Services Medium Product pom artifactid jsr311-api Highest Product pom groupid javax.ws.rs Highest Product pom name jsr311-api High Product pom organization name Sun Microsystems, Inc Low Product pom organization url http://www.sun.com/ Low Product pom url https://jsr311.dev.java.net Medium Version file version 1.1.1 High Version Manifest Bundle-Version 1.1.1 High Version Manifest specification-version 1.1.1 High Version pom version 1.1.1 Highest
Description:
The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.
File Path: /home/grprdist/.m2/repository/javax/transaction/jta/1.1/jta-1.1.jarMD5: 82a10ce714f411b28f13850059de09eeSHA1: 2ca09f0b36ca7d71b762e14ea2ff09d5eac57558SHA256: b8ec163b4a47bad16f9a0b7d03c3210c6b0a29216d768031073ac20817c0ba50Referenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jta High Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest extension-name javax.transaction Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jta Highest Vendor pom artifactid jta Low Vendor pom groupid javax.transaction Highest Vendor pom name Java Transaction API High Vendor pom url http://java.sun.com/products/jta Highest Product file name jta High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest extension-name javax.transaction Medium Product Manifest specification-title Java Transaction API Specification Medium Product pom artifactid jta Highest Product pom groupid javax.transaction Highest Product pom name Java Transaction API High Product pom url http://java.sun.com/products/jta Medium Version file version 1.1 High Version Manifest specification-version 1.1 High Version pom version 1.1 Highest
Description:
An Embedded Lightweight Non-Relational Database License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/activemq/kahadb/5.7.0/kahadb-5.7.0.jar
MD5: 9dca17bdb723eb03b24e8532f0ccabe1
SHA1: c45eff4b78ca1f5f7469e4f4e094dbd4c8038adf
SHA256: 0cb14a39a6ae2a62a05cafd81cab688705e25df1b57fd4bac3e61a49b696b394
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name kahadb High Vendor jar package name apache Highest Vendor jar package name kahadb Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.activemq.kahadb Medium Vendor pom artifactid kahadb Highest Vendor pom artifactid kahadb Low Vendor pom groupid org.apache.activemq Highest Vendor pom name ActiveMQ :: KahaDB High Vendor pom parent-artifactid activemq-parent Low Product file name kahadb High Product jar package name apache Highest Product jar package name kahadb Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name kahadb Medium Product Manifest bundle-symbolicname org.apache.activemq.kahadb Medium Product Manifest Implementation-Title Apache ActiveMQ High Product pom artifactid kahadb Highest Product pom groupid org.apache.activemq Highest Product pom name ActiveMQ :: KahaDB High Product pom parent-artifactid activemq-parent Medium Version file version 5.7.0 High Version Manifest Bundle-Version 5.7.0 High Version Manifest Implementation-Version 5.7.0 High Version pom version 5.7.0 Highest
CVE-2014-3600 suppress
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2015-5254 suppress
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2016-3088 suppress
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
CVE-2014-3576 suppress
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2014-3612 suppress
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames. CWE-287 Improper Authentication
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2019-0222 suppress
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-11775 suppress
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.4) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-3060 suppress
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. CWE-287 Improper Authentication
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2016-0734 suppress
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. CWE-254 7PK - Security Features
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2016-6810 suppress
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2018-8006 suppress
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-13947 suppress
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1941 suppress
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-13920 suppress
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. CWE-306 Missing Authentication for Critical Function
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2012-5784 suppress
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2016-0782 suppress
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.4) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2012-6551 suppress
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests. CWE-399 Resource Management Errors
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2015-1830 suppress
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2015-6524 suppress
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. CWE-255 Credentials Management
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2015-7559 suppress
It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2012-6092 suppress
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-1879 suppress
Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message." CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-1880 suppress
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2014-8110 suppress
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Java implementation of "Tags for Identifying Languages" (RFC 5646) License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/nimbusds/lang-tag/1.7/lang-tag-1.7.jar
MD5: 31b8a4f76fdbf21f1d667f9d6618e0b2
SHA1: 97c73ecd70bc7e8eefb26c5eea84f251a63f1031
SHA256: e8c1c594e2425bdbea2d860de55c69b69fc5d59454452449a0f0913c2a5b8a31
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name lang-tag High Vendor jar package name langtag Highest Vendor jar package name nimbusds Highest Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest build-number ${buildNumber} Low Vendor Manifest build-tag 1.7 Low Vendor Manifest bundle-docurl https://connect2id.com/ Low Vendor Manifest bundle-symbolicname lang-tag Medium Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest Implementation-Vendor-Id com.nimbusds Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid lang-tag Highest Vendor pom artifactid lang-tag Low Vendor pom developer email vladimir@dzhuvinov.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name Nimbus LangTag High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com/ Medium Vendor pom url https://bitbucket.org/connect2id/nimbus-language-tags Highest Product file name lang-tag High Product jar package name langtag Highest Product jar package name nimbusds Highest Product Manifest build-date ${timestamp} Low Product Manifest build-jdk-spec 11 Low Product Manifest build-number ${buildNumber} Low Product Manifest build-tag 1.7 Low Product Manifest bundle-docurl https://connect2id.com/ Low Product Manifest Bundle-Name Nimbus LangTag Medium Product Manifest bundle-symbolicname lang-tag Medium Product Manifest Implementation-Title Nimbus LangTag High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Nimbus LangTag Medium Product pom artifactid lang-tag Highest Product pom developer email vladimir@dzhuvinov.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name Nimbus LangTag High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com/ Low Product pom url https://bitbucket.org/connect2id/nimbus-language-tags Medium Version file version 1.7 High Version Manifest build-tag 1.7 Low Version Manifest Implementation-Version 1.7 High Version pom version 1.7 Highest
Description:
Ldaptive API License:
http://www.apache.org/licenses/LICENSE-2.0.txt, http://www.gnu.org/licenses/lgpl-3.0.txt File Path: /home/grprdist/.m2/repository/org/ldaptive/ldaptive/1.2.4/ldaptive-1.2.4.jar
MD5: fb195e2011383d6dc6678ceea2406ba8
SHA1: 05866d99f046d84c243c57ad120cb7d5bc8b07a5
SHA256: 3e8bac957050e1261c06933b4e11eff4a8e45bad3dd8e42af0d851d5d942722b
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ldaptive High Vendor jar package name ldaptive Highest Vendor Manifest bundle-symbolicname org.ldaptive Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid ldaptive Highest Vendor pom artifactid ldaptive Low Vendor pom groupid org.ldaptive Highest Vendor pom name LDAPTIVE CORE High Vendor pom parent-artifactid ldaptive-parent Low Product file name ldaptive High Product jar package name ldaptive Highest Product Manifest Bundle-Name LDAPTIVE CORE Medium Product Manifest bundle-symbolicname org.ldaptive Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid ldaptive Highest Product pom groupid org.ldaptive Highest Product pom name LDAPTIVE CORE High Product pom parent-artifactid ldaptive-parent Medium Version file version 1.2.4 High Version Manifest Bundle-Version 1.2.4 High Version pom version 1.2.4 Highest
Related Dependencies ldaptive-unboundid-1.2.4.jarFile Path: /home/grprdist/.m2/repository/org/ldaptive/ldaptive-unboundid/1.2.4/ldaptive-unboundid-1.2.4.jar MD5: 7c3cdcf915f961ce2ebdf72f2e03cf92 SHA1: e753bdf56598796fe75aef2a9c2ecb45d652e846 SHA256: 1e8ed67bc1dec51fce303b32d653330f3af70fa59f659d97d19c335fc41a6e52 pkg:maven/org.ldaptive/ldaptive-unboundid@1.2.4 Description:
The Apache Log4j Implementation License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/logging/log4j/log4j-core/2.17.1/log4j-core-2.17.1.jar
MD5: 8d2f5c52700336dae846b2c3ecde7a6e
SHA1: 779f60f3844dadc3ef597976fcb1e5127b1f343d
SHA256: c967f223487980b9364e94a7c7f9a8a01fd3ee7c19bdbf0b0f9f8cb8511f3d41
Referenced In Projects/Scopes: Grouper WS Parent:compile Grouper Client:compile Grouper PSP-NG:compile Grouper WS Test:compile Grouper Office365 and Azure Provisioner:compile Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper WS SCIM:compile Grouper:compile Grouper ActiveMQ Messaging:compile Grouper SCIM:compile Grouper Box:compile Grouper API:compile Grouper WS:compile Grouper Rabbitmq:compile Grouper AMQ:compile Grouper Installer:compile Grouper WS Manual Client:compile Grouper Duo:compile Grouper Google Apps Provisioner:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name log4j-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor Manifest automatic-module-name org.apache.logging.log4j.core Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey D7C92B70FA1C814D Low Vendor Manifest log4jreleasemanager Matt Sicker Low Vendor Manifest log4jsigningusername mattsicker@apache.org Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-core Highest Vendor pom artifactid log4j-core Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j Core High Vendor pom parent-artifactid log4j Low Product file name log4j-core High Product jar package name apache Highest Product jar package name core Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product Manifest automatic-module-name org.apache.logging.log4j.core Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j Core Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Product Manifest Implementation-Title Apache Log4j Core High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Product Manifest log4jreleasekey D7C92B70FA1C814D Low Product Manifest log4jreleasemanager Matt Sicker Low Product Manifest log4jsigningusername mattsicker@apache.org Medium Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Log4j Core Medium Product pom artifactid log4j-core Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j Core High Product pom parent-artifactid log4j Medium Version file version 2.17.1 High Version Manifest Bundle-Version 2.17.1 High Version Manifest Implementation-Version 2.17.1 High Version Manifest log4jreleaseversion 2.17.1 Medium Version pom version 2.17.1 Highest
Related Dependencies log4j-1.2-api-2.17.1.jarFile Path: /home/grprdist/.m2/repository/org/apache/logging/log4j/log4j-1.2-api/2.17.1/log4j-1.2-api-2.17.1.jar MD5: a54a1f9fc3ce8352fb29cf66fbe07219 SHA1: db3a7e7f07e878b92ac4a8f1100bee8325d5713a SHA256: ca3e9150f95c31d15b9680a609b8817f8549bd395591c5ca55957d1ef0f464d6 pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.17.1 log4j-api-2.17.1.jarFile Path: /home/grprdist/.m2/repository/org/apache/logging/log4j/log4j-api/2.17.1/log4j-api-2.17.1.jar MD5: dfd5f2d81aba31583ee87fe16c7b78f8 SHA1: d771af8e336e372fb5399c99edabe0919aeaf5b2 SHA256: b0d8a4c8ab4fb8b1888d0095822703b0e6d4793c419550203da9e69196161de4 pkg:maven/org.apache.logging.log4j/log4j-api@2.17.1 Description:
The Apache Log4j SLF4J API binding to Log4j 2 Core License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.17.1/log4j-slf4j-impl-2.17.1.jar
MD5: 8d0e5934a9c341dbc3493d4039afd985
SHA1: 84692d456bcce689355d33d68167875e486954dd
SHA256: e9a03720e5d5076009c2530635da9d08485e28a0b0ec20708dadc51afb78e41e
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name log4j-slf4j-impl High Vendor jar package name apache Highest Vendor jar package name impl Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.apache.logging.log4j.slf4j Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.slf4j-impl Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey D7C92B70FA1C814D Low Vendor Manifest log4jreleasemanager Matt Sicker Low Vendor Manifest log4jsigningusername mattsicker@apache.org Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-slf4j-impl Highest Vendor pom artifactid log4j-slf4j-impl Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j SLF4J Binding High Vendor pom parent-artifactid log4j Low Product file name log4j-slf4j-impl High Product jar package name apache Highest Product jar package name impl Highest Product jar package name logging Highest Product jar package name slf4j Highest Product Manifest automatic-module-name org.apache.logging.log4j.slf4j Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j SLF4J Binding Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.slf4j-impl Medium Product Manifest Implementation-Title Apache Log4j SLF4J Binding High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/ Low Product Manifest log4jreleasekey D7C92B70FA1C814D Low Product Manifest log4jreleasemanager Matt Sicker Low Product Manifest log4jsigningusername mattsicker@apache.org Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Log4j SLF4J Binding Medium Product pom artifactid log4j-slf4j-impl Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j SLF4J Binding High Product pom parent-artifactid log4j Medium Version file version 2.17.1 High Version Manifest Bundle-Version 2.17.1 High Version Manifest Implementation-Version 2.17.1 High Version Manifest log4jreleaseversion 2.17.1 Medium Version pom version 2.17.1 Highest
File Path: /home/grprdist/.m2/repository/com/squareup/okhttp3/logging-interceptor/3.14.7/logging-interceptor-3.14.7.jarMD5: 30a08668c0c0de36ff97e48bd12492d5SHA1: 20c38a174010e77a1649752d4e60f69f74606f65SHA256: ec7e348bcf292b5bf5b34eefbde0ac91a81ea64b129824127d96b1129a0b303aReferenced In Projects/Scopes:
Grouper Office365 and Azure Provisioner:compile Grouper Duo:compile Evidence Type Source Name Value Confidence Vendor file name logging-interceptor High Vendor jar package name logging Highest Vendor jar package name okhttp3 Highest Vendor Manifest automatic-module-name okhttp3.logging Medium Vendor pom artifactid logging-interceptor Highest Vendor pom artifactid logging-interceptor Low Vendor pom groupid com.squareup.okhttp3 Highest Vendor pom name OkHttp Logging Interceptor High Vendor pom parent-artifactid parent Low Product file name logging-interceptor High Product jar package name logging Highest Product jar package name okhttp3 Highest Product Manifest automatic-module-name okhttp3.logging Medium Product pom artifactid logging-interceptor Highest Product pom groupid com.squareup.okhttp3 Highest Product pom name OkHttp Logging Interceptor High Product pom parent-artifactid parent Medium Version file version 3.14.7 High Version pom version 3.14.7 Highest
Description:
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! License:
The MIT License: http://projectlombok.org/LICENSE File Path: /home/grprdist/.m2/repository/org/projectlombok/lombok/1.14.8/lombok-1.14.8.jar
MD5: 1cbc1782a86f6e2d3b7337b1889cdfe5
SHA1: 8ac073941721e0b521ec8e8bad088b1e7b8cd332
SHA256: 0493e0a2e0873763a74959fb07b2ec74fcfd4d277a2b010df58bf33fb3fec639
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name lombok High Vendor jar package name java Highest Vendor jar package name lombok Highest Vendor jar package name org Highest Vendor jar package name tostring Highest Vendor Manifest can-redefine-classes true Low Vendor pom artifactid lombok Highest Vendor pom artifactid lombok Low Vendor pom developer email reinier@projectlombok.org Low Vendor pom developer email roel@projectlombok.org Low Vendor pom developer id rgrootjans Medium Vendor pom developer id rspilker Medium Vendor pom developer id rzwitserloot Medium Vendor pom developer name Reinier Zwitserloot Medium Vendor pom developer name Robbert Jan Grootjans Medium Vendor pom developer name Roel Spilker Medium Vendor pom groupid org.projectlombok Highest Vendor pom name Project Lombok High Vendor pom url http://projectlombok.org Highest Product file name lombok High Product jar package name java Highest Product jar package name lombok Highest Product jar package name org Highest Product jar package name tostring Highest Product Manifest can-redefine-classes true Low Product pom artifactid lombok Highest Product pom developer email reinier@projectlombok.org Low Product pom developer email roel@projectlombok.org Low Product pom developer id rgrootjans Low Product pom developer id rspilker Low Product pom developer id rzwitserloot Low Product pom developer name Reinier Zwitserloot Low Product pom developer name Robbert Jan Grootjans Low Product pom developer name Roel Spilker Low Product pom groupid org.projectlombok Highest Product pom name Project Lombok High Product pom url http://projectlombok.org Medium Version file version 1.14.8 High Version Manifest lombok-version 1.14.8 Medium Version pom version 1.14.8 Highest
Description:
JavaMail API (compat) License:
http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/grprdist/.m2/repository/javax/mail/mail/1.4.7/mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
SHA256: 78c33b4f7c7b60f4b680f2d2405b1f063d71929cf1a4fbc328888379f365fcfb
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name mail High Vendor jar package name javax Highest Vendor jar package name mail Highest Vendor jar package name provider Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname javax.mail Medium Vendor Manifest extension-name javax.mail Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid mail Highest Vendor pom artifactid mail Low Vendor pom groupid javax.mail Highest Vendor pom name JavaMail API (compat) High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.mail Medium Product file name mail High Product jar package name javax Highest Product jar package name mail Highest Product jar package name provider Highest Product jar package name sun Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JavaMail API (compat) Medium Product Manifest bundle-symbolicname javax.mail Medium Product Manifest extension-name javax.mail Medium Product Manifest Implementation-Title javax.mail High Product Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Product Manifest specification-title JavaMail(TM) API Design Specification Medium Product pom artifactid mail Highest Product pom groupid javax.mail Highest Product pom name JavaMail API (compat) High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.mail Medium Version file version 1.4.7 High Version Manifest Bundle-Version 1.4.7 High Version Manifest Implementation-Version 1.4.7 High Version pom version 1.4.7 Highest
Description:
mchange-commons-java License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.html File Path: /home/grprdist/.m2/repository/com/mchange/mchange-commons-java/0.2.15/mchange-commons-java-0.2.15.jar
MD5: 97c4575d9d49d9afb71492e6bb4417da
SHA1: 6ef5abe5f1b94ac45b7b5bad42d871da4fda6bbc
SHA256: 2b8fce65e95a3e968d5ab3507e2833f43df3daee0635ee51c7ce33343bb3a21c
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name mchange-commons-java High Vendor jar package name mchange Highest Vendor Manifest Implementation-Vendor com.mchange High Vendor Manifest Implementation-Vendor-Id com.mchange Medium Vendor Manifest specification-vendor com.mchange Low Vendor pom artifactid mchange-commons-java Highest Vendor pom artifactid mchange-commons-java Low Vendor pom developer email swaldman@mchange.com Low Vendor pom developer id swaldman Medium Vendor pom developer name Steve Waldman Medium Vendor pom groupid com.mchange Highest Vendor pom name mchange-commons-java High Vendor pom organization name com.mchange High Vendor pom url swaldman/mchange-commons-java Highest Product file name mchange-commons-java High Product jar package name mchange Highest Product Manifest Implementation-Title mchange-commons-java High Product Manifest specification-title mchange-commons-java Medium Product pom artifactid mchange-commons-java Highest Product pom developer email swaldman@mchange.com Low Product pom developer id swaldman Low Product pom developer name Steve Waldman Low Product pom groupid com.mchange Highest Product pom name mchange-commons-java High Product pom organization name com.mchange Low Product pom url swaldman/mchange-commons-java High Version file version 0.2.15 High Version Manifest Implementation-Version 0.2.15 High Version pom version 0.2.15 Highest
Description:
WS-Metadata Exchange implementation File Path: /home/grprdist/.m2/repository/org/apache/axis2/mex/1.6.3/mex-1.6.3-impl.jarMD5: 982464882b55d5c4bfe30527e2513be9SHA1: 630125f012a1b9e02b876fadacdee2072b45df3aSHA256: bc408486709a4636a95255dec40256cf1ee606469017c3b96e366e517bda5bd3Referenced In Projects/Scopes:
Grouper WS:runtime Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name mex High Vendor jar package name apache Highest Vendor jar package name axis2 Highest Vendor jar package name mex Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.axis2 Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid mex Highest Vendor pom artifactid mex Low Vendor pom groupid org.apache.axis2 Highest Vendor pom name Apache Axis2 - MEX High Vendor pom parent-artifactid axis2-parent Low Vendor pom url http://axis.apache.org/axis2/java/core/ Highest Product file name mex High Product jar package name apache Highest Product jar package name axis2 Highest Product jar package name mex Highest Product Manifest Implementation-Title Apache Axis2 - MEX High Product Manifest specification-title Apache Axis2 - MEX Medium Product pom artifactid mex Highest Product pom groupid org.apache.axis2 Highest Product pom name Apache Axis2 - MEX High Product pom parent-artifactid axis2-parent Medium Product pom url http://axis.apache.org/axis2/java/core/ Medium Version file version 1.6.3 High Version Manifest Implementation-Version 1.6.3 High Version pom version 1.6.3 Highest
Description:
A Minimal JSON Parser and Writer License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /home/grprdist/.m2/repository/com/eclipsesource/minimal-json/minimal-json/0.9.1/minimal-json-0.9.1.jar
MD5: 81b1f21832f40ce97354fca3af91736e
SHA1: 9b409b88e38b11519ce3334cbcdda361462ac72d
SHA256: a6f45beef45c4dbc8e0f2943d02bb34d9d9bb720d4a17d4dc1f0a11cd1ef5858
Referenced In Project/Scope: Grouper Box:compile
Evidence Type Source Name Value Confidence Vendor file name minimal-json High Vendor jar package name eclipsesource Highest Vendor jar package name json Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname minimal-json Medium Vendor pom artifactid minimal-json Highest Vendor pom artifactid minimal-json Low Vendor pom developer email rsternberg@eclipsesource.com Low Vendor pom developer id rsternberg Medium Vendor pom developer name Ralf Sternberg Medium Vendor pom developer org EclipseSource Medium Vendor pom developer org URL http://eclipsesource.com/ Medium Vendor pom groupid com.eclipsesource.minimal-json Highest Vendor pom name minimal-json High Vendor pom url ralfstx/minimal-json Highest Product file name minimal-json High Product jar package name eclipsesource Highest Product jar package name json Highest Product Manifest Bundle-Name minimal-json Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname minimal-json Medium Product pom artifactid minimal-json Highest Product pom developer email rsternberg@eclipsesource.com Low Product pom developer id rsternberg Low Product pom developer name Ralf Sternberg Low Product pom developer org EclipseSource Low Product pom developer org URL http://eclipsesource.com/ Low Product pom groupid com.eclipsesource.minimal-json Highest Product pom name minimal-json High Product pom url ralfstx/minimal-json High Version file version 0.9.1 High Version Manifest Bundle-Version 0.9.1 High Version pom version 0.9.1 Highest
File Path: /home/grprdist/.m2/repository/com/squareup/moshi/moshi/1.8.0/moshi-1.8.0.jarMD5: 118e54e31c739e1e8fb39f700bffc3c9SHA1: 752e7b187599d3ccb174d00ba7235e29add736beSHA256: 42fe746d2694ea11fe6a02becd9da2ca3dafe97c9efd50a0f9af5c4596e74a6aReferenced In Project/Scope: Grouper Office365 and Azure Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name moshi High Vendor jar package name moshi Highest Vendor jar package name squareup Highest Vendor Manifest automatic-module-name com.squareup.moshi Medium Vendor pom artifactid moshi Highest Vendor pom artifactid moshi Low Vendor pom groupid com.squareup.moshi Highest Vendor pom name Moshi High Vendor pom parent-artifactid moshi-parent Low Product file name moshi High Product jar package name moshi Highest Product jar package name squareup Highest Product Manifest automatic-module-name com.squareup.moshi Medium Product pom artifactid moshi Highest Product pom groupid com.squareup.moshi Highest Product pom name Moshi High Product pom parent-artifactid moshi-parent Medium Version file version 1.8.0 High Version pom version 1.8.0 Highest
Description:
mqtt-client provides an ASL 2.0 licensed API to MQTT. It takes care of
automatically reconnecting to your MQTT server and restoring your client
session if any network failures occur. Applications can use a blocking
API style, a futures based API, or a callback/continuations passing API
style.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/fusesource/mqtt-client/mqtt-client/1.3/mqtt-client-1.3.jar
MD5: b7212dee2b38b12d23b3e200c654043f
SHA1: e3722695b436f4d254263eb50bdc0a5784f74634
SHA256: b0232c3594184d80e0956fd56cab10dcd0088d046540ed311540f4a7237e2dfb
Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name mqtt-client High Vendor jar package name callback Highest Vendor jar package name client Highest Vendor jar package name fusesource Highest Vendor jar package name mqtt Highest Vendor Manifest bundle-docurl http://fusesource.com/ Low Vendor Manifest bundle-symbolicname org.fusesource.mqtt-client.mqtt-client Medium Vendor pom artifactid mqtt-client Highest Vendor pom artifactid mqtt-client Low Vendor pom groupid org.fusesource.mqtt-client Highest Vendor pom name ${project.artifactId} High Vendor pom parent-artifactid mqtt-client-project Low Product file name mqtt-client High Product jar package name callback Highest Product jar package name client Highest Product jar package name fusesource Highest Product jar package name mqtt Highest Product Manifest bundle-docurl http://fusesource.com/ Low Product Manifest Bundle-Name mqtt-client Medium Product Manifest bundle-symbolicname org.fusesource.mqtt-client.mqtt-client Medium Product Manifest Implementation-Title mqtt-client High Product pom artifactid mqtt-client Highest Product pom groupid org.fusesource.mqtt-client Highest Product pom name ${project.artifactId} High Product pom parent-artifactid mqtt-client-project Medium Version file version 1.3 High Version Manifest Bundle-Version 1.3 High Version Manifest Implementation-Version 1.3 High Version pom version 1.3 Highest
CVE-2019-0222 (OSSINDEX)suppress
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.fusesource.mqtt-client:mqtt-client:1.3:*:*:*:*:*:*:* Description:
MXParser is a fork of xpp3_min 1.1.7 containing only the parser with merged changes of the Plexus fork.
License:
Indiana University Extreme! Lab Software License: https://raw.githubusercontent.com/x-stream/mxparser/master/LICENSE.txt File Path: /home/grprdist/.m2/repository/io/github/x-stream/mxparser/1.2.2/mxparser-1.2.2.jar
MD5: 9d7e42409dfdcee9bd17903015bdeae2
SHA1: 476fb3b3bb3716cad797cd054ce45f89445794e9
SHA256: aeeee23a3303d811bca8790ea7f25b534314861c03cff36dafdcc2180969eb97
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name mxparser High Vendor jar package name github Highest Vendor jar package name io Highest Vendor jar package name mxparser Highest Vendor jar package name xstream Highest Vendor Manifest automatic-module-name io.github.xstream.mxparser Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname mxparser Medium Vendor Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Vendor Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Vendor Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Vendor Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Vendor Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.202 Low Vendor Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Vendor Manifest x-build-os Linux Low Vendor Manifest x-build-time 2021-08-18T22:35:34Z Low Vendor Manifest x-builder Maven 3.8.1 Low Vendor Manifest x-compile-source 1.4 Low Vendor Manifest x-compile-target 1.4 Low Vendor pom artifactid mxparser Highest Vendor pom artifactid mxparser Low Vendor pom developer id mxparser Medium Vendor pom developer name XStream Committers Medium Vendor pom groupid io.github.x-stream Highest Vendor pom name MXParser High Vendor pom url http://x-stream.github.io/mxparser Highest Product file name mxparser High Product jar package name github Highest Product jar package name io Highest Product jar package name mxparser Highest Product jar package name xstream Highest Product Manifest automatic-module-name io.github.xstream.mxparser Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name MXParser Medium Product Manifest bundle-symbolicname mxparser Medium Product Manifest Implementation-Title MXParser High Product Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Product Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Product Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Product Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Product Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.202 Low Product Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Product Manifest specification-title MXParser Medium Product Manifest x-build-os Linux Low Product Manifest x-build-time 2021-08-18T22:35:34Z Low Product Manifest x-builder Maven 3.8.1 Low Product Manifest x-compile-source 1.4 Low Product Manifest x-compile-target 1.4 Low Product pom artifactid mxparser Highest Product pom developer id mxparser Low Product pom developer name XStream Committers Low Product pom groupid io.github.x-stream Highest Product pom name MXParser High Product pom url http://x-stream.github.io/mxparser Medium Version file version 1.2.2 High Version Manifest Bundle-Version 1.2.2 High Version Manifest Implementation-Version 1.2.2 High Version pom version 1.2.2 Highest
Description:
JDBC Type 4 driver for MySQL License:
The GNU General Public License, v2 with FOSS exception File Path: /home/grprdist/.m2/repository/mysql/mysql-connector-java/8.0.28/mysql-connector-java-8.0.28.jar
MD5: 95cde01c78e7b04e13305338d60e056a
SHA1: 33678b1729d4f832b9e4bcb2d5bbd67940920a7a
SHA256: a00ccdf537ff50e50067b989108c2235197ffb65e197149bbb669db843cd1c3e
Referenced In Projects/Scopes: Grouper Duo:runtime Grouper ActiveMQ Messaging:runtime Grouper PSP-NG:runtime Grouper WS:runtime Grouper WS Test:runtime Grouper Office365 and Azure Provisioner:runtime Grouper AWS Messaging:runtime Grouper Rabbitmq:runtime Grouper Google Apps Provisioner:runtime Grouper UI:runtime Grouper API:runtime Grouper WS Generated Client:runtime Grouper AMQ:runtime Grouper WS SCIM:runtime Grouper SCIM:runtime Grouper Box:runtime Grouper UI webapp:runtime Evidence Type Source Name Value Confidence Vendor file name mysql-connector-java High Vendor hint analyzer vendor oracle Highest Vendor hint analyzer (hint) vendor sun Highest Vendor jar package name cj Highest Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name mysql Highest Vendor jar package name type Highest Vendor Manifest bundle-symbolicname com.mysql.cj Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.mysql Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid mysql-connector-java Highest Vendor pom artifactid mysql-connector-java Low Vendor pom groupid mysql Highest Vendor pom name MySQL Connector/J High Vendor pom organization name Oracle Corporation High Vendor pom organization url http://www.oracle.com Medium Vendor pom url http://dev.mysql.com/doc/connector-j/en/ Highest Product file name mysql-connector-java High Product hint analyzer product mysql_connector/j Highest Product hint analyzer product mysql_connector_j Highest Product hint analyzer product mysql_connectors Highest Product jar package name cj Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name mysql Highest Product jar package name type Highest Product jar package name xdevapi Highest Product Manifest Bundle-Name Oracle Corporation's JDBC and XDevAPI Driver for MySQL Medium Product Manifest bundle-symbolicname com.mysql.cj Medium Product Manifest Implementation-Title MySQL Connector/J High Product Manifest specification-title JDBC Medium Product pom artifactid mysql-connector-java Highest Product pom groupid mysql Highest Product pom name MySQL Connector/J High Product pom organization name Oracle Corporation Low Product pom organization url http://www.oracle.com Low Product pom url http://dev.mysql.com/doc/connector-j/en/ Medium Version file version 8.0.28 High Version Manifest Bundle-Version 8.0.28 High Version Manifest Implementation-Version 8.0.28 High Version pom version 8.0.28 Highest
Description:
Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/neethi/neethi/3.0.2/neethi-3.0.2.jar
MD5: 51aed43fd54c1fcc86d531fd93250bc4
SHA1: 129d23d29de183eafe787b9566c2d0bbb8eab47a
SHA256: 6131cc1fc941a49c0523c85574baeb5cf3380ab243bcc5f3ebe833b6b29c8859
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name neethi High Vendor jar package name apache Highest Vendor jar package name neethi Highest Vendor jar package name policy Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.neethi Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid neethi Highest Vendor pom artifactid neethi Low Vendor pom developer email chatra@gmail.com Low Vendor pom developer email dims@yahoo.com Low Vendor pom developer email dkulp@apache.org Low Vendor pom developer email sanjiva@opensource.lk Low Vendor pom developer email sanka@apache.org Low Vendor pom developer email veithen@apache.org Low Vendor pom developer email werner.dittmann@siemens.com Low Vendor pom developer id chatra Medium Vendor pom developer id dims Medium Vendor pom developer id dkulp Medium Vendor pom developer id sanjiva Medium Vendor pom developer id sanka Medium Vendor pom developer id veithen Medium Vendor pom developer id werner Medium Vendor pom developer name Andreas Veithen Medium Vendor pom developer name Chatra Nakkawita Medium Vendor pom developer name Daniel Kulp Medium Vendor pom developer name Davanum Srinivas Medium Vendor pom developer name Dittmann, Werner Medium Vendor pom developer name Sanjiva Weerawarana Medium Vendor pom developer name Sanka Samaranayake Medium Vendor pom developer org IBM Medium Vendor pom developer org WSO2 Inc. Medium Vendor pom groupid org.apache.neethi Highest Vendor pom name Apache Neethi High Vendor pom organization name The Apache Software Foundation High Vendor pom organization url http://www.apache.org/ Medium Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://ws.apache.org/neethi/ Highest Product file name neethi High Product jar package name apache Highest Product jar package name neethi Highest Product jar package name policy Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache Neethi Medium Product Manifest bundle-symbolicname org.apache.neethi Medium Product Manifest Implementation-Title Apache Neethi High Product Manifest specification-title Apache Neethi Medium Product pom artifactid neethi Highest Product pom developer email chatra@gmail.com Low Product pom developer email dims@yahoo.com Low Product pom developer email dkulp@apache.org Low Product pom developer email sanjiva@opensource.lk Low Product pom developer email sanka@apache.org Low Product pom developer email veithen@apache.org Low Product pom developer email werner.dittmann@siemens.com Low Product pom developer id chatra Low Product pom developer id dims Low Product pom developer id dkulp Low Product pom developer id sanjiva Low Product pom developer id sanka Low Product pom developer id veithen Low Product pom developer id werner Low Product pom developer name Andreas Veithen Low Product pom developer name Chatra Nakkawita Low Product pom developer name Daniel Kulp Low Product pom developer name Davanum Srinivas Low Product pom developer name Dittmann, Werner Low Product pom developer name Sanjiva Weerawarana Low Product pom developer name Sanka Samaranayake Low Product pom developer org IBM Low Product pom developer org WSO2 Inc. Low Product pom groupid org.apache.neethi Highest Product pom name Apache Neethi High Product pom organization name The Apache Software Foundation Low Product pom organization url http://www.apache.org/ Low Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://ws.apache.org/neethi/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version Manifest Implementation-Version 3.0.2 High Version pom parent-version 3.0.2 Low Version pom version 3.0.2 Highest
Description:
Java Concurrency Tools Core Library License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 08e7326c64d7fd6ae4ea32e7eb4e5b79
SHA1: 9deceaba814dea198202b04fe0eec0d2dbf69ea9
SHA256: acaf1b4c366f6794a734288a2c003f16af90a9c479cf4d7daade689764e4fb47
Referenced In Project/Scope: Grouper ActiveMQ Messaging:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jctools-core Low Vendor pom groupid org.jctools Highest Vendor pom name Java Concurrency Tools Core Library High Vendor pom url JCTools Highest Product pom artifactid jctools-core Highest Product pom groupid org.jctools Highest Product pom name Java Concurrency Tools Core Library High Product pom url JCTools High Version pom version 3.1.0 Highest
Description:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is dynamically linked
to OpenSSL and Apache APR.
File Path: /home/grprdist/.m2/repository/io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jarMD5: b398595d12e13f97ff9295abdf0d6a76SHA1: 9937a832d9c19861822d345b48ced388b645aa5fSHA256: d3ec888dcc4ac7915bf88b417c5e04fd354f4311032a748a6882df09347eed9aReferenced In Project/Scope: Grouper ActiveMQ Messaging:compile
Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-classes High Vendor jar package name internal Highest Vendor jar package name io Highest Vendor jar package name netty Highest Vendor jar package name tcnative Highest Vendor Manifest automatic-module-name io.netty.internal.tcnative Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-classes Medium Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-classes/ Low Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid netty-tcnative-classes Highest Vendor pom artifactid netty-tcnative-classes Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [OpenSSL - Classes] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-classes High Product jar package name internal Highest Product jar package name io Highest Product jar package name netty Highest Product jar package name tcnative Highest Product Manifest automatic-module-name io.netty.internal.tcnative Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Netty/TomcatNative [OpenSSL - Classes] Medium Product Manifest bundle-symbolicname io.netty.tcnative-classes Medium Product Manifest Implementation-Title Netty/TomcatNative [OpenSSL - Classes] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-classes/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid netty-tcnative-classes Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [OpenSSL - Classes] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.46.Final High Version Manifest Implementation-Version 2.0.46.Final High Version pom version 2.0.46.Final Highest
Description:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/grprdist/.m2/repository/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar
MD5: 6f4128413f9200c948bcceb2299bb7e5
SHA1: 99138b436a584879355aca8fe3c64b46227d5d79
SHA256: c5fb68e9a65b6e8a516adfcb9fa323479ee7b4d9449d8a529d2ecab3d3711d5a
Referenced In Project/Scope: Grouper ActiveMQ Messaging:compile
Evidence Type Source Name Value Confidence Vendor file name netty-transport High Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.transport Medium Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.transport Medium Vendor Manifest implementation-url https://netty.io/netty-transport/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid netty-transport Highest Vendor pom artifactid netty-transport Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Transport High Vendor pom parent-artifactid netty-parent Low Product file name netty-transport High Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.transport Medium Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Transport Medium Product Manifest bundle-symbolicname io.netty.transport Medium Product Manifest Implementation-Title Netty/Transport High Product Manifest implementation-url https://netty.io/netty-transport/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid netty-transport Highest Product pom groupid io.netty Highest Product pom name Netty/Transport High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.72.Final High Version Manifest Implementation-Version 4.1.72.Final High Version pom version 4.1.72.Final Highest
Related Dependencies netty-buffer-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar MD5: c634cd6c023be6687141249ea6520349 SHA1: f306eec3f79541f9b8af9c471a0d5b63b7996272 SHA256: 568ff7cd9d8e2284ec980730c88924f686642929f8f219a74518b4e64755f3a1 pkg:maven/io.netty/netty-buffer@4.1.72.Final netty-codec-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar MD5: e2af17ef73be08c189cdd70beaf4e886 SHA1: 613c4019d687db4e9a5532564e442f83c4474ed7 SHA256: 5d8591ca271a1e9c224e8de3873aa9936acb581ee0db514e7dc18523df36d16c pkg:maven/io.netty/netty-codec@4.1.72.Final netty-codec-http-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar MD5: 299f0a5309cdd6b88c370a0c3d52ee4d SHA1: a8f062d67303a5e4b2bc2ad48fb4fd8c99108e45 SHA256: fa6fec88010bfaf6a7415b5364671b6b18ffb6b35a986ab97b423fd8c3a0174b pkg:maven/io.netty/netty-codec-http@4.1.72.Final netty-common-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar MD5: 97eac92e43b01012ccfe4cf877279b90 SHA1: a55bac9c3af5f59828207b551a96ac19bbfc341e SHA256: 8adb4c291260ceb2859a68c49f0adeed36bf49587608e2b81ecff6aaf06025e9 pkg:maven/io.netty/netty-common@4.1.72.Final netty-handler-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar MD5: 745b292bba3a4abc6eda77c8bb425594 SHA1: 9feee089fee606c64be90c0332db9aef1f7d8e46 SHA256: 9cb6012af7e06361d738ac4e3bdc49a158f8cf87d9dee0f2744056b7d99c28d5 pkg:maven/io.netty/netty-handler@4.1.72.Final netty-resolver-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar MD5: 9bde143c826010ea731930a12015a62c SHA1: 4ff458458ea32ed1156086820b624a815fcbf2c0 SHA256: 6474598aab7cc9d8d6cfa06c05bd1b19adbf7f8451dbdd73070b33a6c60b1b90 pkg:maven/io.netty/netty-resolver@4.1.72.Final netty-transport-classes-epoll-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar MD5: f94c823a477eb166e2cc59024245007e SHA1: 490c922f85c8f6a5b39bdeec1f6629d58d48eaff SHA256: e1528a9751c1285aa7beaf3a1eb0597151716426ce38598ac9bc0891209b9e68 pkg:maven/io.netty/netty-transport-classes-epoll@4.1.72.Final netty-transport-classes-kqueue-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-classes-kqueue/4.1.72.Final/netty-transport-classes-kqueue-4.1.72.Final.jar MD5: a1c106eb5650211b4ba5f4673111d738 SHA1: fbcce97a6f9f79b8c5fc118bb838e7a4526d8efa SHA256: e47ef6c2d1a0aa8d4f05836e8160c4223894278a34e5967bf669154a4a30d20b pkg:maven/io.netty/netty-transport-classes-kqueue@4.1.72.Final netty-transport-native-epoll-4.1.72.Final-linux-x86_64.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-native-epoll/4.1.72.Final/netty-transport-native-epoll-4.1.72.Final-linux-x86_64.jar MD5: 994eb863fddd8729c075939e46cc3ee0 SHA1: b3eef308278d874e208388164b9eabcd1e1e6963 SHA256: 3d4639f03ef04d98ce7f9e56978d6ff5f7deaa9b51cc4f1fa92699a6eed8efb8 pkg:maven/io.netty/netty-transport-native-epoll@4.1.72.Final netty-transport-native-kqueue-4.1.72.Final-osx-x86_64.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.72.Final/netty-transport-native-kqueue-4.1.72.Final-osx-x86_64.jar MD5: d87fba69205a681e2bfb165421d8a191 SHA1: 55c34d17be1489c3936800f0505c3c04389b1848 SHA256: 4c3bbc22abadfec6fa9bfd0a74ce1948341a4b7f5e657d7397e24a6cd509ad50 pkg:maven/io.netty/netty-transport-native-kqueue@4.1.72.Final netty-transport-native-unix-common-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar MD5: 86a0352dfbd9e7155085e584d7d28f33 SHA1: cedc023ffdcb68543b22a1ebc7960a160589aa09 SHA256: 6f8f1cc29b5a234eeee9439a63eb3f03a5994aa540ff555cb0b2c88cefaf6877 pkg:maven/io.netty/netty-transport-native-unix-common@4.1.72.Final CVE-2022-41881 suppress
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-41915 suppress
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values. CWE-436 Interpretation Conflict, CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2022-24823 suppress
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.24.4/nimbus-jose-jwt-9.24.4.jar/META-INF/maven/com.google.code.gson/gson/pom.xml
MD5: 7bd7595123078326684b630486e49fa8
SHA1: f0cf3edcef8dcb74d27cb427544a309eb718d772
SHA256: e5966323d7142570b37a4be979e21bc2dae848107e4dc416d8f44d9aa3f02903
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version pom version 2.9.1 Highest
Description:
Java library for Javascript Object Signing and Encryption (JOSE) and
JSON Web Tokens (JWT)
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.24.4/nimbus-jose-jwt-9.24.4.jar
MD5: f00923fe2eb333891619668391ac4d14
SHA1: 29a1f6a00a4daa3e1873f6bf4f16ddf4d6fd6d37
SHA256: 8d589630722a4c56349248652477fdaa4e30df9c732c4d6eac2f271437246304
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name nimbus-jose-jwt High Vendor jar package name jose Highest Vendor jar package name jwt Highest Vendor jar package name nimbusds Highest Vendor Manifest automatic-module-name com.nimbusds.jose.jwt Medium Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-number ${buildNumber} Low Vendor Manifest build-tag 9.24.4 Low Vendor Manifest bundle-docurl https://connect2id.com Low Vendor Manifest bundle-symbolicname com.nimbusds.nimbus-jose-jwt Medium Vendor Manifest implementation-url https://bitbucket.org/connect2id/nimbus-jose-jwt Low Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest Implementation-Vendor-Id com.nimbusds Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid nimbus-jose-jwt Highest Vendor pom artifactid nimbus-jose-jwt Low Vendor pom developer email vladimir@dzhuvinov.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name Nimbus JOSE+JWT High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com Medium Vendor pom url https://bitbucket.org/connect2id/nimbus-jose-jwt Highest Product file name nimbus-jose-jwt High Product jar package name 9 Highest Product jar package name jose Highest Product jar package name jwt Highest Product jar package name nimbusds Highest Product Manifest automatic-module-name com.nimbusds.jose.jwt Medium Product Manifest build-date ${timestamp} Low Product Manifest build-number ${buildNumber} Low Product Manifest build-tag 9.24.4 Low Product Manifest bundle-docurl https://connect2id.com Low Product Manifest Bundle-Name Nimbus JOSE+JWT Medium Product Manifest bundle-symbolicname com.nimbusds.nimbus-jose-jwt Medium Product Manifest Implementation-Title Nimbus JOSE+JWT High Product Manifest implementation-url https://bitbucket.org/connect2id/nimbus-jose-jwt Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Nimbus JOSE+JWT Medium Product pom artifactid nimbus-jose-jwt Highest Product pom developer email vladimir@dzhuvinov.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name Nimbus JOSE+JWT High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com Low Product pom url https://bitbucket.org/connect2id/nimbus-jose-jwt Medium Version file version 9.24.4 High Version Manifest build-tag 9.24.4 Low Version Manifest Bundle-Version 9.24.4 High Version Manifest Implementation-Version 9.24.4 High Version pom version 9.24.4 Highest
Description:
OAuth 2.0 SDK with OpenID Connection extensions for developing
client and server applications.
License:
Apache License, version 2.0: https://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/grprdist/.m2/repository/com/nimbusds/oauth2-oidc-sdk/9.43.1/oauth2-oidc-sdk-9.43.1.jar
MD5: 564a5b104ad66dce737a0e281dac4293
SHA1: a25abc8ea0a91296063d55dbb57b698f81a4649c
SHA256: 65d360ca0d7bb89302a8153c7acb30214d5c027b177c714d72dc05d41f993204
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name oauth2-oidc-sdk High Vendor jar package name client Highest Vendor jar package name connect Highest Vendor jar package name nimbusds Highest Vendor jar package name oauth2 Highest Vendor jar package name openid Highest Vendor jar package name sdk Highest Vendor Manifest build-date 20220909.152910.032 Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest build-number e3848927b9884a3f19aa947388ec605a7bcc4d65 Low Vendor Manifest build-tag 9.43.1 Low Vendor Manifest bundle-developers vdzhuvinov;email="vd@connect2id.com";name="Vladimir Dzhuvinov" Low Vendor Manifest bundle-docurl https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Low Vendor Manifest bundle-symbolicname oauth2-oidc-sdk Medium Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid oauth2-oidc-sdk Highest Vendor pom artifactid oauth2-oidc-sdk Low Vendor pom developer email vd@connect2id.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name OAuth 2.0 SDK with OpenID Connect extensions High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com Medium Vendor pom url https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Highest Product file name oauth2-oidc-sdk High Product jar package name client Highest Product jar package name connect Highest Product jar package name nimbusds Highest Product jar package name oauth2 Highest Product jar package name openid Highest Product jar package name sdk Highest Product Manifest build-date 20220909.152910.032 Low Product Manifest build-jdk-spec 11 Low Product Manifest build-number e3848927b9884a3f19aa947388ec605a7bcc4d65 Low Product Manifest build-tag 9.43.1 Low Product Manifest bundle-developers vdzhuvinov;email="vd@connect2id.com";name="Vladimir Dzhuvinov" Low Product Manifest bundle-docurl https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Low Product Manifest Bundle-Name OAuth 2.0 SDK with OpenID Connect extensions Medium Product Manifest bundle-symbolicname oauth2-oidc-sdk Medium Product Manifest Implementation-Title OAuth 2.0 SDK with OpenID Connect extensions High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title OAuth 2.0 SDK with OpenID Connect extensions Medium Product pom artifactid oauth2-oidc-sdk Highest Product pom developer email vd@connect2id.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name OAuth 2.0 SDK with OpenID Connect extensions High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com Low Product pom url https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Medium Version file version 9.43.1 High Version Manifest build-tag 9.43.1 Low Version Manifest Bundle-Version 9.43.1 High Version Manifest Implementation-Version 9.43.1 High Version pom version 9.43.1 Highest
File Path: /home/grprdist/.m2/repository/com/squareup/okhttp3/okhttp/3.14.7/okhttp-3.14.7.jarMD5: 46fa74c5a760f81f448f3b86a3c1bdddSHA1: a8656952ad4315057d92e7b58bfd232c823e034fSHA256: 620d4fa43c5c6a5ef625760204a88799e1e4a65e1c7a1d8da02e061c4cbb8000Referenced In Projects/Scopes:
Grouper Office365 and Azure Provisioner:compile Grouper Duo:compile Evidence Type Source Name Value Confidence Vendor file name okhttp High Vendor jar package name okhttp3 Highest Vendor Manifest automatic-module-name okhttp3 Medium Vendor pom artifactid okhttp Highest Vendor pom artifactid okhttp Low Vendor pom groupid com.squareup.okhttp3 Highest Vendor pom name OkHttp High Vendor pom parent-artifactid parent Low Product file name okhttp High Product jar package name okhttp3 Highest Product Manifest automatic-module-name okhttp3 Medium Product pom artifactid okhttp Highest Product pom groupid com.squareup.okhttp3 Highest Product pom name OkHttp High Product pom parent-artifactid parent Medium Version file version 3.14.7 High Version pom version 3.14.7 Highest
CVE-2021-0341 (OSSINDEX)suppress
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.squareup.okhttp3:okhttp:3.14.7:*:*:*:*:*:*:* File Path: /home/grprdist/.m2/repository/com/squareup/okio/okio/1.17.2/okio-1.17.2.jarMD5: 54a6a8979bd8e64e1fbf21d511654737SHA1: 78c7820b205002da4d2d137f6f312bd64b3d6049SHA256: f80ce42d2ffac47ad4c47e1d6f980d604d247ceb1a886705cf4581ab0c9fe2b8Referenced In Projects/Scopes:
Grouper Office365 and Azure Provisioner:compile Grouper Duo:compile Evidence Type Source Name Value Confidence Vendor file name okio High Vendor jar package name okio Highest Vendor Manifest automatic-module-name okio Medium Vendor pom artifactid okio Highest Vendor pom artifactid okio Low Vendor pom groupid com.squareup.okio Highest Vendor pom name Okio High Vendor pom parent-artifactid okio-parent Low Product file name okio High Product jar package name okio Highest Product Manifest automatic-module-name okio Medium Product pom artifactid okio Highest Product pom groupid com.squareup.okio Highest Product pom name Okio High Product pom parent-artifactid okio-parent Medium Version file version 1.17.2 High Version pom version 1.17.2 Highest
Description:
The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language
(SAML).
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/opensaml/opensaml/2.6.4/opensaml-2.6.4.jar
MD5: 70e20154abc9a94e230b5679e3603e5a
SHA1: de2c742b770bd58328fd05ebd9d9efc85f79d88c
SHA256: b8297a0b783113a5e0113ee69683addf99194b3ff981c0c90b85dda492f30064
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name opensaml High Vendor hint analyzer vendor shibboleth Highest Vendor jar package name assertion Highest Vendor jar package name opensaml Highest Vendor jar package name security Highest Vendor jar package name support Highest Vendor manifest: org/opensaml/ Implementation-Vendor www.opensaml.org Medium Vendor pom artifactid opensaml Highest Vendor pom artifactid opensaml Low Vendor pom developer id cantor Medium Vendor pom developer id lajoie Medium Vendor pom developer id ndk Medium Vendor pom developer id putmanb Medium Vendor pom developer id rdw Medium Vendor pom developer name Brent Putman Medium Vendor pom developer name Chad La Joie Medium Vendor pom developer name Nate Klingenstein Medium Vendor pom developer name Rod Widdowson Medium Vendor pom developer name Scott Cantor Medium Vendor pom developer org Georgetown University Medium Vendor pom developer org Internet2 Medium Vendor pom developer org Itumi, LLC Medium Vendor pom developer org The Ohio State University Medium Vendor pom developer org University of Edinburgh Medium Vendor pom developer org URL http://itumi.biz Medium Vendor pom developer org URL http://www.ed.ac.uk/ Medium Vendor pom developer org URL http://www.georgetown.edu/ Medium Vendor pom developer org URL http://www.internet2.edu/ Medium Vendor pom developer org URL http://www.ohio-state.edu/ Medium Vendor pom groupid org.opensaml Highest Vendor pom name OpenSAML-J High Vendor pom organization name Internet2 High Vendor pom organization url http://www.internet2.edu/ Medium Vendor pom parent-artifactid parent-v2 Low Vendor pom parent-groupid net.shibboleth Medium Vendor pom url http://opensaml.org/ Highest Product file name opensaml High Product hint analyzer product opensaml Highest Product jar package name assertion Highest Product jar package name opensaml Highest Product jar package name profile Highest Product jar package name saml Highest Product jar package name security Highest Product jar package name support Highest Product jar package name version Highest Product jar package name xacml Highest Product manifest: org/opensaml/ Implementation-Title opensaml Medium Product manifest: org/opensaml/saml1/ Specification-Title Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 Medium Product manifest: org/opensaml/saml2/ Specification-Title Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0 Medium Product manifest: org/opensaml/xacml/ Specification-Title eXtensible Access Control Markup Language (XACML) Version 2.0 Medium Product manifest: org/opensaml/xacml/profile/saml/ Specification-Title SAML 2.0 Profile of XACML, Version 2 Medium Product pom artifactid opensaml Highest Product pom developer id cantor Low Product pom developer id lajoie Low Product pom developer id ndk Low Product pom developer id putmanb Low Product pom developer id rdw Low Product pom developer name Brent Putman Low Product pom developer name Chad La Joie Low Product pom developer name Nate Klingenstein Low Product pom developer name Rod Widdowson Low Product pom developer name Scott Cantor Low Product pom developer org Georgetown University Low Product pom developer org Internet2 Low Product pom developer org Itumi, LLC Low Product pom developer org The Ohio State University Low Product pom developer org University of Edinburgh Low Product pom developer org URL http://itumi.biz Low Product pom developer org URL http://www.ed.ac.uk/ Low Product pom developer org URL http://www.georgetown.edu/ Low Product pom developer org URL http://www.internet2.edu/ Low Product pom developer org URL http://www.ohio-state.edu/ Low Product pom groupid org.opensaml Highest Product pom name OpenSAML-J High Product pom organization name Internet2 Low Product pom organization url http://www.internet2.edu/ Low Product pom parent-artifactid parent-v2 Medium Product pom parent-groupid net.shibboleth Medium Product pom url http://opensaml.org/ Medium Version file version 2.6.4 High Version manifest: org/opensaml/ Implementation-Version 2.6.4 Medium Version pom parent-version 2.6.4 Low Version pom version 2.6.4 Highest
Description:
The OpenWS library provides a growing set of tools to work with web services at a low level. These tools include
classes for creating and reading SOAP messages, transport-independent clients for connecting to web services,
and various transports for use with those clients.
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/opensaml/openws/1.5.4/openws-1.5.4.jar
MD5: 5b5f0fbe27277f2d119d4c4feab48a12
SHA1: 942bd987e5956fcdf1eaa56cde87112ea871d0e8
SHA256: 6bb7ed759c3c5318ee44cfe1cf483a91e31688df78b9501fcebd05dca559df76
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name openws High Vendor jar package name opensaml Highest Vendor jar package name soap Highest Vendor jar package name transport Highest Vendor manifest: org/opensaml/ws/ Implementation-Vendor www.opensaml.org Medium Vendor pom artifactid openws Highest Vendor pom artifactid openws Low Vendor pom developer id cantor Medium Vendor pom developer id lajoie Medium Vendor pom developer id ndk Medium Vendor pom developer id putmanb Medium Vendor pom developer id rdw Medium Vendor pom developer name Brent Putman Medium Vendor pom developer name Chad La Joie Medium Vendor pom developer name Nate Klingenstein Medium Vendor pom developer name Rod Widdowson Medium Vendor pom developer name Scott Cantor Medium Vendor pom developer org Georgetown University Medium Vendor pom developer org Internet2 Medium Vendor pom developer org Itumi, LLC Medium Vendor pom developer org The Ohio State University Medium Vendor pom developer org University of Edinburgh Medium Vendor pom developer org URL http://itumi.biz Medium Vendor pom developer org URL http://www.ed.ac.uk/ Medium Vendor pom developer org URL http://www.georgetown.edu/ Medium Vendor pom developer org URL http://www.internet2.edu/ Medium Vendor pom developer org URL http://www.ohio-state.edu/ Medium Vendor pom groupid org.opensaml Highest Vendor pom name OpenWS High Vendor pom organization name Internet2 High Vendor pom organization url http://www.internet2.edu/ Medium Vendor pom parent-artifactid parent-v2 Low Vendor pom parent-groupid net.shibboleth Medium Vendor pom url http://opensaml.org/ Highest Product file name openws High Product jar package name opensaml Highest Product jar package name policy Highest Product jar package name security Highest Product jar package name soap Highest Product jar package name transport Highest Product jar package name ws Highest Product manifest: org/opensaml/ws/ Implementation-Title openws Medium Product manifest: org/opensaml/ws/soap/soap11/ Specification-Title Simple Object Access Protocol (SOAP) 1.1 Medium Product manifest: org/opensaml/ws/wsaddressing/ Specification-Title WS-Addressing Medium Product manifest: org/opensaml/ws/wsfed/ Specification-Title WS-Federation Medium Product manifest: org/opensaml/ws/wspolicy/ Specification-Title WS-Policy Medium Product manifest: org/opensaml/ws/wssecurity/ Specification-Title WS-Security Medium Product manifest: org/opensaml/ws/wstrust/ Specification-Title WS-Trust Medium Product pom artifactid openws Highest Product pom developer id cantor Low Product pom developer id lajoie Low Product pom developer id ndk Low Product pom developer id putmanb Low Product pom developer id rdw Low Product pom developer name Brent Putman Low Product pom developer name Chad La Joie Low Product pom developer name Nate Klingenstein Low Product pom developer name Rod Widdowson Low Product pom developer name Scott Cantor Low Product pom developer org Georgetown University Low Product pom developer org Internet2 Low Product pom developer org Itumi, LLC Low Product pom developer org The Ohio State University Low Product pom developer org University of Edinburgh Low Product pom developer org URL http://itumi.biz Low Product pom developer org URL http://www.ed.ac.uk/ Low Product pom developer org URL http://www.georgetown.edu/ Low Product pom developer org URL http://www.internet2.edu/ Low Product pom developer org URL http://www.ohio-state.edu/ Low Product pom groupid org.opensaml Highest Product pom name OpenWS High Product pom organization name Internet2 Low Product pom organization url http://www.internet2.edu/ Low Product pom parent-artifactid parent-v2 Medium Product pom parent-groupid net.shibboleth Medium Product pom url http://opensaml.org/ Medium Version file version 1.5.4 High Version manifest: org/opensaml/ws/ Implementation-Version 1.5.4 Medium Version pom parent-version 1.5.4 Low Version pom version 1.5.4 Highest
Description:
OSGi R8 framework implementation. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/felix/org.apache.felix.framework/7.0.3/org.apache.felix.framework-7.0.3.jar
MD5: ea392d1ab3f5f416f8aa1ac14c1c14ff
SHA1: c60632913c11ae47e8a6dcd5b617f48ee17693f5
SHA256: afd53fb601da924552129a965e3c2fbe1a17a3824b77c7f74b318606ef9a174d
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name org.apache.felix.framework High Vendor jar package name apache Highest Vendor jar package name felix Highest Vendor jar package name framework Highest Vendor Manifest add-opens java.base/java.net java.base/sun.net.www.protocol.file java.base/sun.net.www.protocol.ftp java.base/sun.net.www.protocol.http java.base/sun.net.www.protocol.https java.base/sun.net.www.protocol.jar java.base/sun.net.www.protocol.jmod java.base/sun.net.www.protocol.mailto java.base/sun.net.www.protocol.jrt java.base/jdk.internal.loader java.base/java.security Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.felix.framework Medium Vendor Manifest provide-capability osgi.service;objectClass="org.osgi.service.packageadmin.PackageAdmin",osgi.service;objectClass="org.osgi.service.startlevel.StartLevel" Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid apache.felix.framework Low Vendor pom artifactid org.apache.felix.framework Highest Vendor pom groupid org.apache.felix Highest Vendor pom name Apache Felix Framework High Vendor pom parent-artifactid felix-parent Low Product file name org.apache.felix.framework High Product jar package name apache Highest Product jar package name felix Highest Product jar package name filter Highest Product jar package name framework Highest Product jar package name osgi Highest Product jar package name packageadmin Highest Product jar package name service Highest Product jar package name startlevel Highest Product jar package name version Highest Product Manifest add-opens java.base/java.net java.base/sun.net.www.protocol.file java.base/sun.net.www.protocol.ftp java.base/sun.net.www.protocol.http java.base/sun.net.www.protocol.https java.base/sun.net.www.protocol.jar java.base/sun.net.www.protocol.jmod java.base/sun.net.www.protocol.mailto java.base/sun.net.www.protocol.jrt java.base/jdk.internal.loader java.base/java.security Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Felix Framework Medium Product Manifest bundle-symbolicname org.apache.felix.framework Medium Product Manifest provide-capability osgi.service;objectClass="org.osgi.service.packageadmin.PackageAdmin",osgi.service;objectClass="org.osgi.service.startlevel.StartLevel" Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid apache.felix.framework Highest Product pom artifactid org.apache.felix.framework Highest Product pom groupid org.apache.felix Highest Product pom name Apache Felix Framework High Product pom parent-artifactid felix-parent Medium Version file version 7.0.3 High Version Manifest Bundle-Version 7.0.3 High Version pom parent-version 7.0.3 Low Version pom version 7.0.3 Highest
Description:
WSO2 Charon - SCIM Implementation License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/wso2/charon/org.wso2.charon.core/2.1.3/org.wso2.charon.core-2.1.3.jar
MD5: b9c7fdad7ba33088ae18eb87f62850c9
SHA1: a59aac1d9b10638093a2b34c7e85b8197fd7b116
SHA256: 9faad93994ffc2226a1252b224101a7f95f576d6af4231ff2ac150042586c757
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name org.wso2.charon.core High Vendor jar package name charon Highest Vendor jar package name core Highest Vendor jar package name wso2 Highest Vendor Manifest bundle-docurl http://www.wso2.org/ Low Vendor Manifest bundle-symbolicname org.wso2.charon.core Medium Vendor pom artifactid org.wso2.charon.core Highest Vendor pom artifactid wso2.charon.core Low Vendor pom groupid org.wso2.charon Highest Vendor pom name WSO2 Charon - Core High Vendor pom parent-artifactid charon-parent Low Vendor pom url http://wso2.com Highest Product file name org.wso2.charon.core High Product jar package name charon Highest Product jar package name core Highest Product jar package name wso2 Highest Product Manifest bundle-docurl http://www.wso2.org/ Low Product Manifest Bundle-Name org.wso2.charon.core Medium Product Manifest bundle-symbolicname org.wso2.charon.core Medium Product pom artifactid org.wso2.charon.core Highest Product pom artifactid wso2.charon.core Highest Product pom groupid org.wso2.charon Highest Product pom name WSO2 Charon - Core High Product pom parent-artifactid charon-parent Medium Product pom url http://wso2.com Medium Version file version 2.1.3 High Version Manifest Bundle-Version 2.1.3 High Version pom version 2.1.3 Highest
Description:
WSO2 Charon - SCIM Implementation File Path: /home/grprdist/.m2/repository/org/wso2/charon/org.wso2.charon.samples/2.1.3/org.wso2.charon.samples-2.1.3.jarMD5: 174188250207f852a6d4a40c07214659SHA1: 86648e72e7c865855deca7655eabeac741e3b918SHA256: c2c9c64c2420f5b6c354d560c003d06bbffa3c61c23eafc42ff76a1913fcdd64Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name org.wso2.charon.samples High Vendor jar package name charon Highest Vendor jar package name samples Highest Vendor jar package name wso2 Highest Vendor Manifest Implementation-Vendor WSO2 High Vendor Manifest Implementation-Vendor-Id org.wso2.charon Medium Vendor Manifest specification-vendor WSO2 Low Vendor pom artifactid org.wso2.charon.samples Highest Vendor pom artifactid wso2.charon.samples Low Vendor pom groupid org.wso2.charon Highest Vendor pom name WSO2 Charon - Samples High Vendor pom parent-artifactid charon-parent Low Vendor pom url http://wso2.com Highest Product file name org.wso2.charon.samples High Product jar package name charon Highest Product jar package name samples Highest Product jar package name wso2 Highest Product Manifest Implementation-Title WSO2 Charon - Samples High Product Manifest specification-title WSO2 Charon - Samples Medium Product pom artifactid org.wso2.charon.samples Highest Product pom artifactid wso2.charon.samples Highest Product pom groupid org.wso2.charon Highest Product pom name WSO2 Charon - Samples High Product pom parent-artifactid charon-parent Medium Product pom url http://wso2.com Medium Version file version 2.1.3 High Version Manifest Implementation-Version 2.1.3 High Version pom version 2.1.3 Highest
Description:
WSO2 Charon - SCIM Implementation File Path: /home/grprdist/.m2/repository/org/wso2/charon/org.wso2.charon.utils/2.1.3/org.wso2.charon.utils-2.1.3.jarMD5: c917fc503ca82dde2b06436b86381316SHA1: 3b8f16bcad7686008de6c4932155003322beb04fSHA256: 346183f82796efc1acb1b41c6925ef9264735569c4804447102f7652e935b2b4Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name org.wso2.charon.utils High Vendor jar package name charon Highest Vendor jar package name utils Highest Vendor jar package name wso2 Highest Vendor Manifest Implementation-Vendor WSO2 High Vendor Manifest Implementation-Vendor-Id org.wso2.charon Medium Vendor Manifest specification-vendor WSO2 Low Vendor pom artifactid org.wso2.charon.utils Highest Vendor pom artifactid wso2.charon.utils Low Vendor pom groupid org.wso2.charon Highest Vendor pom name WSO2 Charon - Utils High Vendor pom parent-artifactid charon-parent Low Vendor pom url http://wso2.com Highest Product file name org.wso2.charon.utils High Product jar package name charon Highest Product jar package name utils Highest Product jar package name wso2 Highest Product Manifest Implementation-Title WSO2 Charon - Utils High Product Manifest specification-title WSO2 Charon - Utils Medium Product pom artifactid org.wso2.charon.utils Highest Product pom artifactid wso2.charon.utils Highest Product pom groupid org.wso2.charon Highest Product pom name WSO2 Charon - Utils High Product pom parent-artifactid charon-parent Medium Product pom url http://wso2.com Medium Version file version 2.1.3 High Version Manifest Implementation-Version 2.1.3 High Version pom version 2.1.3 Highest
CVE-2021-4277 suppress
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability. CWE-330 Use of Insufficiently Random Values
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
File Path: /home/grprdist/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jarMD5: 42e940d5d2d822f4dc04c65053e630abSHA1: 5592374f834645c4ae250f4c9fbb314c9369d698SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26eReferenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name oro High Vendor jar package name apache Highest Vendor jar package name oro Highest Vendor manifest: org/apache/oro Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid oro Highest Vendor pom artifactid oro Low Vendor pom groupid oro Highest Product file name oro High Product jar package name apache Highest Product jar package name oro Highest Product manifest: org/apache/oro Implementation-Title org.apache.oro Medium Product manifest: org/apache/oro Specification-Title Jakarta ORO Medium Product pom artifactid oro Highest Product pom groupid oro Highest Version file version 2.0.8 High Version pom version 2.0.8 Highest
Description:
Used by various API providers that rely on META-INF/services mechanism to locate providers. License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.3/osgi-resource-locator-1.0.3.jar
MD5: e7e82b82118c5387ae45f7bf3892909b
SHA1: de3b21279df7e755e38275137539be5e2c80dd58
SHA256: aab5d7849f7cfcda2cc7c541ba1bd365151d42276f151c825387245dfde3dd74
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name osgi-resource-locator High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid osgi-resource-locator Highest Vendor pom artifactid osgi-resource-locator Low Vendor pom developer id ss141213 Medium Vendor pom developer name Sahoo Medium Vendor pom developer org Oracle Corporation Medium Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name OSGi resource locator High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Product file name osgi-resource-locator High Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name OSGi resource locator Medium Product Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid osgi-resource-locator Highest Product pom developer id ss141213 Low Product pom developer name Sahoo Low Product pom developer org Oracle Corporation Low Product pom groupid org.glassfish.hk2 Highest Product pom name OSGi resource locator High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Version file version 1.0.3 High Version Manifest Bundle-Version 1.0.3 High Version pom parent-version 1.0.3 Low Version pom version 1.0.3 Highest
Description:
Java command line parser with both an annotations API and a programmatic API. Usage help with ANSI styles and colors. Autocomplete. Nested subcommands. Easily included as source to avoid adding a dependency. License:
The Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/info/picocli/picocli/4.3.2/picocli-4.3.2.jar
MD5: f20bf12b29c0ffea894d557336171f39
SHA1: 37a9ed41f7a028611775b6e8ad831e3e5fcd6280
SHA256: 43c9cf516012aad1ac5ce6b54642e9cb1271e66d827b06a879fd314144d57550
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name picocli High Vendor jar package name autocomplete Highest Vendor jar package name picocli Highest Vendor Manifest bundle-symbolicname picocli Medium Vendor Manifest Implementation-Vendor Remko Popma High Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest specification-vendor Remko Popma Low Vendor pom artifactid picocli Highest Vendor pom artifactid picocli Low Vendor pom developer email rpopma@apache.org Low Vendor pom developer id rpopma Medium Vendor pom developer name Remko Popma Medium Vendor pom groupid info.picocli Highest Vendor pom name picocli - a mighty tiny Command Line Interface High Vendor pom url http://picocli.info Highest Product file name picocli High Product jar package name autocomplete Highest Product jar package name picocli Highest Product Manifest Bundle-Name picocli Medium Product Manifest bundle-symbolicname picocli Medium Product Manifest Implementation-Title picocli High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest specification-title picocli Medium Product pom artifactid picocli Highest Product pom developer email rpopma@apache.org Low Product pom developer id rpopma Low Product pom developer name Remko Popma Low Product pom groupid info.picocli Highest Product pom name picocli - a mighty tiny Command Line Interface High Product pom url http://picocli.info Medium Version file version 4.3.2 High Version Manifest Bundle-Version 4.3.2 High Version Manifest Implementation-Version 4.3.2 High Version pom version 4.3.2 Highest
Description:
PostgreSQL JDBC Driver Postgresql License:
BSD-2-Clause: https://jdbc.postgresql.org/about/license.html File Path: /home/grprdist/.m2/repository/org/postgresql/postgresql/42.5.1/postgresql-42.5.1.jar
MD5: 378f8a2ddab2564a281e5f852800e2e9
SHA1: ac2f61eb3b1b4e47ea45de47e73d2e92f49e3ce1
SHA256: 89e8bffa8b37b9487946012c690cf04f3103953051c1c193d88ee36b68d365ae
Referenced In Projects/Scopes: Grouper Duo:runtime Grouper ActiveMQ Messaging:runtime Grouper PSP-NG:runtime Grouper WS:runtime Grouper WS Test:runtime Grouper Office365 and Azure Provisioner:runtime Grouper AWS Messaging:runtime Grouper Rabbitmq:runtime Grouper Google Apps Provisioner:runtime Grouper UI:runtime Grouper API:runtime Grouper WS Generated Client:runtime Grouper AMQ:runtime Grouper WS SCIM:runtime Grouper SCIM:runtime Grouper Box:runtime Grouper UI webapp:runtime Evidence Type Source Name Value Confidence Vendor file name postgresql High Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name postgresql Highest Vendor Manifest automatic-module-name org.postgresql.jdbc Medium Vendor Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Vendor Manifest bundle-docurl https://jdbc.postgresql.org/ Low Vendor Manifest bundle-symbolicname org.postgresql.jdbc Medium Vendor Manifest Implementation-Vendor PostgreSQL Global Development Group High Vendor Manifest Implementation-Vendor-Id org.postgresql Medium Vendor Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Vendor Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid postgresql Highest Vendor pom artifactid postgresql Low Vendor pom developer id bokken Medium Vendor pom developer id davecramer Medium Vendor pom developer id jurka Medium Vendor pom developer id oliver Medium Vendor pom developer id ringerc Medium Vendor pom developer id vlsi Medium Vendor pom developer name Brett Okken Medium Vendor pom developer name Craig Ringer Medium Vendor pom developer name Dave Cramer Medium Vendor pom developer name Kris Jurka Medium Vendor pom developer name Oliver Jowett Medium Vendor pom developer name Vladimir Sitnikov Medium Vendor pom groupid org.postgresql Highest Vendor pom name PostgreSQL JDBC Driver High Vendor pom organization name PostgreSQL Global Development Group High Vendor pom organization url https://jdbc.postgresql.org/ Medium Vendor pom url https://jdbc.postgresql.org Highest Product file name postgresql High Product hint analyzer product pgjdbc Highest Product hint analyzer product postgresql_jdbc_driver Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name osgi Highest Product jar package name postgresql Highest Product jar package name version Highest Product Manifest automatic-module-name org.postgresql.jdbc Medium Product Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Product Manifest bundle-docurl https://jdbc.postgresql.org/ Low Product Manifest Bundle-Name PostgreSQL JDBC Driver Medium Product Manifest bundle-symbolicname org.postgresql.jdbc Medium Product Manifest Implementation-Title PostgreSQL JDBC Driver High Product Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Product Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Product Manifest specification-title JDBC Medium Product pom artifactid postgresql Highest Product pom developer id bokken Low Product pom developer id davecramer Low Product pom developer id jurka Low Product pom developer id oliver Low Product pom developer id ringerc Low Product pom developer id vlsi Low Product pom developer name Brett Okken Low Product pom developer name Craig Ringer Low Product pom developer name Dave Cramer Low Product pom developer name Kris Jurka Low Product pom developer name Oliver Jowett Low Product pom developer name Vladimir Sitnikov Low Product pom groupid org.postgresql Highest Product pom name PostgreSQL JDBC Driver High Product pom organization name PostgreSQL Global Development Group Low Product pom organization url https://jdbc.postgresql.org/ Low Product pom url https://jdbc.postgresql.org Medium Version file version 42.5.1 High Version Manifest Bundle-Version 42.5.1 High Version Manifest Implementation-Version 42.5.1 High Version pom version 42.5.1 Highest
Description:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
License:
https://opensource.org/licenses/BSD-3-Clause File Path: /home/grprdist/.m2/repository/com/google/protobuf/protobuf-java/3.11.4/protobuf-java-3.11.4.jar
MD5: c4ceefed77d79affded2a1302e74606d
SHA1: 7ec0925cc3aef0335bbc7d57edfd42b0f86f8267
SHA256: 42e98f58f53d1a49fd734c2dd193880f2dfec3436a2993a00d06b8800a22a3f2
Referenced In Projects/Scopes: Grouper Duo:runtime Grouper ActiveMQ Messaging:runtime Grouper PSP-NG:runtime Grouper WS:runtime Grouper WS Test:runtime Grouper Office365 and Azure Provisioner:runtime Grouper AWS Messaging:runtime Grouper Rabbitmq:runtime Grouper Google Apps Provisioner:runtime Grouper UI:runtime Grouper API:runtime Grouper WS Generated Client:runtime Grouper AMQ:runtime Grouper WS SCIM:runtime Grouper SCIM:runtime Grouper Box:runtime Grouper UI webapp:runtime Evidence Type Source Name Value Confidence Vendor file name protobuf-java High Vendor jar package name google Highest Vendor jar package name protobuf Highest Vendor Manifest automatic-module-name com.google.protobuf Medium Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Vendor Manifest bundle-symbolicname com.google.protobuf Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid protobuf-java Highest Vendor pom artifactid protobuf-java Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Core] High Vendor pom parent-artifactid protobuf-parent Low Product file name protobuf-java High Product jar package name google Highest Product jar package name protobuf Highest Product Manifest automatic-module-name com.google.protobuf Medium Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Product Manifest Bundle-Name Protocol Buffers [Core] Medium Product Manifest bundle-symbolicname com.google.protobuf Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid protobuf-java Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Core] High Product pom parent-artifactid protobuf-parent Medium Version file version 3.11.4 High Version Manifest Bundle-Version 3.11.4 High Version pom version 3.11.4 Highest
CVE-2022-3171 suppress
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2022-3509 (OSSINDEX)suppress
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.google.protobuf:protobuf-java:3.11.4:*:*:*:*:*:*:* CVE-2022-3510 (OSSINDEX)suppress
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-3510 for details CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.google.protobuf:protobuf-java:3.11.4:*:*:*:*:*:*:* CVE-2021-22569 suppress
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
Description:
Proton is a library for speaking AMQP. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/qpid/proton-j/0.33.10/proton-j-0.33.10.jar
MD5: 55d0529cb097f647e53cff7a4189b128
SHA1: fb31048dec7642e31982a46500acb211f52f6314
SHA256: 1fcddf5c76e70eff331900443c51e1a2c8d313b5ffc70611995fadfb6c36d96a
Referenced In Project/Scope: Grouper ActiveMQ Messaging:compile
Evidence Type Source Name Value Confidence Vendor file name proton-j High Vendor jar package name apache Highest Vendor jar package name proton Highest Vendor jar package name qpid Highest Vendor Manifest automatic-module-name org.apache.qpid.proton.j Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.qpid.proton-j Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid proton-j Highest Vendor pom artifactid proton-j Low Vendor pom groupid org.apache.qpid Highest Vendor pom name Proton-J High Vendor pom parent-artifactid proton-j-parent Low Product file name proton-j High Product jar package name amqp Highest Product jar package name apache Highest Product jar package name proton Highest Product jar package name qpid Highest Product Manifest automatic-module-name org.apache.qpid.proton.j Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Proton-J Medium Product Manifest bundle-symbolicname org.apache.qpid.proton-j Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid proton-j Highest Product pom groupid org.apache.qpid Highest Product pom name Proton-J High Product pom parent-artifactid proton-j-parent Medium Version file version 0.33.10 High Version Manifest Bundle-Version 0.33.10 High Version pom version 0.33.10 Highest
Description:
The core JMS Client implementation License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/qpid/qpid-jms-client/0.61.0/qpid-jms-client-0.61.0.jar
MD5: e8bd7c8a71cdcebbd6701084d4caae11
SHA1: f53f49713a144de8e46cffb4af24a1775dea1e0c
SHA256: 7aea6f78c010c34cce82de3f837ccf17362c4d05588bd2d0af6e938de575ca0b
Referenced In Project/Scope: Grouper ActiveMQ Messaging:compile
Evidence Type Source Name Value Confidence Vendor file name qpid-jms-client High Vendor jar package name apache Highest Vendor jar package name jms Highest Vendor jar package name qpid Highest Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.qpid.jms.client Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid qpid-jms-client Highest Vendor pom artifactid qpid-jms-client Low Vendor pom groupid org.apache.qpid Highest Vendor pom name QpidJMS Client High Vendor pom parent-artifactid qpid-jms-parent Low Product file name qpid-jms-client High Product jar package name apache Highest Product jar package name jms Highest Product jar package name qpid Highest Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name QpidJMS Client Medium Product Manifest bundle-symbolicname org.apache.qpid.jms.client Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid qpid-jms-client Highest Product pom groupid org.apache.qpid Highest Product pom name QpidJMS Client High Product pom parent-artifactid qpid-jms-parent Medium Version file version 0.61.0 High Version Manifest Bundle-Version 0.61.0 High Version pom version 0.61.0 Highest
CVE-2016-3094 suppress
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception. CWE-20 Improper Input Validation, CWE-287 Improper Authentication
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
Enterprise Job Scheduler License:
http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0 File Path: /home/grprdist/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2.jar
MD5: d7299dbaec0e0ed7af281b07cc40c8c1
SHA1: 18a6d6b5a40b77bd060b34cb9f2acadc4bae7c8a
SHA256: 639c6a675bc472e1568df9d8c954ff702da6f83ed27da0ff9a7bd12ed73b8bf0
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name quartz High Vendor hint analyzer vendor softwareag Highest Vendor jar package name job Highest Vendor jar package name quartz Highest Vendor jar package name scheduler Highest Vendor Manifest bundle-docurl http://www.terracotta.org Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium Vendor Manifest terracotta-name quartz Medium Vendor Manifest terracotta-projectstatus Supported Low Vendor pom artifactid quartz Highest Vendor pom artifactid quartz Low Vendor pom groupid org.quartz-scheduler Highest Vendor pom name quartz High Vendor pom parent-artifactid quartz-parent Low Product file name quartz High Product jar package name job Highest Product jar package name quartz Highest Product jar package name scheduler Highest Product jar package name terracotta Highest Product Manifest bundle-docurl http://www.terracotta.org Low Product Manifest Bundle-Name quartz Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium Product Manifest terracotta-name quartz Medium Product Manifest terracotta-projectstatus Supported Low Product pom artifactid quartz Highest Product pom groupid org.quartz-scheduler Highest Product pom name quartz High Product pom parent-artifactid quartz-parent Medium Version file version 2.3.2 High Version Manifest Bundle-Version 2.3.2 High Version pom version 2.3.2 Highest
File Path: /home/grprdist/.m2/repository/org/apache/rampart/rampart-core/1.6.3/rampart-core-1.6.3.jarMD5: 0cbfedf143fe82ac905007fa511b4edcSHA1: 1e7bd2bd86b31cf3da506cedd7795f27dbb59786SHA256: 7b02ff1069eb88c269059dc1594367bdab5c5b71b2de8a3caf8c8bf231a5cf3eReferenced In Projects/Scopes:
Grouper WS:runtime Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name rampart-core High Vendor jar package name apache Highest Vendor jar package name rampart Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.rampart Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid rampart-core Highest Vendor pom artifactid rampart-core Low Vendor pom groupid org.apache.rampart Highest Vendor pom name Rampart - Core High Vendor pom parent-artifactid rampart-project Low Product file name rampart-core High Product jar package name apache Highest Product jar package name rampart Highest Product Manifest Implementation-Title Rampart - Core High Product Manifest specification-title Rampart - Core Medium Product pom artifactid rampart-core Highest Product pom groupid org.apache.rampart Highest Product pom name Rampart - Core High Product pom parent-artifactid rampart-project Medium Version file version 1.6.3 High Version Manifest Implementation-Version 1.6.3 High Version pom version 1.6.3 Highest
File Path: /home/grprdist/.m2/repository/org/apache/rampart/rampart-policy/1.6.3/rampart-policy-1.6.3.jarMD5: 8ca68b706a67111b8befb4aa4719b0e1SHA1: f30fdc22cd01ac3af5e7993671f3a39e84e8817fSHA256: 6d2c5f7813aa45e1efd4bba19c8b4a973a8f979a397b1b6e7da4536fb3ac21c5Referenced In Projects/Scopes:
Grouper WS:runtime Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name rampart-policy High Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.rampart Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid rampart-policy Highest Vendor pom artifactid rampart-policy Low Vendor pom groupid org.apache.rampart Highest Vendor pom name Rampart - Policy High Vendor pom parent-artifactid rampart-project Low Product file name rampart-policy High Product jar package name apache Highest Product Manifest Implementation-Title Rampart - Policy High Product Manifest specification-title Rampart - Policy Medium Product pom artifactid rampart-policy Highest Product pom groupid org.apache.rampart Highest Product pom name Rampart - Policy High Product pom parent-artifactid rampart-project Medium Version file version 1.6.3 High Version Manifest Implementation-Version 1.6.3 High Version pom version 1.6.3 Highest
File Path: /home/grprdist/.m2/repository/org/apache/rampart/rampart-trust/1.6.3/rampart-trust-1.6.3.jarMD5: 63b25725f4a2fe71065050a4fe25e50fSHA1: f10e1cd5c7ba8b22a7569909ab06dde00191905dSHA256: 72fa50ae6524e65e3d15dda16aa64f2ad035efd3b4d658e1f5aac01302d59f23Referenced In Projects/Scopes:
Grouper WS:runtime Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name rampart-trust High Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.rampart Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid rampart-trust Highest Vendor pom artifactid rampart-trust Low Vendor pom groupid org.apache.rampart Highest Vendor pom name Rampart - Trust High Vendor pom parent-artifactid rampart-project Low Product file name rampart-trust High Product jar package name apache Highest Product Manifest Implementation-Title Rampart - Trust High Product Manifest specification-title Rampart - Trust Medium Product pom artifactid rampart-trust Highest Product pom groupid org.apache.rampart Highest Product pom name Rampart - Trust High Product pom parent-artifactid rampart-project Medium Version file version 1.6.3 High Version Manifest Implementation-Version 1.6.3 High Version pom version 1.6.3 Highest
Description:
Reflections - a Java runtime metadata analysis License:
WTFPL: http://www.wtfpl.net/
The New BSD License: http://www.opensource.org/licenses/bsd-license.html File Path: /home/grprdist/.m2/repository/org/reflections/reflections/0.9.9/reflections-0.9.9.jar
MD5: 5f13944b355f927f956b6298136ad959
SHA1: 0296d8adb2f22a38025f44b45cac89835ff0bbaf
SHA256: 6a6c56d436f1f34e609bbf2d9b222f449f916941916dd874e7e15ff907daed1c
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name reflections High Vendor jar package name reflections Highest Vendor jar package name reflections Low Vendor pom artifactid reflections Highest Vendor pom artifactid reflections Low Vendor pom developer email ronmamo at gmail Low Vendor pom groupid org.reflections Highest Vendor pom name Reflections High Vendor pom url http://github.com/ronmamo/reflections Highest Product file name reflections High Product jar package name reflections Highest Product pom artifactid reflections Highest Product pom developer email ronmamo at gmail Low Product pom groupid org.reflections Highest Product pom name Reflections High Product pom url http://github.com/ronmamo/reflections Medium Version file version 0.9.9 High Version pom version 0.9.9 Highest
File Path: /home/grprdist/.m2/repository/com/squareup/retrofit2/retrofit/2.7.2/retrofit-2.7.2.jarMD5: 8dbee9c822e3bf4bcbfa4294117d2185SHA1: b98baad220c2091db369e5943265f9d083cad1ccSHA256: 54b9d05e90fb5ae6777329fabb9b345705b3e2074d3729313d84fae727129f6bReferenced In Project/Scope: Grouper Office365 and Azure Provisioner:compile
Evidence Type Source Name Value Confidence Vendor file name retrofit High Vendor jar package name retrofit Highest Vendor jar package name retrofit2 Highest Vendor Manifest automatic-module-name retrofit2 Medium Vendor pom artifactid retrofit Highest Vendor pom artifactid retrofit Low Vendor pom groupid com.squareup.retrofit2 Highest Vendor pom name Retrofit High Vendor pom parent-artifactid parent Low Product file name retrofit High Product jar package name retrofit Highest Product jar package name retrofit2 Highest Product Manifest automatic-module-name retrofit2 Medium Product pom artifactid retrofit Highest Product pom groupid com.squareup.retrofit2 Highest Product pom name Retrofit High Product pom parent-artifactid parent Medium Version file version 2.7.2 High Version pom version 2.7.2 Highest
File Path: /home/grprdist/.m2/repository/edu/psu/swe/scim/scim-common/2.22/scim-common-2.22.jarMD5: 863af25f99e1d327bc22532afeb42428SHA1: 056ea5df19814b1f4e5dfea2e1030a6f3544c96cSHA256: cda5ae540e8d2f44d3558d95758a7a0c1dc6004e17b0b732fe1f28012694eb81Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name scim-common High Vendor jar package name edu Highest Vendor jar package name psu Highest Vendor jar package name scim Highest Vendor jar package name swe Highest Vendor Manifest build-date 1525129157136 Low Vendor Manifest build-number Low Vendor Manifest Implementation-Vendor-Id edu.psu.swe.scim Medium Vendor pom artifactid scim-common Highest Vendor pom artifactid scim-common Low Vendor pom groupid edu.psu.swe.scim Highest Vendor pom name SCIM - Common High Vendor pom parent-artifactid scim-parent Low Product file name scim-common High Product jar package name edu Highest Product jar package name psu Highest Product jar package name scim Highest Product jar package name swe Highest Product Manifest build-date 1525129157136 Low Product Manifest build-number Low Product Manifest Implementation-Title SCIM - Common High Product Manifest specification-title SCIM - Common Medium Product pom artifactid scim-common Highest Product pom groupid edu.psu.swe.scim Highest Product pom name SCIM - Common High Product pom parent-artifactid scim-parent Medium Version file version 2.22 High Version Manifest Implementation-Version 2.22 High Version pom version 2.22 Highest
File Path: /home/grprdist/.m2/repository/edu/psu/swe/scim/scim-server-common/2.22/scim-server-common-2.22.jarMD5: ca435af9a84e81e3ee458cccc20e6454SHA1: 1be5948ac74c352a3c1d702d9239daeee5eaf1e6SHA256: f031a0e309ffdf53f70cddaae2c6dc7b8fc3938818cdaa0f5df18acf42e8d5d6Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name scim-server-common High Vendor jar package name edu Highest Vendor jar package name psu Highest Vendor jar package name scim Highest Vendor jar package name swe Highest Vendor Manifest build-date 1525129244890 Low Vendor Manifest build-number Low Vendor Manifest Implementation-Vendor-Id edu.psu.swe.scim Medium Vendor pom artifactid scim-server-common Highest Vendor pom artifactid scim-server-common Low Vendor pom groupid edu.psu.swe.scim Highest Vendor pom name SCIM - Server - Common High Vendor pom parent-artifactid scim-server Low Product file name scim-server-common High Product jar package name edu Highest Product jar package name psu Highest Product jar package name scim Highest Product jar package name swe Highest Product Manifest build-date 1525129244890 Low Product Manifest build-number Low Product Manifest Implementation-Title SCIM - Server - Common High Product Manifest specification-title SCIM - Server - Common Medium Product pom artifactid scim-server-common Highest Product pom groupid edu.psu.swe.scim Highest Product pom name SCIM - Server - Common High Product pom parent-artifactid scim-server Medium Version file version 2.22 High Version Manifest Implementation-Version 2.22 High Version pom version 2.22 Highest
File Path: /home/grprdist/.m2/repository/edu/psu/swe/scim/scim-spec-protocol/2.22/scim-spec-protocol-2.22.jarMD5: 275585181fda639f510f472f4bdf4295SHA1: 03dc0a008c95546e57db16d573326727eba3cf19SHA256: aa865bd68c7d2b307805f9e77e55f7b56d509bf620738b2f487a5a21759e8c57Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name scim-spec-protocol High Vendor jar package name edu Highest Vendor jar package name psu Highest Vendor jar package name scim Highest Vendor jar package name swe Highest Vendor Manifest build-date 1525129136538 Low Vendor Manifest build-number Low Vendor Manifest Implementation-Vendor-Id edu.psu.swe.scim Medium Vendor pom artifactid scim-spec-protocol Highest Vendor pom artifactid scim-spec-protocol Low Vendor pom groupid edu.psu.swe.scim Highest Vendor pom name SCIM - Specification - Protocol High Vendor pom parent-artifactid scim-spec Low Product file name scim-spec-protocol High Product jar package name edu Highest Product jar package name psu Highest Product jar package name scim Highest Product jar package name swe Highest Product Manifest build-date 1525129136538 Low Product Manifest build-number Low Product Manifest Implementation-Title SCIM - Specification - Protocol High Product Manifest specification-title SCIM - Specification - Protocol Medium Product pom artifactid scim-spec-protocol Highest Product pom groupid edu.psu.swe.scim Highest Product pom name SCIM - Specification - Protocol High Product pom parent-artifactid scim-spec Medium Version file version 2.22 High Version Manifest Implementation-Version 2.22 High Version pom version 2.22 Highest
File Path: /home/grprdist/.m2/repository/edu/psu/swe/scim/scim-spec-schema/2.22/scim-spec-schema-2.22.jarMD5: 67924518854e34c22ae83bc9df146993SHA1: 07ba31a942dd8672640e0a47e605ad4ea6fb6159SHA256: 317b4d507593a37be9cd2a07dc75dc8331fc4b0f9d18554bf741a6ea68e14f2fReferenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name scim-spec-schema High Vendor jar package name edu Highest Vendor jar package name psu Highest Vendor jar package name scim Highest Vendor jar package name swe Highest Vendor Manifest build-date 1525129104207 Low Vendor Manifest build-number Low Vendor Manifest Implementation-Vendor-Id edu.psu.swe.scim Medium Vendor pom artifactid scim-spec-schema Highest Vendor pom artifactid scim-spec-schema Low Vendor pom groupid edu.psu.swe.scim Highest Vendor pom name SCIM - Specification - Schema High Vendor pom parent-artifactid scim-spec Low Product file name scim-spec-schema High Product jar package name edu Highest Product jar package name psu Highest Product jar package name scim Highest Product jar package name swe Highest Product Manifest build-date 1525129104207 Low Product Manifest build-number Low Product Manifest Implementation-Title SCIM - Specification - Schema High Product Manifest specification-title SCIM - Specification - Schema Medium Product pom artifactid scim-spec-schema Highest Product pom groupid edu.psu.swe.scim Highest Product pom name SCIM - Specification - Schema High Product pom parent-artifactid scim-spec Medium Version file version 2.22 High Version Manifest Implementation-Version 2.22 High Version pom version 2.22 Highest
Description:
The UnboundID SCIM2 SDK is a library that may be used to interact with various
types of SCIM-enabled endpoints (such as the UnboundID server products) to
perform lightweight, cloud-based identity management via the SCIM Protocol.
See http://simplecloud.info for more information.
License:
GNU General Public License version 2 (GPLv2): http://www.gnu.org/licenses/gpl-2.0.html
GNU Lesser General Public License version 2.1 (LGPLv2.1): http://www.gnu.org/licenses/lgpl-2.1.html
UnboundID SCIM2 SDK Free Use License: https://github.com/pingidentity/scim2 File Path: /home/grprdist/.m2/repository/com/unboundid/product/scim2/scim2-sdk-client/2.3.7/scim2-sdk-client-2.3.7.jar
MD5: e3e918223fb7cd140fbcd306b6135fc5
SHA1: 3d08d77a96d2fa5551183e9a9d226800053e233e
SHA256: 6798a3c586dff309bf8913db9aeef755c8d651d3b64b7546378c8f46a683f550
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name scim2-sdk-client High Vendor jar package name client Highest Vendor jar package name client Low Vendor jar package name scim2 Highest Vendor jar package name scim2 Low Vendor jar package name unboundid Highest Vendor jar package name unboundid Low Vendor pom artifactid scim2-sdk-client Highest Vendor pom artifactid scim2-sdk-client Low Vendor pom developer email support@unboundid.com Low Vendor pom developer id unboundid Medium Vendor pom developer name UnboundID Corp. Medium Vendor pom groupid com.unboundid.product.scim2 Highest Vendor pom name UnboundID SCIM2 SDK Client High Vendor pom organization name Ping Identity Corporation High Vendor pom organization url https://www.pingidentity.com Medium Vendor pom parent-artifactid scim2-parent Low Vendor pom url pingidentity/scim2 Highest Product file name scim2-sdk-client High Product jar package name client Highest Product jar package name client Low Product jar package name requests Low Product jar package name scim2 Highest Product jar package name scim2 Low Product jar package name unboundid Highest Product pom artifactid scim2-sdk-client Highest Product pom developer email support@unboundid.com Low Product pom developer id unboundid Low Product pom developer name UnboundID Corp. Low Product pom groupid com.unboundid.product.scim2 Highest Product pom name UnboundID SCIM2 SDK Client High Product pom organization name Ping Identity Corporation Low Product pom organization url https://www.pingidentity.com Low Product pom parent-artifactid scim2-parent Medium Product pom url pingidentity/scim2 High Version file version 2.3.7 High Version pom version 2.3.7 Highest
Description:
The UnboundID SCIM2 SDK is a library that may be used to interact with various
types of SCIM-enabled endpoints (such as the UnboundID server products) to
perform lightweight, cloud-based identity management via the SCIM Protocol.
See http://simplecloud.info for more information.
License:
GNU General Public License version 2 (GPLv2): http://www.gnu.org/licenses/gpl-2.0.html
GNU Lesser General Public License version 2.1 (LGPLv2.1): http://www.gnu.org/licenses/lgpl-2.1.html
UnboundID SCIM2 SDK Free Use License: https://github.com/pingidentity/scim2 File Path: /home/grprdist/.m2/repository/com/unboundid/product/scim2/scim2-sdk-common/2.3.7/scim2-sdk-common-2.3.7.jar
MD5: 31431671351615ee26879cb2c0bf61ae
SHA1: facf6780a0804e0262e395da0eb7fe3dd9eaf5ad
SHA256: 59f19cfcd48ba49ee2f62f53777d55bba2a3b0b290285f836235d8e2d878cdad
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name scim2-sdk-common High Vendor jar package name common Highest Vendor jar package name common Low Vendor jar package name scim2 Highest Vendor jar package name scim2 Low Vendor jar package name types Highest Vendor jar package name unboundid Highest Vendor jar package name unboundid Low Vendor pom artifactid scim2-sdk-common Highest Vendor pom artifactid scim2-sdk-common Low Vendor pom developer email support@unboundid.com Low Vendor pom developer id unboundid Medium Vendor pom developer name UnboundID Corp. Medium Vendor pom groupid com.unboundid.product.scim2 Highest Vendor pom name UnboundID SCIM2 SDK Common High Vendor pom organization name Ping Identity Corporation High Vendor pom organization url https://www.pingidentity.com Medium Vendor pom parent-artifactid scim2-parent Low Vendor pom url pingidentity/scim2 Highest Product file name scim2-sdk-common High Product jar package name common Highest Product jar package name common Low Product jar package name scim2 Highest Product jar package name scim2 Low Product jar package name types Highest Product jar package name unboundid Highest Product pom artifactid scim2-sdk-common Highest Product pom developer email support@unboundid.com Low Product pom developer id unboundid Low Product pom developer name UnboundID Corp. Low Product pom groupid com.unboundid.product.scim2 Highest Product pom name UnboundID SCIM2 SDK Common High Product pom organization name Ping Identity Corporation Low Product pom organization url https://www.pingidentity.com Low Product pom parent-artifactid scim2-parent Medium Product pom url pingidentity/scim2 High Version file version 2.3.7 High Version pom version 2.3.7 Highest
Description:
The UnboundID SCIM2 SDK is a library that may be used to interact with various
types of SCIM-enabled endpoints (such as the UnboundID server products) to
perform lightweight, cloud-based identity management via the SCIM Protocol.
See http://simplecloud.info for more information.
License:
GNU General Public License version 2 (GPLv2): http://www.gnu.org/licenses/gpl-2.0.html
GNU Lesser General Public License version 2.1 (LGPLv2.1): http://www.gnu.org/licenses/lgpl-2.1.html
UnboundID SCIM2 SDK Free Use License: https://github.com/pingidentity/scim2 File Path: /home/grprdist/.m2/repository/com/unboundid/product/scim2/scim2-sdk-server/2.3.7/scim2-sdk-server-2.3.7.jar
MD5: e2d8a00f5cd272affd32637fa660ed1a
SHA1: 228a2ff37cc5163a9fbaaa8319a0dfeb50c9bf60
SHA256: ea54049f80d77233fddbb96e94e53205119de2db4626583227757ac19f7e6ea3
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name scim2-sdk-server High Vendor jar package name scim2 Highest Vendor jar package name scim2 Low Vendor jar package name server Highest Vendor jar package name server Low Vendor jar package name unboundid Highest Vendor jar package name unboundid Low Vendor pom artifactid scim2-sdk-server Highest Vendor pom artifactid scim2-sdk-server Low Vendor pom developer email support@unboundid.com Low Vendor pom developer id unboundid Medium Vendor pom developer name UnboundID Corp. Medium Vendor pom groupid com.unboundid.product.scim2 Highest Vendor pom name UnboundID SCIM2 SDK Server High Vendor pom organization name Ping Identity Corporation High Vendor pom organization url https://www.pingidentity.com Medium Vendor pom parent-artifactid scim2-parent Low Vendor pom url pingidentity/scim2 Highest Product file name scim2-sdk-server High Product jar package name scim2 Highest Product jar package name scim2 Low Product jar package name server Highest Product jar package name server Low Product jar package name unboundid Highest Product jar package name utils Low Product pom artifactid scim2-sdk-server Highest Product pom developer email support@unboundid.com Low Product pom developer id unboundid Low Product pom developer name UnboundID Corp. Low Product pom groupid com.unboundid.product.scim2 Highest Product pom name UnboundID SCIM2 SDK Server High Product pom organization name Ping Identity Corporation Low Product pom organization url https://www.pingidentity.com Low Product pom parent-artifactid scim2-parent Medium Product pom url pingidentity/scim2 High Version file version 2.3.7 High Version pom version 2.3.7 Highest
Description:
Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
SAX events.
File Path: /home/grprdist/.m2/repository/xalan/serializer/2.7.1/serializer-2.7.1.jarMD5: a6b64dfe58229bdd810263fa0cc54cffSHA1: 4b4b18df434451249bb65a63f2fb69e215a6a020SHA256: a15078d243d4a20b6b4e8ae2f61ed4655e352054e121aada6f7441f1ed445a3cReferenced In Project/Scope: Grouper WS Generated Client:runtime
Evidence Type Source Name Value Confidence Vendor file name serializer High Vendor jar package name apache Highest Vendor jar package name serializer Highest Vendor jar package name xml Highest Vendor manifest: org/apache/xml/serializer/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xml/serializer/utils/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid serializer Highest Vendor pom artifactid serializer Low Vendor pom groupid xalan Highest Vendor pom name Xalan Java Serializer High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://xml.apache.org/xalan-j/ Highest Product file name serializer High Product jar package name apache Highest Product jar package name serializer Highest Product jar package name utils Highest Product jar package name xml Highest Product manifest: org/apache/xml/serializer/ Implementation-Title org.apache.xml.serializer Medium Product manifest: org/apache/xml/serializer/ Specification-Title XSL Transformations (XSLT), at http://www.w3.org/TR/xslt Medium Product manifest: org/apache/xml/serializer/utils/ Implementation-Title org.apache.xml.serializer.utils Medium Product pom artifactid serializer Highest Product pom groupid xalan Highest Product pom name Xalan Java Serializer High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://xml.apache.org/xalan-j/ Medium Version file version 2.7.1 High Version manifest: org/apache/xml/serializer/ Implementation-Version 2.7.1 Medium Version manifest: org/apache/xml/serializer/utils/ Implementation-Version 2.7.1 Medium Version pom parent-version 2.7.1 Low Version pom version 2.7.1 Highest
CVE-2014-0107 suppress
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2022-34169 suppress
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. CWE-681 Incorrect Conversion between Numeric Types
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
File Path: /home/grprdist/.m2/repository/javax/servlet/servlet-api/2.3/servlet-api-2.3.jarMD5: c097f777c6fd453277c6891b3bb4dc09SHA1: 0137a24e9f62973f01f16dd23fc1b5a9964fd9efSHA256: 8478b902d0815ed066db860fb14cc5d404548d4b6348ab930b46270fcddeba68Referenced In Project/Scope: Grouper WS Generated Client:compile
Evidence Type Source Name Value Confidence Vendor file name servlet-api High Vendor jar package name javax Highest Vendor jar package name javax Low Vendor jar package name servlet Highest Vendor jar package name servlet Low Vendor pom artifactid servlet-api Highest Vendor pom artifactid servlet-api Low Vendor pom groupid javax.servlet Highest Product file name servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product jar package name servlet Low Product pom artifactid servlet-api Highest Product pom groupid javax.servlet Highest Version file version 2.3 High Version pom version 2.3 Highest
Description:
The slf4j API File Path: /home/grprdist/.m2/repository/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.jarMD5: fbcf58513bc25b80f075d812aad3e3cfSHA1: cdcff33940d9f2de763bc41ea05a0be5941176c3SHA256: 3624f8474c1af46d75f98bc097d7864a323c81b3808aa43689a6e1c601c027beReferenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper ActiveMQ Messaging:compile Grouper SCIM:compile Grouper Box:compile Grouper API:compile Grouper WS:compile Grouper Rabbitmq:compile Grouper AMQ:compile Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.slf4j Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest automatic-module-name org.slf4j Medium Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.32 High Version Manifest Bundle-Version 1.7.32 High Version Manifest Implementation-Version 1.7.32 High Version pom version 1.7.32 Highest
Description:
Smack is an Open Source XMPP (Jabber) client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/grprdist/.m2/repository/jivesoftware/smack/3.1.0/smack-3.1.0.jar
MD5: 362dd4c2fc9b23a33d47272456dd0c39
SHA1: 916a0fe08d840a08c950f49fb59b961e14d673b8
SHA256: c9a25e014608d3402b795d125c88a18a6e22e6c61c65b5e5d224e0f72f4aec8b
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name smack High Vendor jar package name jivesoftware Highest Vendor jar package name jivesoftware Low Vendor jar package name presence Highest Vendor jar package name smack Highest Vendor jar package name smack Low Vendor pom artifactid smack Highest Vendor pom artifactid smack Low Vendor pom groupid jivesoftware Highest Vendor pom name Smack High Vendor pom url http://www.jivesoftware.org/smack/ Highest Product file name smack High Product jar package name jivesoftware Highest Product jar package name presence Highest Product jar package name smack Highest Product jar package name smack Low Product pom artifactid smack Highest Product pom groupid jivesoftware Highest Product pom name Smack High Product pom url http://www.jivesoftware.org/smack/ Medium Version file version 3.1.0 High Version pom version 3.1.0 Highest
CVE-2014-5075 (OSSINDEX)suppress
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:jivesoftware:smack:3.1.0:*:*:*:*:*:*:* CVE-2014-0363 (OSSINDEX)suppress
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:jivesoftware:smack:3.1.0:*:*:*:*:*:*:* File Path: /home/grprdist/.m2/repository/org/springframework/spring-aop/3.0.7.RELEASE/spring-aop-3.0.7.RELEASE.jarMD5: 833e6c239fa50bada08e5cb82582c82bSHA1: e52176ba360e47d132bbc80dc144a916dd75eee7SHA256: 3658108e22da2a4bf6a245eb82631e12bbb8ede5c261a39efdc3801a19d6741bReferenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name spring-aop High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name aop Highest Vendor jar package name springframework Highest Vendor Manifest bundle-creator cbeams Low Vendor Manifest bundle-symbolicname org.springframework.aop Medium Vendor pom artifactid spring-aop Highest Vendor pom artifactid spring-aop Low Vendor pom groupid org.springframework Highest Vendor pom parent-artifactid spring-parent Low Product file name spring-aop High Product hint analyzer product springsource_spring_framework Highest Product jar package name aop Highest Product jar package name springframework Highest Product Manifest bundle-creator cbeams Low Product Manifest Bundle-Name Spring AOP Medium Product Manifest bundle-symbolicname org.springframework.aop Medium Product Manifest Implementation-Title org.springframework.aop High Product pom artifactid spring-aop Highest Product pom groupid org.springframework Highest Product pom parent-artifactid spring-parent Medium Version Manifest Bundle-Version 3.0.7.RELEASE High Version Manifest Implementation-Version 3.0.7.RELEASE High Version pom version 3.0.7.RELEASE Highest
Related Dependencies spring-asm-3.0.7.RELEASE.jarFile Path: /home/grprdist/.m2/repository/org/springframework/spring-asm/3.0.7.RELEASE/spring-asm-3.0.7.RELEASE.jar MD5: 5d479c7bf32d4bb3cb3b81dfdf3080f7 SHA1: cadd0ed7b1aeea0c2858ada0d6397e8423aad6a3 SHA256: ccac728049d1e71e8560fdc2354791c0d7b80e490a8115bfa99d19668de7f4f3 pkg:maven/org.springframework/spring-asm@3.0.7.RELEASE spring-beans-3.0.7.RELEASE.jarFile Path: /home/grprdist/.m2/repository/org/springframework/spring-beans/3.0.7.RELEASE/spring-beans-3.0.7.RELEASE.jar MD5: 0b9954842f12133fcff91bd90235182d SHA1: 5915c3eee8dc193b19b648719d653439c57fc0d8 SHA256: a7ae604dd25f6caa1729a63bfa01b8bf4d05ca8a7169d46b6078fa921c667f6f pkg:maven/org.springframework/spring-beans@3.0.7.RELEASE spring-context-3.0.7.RELEASE.jarFile Path: /home/grprdist/.m2/repository/org/springframework/spring-context/3.0.7.RELEASE/spring-context-3.0.7.RELEASE.jar MD5: 3c687d6cf542fef60fc50542ac8e2321 SHA1: e0072743c5c485e0b36a8fce109dcd5c08c5323f SHA256: cc693d2e3221a79abdcdafb2cd94895451979fdde3a29e9e8cb65c2aeb192312 pkg:maven/org.springframework/spring-context@3.0.7.RELEASE spring-expression-3.0.7.RELEASE.jarFile Path: /home/grprdist/.m2/repository/org/springframework/spring-expression/3.0.7.RELEASE/spring-expression-3.0.7.RELEASE.jar MD5: 7880f6d36ee0352560700517d59e80a1 SHA1: 61999bb2e1e5f7a1c13e91a58761c48dc1d71cf9 SHA256: 54607328deef8253fe308b1c78174eba161aec024b160a9ff02fc43c0e0ba68e pkg:maven/org.springframework/spring-expression@3.0.7.RELEASE CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2022-22965 suppress
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2014-0225 suppress
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. CWE-611 Improper Restriction of XML External Entity Reference ('XXE'), CWE-352 Cross-Site Request Forgery (CSRF)
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. CWE-352 Cross-Site Request Forgery (CSRF)
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2022-22950 suppress
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-6430 suppress
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2022-22968 suppress
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. CWE-178 Improper Handling of Case Sensitivity
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2022-22970 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2014-3625 suppress
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
File Path: /home/grprdist/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jarMD5: feeca5dd71af07bda262b0ed14dc1951SHA1: 2c90825834a037aab6f6a71bbd05d81680832c49SHA256: 9c58303d3031da9fb220afe99d4bb28df24f938995dd06513d13abf35534c4c7Referenced In Project/Scope: Grouper AMQ:compile
Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name springframework Highest Vendor Manifest bundle-creator cbeams Low Vendor Manifest bundle-symbolicname org.springframework.core Medium Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom groupid org.springframework Highest Vendor pom parent-artifactid spring-parent Low Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name springframework Highest Product Manifest bundle-creator cbeams Low Product Manifest Bundle-Name Spring Core Medium Product Manifest bundle-symbolicname org.springframework.core Medium Product Manifest Implementation-Title org.springframework.core High Product pom artifactid spring-core Highest Product pom groupid org.springframework Highest Product pom parent-artifactid spring-parent Medium Version Manifest Bundle-Version 3.0.7.RELEASE High Version Manifest Implementation-Version 3.0.7.RELEASE High Version pom version 3.0.7.RELEASE Highest
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2022-22965 suppress
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2014-0225 suppress
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. CWE-611 Improper Restriction of XML External Entity Reference ('XXE'), CWE-352 Cross-Site Request Forgery (CSRF)
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. CWE-352 Cross-Site Request Forgery (CSRF)
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2022-22950 suppress
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2013-6430 suppress
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2022-22968 suppress
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. CWE-178 Improper Handling of Case Sensitivity
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2022-22970 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2014-3578 (OSSINDEX)suppress
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-core:3.0.7.RELEASE:*:*:*:*:*:*:* CVE-2014-3625 suppress
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
File Path: /home/grprdist/.m2/repository/taglibs/standard/1.1.2/standard-1.1.2.jarMD5: 65351d0487ad57edda9171bb3b46b98cSHA1: a17e8a4d9a1f7fcc5eed606721c9ed6b7f18acf7SHA256: 2c0048ab3ce75a202f692b159d6aa0a68edce3e4e4c5123a3359a38b29faa6b1Referenced In Projects/Scopes:
Grouper UI webapp:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name standard High Vendor jar package name apache Highest Vendor jar package name standard Highest Vendor jar package name taglibs Highest Vendor Manifest extension-name org.apache.taglibs.standard Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom artifactid standard Highest Vendor pom artifactid standard Low Vendor pom groupid taglibs Highest Product file name standard High Product jar package name apache Highest Product jar package name standard Highest Product jar package name tag Highest Product jar package name taglibs Highest Product Manifest extension-name org.apache.taglibs.standard Medium Product Manifest Implementation-Title jakarta-taglibs 'standard': an implementation of JSTL High Product Manifest specification-title JavaServer Pages Standard Tag Library (JSTL) Medium Product pom artifactid standard Highest Product pom groupid taglibs Highest Version file version 1.1.2 High Version Manifest Implementation-Version 1.1.2 High Version pom version 1.1.2 Highest
CVE-2015-0254 suppress
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. NVD-CWE-Other
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions:
Description:
StAX is a standard XML processing API that allows you to stream XML data from and to your application.
License:
GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html File Path: /home/grprdist/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
SHA256: e8c70ebd76f982c9582a82ef82cf6ce14a7d58a4a4dca5cb7b7fc988c80089b7
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name stax-api High Vendor jar package name javax Highest Vendor jar package name javax Low Vendor jar package name stream Highest Vendor jar package name stream Low Vendor jar package name xml Highest Vendor jar package name xml Low Vendor pom artifactid stax-api Highest Vendor pom artifactid stax-api Low Vendor pom groupid javax.xml.stream Highest Vendor pom name Streaming API for XML High Product file name stax-api High Product jar package name javax Highest Product jar package name stream Highest Product jar package name stream Low Product jar package name xml Highest Product jar package name xml Low Product pom artifactid stax-api Highest Product pom groupid javax.xml.stream Highest Product pom name Streaming API for XML High Version pom version 1.0-2 Highest
Description:
Extensions to JSR-173 StAX API. License:
Dual license consisting of the CDDL v1.1 and GPL v2
: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html File Path: /home/grprdist/.m2/repository/org/jvnet/staxex/stax-ex/1.8/stax-ex-1.8.jar
MD5: a0ebfdbc6b5a34b174a1d1f732d1bdda
SHA1: 8cc35f73da321c29973191f2cf143d29d26a1df7
SHA256: 95b05d9590af4154c6513b9c5dc1fb2e55b539972ba0a9ef28e9a0c01d83ad77
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name stax-ex High Vendor jar package name jvnet Highest Vendor jar package name staxex Highest Vendor Manifest bundle-symbolicname org.jvnet.staxex.stax-ex Medium Vendor Manifest implementation-build-id ${scmBranch}-${buildNumber}, ${timestamp} Low Vendor Manifest implementation-url http://stax-ex.java.net/ Low Vendor Manifest Implementation-Vendor-Id org.jvnet.staxex Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Vendor pom artifactid stax-ex Highest Vendor pom artifactid stax-ex Low Vendor pom developer email Roman.Grigoriadi@oracle.com Low Vendor pom developer email Zheng.Jun.Li@oracle.com Low Vendor pom developer id bravehorsie Medium Vendor pom developer id zhengjl Medium Vendor pom developer name Roman Grigoriadi Medium Vendor pom developer name Zheng Jun Li Medium Vendor pom groupid org.jvnet.staxex Highest Vendor pom name Extended StAX API High Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://stax-ex.java.net/ Highest Product file name stax-ex High Product jar package name jvnet Highest Product jar package name staxex Highest Product Manifest Bundle-Name Extended StAX API Medium Product Manifest bundle-symbolicname org.jvnet.staxex.stax-ex Medium Product Manifest implementation-build-id ${scmBranch}-${buildNumber}, ${timestamp} Low Product Manifest Implementation-Title Extended StAX API High Product Manifest implementation-url http://stax-ex.java.net/ Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Product pom artifactid stax-ex Highest Product pom developer email Roman.Grigoriadi@oracle.com Low Product pom developer email Zheng.Jun.Li@oracle.com Low Product pom developer id bravehorsie Low Product pom developer id zhengjl Low Product pom developer name Roman Grigoriadi Low Product pom developer name Zheng Jun Li Low Product pom groupid org.jvnet.staxex Highest Product pom name Extended StAX API High Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://stax-ex.java.net/ Medium Version file version 1.8 High Version Manifest Implementation-Version 1.8 High Version pom parent-version 1.8 Low Version pom version 1.8 Highest
Description:
Stax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /home/grprdist/.m2/repository/org/codehaus/woodstox/stax2-api/3.1.1/stax2-api-3.1.1.jar
MD5: 40d088c7b8b3f6759a40db54ce1f30e5
SHA1: 0466eab062e9d1a3ce2c4631b6d09b5e5c0cbd1b
SHA256: 850bbbbaaa1e7ecc4ebecdb8a283ff36d1f2451c6797b0175bc40ae2ad9b31c4
Referenced In Projects/Scopes: Grouper WS:runtime Grouper WS Test:runtime Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name stax2-api High Vendor jar package name codehaus Highest Vendor jar package name stax2 Highest Vendor jar package name typed Highest Vendor jar package name validation Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname stax2-api Medium Vendor Manifest Implementation-Vendor http://woodstox.codehaus.org High Vendor Manifest specification-vendor http://woodstox.codehaus.org Low Vendor pom artifactid stax2-api Highest Vendor pom artifactid stax2-api Low Vendor pom groupid org.codehaus.woodstox Highest Vendor pom name Stax2 API High Vendor pom organization name Codehaus High Vendor pom organization url http://www.codehaus.org/ Medium Vendor pom url http://woodstox.codehaus.org/StAX2 Highest Product file name stax2-api High Product jar package name codehaus Highest Product jar package name stax2 Highest Product jar package name typed Highest Product jar package name validation Highest Product Manifest Bundle-Name Stax2 API Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname stax2-api Medium Product Manifest Implementation-Title Stax2 API High Product Manifest specification-title Stax2 API Medium Product pom artifactid stax2-api Highest Product pom groupid org.codehaus.woodstox Highest Product pom name Stax2 API High Product pom organization name Codehaus Low Product pom organization url http://www.codehaus.org/ Low Product pom url http://woodstox.codehaus.org/StAX2 Medium Version file version 3.1.1 High Version Manifest Bundle-Version 3.1.1 High Version Manifest Implementation-Version 3.1.1 High Version pom version 3.1.1 Highest
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/grprdist/.m2/repository/io/swagger/swagger-annotations/1.5.0/swagger-annotations-1.5.0.jar
MD5: c16eb2bdd9f90e97849950178c4c543d
SHA1: f7497f7887e65277c0dab1da1148cf211083f3d4
SHA256: 298386371cef279ebafd891e78003bb6d0295abdcc7bc3542eea3c543526cc42
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name swagger-annotations High Vendor jar package name annotations Highest Vendor jar package name io Highest Vendor jar package name swagger Highest Vendor Manifest bundle-symbolicname io.swagger.annotations Medium Vendor Manifest mode development Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low Vendor pom artifactid swagger-annotations Highest Vendor pom artifactid swagger-annotations Low Vendor pom groupid io.swagger Highest Vendor pom name swagger-annotations High Vendor pom parent-artifactid swagger-project Low Product file name swagger-annotations High Product jar package name annotations Highest Product jar package name api Highest Product jar package name io Highest Product jar package name swagger Highest Product Manifest Bundle-Name swagger-annotations Medium Product Manifest bundle-symbolicname io.swagger.annotations Medium Product Manifest mode development Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low Product pom artifactid swagger-annotations Highest Product pom groupid io.swagger Highest Product pom name swagger-annotations High Product pom parent-artifactid swagger-project Medium Version file version 1.5.0 High Version Manifest Bundle-Version 1.5.0 High Version Manifest implementation-version 1.5.0 High Version pom version 1.5.0 Highest
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/grprdist/.m2/repository/io/swagger/swagger-annotations/1.6.3/swagger-annotations-1.6.3.jar
MD5: 942481616f73ad3273893e9c390985aa
SHA1: 7cd78274cad53849ab809a73cec06c7dbb5f374a
SHA256: ceb72bfad2be626cc0eeb53c7e89b727e5e270c25a533cc62a65d3f044bcae4d
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Evidence Type Source Name Value Confidence Vendor file name swagger-annotations High Vendor jar package name annotations Highest Vendor jar package name io Highest Vendor jar package name swagger Highest Vendor Manifest bundle-symbolicname io.swagger.annotations Medium Vendor Manifest mode development Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low Vendor pom artifactid swagger-annotations Highest Vendor pom artifactid swagger-annotations Low Vendor pom groupid io.swagger Highest Vendor pom name swagger-annotations High Vendor pom parent-artifactid swagger-project Low Product file name swagger-annotations High Product jar package name annotations Highest Product jar package name api Highest Product jar package name io Highest Product jar package name swagger Highest Product Manifest Bundle-Name swagger-annotations Medium Product Manifest bundle-symbolicname io.swagger.annotations Medium Product Manifest mode development Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low Product pom artifactid swagger-annotations Highest Product pom groupid io.swagger Highest Product pom name swagger-annotations High Product pom parent-artifactid swagger-project Medium Version file version 1.6.3 High Version Manifest Bundle-Version 1.6.3 High Version Manifest implementation-version 1.6.3 High Version pom version 1.6.3 Highest
File Path: /home/grprdist/.m2/repository/io/swagger/swagger-core/1.5.0/swagger-core-1.5.0.jarMD5: abc2015d9e823cb96abfa7e2937b43fbSHA1: 09d5cfb8188ac316bad3a7b38c46bac0568c60e4SHA256: aab9520f832a76b5f79464742525d263d779250c070baaa1271327c7d6f66d2eReferenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name swagger-core High Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name swagger Highest Vendor Manifest mode development Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low Vendor pom artifactid swagger-core Highest Vendor pom artifactid swagger-core Low Vendor pom groupid io.swagger Highest Vendor pom name swagger-core High Vendor pom parent-artifactid swagger-project Low Product file name swagger-core High Product jar package name core Highest Product jar package name io Highest Product jar package name swagger Highest Product Manifest mode development Low Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low Product pom artifactid swagger-core Highest Product pom groupid io.swagger Highest Product pom name swagger-core High Product pom parent-artifactid swagger-project Medium Version file version 1.5.0 High Version Manifest implementation-version 1.5.0 High Version pom version 1.5.0 Highest
File Path: /home/grprdist/.m2/repository/io/swagger/swagger-jaxrs/1.5.0/swagger-jaxrs-1.5.0.jarMD5: a09d96c899411ac57a479c6635829600SHA1: 04a77f3f95bfec3073d9d20660c16f54886dfc9fSHA256: 519bc52cbc7d1aef101f89f96059d89f8a6118b2f808163caf79beea445f67bdReferenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name swagger-jaxrs High Vendor jar package name io Highest Vendor jar package name jaxrs Highest Vendor jar package name swagger Highest Vendor Manifest mode development Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs Low Vendor pom artifactid swagger-jaxrs Highest Vendor pom artifactid swagger-jaxrs Low Vendor pom groupid io.swagger Highest Vendor pom name swagger-jaxrs High Vendor pom parent-artifactid swagger-project Low Product file name swagger-jaxrs High Product jar package name io Highest Product jar package name jaxrs Highest Product jar package name swagger Highest Product Manifest mode development Low Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs Low Product pom artifactid swagger-jaxrs Highest Product pom groupid io.swagger Highest Product pom name swagger-jaxrs High Product pom parent-artifactid swagger-project Medium Version file version 1.5.0 High Version Manifest implementation-version 1.5.0 High Version pom version 1.5.0 Highest
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/grprdist/.m2/repository/io/swagger/swagger-models/1.5.0/swagger-models-1.5.0.jar
MD5: 5c3d553535fddea14a4e7e87c5fc59fa
SHA1: d2566bfc270073a559b342089f54086ee64ca5b1
SHA256: 70ec229c809e595c1aebf7f5b0c9ace148f5e8afa65c6b93f1fa40a82f7107e5
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name swagger-models High Vendor jar package name io Highest Vendor jar package name models Highest Vendor jar package name swagger Highest Vendor Manifest bundle-symbolicname io.swagger.models Medium Vendor Manifest mode development Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-models Low Vendor pom artifactid swagger-models Highest Vendor pom artifactid swagger-models Low Vendor pom groupid io.swagger Highest Vendor pom name swagger-models High Vendor pom parent-artifactid swagger-project Low Product file name swagger-models High Product jar package name io Highest Product jar package name models Highest Product jar package name swagger Highest Product Manifest Bundle-Name swagger-models Medium Product Manifest bundle-symbolicname io.swagger.models Medium Product Manifest mode development Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-models Low Product pom artifactid swagger-models Highest Product pom groupid io.swagger Highest Product pom name swagger-models High Product pom parent-artifactid swagger-project Medium Version file version 1.5.0 High Version Manifest Bundle-Version 1.5.0 High Version Manifest implementation-version 1.5.0 High Version pom version 1.5.0 Highest
Description:
TXW is a library that allows you to write XML documents.
File Path: /home/grprdist/.m2/repository/org/glassfish/jaxb/txw2/2.3.1/txw2-2.3.1.jarMD5: 0fed730907ba86376ef392ee7eb42d5fSHA1: a09d2c48d3285f206fafbffe0e50619284e92126SHA256: 34975dde1c6920f1a39791142235689bc3cd357e24d05edd8ff93b885bd68d60Referenced In Projects/Scopes:
Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name txw2 High Vendor jar package name sun Highest Vendor jar package name txw Highest Vendor jar package name txw2 Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest git-revision ad5fa4c697632694cbcfa80177707db908cd98b2 Low Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid txw2 Highest Vendor pom artifactid txw2 Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name TXW2 Runtime High Vendor pom parent-artifactid jaxb-txw-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Product file name txw2 High Product jar package name sun Highest Product jar package name txw Highest Product jar package name txw2 Highest Product jar package name xml Highest Product Manifest git-revision ad5fa4c697632694cbcfa80177707db908cd98b2 Low Product Manifest Implementation-Title TXW Runtime High Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid txw2 Highest Product pom groupid org.glassfish.jaxb Highest Product pom name TXW2 Runtime High Product pom parent-artifactid jaxb-txw-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Version file version 2.3.1 High Version Manifest build-id 2.3.1 Medium Version Manifest Implementation-Version 2.3.1 High Version Manifest major-version 2.3.1 Medium Version pom version 2.3.1 Highest
Description:
The UnboundID LDAP SDK for Java is a fast, comprehensive, and easy-to-use
Java API for communicating with LDAP directory servers and performing
related tasks like reading and writing LDIF, encoding and decoding data
using base64 and ASN.1 BER, and performing secure communication. This
package contains the Standard Edition of the LDAP SDK, which is a
complete, general-purpose library for communicating with LDAPv3 directory
servers.
License:
GNU General Public License version 2 (GPLv2): http://www.gnu.org/licenses/gpl-2.0.html
GNU Lesser General Public License version 2.1 (LGPLv2.1): http://www.gnu.org/licenses/lgpl-2.1.html
UnboundID LDAP SDK Free Use License: https://docs.ldap.com/ldap-sdk/docs/LICENSE-UnboundID-LDAPSDK.txt File Path: /home/grprdist/.m2/repository/com/unboundid/unboundid-ldapsdk/4.0.9/unboundid-ldapsdk-4.0.9.jar
MD5: 9c4684b76cc5354f5af4796e0ae81df5
SHA1: b676202ad7b56718266fda979e280fa955792e1c
SHA256: 693bc47a6d311217397f7fd78043272d8b090cec4fe1c8834b31fc9a138f8361
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name unboundid-ldapsdk High Vendor jar package name ldap Highest Vendor jar package name sdk Highest Vendor jar package name unboundid Highest Vendor Manifest build-time 20181110015704Z Low Vendor Manifest bundle-copyright Copyright 2008-2018 Ping Identity Corporation Low Vendor Manifest bundle-docurl https://github.com/pingidentity/ldapsdk Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor Manifest bundle-symbolicname com.unboundid.ldap.sdk Medium Vendor Manifest implementation-url https://github.com/pingidentity/ldapsdk Low Vendor Manifest Implementation-Vendor Ping Identity High Vendor Manifest source-path /directory/tags/ldapsdk/ldapsdk-4.0.9 Low Vendor Manifest source-revision 29290 Low Vendor pom artifactid unboundid-ldapsdk Highest Vendor pom artifactid unboundid-ldapsdk Low Vendor pom developer email neilwilson@pingidentity.com Low Vendor pom developer id dirmgr Medium Vendor pom developer name Neil Wilson Medium Vendor pom groupid com.unboundid Highest Vendor pom name UnboundID LDAP SDK for Java High Vendor pom organization name Ping Identity Corporation High Vendor pom organization url pingidentity/ldapsdk Medium Vendor pom url pingidentity/ldapsdk Highest Product file name unboundid-ldapsdk High Product jar package name ldap Highest Product jar package name sdk Highest Product jar package name unboundid Highest Product Manifest build-time 20181110015704Z Low Product Manifest bundle-copyright Copyright 2008-2018 Ping Identity Corporation Low Product Manifest bundle-docurl https://github.com/pingidentity/ldapsdk Low Product Manifest Bundle-Name UnboundID LDAP SDK for Java Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product Manifest bundle-symbolicname com.unboundid.ldap.sdk Medium Product Manifest Implementation-Title UnboundID LDAP SDK for Java High Product Manifest implementation-url https://github.com/pingidentity/ldapsdk Low Product Manifest source-path /directory/tags/ldapsdk/ldapsdk-4.0.9 Low Product Manifest source-revision 29290 Low Product pom artifactid unboundid-ldapsdk Highest Product pom developer email neilwilson@pingidentity.com Low Product pom developer id dirmgr Low Product pom developer name Neil Wilson Low Product pom groupid com.unboundid Highest Product pom name UnboundID LDAP SDK for Java High Product pom organization name Ping Identity Corporation Low Product pom url pingidentity/ldapsdk High Version file version 4.0.9 High Version Manifest Bundle-Version 4.0.9 High Version Manifest Implementation-Version 4.0.9 High Version pom version 4.0.9 Highest
Description:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name validation-api High Vendor jar package name javax Highest Vendor jar package name validation Highest Vendor Manifest bundle-symbolicname javax.validation.api Medium Vendor pom artifactid validation-api Highest Vendor pom artifactid validation-api Low Vendor pom developer email emmanuel@hibernate.org Low Vendor pom developer email gunnar@hibernate.org Low Vendor pom developer email hferents@redhat.com Low Vendor pom developer id emmanuelbernard Medium Vendor pom developer id epbernard Medium Vendor pom developer id gunnar.morling Medium Vendor pom developer id hardy.ferentschik Medium Vendor pom developer name Emmanuel Bernard Medium Vendor pom developer name Gunnar Morling Medium Vendor pom developer name Hardy Ferentschik Medium Vendor pom developer org JBoss, by Red Hat Medium Vendor pom groupid javax.validation Highest Vendor pom name Bean Validation API High Vendor pom url http://beanvalidation.org Highest Product file name validation-api High Product jar package name javax Highest Product jar package name validation Highest Product Manifest Bundle-Name Bean Validation API Medium Product Manifest bundle-symbolicname javax.validation.api Medium Product pom artifactid validation-api Highest Product pom developer email emmanuel@hibernate.org Low Product pom developer email gunnar@hibernate.org Low Product pom developer email hferents@redhat.com Low Product pom developer id emmanuelbernard Low Product pom developer id epbernard Low Product pom developer id gunnar.morling Low Product pom developer id hardy.ferentschik Low Product pom developer name Emmanuel Bernard Low Product pom developer name Gunnar Morling Low Product pom developer name Hardy Ferentschik Low Product pom developer org JBoss, by Red Hat Low Product pom groupid javax.validation Highest Product pom name Bean Validation API High Product pom url http://beanvalidation.org Medium Version Manifest Bundle-Version 1.1.0.Final High Version pom version 1.1.0.Final Highest
Description:
The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/wink/wink-client/1.4/wink-client-1.4.jar
MD5: 68f861b4a7b83e6b2967c873b1a46e56
SHA1: 236afba302284da7988a971157a91a1875dcad60
SHA256: 92a5373479ddea707e912da02585059cea7ccbee4ac19d7f5bc4c6aacb72d3ec
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name wink-client High Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name wink Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.wink.client Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.wink Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid wink-client Highest Vendor pom artifactid wink-client Low Vendor pom groupid org.apache.wink Highest Vendor pom name Apache Wink Client High Vendor pom parent-artifactid wink Low Product file name wink-client High Product jar package name apache Highest Product jar package name client Highest Product jar package name wink Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache Wink Client Medium Product Manifest bundle-symbolicname org.apache.wink.client Medium Product Manifest Implementation-Title Apache Wink Client High Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest specification-title Apache Wink Client Medium Product pom artifactid wink-client Highest Product pom groupid org.apache.wink Highest Product pom name Apache Wink Client High Product pom parent-artifactid wink Medium Version file version 1.4 High Version Manifest Implementation-Version 1.4 High Version pom version 1.4 Highest
Related Dependencies wink-common-1.4.jarFile Path: /home/grprdist/.m2/repository/org/apache/wink/wink-common/1.4/wink-common-1.4.jar MD5: 985d162fe28849de89a1a74751b4e2e9 SHA1: 30e49800bbf56cad6e1a36c70a26f1405f496d7b SHA256: d533f0750459b01fd63e2c4d2b9dc8c2b1afe6d71406c0d829697b32b4018f37 pkg:maven/org.apache.wink/wink-common@1.4 CVE-2017-5249 suppress
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. CWE-312 Cleartext Storage of Sensitive Information, CWE-922 Insecure Storage of Sensitive Information
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
Description:
The Woden project is a subproject of the Apache Web Services Project to develop a Java class library for reading, manipulating, creating and writing WSDL documents, initially to support WSDL 2.0 but with the longer term aim of supporting past, present and future versions of WSDL. There are two main deliverables: an API and an implementation. The Woden API consists of a set of Java interfaces. The WSDL 2.0-specific portion of the Woden API conforms to the W3C WSDL 2.0 specification. The implementation will be a high performance implementation directly usable in other Apache projects such as Axis2. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/woden/woden-api/1.0M9/woden-api-1.0M9.jar
MD5: a95da428dca81540f6f387874d27e44d
SHA1: bd81f156f5ff87bc9f398d88932d7cd6f2989312
SHA256: c64fba998cca96b30528f074971e6d0a53c602da9dd56867e759cfd10d5094a9
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name woden-api High Vendor jar package name apache Highest Vendor jar package name woden Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.woden.woden-api Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.woden Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid woden-api Highest Vendor pom artifactid woden-api Low Vendor pom groupid org.apache.woden Highest Vendor pom name Woden - API High Vendor pom parent-artifactid woden Low Product file name woden-api High Product jar package name apache Highest Product jar package name woden Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Woden - API Medium Product Manifest bundle-symbolicname org.apache.woden.woden-api Medium Product Manifest Implementation-Title Woden - API High Product Manifest specification-title Woden - API Medium Product pom artifactid woden-api Highest Product pom groupid org.apache.woden Highest Product pom name Woden - API High Product pom parent-artifactid woden Medium Version Manifest Implementation-Version 1.0M9 High Version pom version 1.0M9 Highest
Description:
The Woden project is a subproject of the Apache Web Services Project to develop a Java class library for reading, manipulating, creating and writing WSDL documents, initially to support WSDL 2.0 but with the longer term aim of supporting past, present and future versions of WSDL. There are two main deliverables: an API and an implementation. The Woden API consists of a set of Java interfaces. The WSDL 2.0-specific portion of the Woden API conforms to the W3C WSDL 2.0 specification. The implementation will be a high performance implementation directly usable in other Apache projects such as Axis2. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/woden/woden-impl-commons/1.0M9/woden-impl-commons-1.0M9.jar
MD5: 867bba433148f1ce4dcdf1d4aa1ca77a
SHA1: fb97f4ef2a042aa0ce6393d1792ea21a88149c56
SHA256: cdb7ef3585c42bf59fbd5500d45e0092bbcd1e8a1af4f7fb2d4132e88be69237
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name woden-impl-commons High Vendor jar package name apache Highest Vendor jar package name woden Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.woden.woden-impl-commons Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.woden Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid woden-impl-commons Highest Vendor pom artifactid woden-impl-commons Low Vendor pom groupid org.apache.woden Highest Vendor pom name Woden - Commons High Vendor pom parent-artifactid woden Low Product file name woden-impl-commons High Product jar package name apache Highest Product jar package name woden Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Woden - Commons Medium Product Manifest bundle-symbolicname org.apache.woden.woden-impl-commons Medium Product Manifest Implementation-Title Woden - Commons High Product Manifest specification-title Woden - Commons Medium Product pom artifactid woden-impl-commons Highest Product pom groupid org.apache.woden Highest Product pom name Woden - Commons High Product pom parent-artifactid woden Medium Version Manifest Implementation-Version 1.0M9 High Version pom version 1.0M9 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Woden project is a subproject of the Apache Web Services Project to develop a Java class library for reading, manipulating, creating and writing WSDL documents, initially to support WSDL 2.0 but with the longer term aim of supporting past, present and future versions of WSDL. There are two main deliverables: an API and an implementation. The Woden API consists of a set of Java interfaces. The WSDL 2.0-specific portion of the Woden API conforms to the W3C WSDL 2.0 specification. The implementation will be a high performance implementation directly usable in other Apache projects such as Axis2. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/woden/woden-impl-dom/1.0M9/woden-impl-dom-1.0M9.jar
MD5: 3175d1b4b9d712e62f64f518312da5e0
SHA1: ac649d2a2c4fdd49149aefc27164e90f8312bde1
SHA256: 16f675b7dc2f98ecc5634a4ba3a7e2a8a78342fb48d30016d38f106c9ca6ca3e
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name woden-impl-dom High Vendor jar package name apache Highest Vendor jar package name woden Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.woden.woden-impl-dom Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.woden Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid woden-impl-dom Highest Vendor pom artifactid woden-impl-dom Low Vendor pom groupid org.apache.woden Highest Vendor pom name Woden - DOM High Vendor pom parent-artifactid woden Low Product file name woden-impl-dom High Product jar package name apache Highest Product jar package name woden Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Woden - DOM Medium Product Manifest bundle-symbolicname org.apache.woden.woden-impl-dom Medium Product Manifest Implementation-Title Woden - DOM High Product Manifest specification-title Woden - DOM Medium Product pom artifactid woden-impl-dom Highest Product pom groupid org.apache.woden Highest Product pom name Woden - DOM High Product pom parent-artifactid woden Medium Version Manifest Implementation-Version 1.0M9 High Version pom version 1.0M9 Highest
Description:
Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/codehaus/woodstox/woodstox-core-asl/4.1.4/woodstox-core-asl-4.1.4.jar
MD5: c6ad8f9f12dca37f99b6089098c470e9
SHA1: 79b82e7dfd5c24b228ea56456d6adce225259ec4
SHA256: d24cf82fa3f2b30a847036ff4c198dde397e43c4599aef9e93fcbe1e49186bc2
Referenced In Project/Scope: Grouper WS Generated Client:compile
Evidence Type Source Name Value Confidence Vendor file name woodstox-core-asl High Vendor jar package name stax Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname woodstox-core-asl Medium Vendor Manifest Implementation-Vendor http://woodstox.codehaus.org High Vendor Manifest specification-vendor http://jcp.org/en/jsr/detail?id=173 Low Vendor pom artifactid woodstox-core-asl Highest Vendor pom artifactid woodstox-core-asl Low Vendor pom groupid org.codehaus.woodstox Highest Vendor pom name Woodstox High Vendor pom organization name Codehaus High Vendor pom organization url http://www.codehaus.org/ Medium Vendor pom url http://woodstox.codehaus.org Highest Product file name woodstox-core-asl High Product jar package name api Highest Product jar package name stax Highest Product Manifest Bundle-Name Woodstox XML-processor Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname woodstox-core-asl Medium Product Manifest Implementation-Title Woodstox XML-processor High Product Manifest specification-title Stax 1.0 API Medium Product pom artifactid woodstox-core-asl Highest Product pom groupid org.codehaus.woodstox Highest Product pom name Woodstox High Product pom organization name Codehaus Low Product pom organization url http://www.codehaus.org/ Low Product pom url http://woodstox.codehaus.org Medium Version file version 4.1.4 High Version Manifest Bundle-Version 4.1.4 High Version Manifest Implementation-Version 4.1.4 High Version pom version 4.1.4 Highest
Description:
Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/codehaus/woodstox/woodstox-core-asl/4.2.0/woodstox-core-asl-4.2.0.jar
MD5: ac7e73fcf52654c0642afdfccc7d9f57
SHA1: 7a3784c65cfa5c0553f31d000b43346feb1f4ee3
SHA256: 5ccb662b21ed218aaf06fc0a46f8b78338bc4992a236b62b471fa3f2671ed0ae
Referenced In Projects/Scopes: Grouper WS:runtime Grouper WS Test:runtime Evidence Type Source Name Value Confidence Vendor file name woodstox-core-asl High Vendor jar package name stax Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname woodstox-core-asl Medium Vendor Manifest Implementation-Vendor http://woodstox.codehaus.org High Vendor Manifest specification-vendor http://jcp.org/en/jsr/detail?id=173 Low Vendor pom artifactid woodstox-core-asl Highest Vendor pom artifactid woodstox-core-asl Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id cowtowncoder Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid org.codehaus.woodstox Highest Vendor pom name Woodstox High Vendor pom organization name Codehaus High Vendor pom organization url http://www.codehaus.org/ Medium Vendor pom url http://woodstox.codehaus.org Highest Product file name woodstox-core-asl High Product jar package name api Highest Product jar package name stax Highest Product Manifest Bundle-Name Woodstox XML-processor Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname woodstox-core-asl Medium Product Manifest Implementation-Title Woodstox XML-processor High Product Manifest specification-title Stax 1.0 API Medium Product pom artifactid woodstox-core-asl Highest Product pom developer email tatu@fasterxml.com Low Product pom developer id cowtowncoder Low Product pom developer name Tatu Saloranta Low Product pom groupid org.codehaus.woodstox Highest Product pom name Woodstox High Product pom organization name Codehaus Low Product pom organization url http://www.codehaus.org/ Low Product pom url http://woodstox.codehaus.org Medium Version file version 4.2.0 High Version Manifest Bundle-Version 4.2.0 High Version Manifest Implementation-Version 4.2.0 High Version pom version 4.2.0 Highest
Description:
Java stub generator for WSDL License:
CPL: http://www.opensource.org/licenses/cpl1.0.txt File Path: /home/grprdist/.m2/repository/wsdl4j/wsdl4j/1.6.2/wsdl4j-1.6.2.jar
MD5: 2608a8ea3f07b0c08de8a7d3d0d3fc09
SHA1: dec1669fb6801b7328e01ad72fc9e10b69ea06c1
SHA256: e90120d26f1a163c5843c7a758d0a0c950d1b0970268ad0770d6c1cc50508c43
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name wsdl4j High Vendor jar package name ibm Highest Vendor jar package name wsdl Highest Vendor Manifest Implementation-Vendor IBM High Vendor Manifest specification-vendor IBM (Java Community Process) Low Vendor pom artifactid wsdl4j Highest Vendor pom artifactid wsdl4j Low Vendor pom groupid wsdl4j Highest Vendor pom name WSDL4J High Vendor pom url http://sf.net/projects/wsdl4j Highest Product file name wsdl4j High Product jar package name wsdl Highest Product Manifest Implementation-Title WSDL4J High Product Manifest specification-title JWSDL Medium Product pom artifactid wsdl4j Highest Product pom groupid wsdl4j Highest Product pom name WSDL4J High Product pom url http://sf.net/projects/wsdl4j Medium Version file version 1.6.2 High Version pom version 1.6.2 Highest
Description:
The Apache WSS4J project provides a Java implementation of the primary security standards
for Web Services, namely the OASIS Web Services Security (WS-Security) specifications
from the OASIS Web Services Security TC.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/ws/security/wss4j/1.6.19/wss4j-1.6.19.jar
MD5: 924bee104f7c4d2d98a51acbf793b8f7
SHA1: 2d4d36b6a423aa14fd0a57a52ec8f25d3d5dc19a
SHA256: 5befd9da5d52ca6b63836ffb1a420741a0556baa996567cb3af2d96c7bbfee28
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name wss4j High Vendor hint analyzer vendor web services Medium Vendor jar package name apache Highest Vendor jar package name security Highest Vendor jar package name ws Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.ws.security.wss4j Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid wss4j Highest Vendor pom artifactid wss4j Low Vendor pom groupid org.apache.ws.security Highest Vendor pom name Apache WSS4J High Vendor pom organization name The Apache Software Foundation High Vendor pom organization url http://www.apache.org/ Medium Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://ws.apache.org/wss4j/ Highest Product file name wss4j High Product hint analyzer product web services Medium Product jar package name apache Highest Product jar package name security Highest Product jar package name ws Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache WSS4J Medium Product Manifest bundle-symbolicname org.apache.ws.security.wss4j Medium Product Manifest Implementation-Title Apache WSS4J High Product Manifest specification-title Apache WSS4J Medium Product pom artifactid wss4j Highest Product pom groupid org.apache.ws.security Highest Product pom name Apache WSS4J High Product pom organization name The Apache Software Foundation Low Product pom organization url http://www.apache.org/ Low Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://ws.apache.org/wss4j/ Medium Version file version 1.6.19 High Version Manifest Bundle-Version 1.6.19 High Version Manifest Implementation-Version 1.6.19 High Version pom parent-version 1.6.19 Low Version pom version 1.6.19 Highest
Description:
Woodstox is a high-performance XML processor that implements Stax (JSR-173) API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/codehaus/woodstox/wstx-asl/3.2.9/wstx-asl-3.2.9.jar
MD5: 8cb7d88faca2da5a3f9a3c50eee1fc3b
SHA1: c82b6e8f225bb799540e558b10ee24d268035597
SHA256: fcfe0265682f49b40a81073959c7fc6d57efda8c86ccf3bc6700d884411b1271
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name wstx-asl High Vendor jar package name api Highest Vendor jar package name codehaus Highest Vendor jar package name stax Highest Vendor jar package name wstx Highest Vendor Manifest Implementation-Vendor woodstox.codehaus.org High Vendor Manifest specification-vendor http://jcp.org/en/jsr/detail?id=173 Low Vendor pom artifactid wstx-asl Highest Vendor pom artifactid wstx-asl Low Vendor pom groupid org.codehaus.woodstox Highest Vendor pom name Woodstox High Vendor pom organization name Codehaus High Vendor pom organization url http://www.codehaus.org/ Medium Vendor pom url http://woodstox.codehaus.org Highest Product file name wstx-asl High Product jar package name api Highest Product jar package name codehaus Highest Product jar package name stax Highest Product jar package name wstx Highest Product Manifest Implementation-Title WoodSToX XML-processor High Product Manifest specification-title StAX 1.0 API Medium Product pom artifactid wstx-asl Highest Product pom groupid org.codehaus.woodstox Highest Product pom name Woodstox High Product pom organization name Codehaus Low Product pom organization url http://www.codehaus.org/ Low Product pom url http://woodstox.codehaus.org Medium Version file version 3.2.9 High Version Manifest Implementation-Version 3.2.9 High Version pom version 3.2.9 Highest
CVE-2019-12401 (OSSINDEX)suppress
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.woodstox:wstx-asl:3.2.9:*:*:*:*:*:*:* Description:
Xalan-Java is an XSLT processor for transforming XML documents into HTML,
text, or other XML document types. It implements XSL Transformations (XSLT)
Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
the command line, in an applet or a servlet, or as a module in other program.
File Path: /home/grprdist/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jarMD5: d43aad24f2c143b675292ccfef487f9cSHA1: 75f1d83ce27bab5f29fff034fc74aa9f7266f22aSHA256: 55a2e95144acf1abe44fea91c2948525c9b1f00fcaa1d10e753e92872ffbdd1eReferenced In Project/Scope: Grouper WS Generated Client:runtime
Evidence Type Source Name Value Confidence Vendor file name xalan High Vendor jar package name and Highest Vendor jar package name apache Highest Vendor jar package name processor Highest Vendor jar package name version Highest Vendor jar package name xalan Highest Vendor jar package name xml Highest Vendor jar package name xpath Highest Vendor jar package name xslt Highest Vendor manifest: java_cup/runtime/ Implementation-Vendor Princeton University Medium Vendor manifest: org/apache/bcel/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/regexp/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xalan/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xalan/xsltc/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xml/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid xalan Highest Vendor pom artifactid xalan Low Vendor pom groupid xalan Highest Vendor pom name Xalan Java High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://xml.apache.org/xalan-j/ Highest Product file name xalan High Product jar package name and Highest Product jar package name apache Highest Product jar package name bcel Highest Product jar package name code Highest Product jar package name expression Highest Product jar package name processor Highest Product jar package name regexp Highest Product jar package name runtime Highest Product jar package name version Highest Product jar package name xalan Highest Product jar package name xml Highest Product jar package name xpath Highest Product jar package name xslt Highest Product jar package name xsltc Highest Product manifest: java_cup/runtime/ Implementation-Title runtime Medium Product manifest: java_cup/runtime/ Specification-Title Runtime component of JCup Medium Product manifest: org/apache/bcel/ Implementation-Title org.apache.bcel Medium Product manifest: org/apache/bcel/ Specification-Title Byte Code Engineering Library Medium Product manifest: org/apache/regexp/ Implementation-Title org.apache.regexp Medium Product manifest: org/apache/regexp/ Specification-Title Java Regular Expression package Medium Product manifest: org/apache/xalan/ Implementation-Title org.apache.xalan Medium Product manifest: org/apache/xalan/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xalan/xsltc/ Implementation-Title org.apache.xalan.xsltc Medium Product manifest: org/apache/xalan/xsltc/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xml/ Implementation-Title org.apache.xml Medium Product manifest: org/apache/xpath/ Implementation-Title org.apache.xpath Medium Product pom artifactid xalan Highest Product pom groupid xalan Highest Product pom name Xalan Java High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://xml.apache.org/xalan-j/ Medium Version file version 2.7.1 High Version manifest: java_cup/runtime/ Implementation-Version 2.7.1 Medium Version manifest: org/apache/bcel/ Implementation-Version 2.7.1 Medium Version manifest: org/apache/regexp/ Implementation-Version 2.7.1 Medium Version manifest: org/apache/xalan/ Implementation-Version 2.7.1 Medium Version manifest: org/apache/xalan/xsltc/ Implementation-Version 2.7.1 Medium Version manifest: org/apache/xml/ Implementation-Version 2.7.1 Medium Version manifest: org/apache/xpath/ Implementation-Version 2.7.1 Medium Version pom parent-version 2.7.1 Low Version pom version 2.7.1 Highest
CVE-2014-0107 suppress
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2022-34169 suppress
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. CWE-681 Incorrect Conversion between Numeric Types
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar
MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9
SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2
SHA256: 6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16
Referenced In Projects/Scopes: Grouper Rabbitmq:compile Grouper UI webapp:compile Grouper ActiveMQ Messaging:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name xercesImpl High Vendor jar package name apache Highest Vendor jar package name dom Highest Vendor jar package name parsers Highest Vendor jar package name serialize Highest Vendor jar package name version Highest Vendor jar package name w3c Highest Vendor jar package name xerces Highest Vendor jar package name xinclude Highest Vendor jar package name xml Highest Vendor jar package name xni Highest Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/namespace/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/stream/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xerces/impl/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xerces/xni/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom artifactid xercesImpl Highest Vendor pom artifactid xercesImpl Low Vendor pom developer email j-dev@xerces.apache.org Low Vendor pom developer id xerces Medium Vendor pom developer name Apache Software Foundation Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom developer org URL http://www.apache.org Medium Vendor pom groupid xerces Highest Vendor pom name Xerces2-j High Vendor pom url https://xerces.apache.org/xerces2-j/ Highest Product file name xercesImpl High Product hint analyzer product xerces-j Highest Product jar package name apache Highest Product jar package name datatype Highest Product jar package name dom Highest Product jar package name impl Highest Product jar package name parsers Highest Product jar package name serialize Highest Product jar package name validation Highest Product jar package name version Highest Product jar package name w3c Highest Product jar package name xerces Highest Product jar package name xinclude Highest Product jar package name xml Highest Product jar package name xni Highest Product jar package name xpath Highest Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/namespace/ Implementation-Title javax.xml.namespace Medium Product manifest: javax/xml/namespace/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/stream/ Implementation-Title javax.xml.stream Medium Product manifest: javax/xml/stream/ Specification-Title Streaming API for XML Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xerces/impl/ Implementation-Title org.apache.xerces.impl.Version Medium Product manifest: org/apache/xerces/xni/ Implementation-Title org.apache.xerces.xni Medium Product manifest: org/apache/xerces/xni/ Specification-Title Xerces Native Interface Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 3 Core Medium Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model, Level 3 Load and Save Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product pom artifactid xercesImpl Highest Product pom developer email j-dev@xerces.apache.org Low Product pom developer id xerces Low Product pom developer name Apache Software Foundation Low Product pom developer org Apache Software Foundation Low Product pom developer org URL http://www.apache.org Low Product pom groupid xerces Highest Product pom name Xerces2-j High Product pom url https://xerces.apache.org/xerces2-j/ Medium Version file version 2.12.2 High Version manifest: org/apache/xerces/impl/ Implementation-Version 2.12.2 Medium Version pom version 2.12.2 Highest
pkg:maven/xerces/xercesImpl@2.12.2 (Confidence :High)cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2017-10355 (OSSINDEX)suppress
sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)
The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. CWE-833 Deadlock
CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:* Description:
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip File Path: /home/grprdist/.m2/repository/xml-apis/xml-apis/1.4.01/xml-apis-1.4.01.jar
MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad
Referenced In Projects/Scopes: Grouper WS Generated Client:runtime Grouper Rabbitmq:compile Grouper UI webapp:compile Grouper ActiveMQ Messaging:compile Grouper AWS Messaging:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name xml-apis High Vendor jar package name apache Highest Vendor jar package name dom Highest Vendor jar package name sax Highest Vendor jar package name version Highest Vendor jar package name w3c Highest Vendor jar package name xml Highest Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/namespace/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/stream/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom artifactid xml-apis Highest Vendor pom artifactid xml-apis Low Vendor pom developer email commons-dev@xml.apache.org Low Vendor pom developer id xml-apis Medium Vendor pom developer name Apache Software Foundation Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom developer org URL http://www.apache.org Medium Vendor pom groupid xml-apis Highest Vendor pom name XML Commons External Components XML APIs High Vendor pom url http://xml.apache.org/commons/components/external/ Highest Product file name xml-apis High Product jar package name apache Highest Product jar package name datatype Highest Product jar package name document Highest Product jar package name dom Highest Product jar package name javax Highest Product jar package name ls Highest Product jar package name namespace Highest Product jar package name parsers Highest Product jar package name sax Highest Product jar package name stax Highest Product jar package name stream Highest Product jar package name transform Highest Product jar package name validation Highest Product jar package name version Highest Product jar package name w3c Highest Product jar package name xml Highest Product jar package name xmlcommons Highest Product jar package name xpath Highest Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/namespace/ Implementation-Title javax.xml.namespace Medium Product manifest: javax/xml/namespace/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/stream/ Implementation-Title javax.xml.stream Medium Product manifest: javax/xml/stream/ Specification-Title Streaming API for XML (StAX) 1.0 Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model (DOM) Level 3 Core Medium Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model (DOM) Level 3 Load and Save Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product pom artifactid xml-apis Highest Product pom developer email commons-dev@xml.apache.org Low Product pom developer id xml-apis Low Product pom developer name Apache Software Foundation Low Product pom developer org Apache Software Foundation Low Product pom developer org URL http://www.apache.org Low Product pom groupid xml-apis Highest Product pom name XML Commons External Components XML APIs High Product pom url http://xml.apache.org/commons/components/external/ Medium Version file version 1.4.01 High Version manifest: javax/xml/datatype/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/namespace/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/parsers/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/stream/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/transform/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/validation/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/xpath/ Implementation-Version 1.4.01 Medium Version manifest: org/apache/xmlcommons/Version Implementation-Version 1.4.01 Medium Version pom version 1.4.01 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
License:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt File Path: /home/grprdist/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
SHA256: 34e08ee62116071cbb69c0ed70d15a7a5b208d62798c59f2120bb8929324cb63
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name xmlpull High Vendor jar package name v1 Low Vendor jar package name xmlpull Highest Vendor jar package name xmlpull Low Vendor pom artifactid xmlpull Highest Vendor pom artifactid xmlpull Low Vendor pom groupid xmlpull Highest Vendor pom name XML Pull Parsing API High Vendor pom url http://www.xmlpull.org Highest Product file name xmlpull High Product jar package name v1 Low Product jar package name xmlpull Highest Product pom artifactid xmlpull Highest Product pom groupid xmlpull Highest Product pom name XML Pull Parsing API High Product pom url http://www.xmlpull.org Medium Version file version 1.1.3.1 High Version pom version 1.1.3.1 Highest
Description:
Apache XML Security for Java supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002, and XML Encryption Syntax and
Processing, W3C Recommendation 10 December 2002. As of version 1.4,
the library supports the standard Java API JSR-105: XML Digital Signature APIs.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/santuario/xmlsec/1.5.8/xmlsec-1.5.8.jar
MD5: 56b5b9c7aef3270bc9056f5332a5a325
SHA1: d0b5e51f571069a86c9578ec15d6d7f9da8c0e76
SHA256: f5965da6ba78949bc17724c56de70c4aeb2598663f6abb1ece63854ba21713ba
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name xmlsec High Vendor jar package name apache Highest Vendor jar package name encryption Highest Vendor jar package name security Highest Vendor jar package name signature Highest Vendor jar package name xml Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.santuario.xmlsec Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.santuario Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid xmlsec Highest Vendor pom artifactid xmlsec Low Vendor pom groupid org.apache.santuario Highest Vendor pom name Apache XML Security for Java High Vendor pom organization name The Apache Software Foundation High Vendor pom organization url http://www.apache.org/ Medium Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://santuario.apache.org/ Highest Product file name xmlsec High Product jar package name apache Highest Product jar package name encryption Highest Product jar package name security Highest Product jar package name signature Highest Product jar package name xml Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache XML Security for Java Medium Product Manifest bundle-symbolicname org.apache.santuario.xmlsec Medium Product Manifest Implementation-Title Apache XML Security for Java High Product Manifest specification-title Apache XML Security for Java Medium Product pom artifactid xmlsec Highest Product pom groupid org.apache.santuario Highest Product pom name Apache XML Security for Java High Product pom organization name The Apache Software Foundation Low Product pom organization url http://www.apache.org/ Low Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://santuario.apache.org/ Medium Version file version 1.5.8 High Version Manifest Bundle-Version 1.5.8 High Version Manifest Implementation-Version 1.5.8 High Version pom parent-version 1.5.8 Low Version pom version 1.5.8 Highest
pkg:maven/org.apache.santuario/xmlsec@1.5.8 (Confidence :High)cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.8:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:apache:xml_security_for_java:1.5.8:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2021-40690 suppress
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. CWE-200 Information Exposure
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
XMLTooling-J is a low-level library that may be used to construct libraries that allow developers to work with XML in a Java beans manner. License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/opensaml/xmltooling/1.4.4/xmltooling-1.4.4.jar
MD5: 03e3929084aabe1b2a91a191a6932a57
SHA1: 8cf44998d4b9cca5f9eeb47cc95d95cea9f86714
SHA256: b2fb3f2b0c0c62b3aae6d83ccc127b972a0fd64b494fb435fdb4bbbaf329ddbd
Referenced In Projects/Scopes: Grouper WS:compile Grouper WS Test:compile Grouper WS Generated Client:compile Evidence Type Source Name Value Confidence Vendor file name xmltooling High Vendor jar package name j Highest Vendor jar package name opensaml Highest Vendor manifest: org/opensaml/xml/ Implementation-Vendor www.opensaml.org Medium Vendor pom artifactid xmltooling Highest Vendor pom artifactid xmltooling Low Vendor pom developer id cantor Medium Vendor pom developer id lajoie Medium Vendor pom developer id ndk Medium Vendor pom developer id putmanb Medium Vendor pom developer id rdw Medium Vendor pom developer name Brent Putman Medium Vendor pom developer name Chad La Joie Medium Vendor pom developer name Nate Klingenstein Medium Vendor pom developer name Rod Widdowson Medium Vendor pom developer name Scott Cantor Medium Vendor pom developer org Georgetown University Medium Vendor pom developer org Internet2 Medium Vendor pom developer org Itumi, LLC Medium Vendor pom developer org The Ohio State University Medium Vendor pom developer org University of Edinburgh Medium Vendor pom developer org URL http://itumi.biz Medium Vendor pom developer org URL http://www.ed.ac.uk/ Medium Vendor pom developer org URL http://www.georgetown.edu/ Medium Vendor pom developer org URL http://www.internet2.edu/ Medium Vendor pom developer org URL http://www.ohio-state.edu/ Medium Vendor pom groupid org.opensaml Highest Vendor pom name XMLTooling-J High Vendor pom organization name Internet2 High Vendor pom organization url http://www.internet2.edu/ Medium Vendor pom parent-artifactid parent-v2 Low Vendor pom parent-groupid net.shibboleth Medium Vendor pom url http://opensaml.org/ Highest Product file name xmltooling High Product jar package name encryption Highest Product jar package name j Highest Product jar package name opensaml Highest Product jar package name signature Highest Product jar package name xml Highest Product manifest: org/opensaml/xml/ Implementation-Title xmltooling Medium Product manifest: org/opensaml/xml/encryption/ Specification-Title XML Encryption Syntax and Processing Medium Product manifest: org/opensaml/xml/signature/ Specification-Title XML Signature Syntax and Processing Medium Product pom artifactid xmltooling Highest Product pom developer id cantor Low Product pom developer id lajoie Low Product pom developer id ndk Low Product pom developer id putmanb Low Product pom developer id rdw Low Product pom developer name Brent Putman Low Product pom developer name Chad La Joie Low Product pom developer name Nate Klingenstein Low Product pom developer name Rod Widdowson Low Product pom developer name Scott Cantor Low Product pom developer org Georgetown University Low Product pom developer org Internet2 Low Product pom developer org Itumi, LLC Low Product pom developer org The Ohio State University Low Product pom developer org University of Edinburgh Low Product pom developer org URL http://itumi.biz Low Product pom developer org URL http://www.ed.ac.uk/ Low Product pom developer org URL http://www.georgetown.edu/ Low Product pom developer org URL http://www.internet2.edu/ Low Product pom developer org URL http://www.ohio-state.edu/ Low Product pom groupid org.opensaml Highest Product pom name XMLTooling-J High Product pom organization name Internet2 Low Product pom organization url http://www.internet2.edu/ Low Product pom parent-artifactid parent-v2 Medium Product pom parent-groupid net.shibboleth Medium Product pom url http://opensaml.org/ Medium Version file version 1.4.4 High Version manifest: org/opensaml/xml/ Implementation-Version 1.4.4 Medium Version pom parent-version 1.4.4 Low Version pom version 1.4.4 Highest
CVE-2015-1796 (OSSINDEX)suppress
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor. CWE-254 7PK - Security Features
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.opensaml:xmltooling:1.4.4:*:*:*:*:*:*:* Description:
XStream is a serialization library from Java objects to XML and back. License:
BSD-3-Clause File Path: /home/grprdist/.m2/repository/com/thoughtworks/xstream/xstream/1.4.19/xstream-1.4.19.jar
MD5: eb850b8fe0405670938f7e899ed8630f
SHA1: e0e581d812aa92ae12f07234f3398e06af74b112
SHA256: c9ac93527942189ae89fc9120676358f11ea8f713c635a9f2c70063fe6716634
Referenced In Projects/Scopes: Grouper AWS Messaging:provided Grouper PSP-NG:compile Grouper WS Test:compile Grouper Google Apps Provisioner:provided Grouper WS Generated Client:compile Grouper UI webapp:compile Grouper Office365 and Azure Provisioner:provided Grouper WS SCIM:compile Grouper Box:provided Grouper Rabbitmq:provided Grouper API:compile Grouper SCIM:provided Grouper WS:compile Grouper AMQ:compile Grouper ActiveMQ Messaging:provided Grouper Duo:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name xstream High Vendor jar package name core Highest Vendor jar package name thoughtworks Highest Vendor jar package name xstream Highest Vendor Manifest bundle-docurl http://x-stream.github.io Low Vendor Manifest bundle-symbolicname xstream Medium Vendor Manifest Implementation-Vendor XStream High Vendor Manifest Implementation-Vendor-Id com.thoughtworks.xstream Medium Vendor Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Vendor Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Vendor Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Vendor Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Vendor Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.202 Low Vendor Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Vendor Manifest specification-vendor XStream Low Vendor Manifest x-build-os Linux Low Vendor Manifest x-build-time 2022-01-29T16:47:16Z Low Vendor Manifest x-builder Maven 3.8.3 Low Vendor Manifest x-compile-source 1.4 Low Vendor Manifest x-compile-target 1.4 Low Vendor pom artifactid xstream Highest Vendor pom artifactid xstream Low Vendor pom groupid com.thoughtworks.xstream Highest Vendor pom name XStream Core High Vendor pom parent-artifactid xstream-parent Low Product file name xstream High Product jar package name core Highest Product jar package name io Highest Product jar package name thoughtworks Highest Product jar package name xml Highest Product jar package name xstream Highest Product Manifest bundle-docurl http://x-stream.github.io Low Product Manifest Bundle-Name XStream Core Medium Product Manifest bundle-symbolicname xstream Medium Product Manifest Implementation-Title XStream Core High Product Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Product Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Product Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Product Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Product Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.202 Low Product Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Product Manifest specification-title XStream Core Medium Product Manifest x-build-os Linux Low Product Manifest x-build-time 2022-01-29T16:47:16Z Low Product Manifest x-builder Maven 3.8.3 Low Product Manifest x-compile-source 1.4 Low Product Manifest x-compile-target 1.4 Low Product pom artifactid xstream Highest Product pom groupid com.thoughtworks.xstream Highest Product pom name XStream Core High Product pom parent-artifactid xstream-parent Medium Version file version 1.4.19 High Version Manifest Bundle-Version 1.4.19 High Version Manifest Implementation-Version 1.4.19 High Version pom version 1.4.19 Highest
CVE-2022-40151 suppress
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-40152 suppress
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-41966 suppress
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable. CWE-502 Deserialization of Untrusted Data, CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
Java Library to find / apply JSON Patches according to RFC 6902 License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/flipkart/zjsonpatch/zjsonpatch/0.2.4/zjsonpatch-0.2.4.jar
MD5: ecf257dc37a5bb543456846a4fef6794
SHA1: 1211b0196b3e7db5eac3e4cf1bf338beaa18049b
SHA256: 96f42ffb5956379f065b9e2cf79afa8e3bb24153eb31e77cfacc496b1f7eb8de
Referenced In Project/Scope: Grouper WS SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name zjsonpatch High Vendor jar package name flipkart Highest Vendor jar package name flipkart Low Vendor jar package name zjsonpatch Highest Vendor jar package name zjsonpatch Low Vendor pom artifactid zjsonpatch Highest Vendor pom artifactid zjsonpatch Low Vendor pom developer email vishwakarma.iiita@gmail.com Low Vendor pom developer id vishwakarma Medium Vendor pom developer name Gopi Vishwakarma Medium Vendor pom groupid com.flipkart.zjsonpatch Highest Vendor pom name zjsonpatch High Vendor pom url flipkart-incubator/zjsonpatch/ Highest Product file name zjsonpatch High Product jar package name flipkart Highest Product jar package name zjsonpatch Highest Product jar package name zjsonpatch Low Product pom artifactid zjsonpatch Highest Product pom developer email vishwakarma.iiita@gmail.com Low Product pom developer id vishwakarma Low Product pom developer name Gopi Vishwakarma Low Product pom groupid com.flipkart.zjsonpatch Highest Product pom name zjsonpatch High Product pom url flipkart-incubator/zjsonpatch/ High Version file version 0.2.4 High Version pom version 0.2.4 Highest